LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PATCH] fix tcp_default_win_scale.

[Posted July 7, 2004 by corbet]

From:  "David S. Miller" <davem-AT-redhat.com>
To:  Nivedita Singhvi <niv-AT-us.ibm.com>
Subject:  Re: [PATCH] fix tcp_default_win_scale.
Date:  Tue, 6 Jul 2004 13:16:17 -0700
Cc:  shemminger-AT-osdl.org, ahu-AT-ds9a.nl, acme-AT-conectiva.com.br, netdev-AT-oss.sgi.com, alessandro.suardi-AT-oracle.com, phyprabab-AT-yahoo.com, linux-net-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org

On Tue, 06 Jul 2004 13:00:07 -0700
Nivedita Singhvi <niv@us.ibm.com> wrote:

> Stephen Hemminger wrote:
> > Recent TCP changes exposed the problem that there ar lots of really broken firewalls 
> > that strip or alter TCP options.
> 
> We should not be accepting of this situation, surely. I mean, the firewalls
> have to get fixed. Multiple things are breaking here, due to this. What
> are the other options they are messing with, and and any idea why?

I totally agree with Nivedita, and that's why I'm not going to
apply Stephen's patch.

> If the firewall is actually stripping the TCP window scaling option,
> then that tells the other end that we can't *receive* scaled windows
> either, since the option indicates both, we are sending and capable
> of receiving. i.e. The other end will not send us scaled windows.
> There is no way we can fix this on the rcv end.
> 

That's correct.  If the SYN contains a window scale option, this tells
the SYN+ACK sending side that both receive and send side window scaling
is supported.  I think what's really happening is that the firewall is
patching the non-zero window scale option in the SYN+ACK  packet to be
zero, yet not adjusting the window field of packets in the rest of the
TCP stream.

> Does this need to be the default behaviour? Just how prevalent is
> this??

Frankly, I've personally seen none of this.  I sit on a DSL line with
no firewalling at my end and I can access all sites just fine.  This
seems to indicate that most of the breakage is local to the user's
point of access to the net, rather than a firewall at google.com
or kernel.org or similar.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
(Log in to post comments)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds