On Tue, 06 Jul 2004 13:00:07 -0700 Nivedita Singhvi <niv@us.ibm.com> wrote: > Stephen Hemminger wrote: > > Recent TCP changes exposed the problem that there ar lots of really broken firewalls > > that strip or alter TCP options. > > We should not be accepting of this situation, surely. I mean, the firewalls > have to get fixed. Multiple things are breaking here, due to this. What > are the other options they are messing with, and and any idea why? I totally agree with Nivedita, and that's why I'm not going to apply Stephen's patch. > If the firewall is actually stripping the TCP window scaling option, > then that tells the other end that we can't *receive* scaled windows > either, since the option indicates both, we are sending and capable > of receiving. i.e. The other end will not send us scaled windows. > There is no way we can fix this on the rcv end. > That's correct. If the SYN contains a window scale option, this tells the SYN+ACK sending side that both receive and send side window scaling is supported. I think what's really happening is that the firewall is patching the non-zero window scale option in the SYN+ACK packet to be zero, yet not adjusting the window field of packets in the rest of the TCP stream. > Does this need to be the default behaviour? Just how prevalent is > this?? Frankly, I've personally seen none of this. I sit on a DSL line with no firewalling at my end and I can access all sites just fine. This seems to indicate that most of the breakage is local to the user's point of access to the net, rather than a firewall at google.com or kernel.org or similar. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
