Re: pf: reassemble tcp
* Sonic sonicsm...@gmail.com [2014-09-05 17:12]: On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: yeah, don't use reassemble tcp. it's not perfect. Isn't that default behavior? hell, no. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: pf: reassemble tcp
* Kapetanakis Giannis bil...@edu.physics.uoc.gr [2014-09-06 00:50]: I'm asking about reassemble tcp. According to some 2010's threads in misc@ it used to cause problems to some users. I'm wondering what's the status now. unchanged. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: pf: reassemble tcp
On 13/09/14 11:55, Henning Brauer wrote: * Kapetanakis Giannis bil...@edu.physics.uoc.gr [2014-09-06 00:50]: I'm asking about reassemble tcp. According to some 2010's threads in misc@ it used to cause problems to some users. I'm wondering what's the status now. unchanged. Thanks for the reply G
Re: pf: reassemble tcp
I've found the following in the archives. Is the situation still the same with reassemble tcp? My only scrub rule (in firewall/router) is match in all scrub (no-df random-id reassemble tcp max-mss 1440) Should I be worried? Thanks G List: openbsd-misc Subject:Re: pf: reassemble tcp From: Henning Brauer lists-openbsd () bsws ! de Date: 2010-01-14 1:46:17 Message-ID: 20100114014617.GH3135 () nudo ! bsws ! de [Download message RAW] * nixlists nixmli...@gmail.com [2010-01-13 22:56]: Hi. I have match in all scrub (tcp reassemble no-df random-id max-mss 1440) in my pf.conf (-current) Unless I remove 'tcp reassemble', one of the web sites (it's a Windows/IIS) site cannot communicate with me - it hangs loading a page. Any ideas? yeah, don't use reassemble tcp. it's not perfect. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: pf: reassemble tcp
On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: yeah, don't use reassemble tcp. it's not perfect. Isn't that default behavior? Is it recommended to disable this feature?
Re: pf: reassemble tcp
On 05/09/14 18:10, Sonic wrote: On Fri, Sep 5, 2014 at 4:42 AM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: yeah, don't use reassemble tcp. it's not perfect. Isn't that default behavior? Is it recommended to disable this feature? I'm not asking about set reassemble for fragmented packets (which in on by default), I'm asking about reassemble tcp. According to some 2010's threads in misc@ it used to cause problems to some users. I'm wondering what's the status now. regards, G
pf: reassemble tcp
Hi. I have match in all scrub (tcp reassemble no-df random-id max-mss 1440) in my pf.conf (-current) Unless I remove 'tcp reassemble', one of the web sites (it's a Windows/IIS) site cannot communicate with me - it hangs loading a page. Any ideas?
Re: pf: reassemble tcp
* nixlists nixmli...@gmail.com [2010-01-13 22:56]: Hi. I have match in all scrub (tcp reassemble no-df random-id max-mss 1440) in my pf.conf (-current) Unless I remove 'tcp reassemble', one of the web sites (it's a Windows/IIS) site cannot communicate with me - it hangs loading a page. Any ideas? yeah, don't use reassemble tcp. it's not perfect. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: pf: reassemble tcp
On Thu, Jan 14, 2010 at 12:46 PM, Henning Brauer lists-open...@bsws.dewrote: I have match in all scrub (tcp reassemble no-df random-id max-mss 1440) in my pf.conf (-current) yeah, don't use reassemble tcp. it's not perfect. How about fragment reassemble? I'm using it on my OpenBSD 4.5 pf, with scrub to enable a NAT AV app to work. Reading the man pages I noticed fragment reassemble has changed to set reassembleunder scrub for 4.6 or -current. It also looks like it is turned on by default in 4.5, 4.6 or current.
Re: pf: reassemble tcp
* Ted t...@pobox.com [2010-01-14 05:03]: On Thu, Jan 14, 2010 at 12:46 PM, Henning Brauer lists-open...@bsws.dewrote: I have match in all scrub (tcp reassemble no-df random-id max-mss 1440) in my pf.conf (-current) yeah, don't use reassemble tcp. it's not perfect. How about fragment reassemble? that is an entirely different beast and should always be on (hey, surprise, it IS by default!) reassemble tcp is not the best name really. it is not really reassembly of anything. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting