Subject: Re: kern/9085: enabling RFC1323 support causes some TCP connectionsto stall
To: NetBSD Networking Technical Discussion List <tech-net@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: tech-net
Date: 02/29/2000 01:56:58
[ On Monday, February 28, 2000 at 16:36:35 (-0800), Kevin Lahey wrote: ]
> Subject: Re: kern/9085: enabling RFC1323 support causes some TCP connectionsto stall 
>
> In message <m12PZfh-000g5eC@most.weird.com>Greg A. Woods writes
> > 
> >That reminds me of a question I have been stewing over ever since this
> >topic was first broached:  Is there any way for a gateway machine to
> >effectively turn off the use of rfc1323 on all traffic it handles?
> 
> You'd have to rewrite every TCP packet that went past to remove the
> timestamp options.  That seems pretty bogus.

Yeah, that's a bit much alright, especially when fragmentation gets into
the picture too....

>  It'd also be impossible
> to do unless you were *certain* that packets only got out via the gateway.

Well, if you are the gateway and you're about to copy a packet to the
outbound interface, it should be pretty obvious whether or not you
should strip the timestamps....

> >It seems to me that it should only be the gateway admin who should have
> >to make the decision as to whether or not rfc1323 support will be a
> >hinderance on a given pipe....
> 
> Why not let the end systems make that determination?  It seems like
> they'd have a better idea of round trip times, window sizes, etc.

Since it seems that rfc1323 timestamps and PPP VJ compression are at
odds with each other it should be more logical to try and do something
about the problem on the gateway rather than assuming that every host
behind the gateway is appropriately configured....  But if it requires
rewriting the TCP packet (or just the header?) then perhaps it's not
worth the effort even though there should be ample CPU do do so in those
scenarios where it would actually pay off.  I keep meaning to turn it
off on all my machines (I still live behind a very narrow PPP line) to
see if it really does make a difference, but I've not yet done so (see
how hard it is to ensure everything behind the gateway is to configure
correctly all of the time!  ;-).

Way back in PR# kern/854 there was a description of this issue and a
patch posted to turn off rfc1323 by default.  There's also a suggestion
for making rfc1323 support optional by route.  That PR is still open
too, despite the fact that a sysctl to adjust rfc1323 support at runtime
has been available for quite some time.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>