netdev
[Top] [All Lists]

Re: [PATCH] Make netfilter handle SACK in NAT'ed connections (was Re: Fw

To: Chris Wedgwood <cw@xxxxxxxx>
Subject: Re: [PATCH] Make netfilter handle SACK in NAT'ed connections (was Re: Fw: oops/bug in tcp, SACK doesn't work?)
From: Harald Welte <laforge@xxxxxxxxxxxx>
Date: Mon, 28 Jan 2002 20:26:42 +0100
Cc: kuznet@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20020127122036.GA10858@tapu.f00f.org>; from cw@f00f.org on Sun, Jan 27, 2002 at 04:20:36AM -0800
References: <20010728004447.I1240@obroa-skai.gnumonks.org> <200107291653.UAA18260@ms2.inr.ac.ru> <20010731033801.M1486@obroa-skai.gnumonks.org> <20020127095716.H16571@sunbeam.de.gnumonks.org> <20020127122036.GA10858@tapu.f00f.org>
Sender: owner-netdev@xxxxxxxxxxx
User-agent: Mutt/1.3.17i
On Sun, Jan 27, 2002 at 04:20:36AM -0800, Chris Wedgwood wrote:
> On Sun, Jan 27, 2002 at 09:57:16AM +0100, Harald Welte wrote:
> 
>     Hi Alexey & Others.
> 
>     I'm now following up a very old thread about netfilter deleting
>     SACKPERM in the case of NAT'ing protocols with helpers (ftp, irc, ...)
> 
> Why not just strip SACK when using NAT?

because SACK is generally a very useful extension of the TCP protocol,
and we shouldn't just be arrogant and decide that our users are not
allowed to use it in combination of nat.

>   --cw

-- 
Live long and prosper
- Harald Welte / laforge@xxxxxxxxxxxx               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)

<Prev in Thread] Current Thread [Next in Thread>