Есть сервер FreeBSD 4.11-STABLE. Заметил что на нем все исходящие соединения идут с флагом DF. Никак не могу понять почему? Вот пример лога tcpdump:---8<---
tcpdump -i ed0 -n host revolver.ru
tcpdump: listening on ed0
09:50:32.258644 x.x.x.x.4591 > 217.16.16.106.80: S 732277126:732277126(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 5248419 0> (DF) [tos 0x10]
09:50:32.361830 217.16.16.106.80 > x.x.x.x.4591: S 1113346761:1113346761(0) ack 732277127 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 135717580 5248419> (DF)
09:50:32.362225 x.x.x.x.4591 > 217.16.16.106.80: . ack 1 win 57920 <nop,nop,timestamp 5248429 135717580> (DF) [tos 0x10]
09:50:43.650812 x.x.x.x.4591 > 217.16.16.106.80: F 1:1(0) ack 1 win 57920 <nop,nop,timestamp 5249558 135717580> (DF) [tos 0x10]
09:50:43.751509 217.16.16.106.80 > x.x.x.x.4591: . ack 2 win 57920 <nop,nop,timestamp 135718719 5249558> (DF)
09:50:43.751909 217.16.16.106.80 > x.x.x.x.4591: F 1:1(0) ack 2 win 57920 <nop,nop,timestamp 135718719 5249558> (DF)
09:50:43.752023 x.x.x.x.4591 > 217.16.16.106.80: . ack 2 win 57919 <nop,nop,timestamp 5249568 135718719> (DF) [tos 0x10]
---8<--
Конфиг ядра:
---8<--
machine i386
cpu I686_CPU
ident ARGO
maxusers 500
# COMPATIBILITY OPTIONS
options COMPAT_43
options COMPAT_LINUX
# FILESYSTEM OPTIONS
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options MSDOSFS #MSDOS Filesystem
options CD9660 #ISO 9660 Filesystem
options PROCFS #Process filesystem
options QUOTA #enable disk quotas
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big directories
options NFS #Network Filesystem
# NETWORKING OPTIONS
options INET #InterNETworking
options IPTUNNEL #IP in IPX encapsulation (not available)
# Internet family options:
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options IPDIVERT #divert sockets
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options ICMP_BANDLIM
options DUMMYNET
# OTHER OPTIONS
options CPU_ENABLE_SSE
options UCONSOLE #Allow users to grab the console
options USERCONFIG #boot -c editor
options VISUAL_USERCONFIG #visual boot -c editor
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ENABLE_ALART
options PANIC_REBOOT_WAIT_TIME=16
options DEVICE_POLLING
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
device isa
device eisa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering
# SCSI Controllers
device ahc # AHA2940 and onboard AIC7xxx devices
# SCSI peripherals
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device pass # Passthrough device (direct SCSI access)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device psm0 at atkbdc? irq 12
device vga0 at isa?
# splash screen/screen saver
pseudo-device splash
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? flags 0x100
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
device sio2 at isa? disable port IO_COM3 irq 5
device sio3 at isa? disable port IO_COM4 irq 9
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device rl # RealTek 8129/8139
# ISA Ethernet NICs.
# 'device ed' requires 'device miibus'
device ed0 at isa? disable port 0x280 irq 10 iomem 0xd8000
# Pseudo devices - the number indicates how many units to allocated.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device ppp 1 # Kernel PPP
pseudo-device tun 4 # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device md # Memory "disks"
pseudo-device gif 4 # IPv6 and IPv4 tunneling
pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation)
pseudo-device gzip #Exec gzipped a.out's
pseudo-device vn #Vnode driver (turns a file into a device)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
options PPP_BSDCOMP #PPP BSD-compress support
options PPP_DEFLATE #PPP zlib/deflate/gzip support
options PPP_FILTER #enable bpf filtering (needs bpf)
---8<--
У кого есть идеи?
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on 20-Сен-06, 11:14 
