On Thu, 2004-07-08 at 17:37, David S. Miller wrote:
> > This has now been confirmed with the packages.gentoo.org firewall!
>
> It's the netfilter patches added to the gentoo WOLK kernel running
> on packages.gentoo.org
>
> Specifically, it's the tcp-window-tracking patch from netfilter's
> patch-o-matic. There's some bug in there wrt. it's window scaling
> support.
>
> I bet if the tcp-window-scaling diff is removed from the kernel running
> there, the problem will totally go away.
>
> I note that it is using a very old version of the tcp-window-tracking
> patch, the current version is 2.2 and probably fixes this bug. The
> gentoo linux-2.4.20-wolk-4.14 kernel is using version 1.7
That bug was probably fixed May 21 2003 according to cvs history.
"Patch updated: window scaling bug fixed, improved, etc. (JK)."
It updates the version to 1.9
As reference, I'm using v2.2 with -bk from 040626 which does use
wscale=7 and I don't see any problems connecting to/from machines with
lower or equal wscale. I drop and log all packets tcp-window-tracking
classifies as INVALID.
--
/Martin
signature.asc
Description: This is a digitally signed message part
|