Re: Why does this connection stop being tracked?

[Andy Smith <andy@strugglers.net>]

[-- Attachment #1: Type: text/plain, Size: 1314 bytes --]

On Wed, Jun 15, 2005 at 12:07:52PM -0400, R. DuFresne wrote:
> >> You have two choices: either disable TCP SACK support on all your
> >> real/virtual machines behind your firewall, or upgrade the kernel on the
> >> firewall.
> >
> > Do you have any instructions or a pointer to documentation onhow to
> > temporarily disable SACK?  If it was a /proc setting that would be
> > ideal; I don't really want to have to recompile kernels though.
> >
> 
> why?  you are certainly missing out on how to fix and patch a systems when 
> bugs in the kernel affect it, to the ability to add features that your 
> dist maintainer has not enabled by default, or to change params in the 
> kernel such as moving away or to kernel modules as opposed to stack 
> functionality mapping.

I'm sorry, I didn't phrase that very well.  I'm perfectly happy to
compile new kernels and indeed I am required to run a patched 2.6.11
plus some other patches that I have to apply manually in order to
use Xen.

$ uname -a
Linux curacao.strugglers.net 2.6.11curacaoxen0-steven-hand1 #1 Sat Jun 4 18:49:26 UTC 2005 i686 GNU/Linux

I just didn't want to make a new kernel and reboot in order to test
the suggestion of disabling SACK as the downtime of a reboot on a
machine with multiple virtual machines is unpopular.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]