Re: [squid-users] TCP MISS 502 from Amos Jeffries on 2010-03-29 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 29 Mar 2010 19:38:01 +1300

Ivan . wrote:
> Hi Amos
>
> You can see the tcp_miss in the access.log here:-
>
> 1269834108.182 120002 127.0.0.1 TCP_MISS/000 0 GET
> http://www.environment.gov.au - DIRECT/155.187.3.81 -
>
> Here is a tcpdump output from the connection. You can see the TCP
> handshake setup and then the http session just hangs? I have confirmed
> with the website admin these are no ddos type protection, which would
> block multiple requests in quick succession.

Some packets in the reply are being lost. I suspect Path-MTU discovery
or TCP ECN failing.

>
> The tcp connection times out and then resets.
>
> [root_at_squid-proxy ~]# tcpdump net 155.187.3
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

> 16:58:59.369482 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: S
> 1781942738:1781942738(0) win 5840 <mss 1460,sackOK,timestamp
> 1321171542 0,nop,wscale 7>

*.41338 makes a connection to 155.187.3.81.

> 16:58:59.418150 IP 155.187.3.81.http > xxx.xxxx.xxx.xxx.41338: S
> 2343505326:2343505326(0) ack 1781942739 win 32768 <mss 1460,nop,wscale
> 0,nop,nop,timestamp 234270252 1321171542,sackOK,eol>

155.187.3.81 then SYN/ACKs the new connection from *.41338 indicating it
can receive up to 32KB immediately.

> 16:58:59.418167 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: . ack 1
> win 46 <nop,nop,timestamp 1321171591 234270252>

*.41338 notes it and indicates availability to receive 46 bytes at a time.

> 16:58:59.418213 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: P
> 1:696(695) ack 1 win 46 <nop,nop,timestamp 1321171591 234270252>

*.41338 sends 695 bytes to 155.187.3.81.

> 16:58:59.477692 IP 155.187.3.81.http > xxx.xxxx.xxx.xxx.41338: P
> 2897:4081(1184) ack 696 win 33304 <nop,nop,timestamp 234270307
> 1321171591>

... 155.187.3.81 then attempts to send some bytes from the middle of
something to *.41338

> 16:58:59.477700 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: . ack 1
> win 46 <nop,nop,timestamp 1321171650 234270252,nop,nop,sack 1
> {2897:4081}>
>

*.41338 responds to indicate the missing 2897 bytes not received from
155.187.3.81.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18

Received on Mon Mar 29 2010 - 06:38:12 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 12:00:06 MDT