Stephen Hemminger wrote:
Recent TCP changes exposed the problem that there ar lots of really broken firewalls
that strip or alter TCP options.
We should not be accepting of this situation, surely. I mean, the firewalls
have to get fixed. Multiple things are breaking here, due to this. What
are the other options they are messing with, and and any idea why?
When the options are modified TCP gets busted now. The problem is that when
we propose window scaling, we expect that the other side receives the same
initial
SYN request that we sent. If there is corrupting firewalls that strip it then
the window we send is not correctly scaled; so the other side thinks there is
not
enough space to send.
If the firewall is actually stripping the TCP window scaling option,
then that tells the other end that we can't *receive* scaled windows
either, since the option indicates both, we are sending and capable
of receiving. i.e. The other end will not send us scaled windows.
There is no way we can fix this on the rcv end.
I propose that the following that will avoid sending window scaling that
is big enough to break in these cases unless the tcp_rmem has been increased.
It will keep default configuration from blowing in a corrupt world.
Does this need to be the default behaviour? Just how prevalent is
this??
thanks,
Nivedita
|