I'm going to speak out of turn based on some knowledge of TCP, and without looking at the source to determine what actually triggers the messages (you could, perhaps should, do that). Both peers in a TCP connection advertise a window size to the other peer, which is the buffer available to the other end. This does float up and down as the sender sends data and the receiver pulls it out of the buffer. (There is some interesting stuff in the RFCs about zero windows and silly windows, if you care to read.) A peer is not required to immediately advertise a larger size window. However, the one thing a peer is never supposed to do is to advertize a certain window size and then subsequently advertise a window size which is less than ((previously advertised size) - (data received)). (There is also some disparagement of the use of RST to refuse a connection, FWIW. If you've played much with printers and such you know what I'm talking about.) I don't recall the use of "treason" in the RFCs in this context, although there is an amusing suggestion in one of the RFCs for DNS about shooting people... At 9:38 AM 10/6/05, Lyle Giese wrote:
I have a machine running SuSE v8.2 pro running Apache v2.0.54(installed from Apache source) and found this in the logs this morning:
Oct 5 19:38:43 linux2 kernel: TCP: Treason uncloaked! Peer 211.136.182.106:46312/80 shrinks window 3980592615:3980594075. Repaired. [...]
-- Fred Morris http://www.inwa.net/~m3047/contact.html