On Mon, 17 Feb 2003 01:37:49 +0100 Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> This was a bug in netinet/tcp_timer.c that was fixed a couple of weeks > ago in -current, and backported to stable later. > > When ECN is enabled and a RST arrives, the first RST is ignored and > the SYN is retransmitted with ECN disabled for that connection. This > is a form of fallback in case a firewall is between the hosts that > doesn't understand the ECN bits. > > So, after the fix, you'd see the SYN with ECN bits, the RST, the SYN > retransmission without ECN bits, a second RST and then "Connection > refused". > > Upgrade to -stable or -current, and you'll get the relevant patch. Ofcourse the new kernel was already in place but I'd forgotten to reboot. So, one reboot later it's getting a "connection refused" as expected. Just one more thing, it takes about 3 seconds to get a connection refused with ECN enabled, but with ECN disabled it's immediately. I guess this is a feature of ECN? // nick
