diff options
author | andre <andre@FreeBSD.org> | 2007-03-21 18:25:28 +0000 |
---|---|---|
committer | andre <andre@FreeBSD.org> | 2007-03-21 18:25:28 +0000 |
commit | 878e882d886a3a35db4943b997201c50c392f095 (patch) | |
tree | 94a5b428054054898dc8d5b82c6f8c9fc75bc04f /sys/conf | |
parent | 279a028838100f62c22c53cd1abde9ced5d5faed (diff) | |
download | FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.zip FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.tar.gz |
Make TCP_DROP_SYNFIN a standard part of TCP. Disabled by default it
doesn't impede normal operation negatively and is only a few lines of
code. It's close relatives blackhole and log_in_vain aren't options
either.
Diffstat (limited to 'sys/conf')
-rw-r--r-- | sys/conf/NOTES | 6 | ||||
-rw-r--r-- | sys/conf/options | 1 |
2 files changed, 0 insertions, 7 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 5359693..8e2c447 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -875,12 +875,6 @@ options MBUF_STRESS_TEST options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP -# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This -# prevents nmap et al. from identifying the TCP/IP stack, but breaks support -# for RFC1644 extensions and is not recommended for web servers. -# -options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN - # TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. diff --git a/sys/conf/options b/sys/conf/options index 0a46bb3..63de061 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -389,7 +389,6 @@ SLIP_IFF_OPTS opt_slip.h TCPDEBUG TCP_SIGNATURE opt_inet.h TCP_SACK_DEBUG opt_tcp_sack.h -TCP_DROP_SYNFIN opt_tcp_input.h DEV_VLAN opt_vlan.h VLAN_ARRAY opt_vlan.h XBONEHACK |