Hi,
In our Mobile phone, android(android 8, Linux 4.4.23+ aarch64) runs in a
separate net namespace, and NAT runs in the root domain:
android(veth0) ---- veth1/NAT/rmnet0 ---- internet
The symptom is we are not able to send mms from android. After run
tcpdump we found that some tcp ACKs with sack option can be captured in
rmnet0, but not in veth1. And:
1. Not all such ACKs are lost, but once there's one lost then all
following such ACKs will be lost;
2. We've disabled the TCP segment offload but this doesn't help;
3. It works if tcp sack is disabled by
"echo 0 >/proc/sys/net/ipv4/tcp_sack";
The NAT rules in root domain are simple (there's no filter rules):
...
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes
target prot opt in out source destination
2 120 MASQUERADE all -- any rmnet0 anywhere anywhere
...
I've also posted a question here:
https://stackoverflow.com/questions/49064250/nat-doesnt-forward-tcp-acks-with-sack-option
Any suggestion? Thank you very much.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
