From: "Michael Kerrisk (man-pages)" <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Troy Davis <troy-EyOyorkO9KA@public.gmane.org>
Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [patch] tcp.7: Clarify tcp_tw_recycle on Internet-facing hosts
Date: Wed, 07 Jan 2015 08:49:12 +0100 [thread overview]
Message-ID: <54ACE4F8.1000409@gmail.com> (raw)
In-Reply-To: <CALQAp37_DD-sy480u7QfC68GaaNK1yqb23vdEyNwJMK91PmD-g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On 11/23/2014 05:28 PM, Troy Davis wrote:
> Clarify that tcp_tw_recycle will break communication with many
> general-purpose remote Internet hosts (namely, remote NAT devices)
> even when the Linux device itself is not behind NAT.
>
> Sources:
> - BCP to make NAT implementors aware of this problem (2013):
> https://tools.ietf.org/html/draft-penno-behave-rfc4787-5382-5508-bis-04#section-3.1.2
> - RFC 1323 (PAWS)
> - RFC 6191: Reducing the TIME-WAIT State Using TCP Timestamps
> - The many users who unknowingly enabled this option on devices
> communicating with the general-purpose Internet:
> https://www.google.com/search?q=tcp_tw_recycle%20ip%20nat%20timestamp
>
> Patched against git HEAD as of this email
> (ac5ba355d52a5a29f2d26badc96e6da9e48c0097).
>
>
> diff --git a/man7/tcp.7 b/man7/tcp.7
> index e6f5aee..06cc127 100644
> --- a/man7/tcp.7
> +++ b/man7/tcp.7
> @@ -780,10 +780,11 @@ building larger TSO frames.
> .TP
> .IR tcp_tw_recycle " (Boolean; default: disabled; since Linux 2.4)"
> .\" Since 2.3.15
> -Enable fast recycling of TIME_WAIT sockets.
> -Enabling this option is not
> -recommended since this causes problems when working
> -with NAT (Network Address Translation).
> +Enable fast recycling of TIME_WAIT sockets. Enabling this option is
> +not recommended for devices communicating with the general Internet
> +or using NAT (Network Address Translation). Since some NAT gateways
> +pass through IP timestamp values, one IP can appear to have
> +non-increasing timestamps. See RFC 1323 (PAWS), RFC 6191.
> .\"
> .\" The following is from 2.6.12: Documentation/networking/ip-sysctl.txt
> .TP
Hello Troy,
The patch is well described, so I'm just going to take your word on all
of the above. Applied.
Cheers,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2015-01-07 7:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-23 16:28 [patch] tcp.7: Clarify tcp_tw_recycle on Internet-facing hosts Troy Davis
[not found] ` <CALQAp37_DD-sy480u7QfC68GaaNK1yqb23vdEyNwJMK91PmD-g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-01-07 7:49 ` Michael Kerrisk (man-pages) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54ACE4F8.1000409@gmail.com \
--to=mtk.manpages-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=troy-EyOyorkO9KA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.