Re: pf: reassemble tcp

2014-09-13 Thread Henning Brauer
* Sonic sonicsm...@gmail.com [2014-09-05 17:12]:
 On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis
 bil...@edu.physics.uoc.gr wrote:
  yeah, don't use reassemble tcp. it's not perfect.
 Isn't that default behavior?

hell, no.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/



Re: pf: reassemble tcp

2014-09-13 Thread Henning Brauer
* Kapetanakis Giannis bil...@edu.physics.uoc.gr [2014-09-06 00:50]:
 I'm asking about reassemble tcp.
 
 According to some 2010's threads in misc@ it used to cause problems to some
 users.
 I'm wondering what's the status now.

unchanged.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/



Re: pf: reassemble tcp

2014-09-13 Thread Kapetanakis Giannis

On 13/09/14 11:55, Henning Brauer wrote:

* Kapetanakis Giannis bil...@edu.physics.uoc.gr [2014-09-06 00:50]:

I'm asking about reassemble tcp.

According to some 2010's threads in misc@ it used to cause problems to some
users.
I'm wondering what's the status now.

unchanged.



Thanks for the reply

G



Re: pf: reassemble tcp

2014-09-05 Thread Kapetanakis Giannis
I've found the following in the archives. Is the situation still the 
same with

reassemble tcp?

My only scrub rule (in firewall/router) is
match in all scrub (no-df random-id reassemble tcp max-mss 1440)

Should I be worried?

Thanks

G

List:   openbsd-misc
Subject:Re: pf: reassemble tcp
From:   Henning Brauer lists-openbsd () bsws ! de
Date:   2010-01-14 1:46:17
Message-ID: 20100114014617.GH3135 () nudo ! bsws ! de
[Download message RAW]

* nixlists nixmli...@gmail.com [2010-01-13 22:56]:

Hi.

I have

  match in all scrub (tcp reassemble no-df random-id max-mss 1440)

in my pf.conf (-current)

Unless I remove 'tcp reassemble', one of the web sites (it's a
Windows/IIS) site cannot communicate with me - it hangs loading a
page.

Any ideas?


yeah, don't use reassemble tcp. it's not perfect.

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting



Re: pf: reassemble tcp

2014-09-05 Thread Sonic
On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis
bil...@edu.physics.uoc.gr wrote:
 yeah, don't use reassemble tcp. it's not perfect.

Isn't that default behavior?

Is it recommended to disable this feature?



Re: pf: reassemble tcp

2014-09-05 Thread Kapetanakis Giannis

On 05/09/14 18:10, Sonic wrote:

On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis
bil...@edu.physics.uoc.gr wrote:

yeah, don't use reassemble tcp. it's not perfect.

Isn't that default behavior?

Is it recommended to disable this feature?


I'm not asking about set reassemble for fragmented packets (which in 
on by default),

I'm asking about reassemble tcp.

According to some 2010's threads in misc@ it used to cause problems to 
some users.

I'm wondering what's the status now.

regards,

G



pf: reassemble tcp

2010-01-13 Thread nixlists
Hi.

I have

  match in all scrub (tcp reassemble no-df random-id max-mss 1440)

in my pf.conf (-current)

Unless I remove 'tcp reassemble', one of the web sites (it's a
Windows/IIS) site cannot communicate with me - it hangs loading a
page.

Any ideas?



Re: pf: reassemble tcp

2010-01-13 Thread Henning Brauer
* nixlists nixmli...@gmail.com [2010-01-13 22:56]:
 Hi.
 
 I have
 
   match in all scrub (tcp reassemble no-df random-id max-mss 1440)
 
 in my pf.conf (-current)
 
 Unless I remove 'tcp reassemble', one of the web sites (it's a
 Windows/IIS) site cannot communicate with me - it hangs loading a
 page.
 
 Any ideas?

yeah, don't use reassemble tcp. it's not perfect.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting



Re: pf: reassemble tcp

2010-01-13 Thread Ted
On Thu, Jan 14, 2010 at 12:46 PM, Henning Brauer lists-open...@bsws.dewrote:


  I have
 
match in all scrub (tcp reassemble no-df random-id max-mss 1440)
 
  in my pf.conf (-current)

 yeah, don't use reassemble tcp. it's not perfect.


How about fragment reassemble?

I'm using it on my OpenBSD 4.5 pf, with scrub to enable a NAT AV app to
work.
Reading the man pages I noticed fragment reassemble has changed to
set reassembleunder scrub for 4.6 or -current.

It also looks like it is turned on by default in 4.5, 4.6 or current.



Re: pf: reassemble tcp

2010-01-13 Thread Henning Brauer
* Ted t...@pobox.com [2010-01-14 05:03]:
 On Thu, Jan 14, 2010 at 12:46 PM, Henning Brauer lists-open...@bsws.dewrote:
 
 
   I have
  
 match in all scrub (tcp reassemble no-df random-id max-mss 1440)
  
   in my pf.conf (-current)
 
  yeah, don't use reassemble tcp. it's not perfect.
 
 
 How about fragment reassemble?

that is an entirely different beast and should always be on (hey,
surprise, it IS by default!)

reassemble tcp is not the best name really. it is not really
reassembly of anything.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting