RE: How to remove TCP options when doing NAT?

Le jeudi 28 juin 2007 à 12:00 +0100, Fabrice Triboix a écrit
:
> From ethereal, I can see 20 bytes of options added on
each TCP packets.
> These are TCP options that are added after the standard
TCP header of 20
> bytes, thus the total TCP header size is 40 bytes.
> These 20 bytes of options are (dixit ethereal):
>  - Maximum segment size: 1460 bytes (I can understand
that: 1500 - 40)
>  - SACK permitted
>  - Timestamps: TSval 360225, TSecr 0
>  - NOP
>  - Window scale: 0 (multiply by 1)

What were the options that were not present _before_ the
gateway ?

> Anyone knows how I can configure Linux not to do that?

I don't know of any mangling extension for TCP options,
like
IPV4OPTSSTRIP for IP options.



PS: pls keep the list Cced...

-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint:
FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature
virus.
>> Copy me to your signature file and help me spread!

Hi Cedric,

> What were the options that were not present _before_
the gateway ?

I have some difficulties to understand the question...
The TCP packets coming from the local network (before the
gateway) do
not have extra options in their TCP headers. Their TCP
headers are 20
bytes in size.


> I don't know of any mangling extension for TCP options,
like
> IPV4OPTSSTRIP for IP options.

I guess it is part of the NAT mechanisms... I just would
like to know
whether this is configurable or not...
I forgot to mention that I am using Linux 2.6.18, arch
i686.


> PS: pls keep the list Cced...

Yes, my mistake!!


Cheers,

  Fabrice

-
This message is subject to Imagination Technologies' e-mail
terms: http://www.imgtec.co
m/e-mail.htm
-