Re: ECN fixes for Cisco gear
Hi, At 02:33 PM 28/01/2001 -0700, Dax Kelson wrote: >Here is the fix for PIX: > >(see >http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698) > Bud ID: CSCds23698 > Headline: PIX sends RSET in response to tcp connections with ECN > bits set > Product: PIX > Component: fw > Severity: 2 Status: R [Resolved] > Version Found: 5.1(1) > Fixed-in Version: 5.1(2.206) 5.1(2.207) 5.2(1.200) fixes have been incorporated for a number of different release trains for the pix. Fixed-In Version now covers releases: 5.1(2.206), 5.1(2.207), 5.2(1.200), 6.0(0.100), 5.2(3.210) cheers, lincoln. NB. it has been posted that Raptor filewalls will also apparently fail to allow connections with ECN bits set. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
ECN fixes for Cisco gear
In Sept of 2000, I did a survey of 30,000 websites and found that 8% of them were unreachable from an ECN capable client. Two major culprits were identified, the Cisco PIX and Local Director. To Cisco's credit, fixes were released quickly. Here is a message I sent with info about the Cisco updates: http://www.uwsg.iu.edu/hypermail/linux/kernel/0010.1/1205.html Here is the fix for PIX: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698) Bud ID: CSCds23698 Headline: PIX sends RSET in response to tcp connections with ECN bits set Product: PIX Component: fw Severity: 2 Status: R [Resolved] Version Found: 5.1(1) Fixed-in Version: 5.1(2.206) 5.1(2.207) 5.2(1.200) Here is the fix for Local Director: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds40921) Bug Id : CSCds40921 Headline: LD rejects syn with reserved bits set in flags field of TCP hdr Product: ld Component: rotor Severity: 3 Status: R [Resolved] Version Found: 3.3(3) Fixed-in Version: 3.3.3.107 Dax Kelson Guru Labs - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
ECN fixes for Cisco gear
In Sept of 2000, I did a survey of 30,000 websites and found that 8% of them were unreachable from an ECN capable client. Two major culprits were identified, the Cisco PIX and Local Director. To Cisco's credit, fixes were released quickly. Here is a message I sent with info about the Cisco updates: http://www.uwsg.iu.edu/hypermail/linux/kernel/0010.1/1205.html Here is the fix for PIX: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698) Bud ID: CSCds23698 Headline: PIX sends RSET in response to tcp connections with ECN bits set Product: PIX Component: fw Severity: 2 Status: R [Resolved] Version Found: 5.1(1) Fixed-in Version: 5.1(2.206) 5.1(2.207) 5.2(1.200) Here is the fix for Local Director: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds40921) Bug Id : CSCds40921 Headline: LD rejects syn with reserved bits set in flags field of TCP hdr Product: ld Component: rotor Severity: 3 Status: R [Resolved] Version Found: 3.3(3) Fixed-in Version: 3.3.3.107 Dax Kelson Guru Labs - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: ECN fixes for Cisco gear
Hi, At 02:33 PM 28/01/2001 -0700, Dax Kelson wrote: Here is the fix for PIX: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698) Bud ID: CSCds23698 Headline: PIX sends RSET in response to tcp connections with ECN bits set Product: PIX Component: fw Severity: 2 Status: R [Resolved] Version Found: 5.1(1) Fixed-in Version: 5.1(2.206) 5.1(2.207) 5.2(1.200) fixes have been incorporated for a number of different release trains for the pix. Fixed-In Version now covers releases: 5.1(2.206), 5.1(2.207), 5.2(1.200), 6.0(0.100), 5.2(3.210) cheers, lincoln. NB. it has been posted that Raptor filewalls will also apparently fail to allow connections with ECN bits set. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
ECN fixes for Cisco gear
The two main culprits for ECN breakage are Cisco PIX, and Cisco Local Director. Here is the fix for PIX: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698) Bud ID:CSCds23698 Headline: PIX sends RSET in response to tcp connections with ECN bits set Product: PIX Component: fw Severity: 2Status: R [Resolved] Version Found: 5.1(1) Fixed-in Version: 5.1(2.206) 5.1(2.207) 5.2(1.200) Here is the fix for Local Director: (see http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds40921) Bug Id : CSCds40921 Headline: LD rejects syn with reserved bits set in flags field of TCP hdr Product: ld Component: rotor Severity: 3 Status:R [Resolved] Version Found: 3.3(3) Fixed-in Version: 3.3.3.107 Dax - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/