Date: Thu, 24 Jan 2008 15:18:36 +0100 From: Andre Oppermann <andre@freebsd.org> To: Maxim Konovalov <maxim@macomnet.ru> Cc: freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c Message-ID: <47989E3C.4030700@freebsd.org> In-Reply-To: <20080124164704.X15031@mp2.macomnet.net> References: <200711200656.lAK6u4bc021279@repoman.freebsd.org> <4797B77E.2090605@freebsd.org> <20080124005006.D93697@odysseus.silby.com> <47986F27.10401@freebsd.org> <20080124145713.K15031@mp2.macomnet.net> <47988A2A.5010506@freebsd.org> <20080124164704.X15031@mp2.macomnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Konovalov wrote: > On Thu, 24 Jan 2008, 13:52+0100, Andre Oppermann wrote: > >> Maxim Konovalov wrote: >>> [...] >>>>> I'm not generally opposed to security improvements that only affect edge >>>>> cases... but being unable to connect is not an edge case! >>>> Fully agreed. I'll reopen the PR and follow up with the originator >>>> to do some further analysis. All operating system he cites that were >>>> unable to connect correctly send timestamps and do not stop after >>>> the SYN phase. So there must be something else at play here. Have >>>> you received or heart of any *other* reports that may be related to >>>> the timestamp check? >>>> >>> I saw this with my adsl router. Happy to test patches. >> Please provide a tcpdump of a connection that failed before. It'll >> show the problem even though it doesn't cause an abort. Was the >> problem you saw with communication through the adsl router, or when >> you connected to the adsl router itself (configuration menu, etc)? >> > The latter. Turning rfc1323 off solved the problem. > > It takes some time to obtain the dump -- I need to downgrade the > system. That is not necessary. A tcpdump from current is fine. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47989E3C.4030700>