On Wed, 10 May 2006, David S. Miller wrote:
This is by design. Netfilter looks at full TSO frames,
That explains it.
Once you add MD5 checksums to the TCP packet, TSO can no longer be used on that path, so you'll have to disable TSO either in the route or via some other means.
Ok. Is there a better way to deal with TSO besides documenting: "disable TSO on all interfaces which /ever/ potentially could be used to reach TCP-MD5 authenticated BGP peers." ? regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A Fortune: Nothing ever becomes real until it is experienced. - John Keats - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
