Thanks, Jozsef, I see.
It appears that short of writing a custom netfilter extension, there's no
way to turn off SACKs on a particular connection. Is this right?
Thanks,
Leonid
----- Original Message -----
From: "Jozsef Kadlecsik" <kadlec@xxxxxxxxxxxxxxxxx>
To: "Leonid Zeitlin" <lz@xxxxxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxx>
Sent: Thursday, April 24, 2008 12:33 PM
Subject: Re: Invalid SACK numbers in NAT'ed packets
On Thu, 24 Apr 2008, Leonid Zeitlin wrote:
> or use IPV4OPTSTRIP for the SYN packets sent/received in this direction
> as
> a selective workaround for the problem.
What is IPV4OPTSTRIP? How can I get it? It's not in standard iptables
(not the
one that I have anyway), and I can't find it at the netfilter site
either.
It's a target extension which can be found in patch-o-matic-ng. But sorry,
I mixed up: it strips off IPv4 options and not TCP options, so it'd not
help.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html