> I have a problem with one specific host.
> When I try to connect from an host behind my OpenBSD 3.4-current NAT
> gateway to www.dingologos.com, no TCP session can actually be established if
> I have the following rule :
> scrub on $if_ext proto tcp all fragment reassemble reassemble tcp
> If I remove "reassemble tcp", everything works.
reassemble tcp does timestamp modulation as a preface for PAWS as a
preface for real tcp segment reassembly. i screwed up and it doesn't
honor the "zero means not valid" timestamp property which only windows
uses (they actually have the best timestamp implementation i've
connected to, odd huh?)
can you try this? one gentleman had this same problem and initially
responded that this diff fixed it. i think he responded again later but
i'm a few hundred emails behind right now (congrats, you were the first
email in my inbox when I started mutt)
Index: pf_norm.c
===================================================================
RCS file: /cvs/src/sys/net/pf_norm.c,v
retrieving revision 1.75
diff -u -u -r1.75 pf_norm.c
--- pf_norm.c 29 Aug 2003 01:49:08 -0000 1.75
+++ pf_norm.c 22 Sep 2003 23:21:02 -0000
@@ -1450,11 +1450,13 @@
&th->th_sum, ts_value, 0);
copyback = 1;
}
- if (dst->scrub &&
+
+ /* Modulate TS reply iff valid (!0) */
+ memcpy(&ts_value, &opt[6],
+ sizeof(u_int32_t));
+ if (ts_value && dst->scrub &&
(dst->scrub->pfss_flags &
PFSS_TIMESTAMP)) {
- memcpy(&ts_value, &opt[6],
- sizeof(u_int32_t));
ts_value = htonl(ntohl(ts_value)
- dst->scrub->pfss_ts_mod);
pf_change_a(&opt[6],
