lör 2006-11-04 klockan 14:42 +0100 skrev Henrik Nordstrom:
> My tests indicate the site has a broken firewall, tripping over the TCP
> window scaling option. You can get around this by tuning down the max
> parameter (the third parameter) in /proc/sys/net/ipv4/tcp_rmem, but I
> would recommend you contact the owner of the site and inform them about
> the problem.
Just to be clear: The problem is not caused by Squid. The problem is
caused by modern OS:es with good TCP/IP implementations supporting large
TCP windows for efficient network usage combined with old packet level
firewalls not knowing how to deal with large TCP windows.
Some old firewalls can't handle large TCP windows and get quite confused
by them, causing TCP sessions to hang after a few packets have been
exchanged. In most cases a software upgrade of the firewall is
sufficient to fix the problem.
A typical symptom of this problem when looking at a packet capture is
that the SYN handshake is successful using a large WS option, request is
sent but then no response is seen at all. Often not even a proper ACK to
the request.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST