[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: Fw: [Fwd: [Bug 5644] New: NFS v3 TCP 3-way handshake incorrect,
From:       Patrick McHardy <kaber () trash ! net>
Date:       2005-11-29 22:32:45
Message-ID: 438CD70D.3030305 () trash ! net
[Download RAW message or body]

Jozsef Kadlecsik wrote:
> Mounting NFS file systems after a (warm) reboot could take a long time if
> firewalling and connection tracking was enabled.
> 
> The reason is that the NFS clients tends to use the same ports (800 and
> counting down). Now on reboot, the server would still have a TCB for an
> existing TCP connection client:800 -> server:2049. The client sends a
> SYN from port 800 to server:2049, which elicits an ACK from the server.
> The firewall on the client drops the ACK because (from its point of
> view) the connection is still in half-open state, and it expects to see
> a SYNACK.
> 
> The client will eventually time out after several minutes.
> 
> The following patch corrects this, by accepting ACKs on half open connections
> as well.

Thanks Jozsef, I'll pass it on to Dave tommorrow.

[prev in list] [next in list] [prev in thread] [next in thread]