|| ||"David S. Miller" <davem-AT-redhat.com>|
|| ||Nivedita Singhvi <niv-AT-us.ibm.com>|
|| ||Re: [PATCH] fix tcp_default_win_scale.|
|| ||Tue, 6 Jul 2004 13:16:17 -0700|
|| ||shemminger-AT-osdl.org, ahu-AT-ds9a.nl, acme-AT-conectiva.com.br,
On Tue, 06 Jul 2004 13:00:07 -0700
Nivedita Singhvi <email@example.com> wrote:
> Stephen Hemminger wrote:
> > Recent TCP changes exposed the problem that there ar lots of really broken firewalls
> > that strip or alter TCP options.
> We should not be accepting of this situation, surely. I mean, the firewalls
> have to get fixed. Multiple things are breaking here, due to this. What
> are the other options they are messing with, and and any idea why?
I totally agree with Nivedita, and that's why I'm not going to
apply Stephen's patch.
> If the firewall is actually stripping the TCP window scaling option,
> then that tells the other end that we can't *receive* scaled windows
> either, since the option indicates both, we are sending and capable
> of receiving. i.e. The other end will not send us scaled windows.
> There is no way we can fix this on the rcv end.
That's correct. If the SYN contains a window scale option, this tells
the SYN+ACK sending side that both receive and send side window scaling
is supported. I think what's really happening is that the firewall is
patching the non-zero window scale option in the SYN+ACK packet to be
zero, yet not adjusting the window field of packets in the rest of the
> Does this need to be the default behaviour? Just how prevalent is
Frankly, I've personally seen none of this. I sit on a DSL line with
no firewalling at my end and I can access all sites just fine. This
seems to indicate that most of the breakage is local to the user's
point of access to the net, rather than a firewall at google.com
or kernel.org or similar.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
to post comments)