From owner-cvs-src@FreeBSD.ORG  Thu Jan 24 11:58:57 2008
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 285FC16A419;
	Thu, 24 Jan 2008 11:58:57 +0000 (UTC)
	(envelope-from maxim@macomnet.ru)
Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6])
	by mx1.freebsd.org (Postfix) with ESMTP id A272B13C4D3;
	Thu, 24 Jan 2008 11:58:56 +0000 (UTC)
	(envelope-from maxim@macomnet.ru)
Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged))
	by mp2.macomnet.net (8.13.7/8.13.8) with ESMTP id m0OBwsSP020905;
	Thu, 24 Jan 2008 14:58:54 +0300 (MSK)
	(envelope-from maxim@macomnet.ru)
Date: Thu, 24 Jan 2008 14:58:54 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Andre Oppermann <andre@FreeBSD.ORG>
In-Reply-To: <47986F27.10401@freebsd.org>
Message-ID: <20080124145713.K15031@mp2.macomnet.net>
References: <200711200656.lAK6u4bc021279@repoman.freebsd.org>
	<4797B77E.2090605@freebsd.org>
	<20080124005006.D93697@odysseus.silby.com>
	<47986F27.10401@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: src-committers@FreeBSD.ORG, kmacy@FreeBSD.ORG, cvs-src@FreeBSD.ORG,
	Mike Silbersack <silby@silby.com>, cvs-all@FreeBSD.ORG,
	freebsd-net@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2008 11:58:57 -0000

[...]
> > I'm not generally opposed to security improvements that only affect edge
> > cases... but being unable to connect is not an edge case!
>
> Fully agreed.  I'll reopen the PR and follow up with the originator
> to do some further analysis.  All operating system he cites that were
> unable to connect correctly send timestamps and do not stop after
> the SYN phase.  So there must be something else at play here.  Have
> you received or heart of any *other* reports that may be related to
> the timestamp check?
>
I saw this with my adsl router.  Happy to test patches.

-- 
Maxim Konovalov