Henrik Nordstrom a écrit :
lör 2006-11-04 klockan 14:42 +0100 skrev Henrik Nordstrom:
My tests indicate the site has a broken firewall, tripping over the TCP
window scaling option. You can get around this by tuning down the max
parameter (the third parameter) in /proc/sys/net/ipv4/tcp_rmem, but I
would recommend you contact the owner of the site and inform them about
the problem.
Thanks Henrik, indeed by setting tcp_window_scaling to 0 the site
responds. I tried to tune down the max parameter of tcp_rmem but I went
from 1048576 to 1000 and the site yet did not answer.
I'm running Linux 2.6.12.
I'll contact the owner.
Just to be clear: The problem is not caused by Squid. The problem is
caused by modern OS:es with good TCP/IP implementations supporting large
TCP windows for efficient network usage combined with old packet level
firewalls not knowing how to deal with large TCP windows.
Some old firewalls can't handle large TCP windows and get quite confused
by them, causing TCP sessions to hang after a few packets have been
exchanged. In most cases a software upgrade of the firewall is
sufficient to fix the problem.
A typical symptom of this problem when looking at a packet capture is
that the SYN handshake is successful using a large WS option, request is
sent but then no response is seen at all. Often not even a proper ACK to
the request.
Regards
Henrik
