Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Andre Oppermann wrote: > Before: > >MSS (4) + NOP (1) + Window scale (3) + SACK permitted (2) + >Timestamp (10) + Signature (18) = 38 bytes out of a maximum of 40. > > After: > > MSS (4) + NOP (1) + Window scale (3) + NOP (2) + Timestamp (10) + > NOP (2) + Signature (18) + SACK permi

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Dontcha just hate broken vendor NAT? Yes, it seems reasonable that SACK is the sacrificial victim. Considering folk normally configure TCP-MD5 between routers which are usually directly connected on the same switch, doing away with SACK should be fine. Funny, I was staring at that define mom

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Andre Oppermann wrote: Mark Atkinson wrote: Rui Paulo wrote: Hi, On Tue, Apr 01, 2008 at 09:08:35AM -0700, Mark Atkinson wrote: I have a 8-CURRENT kernel compiled with the following options, from about march 5th. optionsIPSEC optionsTCP_SIGNATURE #include support

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Rui Paulo wrote: On Tue, Apr 01, 2008 at 10:00:49PM +0200, Andre Oppermann wrote: The order of the TCP options was changed recently to fix another problem. This has caused sub-optimal padding and this overflow as not all options fit. The tcp_addoptions() loop is not bound internally. http://ww

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

On Tue, Apr 01, 2008 at 10:00:49PM +0200, Andre Oppermann wrote: > > The order of the TCP options was changed recently to fix another problem. > This has caused sub-optimal padding and this overflow as not all options > fit. The tcp_addoptions() loop is not bound internally. > > http://www.freeb

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Mark Atkinson wrote: Rui Paulo wrote: Hi, On Tue, Apr 01, 2008 at 09:08:35AM -0700, Mark Atkinson wrote: I have a 8-CURRENT kernel compiled with the following options, from about march 5th. optionsIPSEC optionsTCP_SIGNATURE #include support for RFC 2385 device

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Rui Paulo wrote: > Hi, > > On Tue, Apr 01, 2008 at 09:08:35AM -0700, Mark Atkinson wrote: >> I have a 8-CURRENT kernel compiled with the following options, from about >> march 5th. >> >> optionsIPSEC >> optionsTCP_SIGNATURE #include support for RFC 2385 >> device

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Hi, On Tue, Apr 01, 2008 at 09:08:35AM -0700, Mark Atkinson wrote: > I have a 8-CURRENT kernel compiled with the following options, from about > march 5th. > > optionsIPSEC > optionsTCP_SIGNATURE #include support for RFC 2385 > device crypto > device cr

Re: panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

Mark Atkinson wrote: > I have a 8-CURRENT kernel compiled with the following options, from about > march 5th. > > optionsIPSEC > optionsTCP_SIGNATURE #include support for RFC 2385 > device crypto > device cryptodev > > device pf > device

panic: tcp_addoptions: TCP options too long w/ with TCP_SIGNATURE support

I have a 8-CURRENT kernel compiled with the following options, from about march 5th. optionsIPSEC optionsTCP_SIGNATURE #include support for RFC 2385 device crypto device cryptodev device pf device pflog device vlan I also have