> On 12 Feb 2016, at 15:33, Larry Rosenman <ler_at_lerctr.org> wrote: > > On 2016-02-12 08:31, Kristof Provost wrote: >>> On 12 Feb 2016, at 15:29, Larry Rosenman <ler_at_lerctr.org> wrote: >>> On 2016-02-12 08:13, Larry Rosenman wrote: >>>> sysctl net.inet.tcp.rfc1323=0 >>>> makes it work >>> Shouldn't the stack do the right thing here? For the record, the other side >>> is also FreeBSD (10.2-STABLE). >> Yes, but it’s possible that there’s a problem with the pf scrubbing of >> the window scaling or timestamp options. >> I have a vague recollection of having looked at that in the past. >> Bug 172648 also claims there is/was an issue with checksums in that >> case, but I’ve never been able to reproduce it. >> Regards, >> Kristof > Ok. Since I can reproduce this at will, and the 2 firewalls are pfSense, how can I help? I’ll still need to reproduce it locally to fix it, but it might be interesting to know if the packet is dropped by the router, or sent out again with an incorrect checksum. Can you take a capture on the WAN interface and see if the TCP SYN makes it out (if it does, I’d expect the checksum to be wrong) or not? Regards, KristofReceived on Fri Feb 12 2016 - 19:07:03 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:02 UTC