From hristo@spider.comnet.bg  Fri Jul 14 01:29:43 2000
Return-Path: <hristo@spider.comnet.bg>
Received: from spider.comnet.bg (spider.comnet.bg [212.5.158.7])
	by hub.freebsd.org (Postfix) with ESMTP id 4F9F437BE32
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Jul 2000 01:29:39 -0700 (PDT)
	(envelope-from hristo@spider.comnet.bg)
Received: (from hristo@localhost)
	by spider.comnet.bg (8.9.3/8.9.3) id LAA01549;
	Fri, 14 Jul 2000 11:29:21 +0300 (EEST)
	(envelope-from hristo)
Message-Id: <200007140829.LAA01549@spider.comnet.bg>
Date: Fri, 14 Jul 2000 11:29:21 +0300 (EEST)
From: hristo@bginfo.net
Sender: hristo@spider.comnet.bg
Reply-To: hristo@spider.comnet.bg
To: FreeBSD-gnats-submit@freebsd.org
Subject: add SYN+FIN counter
X-Send-Pr-Version: 3.2

>Number:         19913
>Category:       kern
>Synopsis:       add SYN+FIN counter
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    silby
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 14 01:30:01 PDT 2000
>Closed-Date:    Sat Feb 26 21:10:03 EST 2011
>Last-Modified:  Sat Feb 26 21:10:03 EST 2011
>Originator:     Hristo Grigorov
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
BGINFO
>Environment:

FreeBSD 4.0-STABLE i386

>Description:

As you know FreeBSD 4 has an option to drop SYN+FIN packets but it does
not has a counter of how much SYN+FIN packets were actually dropped. This
minor patch add sysctl variable to count them and have it for reference
when needed.

>How-To-Repeat:

Apply the patch.

>Fix:

*** tcp_input.c.old	Fri May 12 10:29:45 2000
--- tcp_input.c	Thu Jul 13 10:42:06 2000
***************
*** 127,134 ****
--- 127,137 ----
  
  #ifdef TCP_DROP_SYNFIN
  static int drop_synfin = 0;
+ static int drop_synfin_pkts = 0;
  SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW,
      &drop_synfin, 0, "Drop TCP packets with SYN+FIN set");
+ SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin_pkts, CTLFLAG_RD,
+     &drop_synfin_pkts, 0, "Dropped TCP packets with SYN+FIN set");
  #endif
  
  #ifdef TCP_RESTRICT_RST
***************
*** 500,507 ****
  	 *
  	 * This is incompatible with RFC1644 extensions (T/TCP).
  	 */
! 	if (drop_synfin && (thflags & (TH_SYN|TH_FIN)) == (TH_SYN|TH_FIN))
  		goto drop;
  #endif
  
  	/*
--- 503,512 ----
  	 *
  	 * This is incompatible with RFC1644 extensions (T/TCP).
  	 */
! 	if (drop_synfin && (thflags & (TH_SYN|TH_FIN)) == (TH_SYN|TH_FIN)) {
! 		drop_synfin_pkts++;
  		goto drop;
+ 	}
  #endif
  
  	/*

>Release-Note:
>Audit-Trail:

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: hristo@spider.comnet.bg
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: kern/19913: add SYN+FIN counter
Date: Fri, 14 Jul 2000 11:40:32 -0400 (EDT)

 <<On Fri, 14 Jul 2000 11:29:21 +0300 (EEST), hristo@bginfo.net said:
 
 > As you know FreeBSD 4 has an option to drop SYN+FIN packets but it does
 > not has a counter of how much SYN+FIN packets were actually dropped. This
 > minor patch add sysctl variable to count them and have it for reference
 > when needed.
 
 The code that implements this `feature' is buggy.  It should not drop
 the packets, but rather, trim them back to just a SYN, as Solaris
 does.  (This potentially requires adjusting sequence numbers,
 depending on the contents of the packet.)  If implemented properly,
 there is no need for instrumentation.
 
 -GAWollman
 
 
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Mon Jul 17 09:58:22 PDT 2000 
Responsible-Changed-Why:  
This patch appears to touch code that DES brought in. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19913 
State-Changed-From-To: open->feedback 
State-Changed-By: kmacy 
State-Changed-When: Fri Nov 16 08:42:28 UTC 2007 
State-Changed-Why:  

Is this still needed? 


Responsible-Changed-From-To: des->silby 
Responsible-Changed-By: kmacy 
Responsible-Changed-When: Fri Nov 16 08:42:28 UTC 2007 
Responsible-Changed-Why:  

Is this still needed?  

http://www.freebsd.org/cgi/query-pr.cgi?pr=19913 
State-Changed-From-To: feedback->closed 
State-Changed-By: eadler 
State-Changed-When: Sat Feb 26 21:07:52 EST 2011 
State-Changed-Why:  
Feedback timeout - probably obsoleted by years of code change 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19913 
>Unformatted:
