On Thu, 8 Jul 2004 08:37:00 +0200 bert hubert <ahu@ds9a.nl> wrote: > On Thu, Jul 08, 2004 at 08:03:26AM +0200, bert hubert wrote: > > [ theory that a window tracking firewall drops packets for which it thinks > the intended recipient has no room, as they are larger than the window size > it sees, where it neglects to scale that window size ] > > > We could verify this assumption by checking if lowering the MTU to say 700 > > allows wscale=3 to work. > > This has now been confirmed with the packages.gentoo.org firewall! It's the netfilter patches added to the gentoo WOLK kernel running on packages.gentoo.org Specifically, it's the tcp-window-tracking patch from netfilter's patch-o-matic. There's some bug in there wrt. it's window scaling support. I bet if the tcp-window-scaling diff is removed from the kernel running there, the problem will totally go away. I note that it is using a very old version of the tcp-window-tracking patch, the current version is 2.2 and probably fixes this bug. The gentoo linux-2.4.20-wolk-4.14 kernel is using version 1.7 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
