From: "David S. Miller" <davem@redhat.com>
To: Jamie Lokier <jamie@shareable.org>
Cc: shemminger@osdl.org, netdev@oss.sgi.com,
linux-net@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fix tcp_default_win_scale.
Date: Tue, 6 Jul 2004 13:12:35 -0700 [thread overview]
Message-ID: <20040706131235.10b5afa8.davem@redhat.com> (raw)
In-Reply-To: <20040706194034.GA11021@mail.shareable.org>
On Tue, 6 Jul 2004 20:40:34 +0100
Jamie Lokier <jamie@shareable.org> wrote:
> If a firewall strips the window scaling option in both directions,
> then window scaling is disabled (RFC 1323 section 2.2).
>
> Are you saying there are broken firewalls which strip TCP options in
> one direction only?
It is this specific case:
1) SYN packet contains window scale option of ZERO.
This says two things, that the system will use a window
scale of ZERO and that it SUPPORTS send and receive window
scaling.
If the firewall were to delete this, we'd be OK, but it
does not. It leaves the option with zero in there.
2) SYN+ACK goes back out with non-zero window scale option.
Note that because of #1, it is impossible for the system
which sent the SYN packet to "refuse" the window scale
option sent in the SYN+ACK.
Here is where we have problems. If the firewall patches
the scale to zero, which is what some of these things
are doing, it is then the firewall's responsibility to
scale the window to make it appear to be zero-scaled.
And this is not being done by these broken firewalls.
BTW, this is why it is so important to get tcpdump traces
at both ends of the connection to analyze problems like
this. If you look at only one side with dumps, you might
not get the side that is getting packets edited by a
firewall or other device.
These machines are so broken that I absolutely refuse to change
how we behave to work around them.
If they want window scaling to be effectively disabled, they should
patch out the window scale option in the "SYN" packet, this prevents
the SYN+ACK sending system from advertising any window scaling support.
What these broken devices are doing is effectively making window
scaling unusable on the internet, and I refuse to swallow such
crap.
next prev parent reply other threads:[~2004-07-06 20:12 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <32886.63.170.215.71.1088564087.squirrel@www.osdl.org>
[not found] ` <20040629222751.392f0a82.davem@redhat.com>
[not found] ` <20040630152750.2d01ca51@dell_ss3.pdx.osdl.net>
[not found] ` <20040630153049.3ca25b76.davem@redhat.com>
2004-07-01 20:37 ` [PATCH] TCP acts like it is always out of memory Stephen Hemminger
2004-07-01 21:04 ` David S. Miller
2004-07-02 1:32 ` Arnaldo Carvalho de Melo
2004-07-06 9:35 ` analysis of TCP window size issues still around - several reports / SACK involved? bert hubert
2004-07-06 18:47 ` [PATCH] fix tcp_default_win_scale Stephen Hemminger
2004-07-06 19:40 ` Jamie Lokier
2004-07-06 20:05 ` Stephen Hemminger
2004-07-06 20:28 ` David S. Miller
2004-07-06 20:36 ` Stephen Hemminger
2004-07-06 20:35 ` David S. Miller
2004-07-06 21:55 ` John Heffner
2004-07-06 22:50 ` David S. Miller
2004-07-07 1:32 ` John Heffner
2004-07-06 23:01 ` PLS help fix: recent 2.6.7 won't connect to anything " bert hubert
2004-07-06 20:12 ` David S. Miller [this message]
2004-07-06 22:44 ` bert hubert
2004-07-06 22:49 ` David S. Miller
2004-07-07 18:06 ` Stephen Hemminger
2004-07-07 19:31 ` Jamie Lokier
2004-07-07 19:38 ` bert hubert
2004-07-07 19:41 ` John Heffner
2004-07-09 23:14 ` David S. Miller
2004-07-06 20:00 ` Nivedita Singhvi
2004-07-06 20:16 ` David S. Miller
2004-07-06 20:26 ` David Ford
[not found] ` <20040706185856.GN18841@lug-owl.de>
2004-07-06 20:17 ` David S. Miller
2004-07-06 20:31 ` Stephen Hemminger
2004-07-06 20:33 ` David S. Miller
2004-07-06 20:24 ` David S. Miller
2004-07-06 23:16 ` Andi Kleen
2004-07-07 7:50 ` Chris Wedgwood
2004-07-06 23:19 ` Redeeman
2004-07-07 19:47 ` John Heffner
2004-07-06 20:19 ` analysis of TCP window size issues still around - several reports / SACK involved? David S. Miller
2004-07-06 20:27 ` bert hubert
2004-07-06 20:31 ` David S. Miller
2004-07-07 21:25 ` Alessandro Suardi
2004-07-06 20:35 [PATCH] fix tcp_default_win_scale Tim Berti
2004-07-06 20:54 ` David Ford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040706131235.10b5afa8.davem@redhat.com \
--to=davem@redhat.com \
--cc=jamie@shareable.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=shemminger@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).