www.edirectory.co.uk -> TCP stack problem?

Christopher K. Johnson ckjohnson at gwi.net
Wed Sep 29 11:47:51 UTC 2004 

Douglas Furlong wrote:

>Good morning All.
>
>I've recently noticed an odd problem with accessing www.edirectory.co.uk
>
>On all of my FC2 machines here, we recently stopped being able to access
>the above site. Via Firefox, Mozilla, elinks. All of them fail saying
>document contains no data.
>
>I have used tcpdump host www.edirectory.co.uk both on the client and
>firewall to try and get a better idea of what is going on, and I used
>ethereal on the client. Below is what I get.
>
>Firewall
>--------
>11:11:27.584098 192.168.0.181.34506 > www.edirectory.co.uk.http: S
>1062279754:1062279754(0) win 5840 <mss 1460,sackOK,timestamp 62570253
>0,nop,wscale 7> (DF)
>11:11:27.605934 www.edirectory.co.uk.http > 192.168.0.181.34506: S
>4164346285:4164346285(0) ack 1062279755 win 17520 <mss 1460,nop,wscale
>0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
>11:11:27.606108 192.168.0.181.34506 > www.edirectory.co.uk.http: . ack 1
>win 46 <nop,nop,timestamp 62570275 0> (DF)
>11:11:27.606482 192.168.0.181.34506 > www.edirectory.co.uk.http: P 1:452
>(451) ack 1 win 46 <nop,nop,timestamp 62570275 0> (DF)
>11:11:27.828597 192.168.0.181.34506 > www.edirectory.co.uk.http: P 1:452
>(451) ack 1 win 46 <nop,nop,timestamp 62570497 0> (DF)
>11:11:27.864180 www.edirectory.co.uk.http > 192.168.0.181.34506: . ack
>452 win 17069 <nop,nop,timestamp 11171953 62570497> (DF)
>
>Client
>------
>11:03:33.441591 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: S
>1062279754:1062279754(0) win 5840 <mss 1460,sackOK,timestamp 62570253
>0,nop,wscale 7>
>11:03:33.463543 IP www.edirectory.co.uk.http > 192.168.0.181.34506: S
>4164346285:4164346285(0) ack 1062279755 win 17520 <mss 1460,nop,wscale
>0,nop,nop,timestamp 0 0,nop,nop,sackOK>
>11:03:33.463604 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: .
>ack 1 win 46 <nop,nop,timestamp 62570275 0>
>11:03:33.463836 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: P
>1:452(451) ack 1 win 46 <nop,nop,timestamp 62570275 0>
>11:03:33.684898 IP 192.168.0.181.34506 > www.edirectory.co.uk.http: P
>1:452(451) ack 1 win 46 <nop,nop,timestamp 62570497 0>
>11:03:33.721780 IP www.edirectory.co.uk.http > 192.168.0.181.34506: .
>ack 452 win 17069 <nop,nop,timestamp 11171953 62570497>
>
>Ethereal Output (attached).
>
>I am currently running kernel 2.6.8-1.521
>
>We have tested access to the site on both windows and FC1 fully updated
>and the site comes up fine.
>
>The ethereal output seems to suggest that it feels the TCP sequence is
>"wrong", and the two tcpdump outputs heavily suggest there is a problem
>on our end. 
>
>So far I have tried the following kernels, which allow me to access the
>site.
>2.6.5-1.358
>2.6.6-1.427
>2.6.6-1.435
>2.6.6-1.435.2.1
>2.6.6-1.435.2.3
>2.6.8-1.541
>
>So far I have tried the following kernels, which do NOT allow me to
>access the site.
>2.6.7-1.494.2.2
>2.6.8-1.521
>
>  
>
I see that window scaling is involved.  Try adding the following two 
entries, to /etc/sysctl.conf (2nd one for wscale):
-------- Start /etc/sysctl.conf additions ------
# Disable TCP ECN which some routers and servers cannot handle.
net.ipv4.tcp_ecn = 0
 
# Disable TCP window scaling which some routers and firewalls cannot handle.
net.ipv4.tcp_window_scaling = 0
-------- End /etc/sysctl.conf additions ------
 
Then activate the change:
sysctl -p

Chris

-- 
-----------------------------------------------------------
   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
   Chris Johnson, RHCE #807000448202021

More information about the fedora-list mailing list