RE: How to remove TCP options when doing NAT?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cedric Blancher <blancher@cartel-securite.fr>
To: Fabrice Triboix <Fabrice.Triboix@imgtec.com>
Cc: netfilter@lists.netfilter.org
Subject: RE: How to remove TCP options when doing NAT?
Date: Thu, 28 Jun 2007 13:32:28 +0200	[thread overview]
Message-ID: <1183030348.8967.41.camel@localhost> (raw)
In-Reply-To: <917D8AC5A524D343B28848D8BBFFEC0701B226A4@klmail1.kl.imgtec.org>

Le jeudi 28 juin 2007 à 12:00 +0100, Fabrice Triboix a écrit :
> From ethereal, I can see 20 bytes of options added on each TCP packets.
> These are TCP options that are added after the standard TCP header of 20
> bytes, thus the total TCP header size is 40 bytes.
> These 20 bytes of options are (dixit ethereal):
>  - Maximum segment size: 1460 bytes (I can understand that: 1500 - 40)
>  - SACK permitted
>  - Timestamps: TSval 360225, TSecr 0
>  - NOP
>  - Window scale: 0 (multiply by 1)

What were the options that were not present _before_ the gateway ?

> Anyone knows how I can configure Linux not to do that?

I don't know of any mangling extension for TCP options, like
IPV4OPTSSTRIP for IP options.

PS: pls keep the list Cced...

-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

next      parent reply	other threads:[~2007-06-28 11:32 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <917D8AC5A524D343B28848D8BBFFEC0701B226A4@klmail1.kl.imgtec.org>
2007-06-28 11:32 ` Cedric Blancher [this message]
2007-06-28 13:26   ` How to remove TCP options when doing NAT? Fabrice Triboix
2007-07-04 12:59 Fabrice Triboix
  -- strict thread matches above, loose matches on Subject: below --
2007-06-27  9:51 Fabrice Triboix
2007-06-27 15:12 ` Cedric Blancher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1183030348.8967.41.camel@localhost \
    --to=blancher@cartel-securite.fr \
    --cc=Fabrice.Triboix@imgtec.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.