Bug#283107: telnet-connections to some hosts fail

[Jurij Smakov <jurij@wooyd.org>]

Hi,

After some further investigation I can now pretty confidently state that the 
culprit for this problem is the ipsec patch, introduced into 2.4.27 kernel 
by the previous kernel maintainer Herbert Xu. I have built two kernels, a 
pristine 2.4.27 from www.kernel.org, and another one, with the ipsec patch 
[0] applied. With the pristine kernel everything works fine, with the 
ipsec one I see bad tcp checksums in tcpdump log when connecting both to 
m-nas1 and esslingen (even though in the latter case the connection does 
not hang). And since the ipsec patch got accepted upstream somewhere in 
2.5.x, it is not surprising that the failures persist with all later 
kernels, including 2.6.x.

The ipsec patch is not the only condition for this failure though. In 
particular, I have completely failed to reproduce the problem on my own 
Ultra1, which is very similar (it is not SMP though). So, it might be that 
it is caused by a combination of ipsec and SMP (not likely, because tested 
kernels are all UP), or some other unidentified factors.

In summary, I do not have a clear idea of how we could fix this. Ripping 
out ipsec out of 2.6 kernels by now is out of the question. It you want a 
"quick and dirty" solution, you can build a 2.4.27 kernel without applying 
ipsec patch. I'll send a summary of this problem to debian-sparc and see 
if someone else can reproduce that using the kernels I've built.

[0] http://gondor.apana.org.au/~herbert/ipsec-2.4/files/ipsec-2.4.27-20040812-1.bz2

Thanks and best regards,

Jurij Smakov                                        jurij@wooyd.org
Key: http://www.wooyd.org/pgpkey/                   KeyID: C99E03CC