| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E5779AD88B2F040B8A7E83ECF544D1A01622C@SJCPEX01CL02.citrite.net> Date: Tue, 11 Jun 2013 18:31:54 +0000 From: Jeff Haran <Jeff.Haran@...rix.com> To: 'Rick Jones' <rick.jones2@...com> CC: Pablo Neira Ayuso <pablo@...filter.org>, David Laight <David.Laight@...LAB.COM>, Phil Oester <kernel@...uxace.com>, "netfilter-devel@...r.kernel.org" <netfilter-devel@...r.kernel.org>, "davem@...emloft.net" <davem@...emloft.net>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: [PATCH 3/5] netfilter: xt_TCPMSS: Fix violation of RFC879 in absence of MSS option > -----Original Message----- > From: netfilter-devel-owner@...r.kernel.org [mailto:netfilter-devel-owner@...r.kernel.org] On Behalf Of Rick Jones > Sent: Tuesday, June 11, 2013 11:14 AM > To: Jeff Haran > Cc: Pablo Neira Ayuso; David Laight; Phil Oester; netfilter-devel@...r.kernel.org; davem@...emloft.net; netdev@...r.kernel.org > Subject: Re: [PATCH 3/5] netfilter: xt_TCPMSS: Fix violation of RFC879 in absence of MSS option > > > There is likely no "right" answer for this issue, but for what it's > > worth I can report a somewhat related experience I had a few years > > ago when updating my PC at home with a new Suse distro. The machine > > had been running previous versions of Suse with my Comcast cable > > internet service just fine for several years. I downloaded the ISO > > from opensuse, burned the DVD, did the install but when it came back > > up again the internet service was quite unreliable. It would work for > > a few minutes, but then no packets would flow. I happened to run > > ifconfig eth0 and it showed an MTU of 576. It seems the version of > > the DHCP client that came with the new distro honored the DHCP MTU > > option, but Comcast was advertising DHCP offers with an MTU of 576. > > Presumably then, your system rejected any incoming packet which was > larger than the 576 byte MTU it got from the Comcast DHCP server.. > > I can think of two reasons for larger packets to be arriving at your > system then: > > 1) UDP > > 2) Broken TCPs ass-u-me-ing a TCP MSS larger than 536 bytes when there > wasn't an MSS option in the SYN(s). > > Did your SuSE system send actual TCP MSS options based on the 576 byte MTU? > > > rick jones I didn't debug it further so I can't answer that question. But the problem was clearly in the cable modem. Power cycling the modem brought back connectivity, for a little while. I was able to muddle through this since I work with this stuff for a living, but if I had been an IP-unsavvy Joe Sixpack who was trying out a Linux live CD on his home PC as an alternative to Windows, I suspect I would have given up in disgust. Something to think about for those of us who would like to see wider adoption of Linux on the PC desktop. Jeff Haran -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists