In message <_A2991@delegate-en.ML_> on 06/30/05(19:03:04)
you "Benjamin Schweizer; dsb AG" <firstname.lastname@example.org> wrote:
|> I've experienced some strange problems with the handling of the tcp
|> window size in delegate. By now, I was not able to debug it, I just
|> want to ask if other users have reported similar problems. It looks as
|> if the packets get fragmented in a wrong way which makes my Checkpoint
|> reject them. I'm currently using 8.11.3 but I had similar problems
|> with 8.9.1.
|> addendum: I'm just analysing the code which is rather complex. I
|> assume that this is a bug in the ftp handler which is called via xinetd.
Is this the problem in DeleGate as a FTP-proxy ?
|I've some more results:
|- the banner message get's fragmented on some connections (this is a
|kernel issue, may be some special socket options?)
Is it a banner meesage from a FTP server relayed by DeleGate ?
|- the fragmented packet is correct as I can see
|- Checkpoint as well as Sonic Wall reject this packet in the application
|filter as they don't assemble fragmented packets at this stage
|- I've shortened the banner to fit into a ~780 byte packet which
|- I've to figure out why the packets get fragmented, this is somehow
|strange as the window-size is not restricted by the client nor by the
|- I've to figure out why they are dropped at the firewalls
| - is the packet strange?
| - is the application layer filter broken?
| - is there some limit?
D G Yutaka Sato <email@example.com> http://delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller