On Tue, Jul 28, 2015 at 12:53:26AM +0200, Phil Sutter wrote: > Upon receipt of SYNACK from the server, ipt_SYNPROXY first sends back an ACK to > finish the server handshake, then calls nf_ct_seqadj_init() to initiate > sequence number adjustment of forwarded packets to the client and finally sends > a window update to the client to unblock it's TX queue. > > Since synproxy_send_client_ack() does not set synproxy_send_tcp()'s nfct > parameter, no sequence number adjustment happens and the client receives the > window update with incorrect sequence number. Depending on client TCP > implementation, this leads to a significant delay (until a window probe is > being sent). Could you also fix the IPv6 side to get both codes in sync? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
