TCP Hangs with Solaris: Affects HTTP Too

David C Niemi (niemi@tux.org)
Fri, 26 Feb 1999 11:11:29 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vladimir Ivaschenko: "Re: 2.2 network questions"
Previous message: Andrea Arcangeli: "Re: How to read xtime"

> Due to the wide use of the afflicted versions of Solaris in
> firewalls/proxies, I recommend turning on this workaround on any major FTP
> server running on the 2.2.x kernel (and probably HTTP servers as well,
> though it has not been proven to affect HTTP behavior -- yet).

Make that a yes. I have demonstrated to my satisfaction that the Solaris
TCP FIN bug very badly affects HTTP sessions (in my case going through a
Solaris 2.5.1-based firewall to get to a Linux HTTP server on which I could
conveniently turn the workaround on and off and see the results).

In HTTP, the symptom is sessions that hang forever just as they get to
100%. I have seen this going to non-Linux sites too, but I'd recommend
using the workaround for major web servers as well as FTP servers.

I invite others to reproduce these results -- and remember that only
certain sized messages are vulnerable and it only happens if the packets
get out of order, so you won't see it on a local lightly loaded LAN. The
client must be Solaris 2.5.1/2.6, and the server Linux 2.2.x.

---David C Niemi--- If I am not for myself, who will be for me?
---niemi at tux.org--- If I am only for myself, what am I?
---Reston VA USA--- If not now, when? -- Hillel

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vladimir Ivaschenko: "Re: 2.2 network questions"
Previous message: Andrea Arcangeli: "Re: How to read xtime"