cvs commit: src/sys/netinet tcp_syncache.c
Andre Oppermann
andre at freebsd.org
Thu Jan 24 06:18:34 PST 2008
Maxim Konovalov wrote:
> On Thu, 24 Jan 2008, 13:52+0100, Andre Oppermann wrote:
>
>> Maxim Konovalov wrote:
>>> [...]
>>>>> I'm not generally opposed to security improvements that only affect edge
>>>>> cases... but being unable to connect is not an edge case!
>>>> Fully agreed. I'll reopen the PR and follow up with the originator
>>>> to do some further analysis. All operating system he cites that were
>>>> unable to connect correctly send timestamps and do not stop after
>>>> the SYN phase. So there must be something else at play here. Have
>>>> you received or heart of any *other* reports that may be related to
>>>> the timestamp check?
>>>>
>>> I saw this with my adsl router. Happy to test patches.
>> Please provide a tcpdump of a connection that failed before. It'll
>> show the problem even though it doesn't cause an abort. Was the
>> problem you saw with communication through the adsl router, or when
>> you connected to the adsl router itself (configuration menu, etc)?
>>
> The latter. Turning rfc1323 off solved the problem.
>
> It takes some time to obtain the dump -- I need to downgrade the
> system.
That is not necessary. A tcpdump from current is fine.
--
Andre
More information about the freebsd-net
mailing list