Re: window tracking firewall involved, was: Re: preliminaryconclusions regarding window size issues

[Martin Josefsson]

On Thu, 2004-07-08 at 17:37, David S. Miller wrote:

> > This has now been confirmed with the packages.gentoo.org firewall!
> 
> It's the netfilter patches added to the gentoo WOLK kernel running
> on packages.gentoo.org
> 
> Specifically, it's the tcp-window-tracking patch from netfilter's
> patch-o-matic.  There's some bug in there wrt. it's window scaling
> support.
> 
> I bet if the tcp-window-scaling diff is removed from the kernel running
> there, the problem will totally go away.
> 
> I note that it is using a very old version of the tcp-window-tracking
> patch, the current version is 2.2 and probably fixes this bug.  The
> gentoo linux-2.4.20-wolk-4.14 kernel is using version 1.7

That bug was probably fixed May 21 2003 according to cvs history.
"Patch updated: window scaling bug fixed, improved, etc. (JK)."
It updates the version to 1.9

As reference, I'm using v2.2 with -bk from 040626 which does use
wscale=7 and I don't see any problems connecting to/from machines with
lower or equal wscale. I drop and log all packets tcp-window-tracking
classifies as INVALID.

-- 
/Martin

Attachment: signature.asc
Description: This is a digitally signed message part