I've been digging into an issue with SSH throughput and discovered that one of the servers involved isn't using RFC1323 window scaling and timestamps.
The server is running 7.3-RELEASE-p3, and has net.inet.tcp.rfc1323 set to 1. When connecting out from the server, it sets both Window Scale and TimeStamp options in the SYN packet and everything is fine. When a connection comes into the server with WS and TS set in the SYN, the response varies. For port 53 (named) the SYN/ACK has WS/TS options. For port 22 (sshd) the SYN/ACK does not have WS/TS options, unless the connection is via lo0. ssh is OpenSSH_5.2p1, compiled from ports with default options. I'm really at a loss to explain this. Why does named use RFC1323 on bce0 when sshd doesn't? Why does sshd use RFC1323 on lo0 but not on bce0? I can provide PCAPs of the SYN, SYN/ACK exchanges if that will help. -- Chip Marshall <c...@2bithacker.net> http://weblog.2bithacker.net/ KB1QYW PGP key ID 43C4819E v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6CM
pgppV7HnTM9AZ.pgp
Description: PGP signature
