LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 02-25-2009, 07:21 AM   #16
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728Reputation: 728

I just stumbled into this--based on tredegar's post passing along the hints.

My gut reaction is that the fix should be at the website end--I have used 20+ different Linux systems over the years, and I cannot recall an issue with a website that would fix the symptoms described here.

I HAVE had issues with Firefox on some sites. In the majority, the site administrator has fixed it when I reported it.

I wish I understood more of the nuances so I could back up what my instinct is saying.......
 
Old 02-26-2009, 05:10 AM   #17
slackist
Member
 
Registered: Feb 2004
Location: Phuket, Thailand
Distribution: Slackware 14.1
Posts: 435

Rep: Reputation: Disabled
Quote:
Originally Posted by mrclisdue View Post
I, for one, think it's wonderful that Mr. Hobbs took the time to respond in the thread.

cheers,
Yeah really! Very cool of you Mr. Hobbs to a) take the time to sign up and respond, b) admit and explain what the problem is and c) post a work-around.

Kudos man.
 
Old 02-26-2009, 11:12 AM   #18
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,228
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
What kind of Firewall is that so I don't ever buy one
 
Old 02-27-2009, 08:36 AM   #19
hobbsc
LQ Newbie
 
Registered: Feb 2009
Location: Arkansas
Distribution: openSUSE, SLED, SLES
Posts: 8

Rep: Reputation: 1
Quote:
Originally Posted by farslayer View Post
What kind of Firewall is that so I don't ever buy one
It's a Symantec 1660 Security Gateway, a direct descendent of their "Velociraptor" firewall line. We've taken to calling it "the craptor."

They're no longer producing this particular device... I can't imagine why.
 
Old 02-27-2009, 08:37 AM   #20
hobbsc
LQ Newbie
 
Registered: Feb 2009
Location: Arkansas
Distribution: openSUSE, SLED, SLES
Posts: 8

Rep: Reputation: 1
Quote:
Originally Posted by pixellany View Post
I just stumbled into this--based on tredegar's post passing along the hints.

My gut reaction is that the fix should be at the website end--I have used 20+ different Linux systems over the years, and I cannot recall an issue with a website that would fix the symptoms described here.

I HAVE had issues with Firefox on some sites. In the majority, the site administrator has fixed it when I reported it.

I wish I understood more of the nuances so I could back up what my instinct is saying.......
I've already explained that the issue is with our firewall and I'm in the process of resolving the issue by replacing the firewall.
 
Old 02-27-2009, 08:37 AM   #21
hobbsc
LQ Newbie
 
Registered: Feb 2009
Location: Arkansas
Distribution: openSUSE, SLED, SLES
Posts: 8

Rep: Reputation: 1
PS - Thanks for the kind words from everyone!
 
Old 02-27-2009, 12:05 PM   #22
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Respect.
 
Old 02-27-2009, 11:26 PM   #23
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,228
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by hobbsc View Post
It's a Symantec 1660 Security Gateway, a direct descendent of their "Velociraptor" firewall line. We've taken to calling it "the craptor."

They're no longer producing this particular device... I can't imagine why.
Thanks. Mine are all PIX or Checkpoint so no worries here then.
 
Old 04-09-2009, 03:22 AM   #24
ODJ
LQ Newbie
 
Registered: May 2007
Location: Brussels, Belgium
Distribution: Debian GNU/Linux
Posts: 11

Rep: Reputation: 0
Quote:
Originally Posted by arizonagroovejet
Being at work right now and having just got the thread update notification it occurred to me to try visiting the site from my work machine which runs SUSE Linux Enterprise Desktop 10. The site loads fine even though tcp_window_scaling is not 0

Code:
me@mymachine:~> cat /proc/sys/net/ipv4/tcp_window_scaling
1
On an openSUSE 11.1 machine I also have at work for tinkering with the website fails to load just as it does on my openSUSE 11.1 machine at home. Interestingly, the tcp_window_scaling setting is the same as on my SLED 10 machine:

Code:
host-foo:~ # cat /proc/sys/net/ipv4/tcp_window_scaling
1
If I change the tcp_windows_scaling to 0 then the website loads. Which is curious.


Anyway, best get back to work.

I had a similar issue, and was made aware of the following:


Quote:
Originally Posted by farslayer View Post
Window Scaling is an automated function of the TCP protocol implemented in 1992...

This issue has been around for a while
http://lwn.net/Articles/92727/
Quote:
The TCP window field, however, is only 16 bits wide, allowing for a maximum window size of 64KB. The TCP designers must have thought that nobody would ever need a larger window than that. But 64KB is not even close to what is needed in many situations today. The solution to this problem is called "window scaling." It is not new; window scaling was codified in RFC 1323 back in 1992. It is also not complicated: a system wanting to use window scaling sets a TCP option containing an eight-bit scale factor. All window values used by that system thereafter should be left-shifted by that scale factor; a window scale of zero, thus, implies no scaling at all, while a scale factor of five implies that window sizes should be shifted five bits, or multiplied by 32. With this scheme, a 128KB window could be expressed by setting the scale factor to five and putting 4096 in the window field.

To keep from breaking TCP on systems which do not understand window scaling, the TCP option can only be provided in the initial SYN packet which initiates the connection, and scaling can only be used if the SYN+ACK packet sent in response also contains that option. The scale factor is thus set as part of the setup handshake, and cannot be changed thereafter.

The details are still being figured out, but it would appear that some routers on the net are rewriting the window scale TCP option on SYN packets as they pass through. In particular, they seem to be setting the scale factor to zero, but leaving the option in place. The receiving side sees the option, and responds with a window scale factor of its own. At this point, the initiating system believes that its scale factor has been accepted, and scales its windows accordingly. The other end, however, believes that the scale factor is zero. The result is a misunderstanding over the real size of the receive window, with the system behind the firewall believing it to be much smaller than it really is. If the expected scale factor (and thus the discrepancy) is large, the result is, at best, very slow communication. In many cases, the small window can cause no packets to be transmitted at all, breaking TCP between the two affected systems entirely.

Last edited by ODJ; 04-09-2009 at 03:23 AM.
 
Old 04-09-2009, 07:48 PM   #25
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,228
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by ODJ View Post
I had a similar issue, and was made aware of the following:
Yeah hobbsc, from this thread is the one that clued me into this particular issue. I had not run into it before. .
 
Old 04-26-2009, 06:28 PM   #26
62chevy
Member
 
Registered: Mar 2002
Location: West (By God) Virginia
Distribution: Debian Squeeze - Sid
Posts: 281

Rep: Reputation: 44
Looking for one problem with iceweasel I find another and fix it. Problems like this can take months to fix in windows. now back to search to find the problem with iceweasel and youtube. I need to stop messing with my system ... Naaa never happen.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
login page won't load for a website.(KDE 3.5 Xubuntu) tombo465 Linux - Newbie 6 12-04-2008 03:21 AM
Running a website which load sharing on many server!!! celeron Linux - Server 4 10-25-2007 08:18 PM
Website will not load marlaina1 General 1 04-05-2007 12:44 PM
Can't load one specific website using any browser Ilisdur Fedora 4 09-14-2004 04:59 PM
Apache - Website wont load biggiefatts Linux - Networking 11 02-23-2003 03:03 PM


All times are GMT -5. The time now is 03:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration