cvs commit: src/sys/netinet tcp_syncache.c
Maxim Konovalov
maxim at macomnet.ru
Thu Jan 24 05:49:07 PST 2008
On Thu, 24 Jan 2008, 13:52+0100, Andre Oppermann wrote:
> Maxim Konovalov wrote:
> > [...]
> > > > I'm not generally opposed to security improvements that only affect edge
> > > > cases... but being unable to connect is not an edge case!
> > > Fully agreed. I'll reopen the PR and follow up with the originator
> > > to do some further analysis. All operating system he cites that were
> > > unable to connect correctly send timestamps and do not stop after
> > > the SYN phase. So there must be something else at play here. Have
> > > you received or heart of any *other* reports that may be related to
> > > the timestamp check?
> > >
> > I saw this with my adsl router. Happy to test patches.
>
> Please provide a tcpdump of a connection that failed before. It'll
> show the problem even though it doesn't cause an abort. Was the
> problem you saw with communication through the adsl router, or when
> you connected to the adsl router itself (configuration menu, etc)?
>
The latter. Turning rfc1323 off solved the problem.
It takes some time to obtain the dump -- I need to downgrade the
system.
--
Maxim Konovalov
More information about the freebsd-net
mailing list