Hi all,

I found a bug in the Packet Filter of NetBSD 3.0 that has to do with TCP
Window Scaling. I have a NetBSD 3.0 based router in my network using PF
for firewalling and NAT. Behind the router in the internal network is a
Kernel 2.6.16 based Linux box. If I want to connect to some sites from
this Linux box (e.g. 74.52.39.194), the PF firewall blocks all packets
after the TCP 3-way-handshake. Using Linux Kernel 2.6.17 on the Linux
box makes it impossible to use TCP to any other site.
The problem does not exist if I disable the TCP Window Scaling on the
Linux Box. It works also if I flush the firewall rules and let the NAT
rules in place. So it must be a problem in the filter code.
I didn't tested that behavior with NetBSD-current. Maybe the bug is
already fixed there. If you need some more details of my tests on it,
feel free to ask.

Greets, Joerg Roedel