On Wed, 2 Mar 2005, Pierre Ossman wrote: > >On Mon, 21 Feb 2005 I posted a patch to netfilter-devel which addresses > >this and other issues in TCP window tracking. Please try the patch. > > I assume you meant: > https://lists.netfilter.org/pipermail/netfilter-devel/2005-February/018598.html > > I've tried the patch and it seems to keep it from dropping the ACKs > which is enough to keep the connection going. I still get some errors > the other way though: > > Mar 2 01:36:22 prometheus kernel: ip_ct_tcp: SEQ is over the upper > bound (over the window of the receiver) IN= OUT= SRC=10.8.0.24 > DST=10.8.5.10 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=52959 DF PROTO=TCP > SPT=1053 DPT=873 SEQ=3991302411 ACK=1391445765 WINDOW=115 RES=0x00 ACK > URGP=0 OPT (0101080AD974090C92CE1415) If it is reproducible then could you capture the traffic with tcpdump and send me the results together with the corresponding log lines? Please dump on both sides of the firewall. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
