[ previous ] [ next ] [ threads ]
 From:  Frederick Page <fpage at thebetteros dot oche dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] accessing netbsd.org from behind m0n0wall
 Date:  Wed, 8 Sep 2004 21:33:21 +0200
Hallo Wayne,

Wayne Marshall schrieb am 07. September 2004:

>It must be something simple, but at the moment I am just lost for
>an explanation.

Yepp, I just set "sysctl net.inet.tcp.rfc1323=0" on my OpenBSD 3.5
Client (not on m0n0wall!) and www.netbsd.org works. It appears to be a
bug in NetBSD, Manuel found the URL, which describes (short form):

"When the TCP timestamp option (RFC 1323) is used the extra 12 bytes
aren't taken into account when creating a packet so the packet ends up
being 12 bytes larger than the maximum segment size announced by the
correspondent host + 40 bytes for IP+TCP headers"

But as I said: I am unwilling to deactivate RFC 1323, just because of
a bug in NetBSD.

Kind regards