April 8, 2025 at 23:19, "Jakub Kicinski" <kuba@xxxxxxxxxx> wrote: > > On Tue, 08 Apr 2025 14:57:29 +0000 Jiayuan Chen wrote: > > > > > When TCP is in TIME_WAIT state, PAWS verification uses > > > LINUX_PAWSESTABREJECTED, which is ambiguous and cannot be distinguished > > > from other PAWS verification processes. > > > Moreover, when PAWS occurs in TIME_WAIT, we typically need to pay special > > > attention to upstream network devices, so we added a new counter, like the > > > existing PAWS_OLD_ACK one. > > > > > > > > > I really dislike the repetition of "upstream network devices". > > Is it mentioned in some RFC ? > > > > I used this term to refer to devices that are located in the path of the > > TCP connection > > > > Could we use some form of: "devices that are located in the path of the > TCP connection" ? Maybe just "devices in the networking path" ? > I hope that will be sufficiently clear in all contexts. > > Upstream devices sounds a little like devices which have drivers in > > upstream Linux kernel :( That makes sense :). Thanks. > > > > such as firewalls, NATs, or routers, which can perform > > SNAT or DNAT and these network devices use addresses from their own limited > > address pools to masquerade the source address during forwarding, this > > can cause PAWS verification to fail more easily. > > > > You are right that this term is not mentioned in RFC but it's commonly used > > in IT infrastructure contexts. Sorry to have caused misunderstandings. > > -- > > pw-bot: cr >
