How to disable syncookies & syncache

Ian Smith smithi at
Sun Nov 7 12:38:43 UTC 2010

In freebsd-questions Digest, Vol 335, Issue 14, Message: 2
On Sun, 7 Nov 2010 12:09:26 +0100 Alexander Frolkin <avf at> wrote:
 > Hi,
 > I spent all day yesterday trying to get my FreeBSD box (8.1-RELEASE,
 > amd64) to talk to a Qlogic 4010 iSCSI card.
 > The problem is that when the Qlogic card tries to make a connection,
 > FreeBSD resets it (SYN, SYN|ACK, ACK, RST).
 > If I turn on net.inet.tcp.log_in_vain, I can see a message similar to
 >   TCP: []:30557 to []:3260 tcpflags 0x10<ACK>;
 >   syncache_expand: TSECR 0 != TS 267223, segment rejected
 > for each connection attempt.
 > I've tried fiddling around with the net.inet.tcp.syn* sysctls, but all
 > I've managed to to is change the message to
 >   TCP: []:29387 to []:3260 tcpflags 0x10<ACK>;
 >   syncache_expand: Segment failed SYNCOOKIE authentication, segment
 >   rejected (probably spoofed)
 > (this was with net.inet.tcp.syncookies_only=1, I believe) --- the
 > connection still gets reset, as before.
 > The only "solution" I've found so far is to comment out the bit of code
 > in sys/netinet/tcp_syncache.c that checks if TSECR == TS, but needless
 > to say, this is horrible, and will probably create other problems.
 > Now, I know what you're probably going to say --- the Qlogic card has a
 > broken TCP implementation.  While that may well be true, this is the
 > card I have and I'm stuck with it, so there's not much I can about that.
 > Any suggestions welcome. :-)

Only that if I had such an issue I'd head for net at and post 
the above there, where the syncache cookie monsters tend to hang out :)

cheers, Ian

More information about the freebsd-questions mailing list