Re: ICMP outside TCP window?

Andi Kleen (
26 Sep 1997 19:26:08 +0200

"B. James Phillippe" <bryan@Terran.ORG> writes:

> Hello,
> This is another one of those "there's a new debugging message that
> I don't understand" posts. Would anyone with a higher degree of network
> kernel knowlege mind descibing the cause and effect of this message to me?

I put this message in to see how often this situation happens in practice.
In your case it's correct, so the check might get relaxed a little bit.
If it bothers you you can undefine ICMP_PARANOIA in net/ipv4/tcp_ipv4.c.

Basically it's an added check to detect a special case of ICMP based
denial-of-service attacks. That isn't the case here though, your TCP window
just dropped to 1MSS.