Henrik Nordstrom a écrit :
> lör 2006-11-04 klockan 14:42 +0100 skrev Henrik Nordstrom:
>
>> My tests indicate the site has a broken firewall, tripping over the TCP
>> window scaling option. You can get around this by tuning down the max
>> parameter (the third parameter) in /proc/sys/net/ipv4/tcp_rmem, but I
>> would recommend you contact the owner of the site and inform them about
>> the problem.
Thanks Henrik, indeed by setting tcp_window_scaling to 0 the site
responds. I tried to tune down the max parameter of tcp_rmem but I went
from 1048576 to 1000 and the site yet did not answer.
I'm running Linux 2.6.12.
I'll contact the owner.
>
> Just to be clear: The problem is not caused by Squid. The problem is
> caused by modern OS:es with good TCP/IP implementations supporting large
> TCP windows for efficient network usage combined with old packet level
> firewalls not knowing how to deal with large TCP windows.
>
> Some old firewalls can't handle large TCP windows and get quite confused
> by them, causing TCP sessions to hang after a few packets have been
> exchanged. In most cases a software upgrade of the firewall is
> sufficient to fix the problem.
>
> A typical symptom of this problem when looking at a packet capture is
> that the SYN handshake is successful using a large WS option, request is
> sent but then no response is seen at all. Often not even a proper ACK to
> the request.
>
> Regards
> Henrik
Received on Sat Nov 04 2006 - 12:43:23 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST