[PATCH] tcp-window-tracking patch with sysctl support

Jozsef Kadlecsik kadlec@blackhole.kfki.hu
Wed, 3 Oct 2001 23:11:40 +0200 (CEST)

On Wed, 3 Oct 2001, Brad Chapman wrote:

> > This is the new version of my tcp-window-tracking patch. The modifications
> > are:
> 	Does this patch remove the problem which caused the excessive
> "Out of window" error messages that a lot of netfilter users have reported for
> the past few months?

No one sent a proof that the algorithm falsely identifies packets as out
of window ones. No one sent a proof that the packets thus marked as INVALID
and then dropped by an explicit rule breaks any legitimate connection.
The only problem was - as far as I see - the unexpected number
of such packets and messages.

Therefore the algorithm was not changed. If someone wants it, the messages
now can easily be suppressed. If someone wants to be strictly
"RFC-compliant", then the system can easily be configured to mark those
packets as INVALID only which would be dropped silently by the receiver

