Re: Accessing certain web sites broken from 2.6.19+

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Stephen Hemminger <shemminger@linux-foundation•org>
To: "Simon Arlott" <simon@fire•lp0.eu>
Cc: "Andrew Hall" <andrew.a.hall@gmail•com>,
	"'Robert Iakobashvili'" <coroberti@gmail•com>,
	netdev@vger•kernel.org
Subject: Re: Accessing certain web sites broken from 2.6.19+
Date: Fri, 11 May 2007 08:47:05 -0700	[thread overview]
Message-ID: <20070511084705.1fa0db14@freepuppy> (raw)
In-Reply-To: <29891.simon.1178882860@5ec7c279.invalid>

On Fri, 11 May 2007 12:27:40 +0100
"Simon Arlott" <simon@fire•lp0.eu> wrote:

> 
> On Fri, May 11, 2007 06:16, Andrew Hall wrote:
> >> -----Original Message-----
> >> From: Robert Iakobashvili [mailto:coroberti@gmail•com]
> >> Sent: Friday, 11 May 2007 2:38 PM
> >> To: Andrew Hall
> >> Cc: netdev@vger•kernel.org
> >> Subject: Re: Accessing certain web sites broken from 2.6.19+
> >>
> >> On 5/11/07, Andrew Hall <andrew.a.hall@gmail•com> wrote:
> >> > When accessing certain web sites when using any kernel above 2.6.19,
> >> TCP
> >> > seems to break. Connection to the site is established but never
> >> completes.
> >> > One particular site is www.dcita.gov.au. Is there a known issue
> >> pertaining
> >> > to this? Using any kernel below 2.6.19 (for example: 2.6.12 or
> >> 2.6.15) works
> >> > fine.
> >>
> >> Including 2.6.21?
> >>
> >> Which browser/s have you tried?
> >>
> >> --
> >> Sincerely,
> >> Robert Iakobashvili,
> >> coroberti %x40 gmail %x2e com
> >> ...........................................................
> >> http://curl-loader.sourceforge.net
> >> A web testing and traffic generation tool.
> >
> > I have not yet tried 2.6.21.. only tried to 2.6.20.9. The issue isn't
> > browser dependent ,as a wget directly from the OS will also fail during the
> > connection. Interestingly requests made from hosts behind the 2.6.20 gateway
> > that make the same request work fine, it seems it's only requests made from
> > the localhost itself.
> >
> 
> Use tcptraceroute with and without -E to check this isn't a problem with ECN.
> 
> 

The problem is TCP window scaling, see:
	http://lwn.net/Articles/92727/

The problem is some sites have firewalls that don't follow the TCP standards.
There is no way to automatically detect these.

Linux has supported TCP window scaling for a long time, but only recently
has the default memory sizing been adjusted to use larger buffers by default.
If the buffer size is >64K then window scaling will be used. If scaling is
greater than 2 (ie >128k) then it is possible to have the problem.

The firewall is doing bad job of passing SYN packets and strips off the
options. This leaves the receiver is doing window scaling, but the sender
is not. The receiver says it has a window of say 1K bytes (with scale of 7)
but sender thinks that is only 8 bytes so goes into silly window syndrome (SWS)
avoidance and doesn't send.

The kernel developers made a conscious decision not to restrict Linux usage
of window scaling, even though it might cause problems with broken networks.
You can avoid the problem by restricting buffering by setting tcp_mem lower,
turning off window scaling with sysctl, or by setting a cwnd limit on
a per route basis.

-- 
Stephen Hemminger <shemminger@linux-foundation•org>

     prev parent reply	other threads:[~2007-05-11 15:47 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-11  4:23 Accessing certain web sites broken from 2.6.19+ Andrew Hall
2007-05-11  4:38 ` Robert Iakobashvili
2007-05-11  5:16   ` Andrew Hall
2007-05-11  5:57     ` Robert Iakobashvili
2007-05-11 11:27     ` Simon Arlott
2007-05-11 15:47       ` Stephen Hemminger [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070511084705.1fa0db14@freepuppy \
    --to=shemminger@linux-foundation$(echo .)org \
    --cc=andrew.a.hall@gmail$(echo .)com \
    --cc=coroberti@gmail$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=simon@fire$(echo .)lp0.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox