blancher at cartel-securite
Jun 28, 2007, 4:32 AM
Post #3 of 4
Le jeudi 28 juin 2007 à 12:00 +0100, Fabrice Triboix a écrit :
RE: How to remove TCP options when doing NAT?
[In reply to]
> From ethereal, I can see 20 bytes of options added on each TCP packets.
> These are TCP options that are added after the standard TCP header of 20
> bytes, thus the total TCP header size is 40 bytes.
> These 20 bytes of options are (dixit ethereal):
> - Maximum segment size: 1460 bytes (I can understand that: 1500 - 40)
> - SACK permitted
> - Timestamps: TSval 360225, TSecr 0
> - NOP
> - Window scale: 0 (multiply by 1)
What were the options that were not present _before_ the gateway ?
> Anyone knows how I can configure Linux not to do that?
I don't know of any mangling extension for TCP options, like
IPV4OPTSSTRIP for IP options.
PS: pls keep the list Cced...
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!