Lately I've run into a couple of instances where folks I work with have had problems with TCP window scaling like those referred to here:
http://kerneltrap.org/node/6723 and here: http://marc.theaimsgroup.com/?l=linux-kernel&m=114478906522646&w=2 I'm frequently hearing (not only in these threads) that pf is thought to be buggy with regards to window scaling that and that it can cause problems like those described in these threads. Can anyone clarify if there is indeed such a problem? I gather from the linux folk that they think it has something to do with statefullness when window scaling is enabled? If there is such a problem, are there know ways to mitigate it? I'm curios because I keep hearing references to this mysterious "problem with OpenBSD firewalls" in conversations and newsgroup posts, but haven't really found anyone who can describe if it really exists (or still exists) and what the problem actually is. This seems to be coming up more frequently lately because some folks around me are using very recent linux kernels (2.6.17-x), in which the send/receive buffering has changed a bit (see commit 7b4f4b5ebceab67ce440a61081a69f0265e17c2a in the 2.6.17 changelog). I think there is a good deal of confusion and some finger-pointing out there about all this, so I'd love to get some clarity on the issue. Thanks! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com