Bug 49483 - Bug in 2.4.3-12 kernel config for TCP/IP
Summary: Bug in 2.4.3-12 kernel config for TCP/IP
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brock Organ
Depends On:
TreeView+ depends on / blocked
Reported: 2001-07-20 00:20 UTC by Erich Boleyn
Modified: 2007-04-18 16:34 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-06 16:05:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Erich Boleyn 2001-07-20 00:20:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010701

Description of problem:
The kernel config files for the update to kernel 2.4.3-12 in RH 7.1 have
the "CONFIG_NET_ECN" option enabled ("Explicit Congestion Notification"),
which marks the SYN packets of TCP connections in a way that causes some
machines to simply refuse all connections from a Linux box configured in
this way.  The comment on the configuration parameter claims this is just
"some firewalls" that won't work with it, and that is not true.  I have had
this problem with both at least one firewall product and several embedded
machines that had webservers and telnet capability.

Very clearly, this option should not be enabled for production systems
where you want good compatibility with other machines over TCP/IP.

How reproducible:

Steps to Reproduce:
1. Compile kernel with configuration and "CONFIG_NET_ECN" enabled.
2. Run tcpdump and start a telnet connection with some machine, for
example, to port 80 (http) as in part of my example tcpdump included.
3. Observe weird flags on SYN packet:  "ECN-Echo,CWR".

   17:57:20.253747 > > S
[ECN-Echo,CWR] 795192512:795192512(0) win 5840 <mss 1460,sackOK,timestamp
404823 0,nop,wscale 0> (DF)

Actual Results:  As mentioned, packets are marked strangely, and some
machines will simply refuse connections with a Linux box configured in this

Expected Results:  The initial SYN packet should be marked like the
following in a tcpdump with a Linux kernel that isn't compiled with

18:00:30.998291 > > S
1019849161:1019849161(0) win 5840 <mss 1460,sackOK,timestamp 8997
0,nop,wscale 0> (DF)

Additional info:

Comment 1 Phil Knirsch 2001-07-20 08:55:25 UTC
Reassigning to kernel as this is a clear kernel bug.

Kernelcfg is a tool to configure kernel modules. :)

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.