On Wed, 2013-08-07 at 19:42 +0200, Patrick McHardy wrote: > > The SYNPROXY operates by marking the initial SYN from the client as UNTRACKED > and directing it to the SYNPROXY target. The target responds with a SYN/ACK > containing a cookie and encodes options such as window scaling factor, SACK > perm etc. into the timestamp, if timestamps are used (similar to TCP). The > window size is set to zero. The response is also sent as untracked packet. TCP timestamps are not really used, for various reasons ... Have you taken a look at <http://lists.freebsd.org/pipermail/freebsd-net/2013-July/035999.html> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
