'Syncookies' feature effects to generate new ISN/random with RST happens 15 seconds delay.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

'Syncookies' feature effects to generate new ISN/random with RST happens 15 seconds delay.

Brahmanand Reddy
Dear Experts,

  Recently i observed in 11.0 FreeBsd Kernel. new ISN random generating
every 15 seconds. RST not happens quickly.

  if disable net.inet.tcp.syncookies=0  on syscntrl.conf .. RST happens
quickly and generate new ISN numnber for next SYN requests.

https://github.com/freebsd/freebsd/blob/master/sys/netinet/tcp_syncache.c#L1882

Could you please confirm its expected behavior about delay.  have notified
this issue, we have any patch please share.

Thanks in Advance,
Brahma
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: 'Syncookies' feature effects to generate new ISN/random with RST happens 15 seconds delay.

Brahmanand Reddy
Dear Experts,

  Kindly respond  about below query and let me know any info required.


Thanks and regards,
Brahma

On Sat, Feb 3, 2018 at 7:17 PM, Brahmanand Reddy <[hidden email]>
wrote:

> Dear Experts,
>
>   Recently i observed in 11.0 FreeBsd Kernel. new ISN random generating
> every 15 seconds. RST not happens quickly.
>
>   if disable net.inet.tcp.syncookies=0  on syscntrl.conf .. RST happens
> quickly and generate new ISN numnber for next SYN requests.
>
> https://github.com/freebsd/freebsd/blob/master/sys/
> netinet/tcp_syncache.c#L1882
>
> Could you please confirm its expected behavior about delay.  have notified
> this issue, we have any patch please share.
>
> Thanks in Advance,
> Brahma
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[hidden email]"