Le Vendredi 12 Mars 2010 22:21:49, Willy Tarreau a écrit : > On Fri, Mar 12, 2010 at 09:55:07PM +0100, Willy Tarreau wrote: > > I've just looked at your traces. It's strange that it's related to the > > blackhole feature because the doc says it just disables sending of > > port unreachables (and possibly RSTs). From your traces, an RST is > > properly sent in response to the "250", but the server happily > > ignores despite the fact that its sequence number is OK, and it > > keeps resending the same data over and over. And as your trace > > shows that you sniffed on the server, there's no risk that the > > RST was dropped on the network. > > After a bit of thinking, while it is wrong from the server to have > ignored the RST in the first place, it's wrong for the client not > to resend it on subsequent packets, and this is what is caused by > the BLACKHOLE patch. I've checked the patch, and I see what is > wrong in it : it prevents sending of RST packets in any case, > while it should only be prevented in response to a SYN. I have one > similar patch in my own 2.4 tree which does not exhibit the issue, > so I'll contact Brad with that.
Here is the last patch Brad provided me against the last grsec (if you want to check this one) : http://www.grsecurity.net/~spender/blackhole3.diff But despites this, I always get the same problem. Guillaume -- Guillaume Castagnino g.castagn...@pepperway.fr Tel : +33148242089
