On Tue, 08 Apr 2025 14:57:29 +0000 Jiayuan Chen wrote: > > > When TCP is in TIME_WAIT state, PAWS verification uses > > > LINUX_PAWSESTABREJECTED, which is ambiguous and cannot be distinguished > > > from other PAWS verification processes. > > > Moreover, when PAWS occurs in TIME_WAIT, we typically need to pay special > > > attention to upstream network devices, so we added a new counter, like the > > > existing PAWS_OLD_ACK one. > > > > > > > I really dislike the repetition of "upstream network devices". > > Is it mentioned in some RFC ? > > I used this term to refer to devices that are located in the path of the > TCP connection Could we use some form of: "devices that are located in the path of the TCP connection" ? Maybe just "devices in the networking path" ? I hope that will be sufficiently clear in all contexts. Upstream devices sounds a little like devices which have drivers in upstream Linux kernel :( > such as firewalls, NATs, or routers, which can perform > SNAT or DNAT and these network devices use addresses from their own limited > address pools to masquerade the source address during forwarding, this > can cause PAWS verification to fail more easily. > > You are right that this term is not mentioned in RFC but it's commonly used > in IT infrastructure contexts. Sorry to have caused misunderstandings. -- pw-bot: cr
