2006-12-10 13:46:39

by Jan Engelhardt

[permalink] [raw]
Subject: Window scaling problem?

Hello,


for some reason unknown to me, some TCP connections just hang or get
reset after some kilobytes have been transferred. I suppose it is a
router with broken window scaling, but I can not say for sure from
the tcpdump logs.

Action:
scp ahn.hopto.org:8megabytefile /home/jengelh/
also affects interactive ssh sessions.
Result:
After a few transferred kilobytes -- I rather suspect "a few
seconds" -- either spuriously disconnects with a "Connection reset
by peer" or just hangs.
Expected result:
Continue operation.
Logs:
http://jengelh.hopto.org/tcp/atw.txt sender side
http://jengelh.hopto.org/tcp/ahn.txt receiver side
http://jengelh.hopto.org/tcp/trace.txt glimpse of topology

(There is a TCP FIN/RST at the end of atw.txt, which is when I hit
Ctrl+C to stop the (hung) scp.)

What puzzles me is that line 230 of ahn.txt shows a RST, while
there is no TCP RST sent in atw.txt. On top of that, the "R
889945325:889945325(0)" looks quite out of order.

When setting up a VPN over UDP tunnel (using vpnc) to our exit node,
connections seem to be fine. I hence suppose 10.10.96.1 to be
the culprit.

If anyone could take a look, I'd be grateful. Kernel currently
running is 2.6.18.5, but I have seen this with 2.6.17 I was running
two months ago too, so I do not suspect a kernel bug.


-`J'
--


2006-12-10 20:21:57

by Cal Peake

[permalink] [raw]
Subject: Re: Window scaling problem?

On Sun, 10 Dec 2006, Jan Engelhardt wrote:

> for some reason unknown to me, some TCP connections just hang or get
> reset after some kilobytes have been transferred. I suppose it is a
> router with broken window scaling, but I can not say for sure from
> the tcpdump logs.

I observed the exact same behavior on a client's network not too long ago
which used a Cyberguard firewall as a NAT gateway. I didn't have time to
fully look into it but disabling TCP window scaling in Linux allowed me to
work without problems.

> If anyone could take a look, I'd be grateful. Kernel currently
> running is 2.6.18.5, but I have seen this with 2.6.17 I was running
> two months ago too, so I do not suspect a kernel bug.

I saw this with kernels v2.6.16, v2.6.17, and v2.6.18. Windows XP however
didn't seem to have any problems. So unless Windows doesn't have window
scaling on by default (or uses a workaround) it could be a broken kernel.

Wish I could be more help...

- C.

--
"There is nothing wrong with your television set. Do not attempt
to adjust the picture. We are controlling transmission."
-- The Outer Limits

2006-12-11 09:27:17

by Benny Amorsen

[permalink] [raw]
Subject: Re: Window scaling problem?

>>>>> "CP" == Cal Peake <[email protected]> writes:

CP> I saw this with kernels v2.6.16, v2.6.17, and v2.6.18. Windows XP
CP> however didn't seem to have any problems. So unless Windows
CP> doesn't have window scaling on by default (or uses a workaround)
CP> it could be a broken kernel.

XP doesn't do Window Scaling by default, but Vista will. Hopefully
that should flush out the old PIX's. Versions old enough to break
Window Scaling are old enough to be insecure anyway.


/Benny


2006-12-11 10:03:47

by Jan Engelhardt

[permalink] [raw]
Subject: Re: Window scaling problem?


On Dec 11 2006 10:26, Benny Amorsen wrote:
>>>>>> "CP" == Cal Peake <[email protected]> writes:
>
>CP> I saw this with kernels v2.6.16, v2.6.17, and v2.6.18. Windows XP
>CP> however didn't seem to have any problems. So unless Windows
>CP> doesn't have window scaling on by default (or uses a workaround)
>CP> it could be a broken kernel.
>
>XP doesn't do Window Scaling by default, but Vista will. Hopefully
>that should flush out the old PIX's. Versions old enough to break
>Window Scaling are old enough to be insecure anyway.

Is there some test utility I can run that reliably says if there is a
broken window scaler in the path to an arbitrary host?


-`J'
--

2006-12-11 17:30:14

by Malte Schröder

[permalink] [raw]
Subject: Re: Window scaling problem?

On Monday 11 December 2006 11:03, Jan Engelhardt wrote:
> Is there some test utility I can run that reliably says if there is a
> broken window scaler in the path to an arbitrary host?

Isn't window scaling something that the tcp-stacks on both ends of the
connection do? AFAIK the routers and firewalls that push the packets around
have nothing to do with it .. but I could be wrong ;)

BTW. I am seeing similar things when I go through a CheckPoint VPN-1 firewall.

Regards
--
---------------------------------------
Malte Schr?der
[email protected]
ICQ# 68121508
---------------------------------------


Attachments:
(No filename) (608.00 B)
(No filename) (189.00 B)
Download all attachments

2006-12-11 17:42:48

by Alan

[permalink] [raw]
Subject: Re: Window scaling problem?

On Mon, 11 Dec 2006 18:29:44 +0100
Malte Schröder <[email protected]> wrote:

> Isn't window scaling something that the tcp-stacks on both ends of the
> connection do? AFAIK the routers and firewalls that push the packets around
> have nothing to do with it .. but I could be wrong ;)

Correct. You've just proved you are more qualified than some firewall
product designers. Some "firewall" products like to tamper with the TCP
stream however, or are just too stupid to parse options.

Alan