> I have checked the offending packets inside and outside the firewall, and
> there has been no modification enroute... it looks likely that it must be
> happening outside our network... however, before I can report anything, I
> suppose I need to understand how the timestamp options work so I can check
> for obvious protocol/field formatting errors...
It is just a TCP option.. the value increases by over time, but do not
reflect actual time. The timestamp is maintained separately for each
endpoint.
The problem I had with a radware loadbalancer box was that it reflected
the clients timestamp during the initial TCP handshake as if it was the
servers timestamp option, while the real servers timestamp option was
seen on any subsequent packets. Such error can totally screw up PAWS as
PAWS relies on the other ends timestamp option to increase properly.
PAWS = Protect Against Wrapped Sequence Numbers, uses the timestamp to
detect when too old duplicate packets are seen. Needed to allow TCP to
operate properly in face of delayed duplicate packets on high latency
high bandwidth links. See RFC 1323 for all the gory details. Without it,
such duplicate packet can corrupt the TCP data stream.
Note: You do not normally need PAWS for some years yet...
Regards
Henrik
Received on Sat May 25 2002 - 06:11:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:13 MST