Article delegate-en/2991 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2989@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: delegate: mixed up window sizes
30 Jun 2005 10:03:02 GMT "Benjamin Schweizer; dsb AG" <pvufqbdyi-rcweveeez7tr.ml@ml.delegate.org>


Hello again,

I wrote:

> I've experienced some strange problems with the handling of the tcp 
> window size in delegate. By now, I was not able to debug it, I just 
> want to ask if other users have reported similar problems. It looks as 
> if the packets get fragmented in a wrong way which makes my Checkpoint 
> reject them. I'm currently using 8.11.3 but I had similar problems 
> with 8.9.1.
>
> addendum: I'm just analysing the code which is rather complex. I 
> assume that this is a bug in the ftp handler which is called via xinetd.

I've some more results:
- the banner message get's fragmented on some connections (this is a 
kernel issue, may be some special socket options?)
- the fragmented packet is correct as I can see
- Checkpoint as well as Sonic Wall reject this packet in the application 
filter as they don't assemble fragmented packets at this stage

Workaround:
- I've shortened the banner to fit into a ~780 byte packet which 
supressed fragmentation

Further investigation:
- I've to figure out why the packets get fragmented, this is somehow 
strange as the window-size is not restricted by the client nor by the 
routers.
- I've to figure out why they are dropped at the firewalls
   - is the packet strange?
   - is the application layer filter broken?
   - is there some limit?



regards

-- 
*Benjamin Schweizer* | dsb AG

phone +49 7000 000-000f | fax +49 7000 000-000f
Konrad-Zuse-Strasse 16 | D-74172 Neckarsulm


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V