Wietse Venema wrote: > Wietse Venema: > >> I don't know if this is a problem with Windows TCP/IP, or if this >> is a problem with a firewall on the client side. Reportedly, some >> firewalls randomize TCP sequence numbers but don't update the >> sequence numbers in SACK fields. That would be a sure way to mess >> up TCP. >> > > Quoting from the Linux kernel mailing list, December 2007: > > The Cisco PIX had a bug with SACK handling (CSCse14419, fixed > in 7.0(7), 7.1(2.34), 7.2(2.2), 8.0(0.141) but perhaps it has > regressed). A simple trace either side of the firewall will > show the inconsistency between the TCP sequence number (which > gets randomised) and the Sack sequence number (which didn't). > You could disable the TCP Sequence Number Randomisation feature > and see if the fault reoccurs. > > To disable Selective Ack support: > > *BSD: sysctl -w net.inet.tcp.sack.enable=0 > L*n*x: echo 0 > /proc/sys/net/ipv4/tcp_sack >
That might still work, but doing a cat to /proc is deprecated now. The recommended method in linux is: sysctl -w net.ipv4.tcp_sack=0 Joe
