From owner-freebsd-net@FreeBSD.ORG Thu Jan 24 13:49:07 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C345216A419; Thu, 24 Jan 2008 13:49:07 +0000 (UTC) (envelope-from maxim@macomnet.ru) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.freebsd.org (Postfix) with ESMTP id 51EEB13C46E; Thu, 24 Jan 2008 13:49:06 +0000 (UTC) (envelope-from maxim@macomnet.ru) Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged)) by mp2.macomnet.net (8.13.7/8.13.8) with ESMTP id m0ODn5jj037307; Thu, 24 Jan 2008 16:49:05 +0300 (MSK) (envelope-from maxim@macomnet.ru) Date: Thu, 24 Jan 2008 16:49:05 +0300 (MSK) From: Maxim Konovalov To: Andre Oppermann In-Reply-To: <47988A2A.5010506@freebsd.org> Message-ID: <20080124164704.X15031@mp2.macomnet.net> References: <200711200656.lAK6u4bc021279@repoman.freebsd.org> <4797B77E.2090605@freebsd.org> <20080124005006.D93697@odysseus.silby.com> <47986F27.10401@freebsd.org> <20080124145713.K15031@mp2.macomnet.net> <47988A2A.5010506@freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 13:49:07 -0000 On Thu, 24 Jan 2008, 13:52+0100, Andre Oppermann wrote: > Maxim Konovalov wrote: > > [...] > > > > I'm not generally opposed to security improvements that only affect edge > > > > cases... but being unable to connect is not an edge case! > > > Fully agreed. I'll reopen the PR and follow up with the originator > > > to do some further analysis. All operating system he cites that were > > > unable to connect correctly send timestamps and do not stop after > > > the SYN phase. So there must be something else at play here. Have > > > you received or heart of any *other* reports that may be related to > > > the timestamp check? > > > > > I saw this with my adsl router. Happy to test patches. > > Please provide a tcpdump of a connection that failed before. It'll > show the problem even though it doesn't cause an abort. Was the > problem you saw with communication through the adsl router, or when > you connected to the adsl router itself (configuration menu, etc)? > The latter. Turning rfc1323 off solved the problem. It takes some time to obtain the dump -- I need to downgrade the system. -- Maxim Konovalov