SACK out of window segments?
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Wed Jul 20 12:34:02 CEST 2005
Hi Dave,
There had been a long thread on netfilter-devel recently with the subject
[PATCH] TCP window tracking patch backported from the 2.6 tree:
https://lists.netfilter.org/pipermail/netfilter-devel/2005-June/020281.html
https://lists.netfilter.org/pipermail/netfilter-devel/2005-June/020279.html
https://lists.netfilter.org/pipermail/netfilter-devel/2005-June/020317.html
https://lists.netfilter.org/pipermail/netfilter-devel/2005-July/020292.html
https://lists.netfilter.org/pipermail/netfilter-devel/2005-July/020349.html
https://lists.netfilter.org/pipermail/netfilter-devel/2005-July/020350.html
It seems that at least Linux 2.4.25 accepts and (S)ACKs segments which
otherwise looks to be out of window ones. In order to cope with that I had
to add code to the TCP connection tracking part of netfilter.
The question is wether that was a SACK bug in 2.4.25? Or there's something
in the RFCs we overlook and what looks like a violation is actually an RFC
conformant feature?
Thank you your help,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the netfilter-devel
mailing list