TCP window tracking has bad side effects

Phil Oester kernel at linuxace.com
Thu Dec 2 01:54:54 CET 2004


On Wed, Dec 01, 2004 at 01:16:31PM +0100, Jozsef Kadlecsik wrote:
> Yes, you can disable it anytime:
> 
> echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
> 
> But a full tcpdump from such a session and the log entries on the
> invalid packets would be useful for us to recheck the code.

This sounds remarkably similar to bugzilla #258, where a TCP
session which works in 2.6.8.1 fails in 2.6.9:

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=258

Attached to the report is a binary tcpdump.  I've replayed it
and tried a few things but can't figure out what the problem
is.

Disabling window tracking did nothing -- were there any other
interesting changes in 2.6.9 series?

Phil



More information about the netfilter-devel mailing list