From owner-freebsd-net@FreeBSD.ORG Thu Jan 24 14:18:34 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EDBF16A420 for ; Thu, 24 Jan 2008 14:18:34 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 8570713C455 for ; Thu, 24 Jan 2008 14:18:33 +0000 (UTC) (envelope-from andre@freebsd.org) Received: (qmail 1243 invoked from network); 24 Jan 2008 13:39:46 -0000 Received: from localhost (HELO [127.0.0.1]) ([127.0.0.1]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 24 Jan 2008 13:39:46 -0000 Message-ID: <47989E3C.4030700@freebsd.org> Date: Thu, 24 Jan 2008 15:18:36 +0100 From: Andre Oppermann User-Agent: Thunderbird 1.5.0.14 (Windows/20071210) MIME-Version: 1.0 To: Maxim Konovalov References: <200711200656.lAK6u4bc021279@repoman.freebsd.org> <4797B77E.2090605@freebsd.org> <20080124005006.D93697@odysseus.silby.com> <47986F27.10401@freebsd.org> <20080124145713.K15031@mp2.macomnet.net> <47988A2A.5010506@freebsd.org> <20080124164704.X15031@mp2.macomnet.net> In-Reply-To: <20080124164704.X15031@mp2.macomnet.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2008 14:18:34 -0000 Maxim Konovalov wrote: > On Thu, 24 Jan 2008, 13:52+0100, Andre Oppermann wrote: > >> Maxim Konovalov wrote: >>> [...] >>>>> I'm not generally opposed to security improvements that only affect edge >>>>> cases... but being unable to connect is not an edge case! >>>> Fully agreed. I'll reopen the PR and follow up with the originator >>>> to do some further analysis. All operating system he cites that were >>>> unable to connect correctly send timestamps and do not stop after >>>> the SYN phase. So there must be something else at play here. Have >>>> you received or heart of any *other* reports that may be related to >>>> the timestamp check? >>>> >>> I saw this with my adsl router. Happy to test patches. >> Please provide a tcpdump of a connection that failed before. It'll >> show the problem even though it doesn't cause an abort. Was the >> problem you saw with communication through the adsl router, or when >> you connected to the adsl router itself (configuration menu, etc)? >> > The latter. Turning rfc1323 off solved the problem. > > It takes some time to obtain the dump -- I need to downgrade the > system. That is not necessary. A tcpdump from current is fine. -- Andre