On Fri, Sep 13, 2013 at 10:16:14PM +0200, Jozsef Kadlecsik wrote: > I have been thinking on this from time to time and couldn't come up with a > solution which is satisfying: even if an nf_conntrack_tcp_sack_be_liberal > flag is added to the patch, if it's default off, then that's almost the > same situations as we have at the present. With the additional sysctl, at least the 0.1% of admins which are bit by these braindead anonymizer boxes would have the option of working around them without completely disabling TCP window tracking. Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html