Received: (from majordomo@localhost)
	by oss.sgi.com (8.11.2/8.11.3) id f71H0Gc08003
	for netdev-outgoing; Wed, 1 Aug 2001 10:00:16 -0700
Received: from ms2.inr.ac.ru (minus.inr.ac.ru [193.233.7.97])
	by oss.sgi.com (8.11.2/8.11.3) with SMTP id f71H0DV08000
	for <netdev@oss.sgi.com>; Wed, 1 Aug 2001 10:00:14 -0700
Received: (from kuznet@localhost) by ms2.inr.ac.ru (8.6.13/ANK) id UAA12166; Wed, 1 Aug 2001 20:59:59 +0400
From: kuznet@ms2.inr.ac.ru
Message-Id: <200108011659.UAA12166@ms2.inr.ac.ru>
Subject: Re: Fw: oops/bug in tcp, SACK doesn't work?
To: laforge@gnumonks.org (Harald Welte)
Date: Wed, 1 Aug 2001 20:59:59 +0400 (MSK DST)
Cc: netdev@oss.sgi.com
In-Reply-To: <20010731033801.M1486@obroa-skai.gnumonks.org> from "Harald Welte" at Jul 31, 1 03:38:01 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Sender: owner-netdev@oss.sgi.com
Precedence: bulk

Hello!

> The issue is, that we only keep track of the last time a tcp sequence number
> was rewritten.  Yes, that means that current netfilter NAT code does not 
> cope correctly with all cases where you have more than one packet size 
> alteration per window.  

Wow! But it is fatal bug.

Just do not allow to change it more then once (not for window,
you have no reliable way to estimate it, probably for 64K<<wscale),
or remember all the mapping. Argh, and in the first case it is better
to drop packets which can be mangled wrongly.


> So I'm not sure if enabling selective acknowledgements could make the 
> situation worse than it is (given this precondition).  At least after
> giving it some though, I cannot see how.

The situation is opposite, actually. If you mangle seq/ack wrongly,
it is fatal. But if you make a mistake in sack, nothing happens,
sacks are soft.

Alexey