On Thu, Oct 20, 2005 at 08:24:32AM -0400, Jon Hart wrote:
> On Wed, Oct 19, 2005 at 07:51:13PM -0600, jared r r spiegel wrote:
> > On Tue, Oct 18, 2005 at 11:50:41AM -0400, Jon Hart wrote:
> >
> > > What I'd like is to disable scrub's tcp reassembly on per
> > > host/port/protol basis, something a
On Wed, Oct 19, 2005 at 07:51:13PM -0600, jared r r spiegel wrote:
> On Tue, Oct 18, 2005 at 11:50:41AM -0400, Jon Hart wrote:
>
> > What I'd like is to disable scrub's tcp reassembly on per
> > host/port/protol basis, something along the lines of:
> >
> >scrub all no-df random-id fragment re
On Tue, Oct 18, 2005 at 11:50:41AM -0400, Jon Hart wrote:
> What I'd like is to disable scrub's tcp reassembly on per
> host/port/protol basis, something along the lines of:
>
>scrub all no-df random-id fragment reassemble reassemble tcp
>no scrub inet proto tcp from any to $SAN_NET port
I've got a "situation" here where a particular vendor's IP stack doesn't
seem to be totally RFC compliant. The right solution is to get their
stack fixed but that takes time.
The problem is that when I turn on scrub's reassemble tcp option, i.e.:
scrub all no-df random-id fragment reassembl