On Thu, 8 Jul 2004 08:37:00 +0200
bert hubert <ahu@xxxxxxx> wrote:
> On Thu, Jul 08, 2004 at 08:03:26AM +0200, bert hubert wrote:
> [ theory that a window tracking firewall drops packets for which it thinks
> the intended recipient has no room, as they are larger than the window size
> it sees, where it neglects to scale that window size ]
> > We could verify this assumption by checking if lowering the MTU to say 700
> > allows wscale=3 to work.
> This has now been confirmed with the packages.gentoo.org firewall!
It's the netfilter patches added to the gentoo WOLK kernel running
Specifically, it's the tcp-window-tracking patch from netfilter's
patch-o-matic. There's some bug in there wrt. it's window scaling
I bet if the tcp-window-scaling diff is removed from the kernel running
there, the problem will totally go away.
I note that it is using a very old version of the tcp-window-tracking
patch, the current version is 2.2 and probably fixes this bug. The
gentoo linux-2.4.20-wolk-4.14 kernel is using version 1.7