lör 2006-11-04 klockan 14:42 +0100 skrev Henrik Nordstrom: > My tests indicate the site has a broken firewall, tripping over the TCP > window scaling option. You can get around this by tuning down the max > parameter (the third parameter) in /proc/sys/net/ipv4/tcp_rmem, but I > would recommend you contact the owner of the site and inform them about > the problem. Just to be clear: The problem is not caused by Squid. The problem is caused by modern OS:es with good TCP/IP implementations supporting large TCP windows for efficient network usage combined with old packet level firewalls not knowing how to deal with large TCP windows. Some old firewalls can't handle large TCP windows and get quite confused by them, causing TCP sessions to hang after a few packets have been exchanged. In most cases a software upgrade of the firewall is sufficient to fix the problem. A typical symptom of this problem when looking at a packet capture is that the SYN handshake is successful using a large WS option, request is sent but then no response is seen at all. Often not even a proper ACK to the request. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
