Search squid archive

Re: TCP MISS 502

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ivan . wrote:

Hi Amos

You can see the tcp_miss in the access.log here:-

1269834108.182 120002 127.0.0.1 TCP_MISS/000 0 GET
http://www.environment.gov.au - DIRECT/155.187.3.81 -

Here is a tcpdump output from the connection. You can see the TCP
handshake setup and then the http session just hangs? I have confirmed
with the website admin these are no ddos type protection, which would
block multiple requests in quick succession.
Some packets in the reply are being lost. I suspect Path-MTU discovery or TCP ECN failing. 



The tcp connection times out and then resets.

[root@squid-proxy ~]# tcpdump net 155.187.3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes



16:58:59.369482 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: S
1781942738:1781942738(0) win 5840 <mss 1460,sackOK,timestamp
1321171542 0,nop,wscale 7>


*.41338 makes a connection to 155.187.3.81.


16:58:59.418150 IP 155.187.3.81.http > xxx.xxxx.xxx.xxx.41338: S
2343505326:2343505326(0) ack 1781942739 win 32768 <mss 1460,nop,wscale
0,nop,nop,timestamp 234270252 1321171542,sackOK,eol>
155.187.3.81 then SYN/ACKs the new connection from *.41338 indicating it can receive up to 32KB immediately. 


16:58:59.418167 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: . ack 1
win 46 <nop,nop,timestamp 1321171591 234270252>


*.41338 notes it and indicates availability to receive 46 bytes at a time.


16:58:59.418213 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: P
1:696(695) ack 1 win 46 <nop,nop,timestamp 1321171591 234270252>


*.41338 sends 695 bytes to 155.187.3.81.


16:58:59.477692 IP 155.187.3.81.http > xxx.xxxx.xxx.xxx.41338: P
2897:4081(1184) ack 696 win 33304 <nop,nop,timestamp 234270307
1321171591>
... 155.187.3.81 then attempts to send some bytes from the middle of something to *.41338 


16:58:59.477700 IP xxx.xxxx.xxx.xxx.41338 > 155.187.3.81.http: . ack 1
win 46 <nop,nop,timestamp 1321171650 234270252,nop,nop,sack 1
{2897:4081}>
*.41338 responds to indicate the missing 2897 bytes not received from 155.187.3.81. 


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
  Current Beta Squid 3.1.0.18
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux