[CentOS] Able to open TCP session, but unable to receive html content

Alain Spineux aspineux at gmail.com
Sun Sep 30 17:48:36 UTC 2007


It could be a BUG in the kernel.
I got the same on multiple architecture/hardware  (fc6, fc7, centos5)

2.6.22.5-76.fc7 EVO n610c
2.6.20-2925.9.fc7xen DOM-0 on DELL PRECISION 360
2.6.18-1.2849.fc6 (in vmware)
2.6.18-8.el5xen DOM-X on DELL 360

but it works on:

centos 4.X 2.6.9-34.ELsmp
windows XP
ubuntu 7.X 2.6.20-15-generic


On 9/30/07, Garron Kramer <garron.gmail at epidemic.co.za> wrote:
>
>
>
> On 28/09/2007, Alain Spineux <aspineux at gmail.com> wrote:
> >
> > Here are my own tcpdump, this is only the connection part.
> > 192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen)
> > Lines are grouped 2 by 2
> > I see two strenge things :
> > - the windows is only 46bytes large !
> > - the centos4 send a packed with a bad checksum!
> >
> >
> > 21:10: 26.841544 IP (tos 0x10, ttl  64, id 31172, offset 0, flags [DF],
> > proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S,
> > cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss
> > 1460,sackOK,timestamp  626170478 0,nop,wscale 7>
> > 21:07:46.854517 IP (tos 0x10, ttl  64, id 16300, offset 0, flags [DF],
> > proto       6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S
> > [tcp sum ok]               830506483:830506483(0) win 5840 <mss
> > 1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
> >
> > 21:10:26.884069 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF],
> > proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S,
> > cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win
> > 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
> > 21:07:46.881494 IP (tos 0x0, ttl  53, id 0, offset 0, flags [DF],
> > proto       6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S
> > [tcp sum ok]             2040411689:2040411689(0) ack  830506484 win
> > 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
> >
> > 21:10:26.884120 IP (tos 0x10, ttl  64, id 31173, offset 0, flags [DF],
> > proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: .,
> > cksum 0x3fff (correct), ack 1 win 46
> > 21:07:46.881575 IP (tos 0x10, ttl  64, id 16302, offset 0, flags [DF],
> > proto       6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: .
> > [tcp sum ok]             ack 1 win 1460
> >
> > 21:10:30.317344 IP (tos 0x10, ttl  64, id 31174, offset 0, flags [DF],
> > proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P,
> > cksum 0x6b7d (correct), 1:8(7) ack 1 win 46
> > 21:07:55.031547 IP (tos 0x10, ttl  64, id 16304, offset 0, flags [DF],
> > proto       6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P
> > [bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
> >
> > 21:10:30.363124 IP (tos 0x0, ttl  53, id 4389, offset 0, flags [DF],
> > proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: .,
> > cksum 0x2956 (correct), ack 8 win 5840
> > 21:07:55.054752 IP (tos 0x0, ttl  53, id 10784, offset 0, flags [DF],
> > proto      6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: .
> > [tcp sum ok] ack 8 win 5840
> >
> > 21:11:15.504130 IP (tos 0x0, ttl  20, id 1, offset 0, flags [none],
> > proto: TCP (6), length:   40) 87.86.7.52.http > 192.168.23.14.36570:
> > R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0
> > 21:07:55.114216 IP (tos 0x0, ttl  53, id 10785, offset 0, flags [DF],
> > proto     6,  length: 1500) 87.86.7.52.http > 192.168.23.11.33258: .
> > 1:1461(1460) ack 8 win 5840
> >
> >
> >
> >
> > On 9/28/07, Alain Spineux < aspineux at gmail.com> wrote:
> > > Ops
> > > I have the same at home :-)
> > > My Centos5 is not working too but my 4.x is working well !!!
> > >
> > > I look like www.debtbusterloans.com return packet with bad checksum.
> > > Centos4 accept it, but Centos5 ignore it
> > >
> > >
> > > On 9/28/07, Alain Spineux <aspineux at gmail.com > wrote:
> > > > Hi
> > > >
> > > > Are eagle and Mailscanner on the same network, on the same switch/hub
> ?
> > > > Can you post  your tcpdump for both connection.
> > > > What is the NIC ?
> > > >
> > > > On 9/27/07, Garron Kramer <garron.gmail at epidemic.co.za> wrote:
> > > > > I seem to be having a problem with all of my CentOS5 machines, which
> do not
> > > > > seem to be a problem with CentOS4.4:
> > > > >
> > > > > [garron at MailScanner ~]$ telnet www.debtbusterloans.com 80
> > > > > Trying 87.86.7.52.. .
> > > > > Connected to www.debtbusterloans.com (87.86.7.52).
> > > > > Escape character is '^]'.
> > > > > GET /
> > > > > HTTP/1.1 200 OK
> > > > > Date: Thu, 27 Sep 2007 10:34:24 GMT
> > > > > Server: Microsoft-IIS/6.0
> > > > > X-Powered-By: ASP.NET
> > > > > X-AspNet-Version: 2.0.50727
> > > > > Pragma: no-cache
> > > > > ...
> > > > >
> > > > > Yet:
> > > > >
> > > > > [root at eagle ~]# telnet www.debtbusterloans.com 80
> > > > > Trying 87.86.7.52...
> > > > > Connected to www.debtbusterloans.com (87.86.7.52).
> > > > > Escape character is '^]'.
> > > > > GET /
> > > > >
> > > > > Connection closed by foreign host.
> > > > > [root at eagle ~]#
> > > > >
> > > > > ---
> > > > >
> > > > > I've done a tcpdump, and it would appear as if I receive a TCP RST
> when
> > > > > attempting to request pages - yet this appears to work for other
> websites.
> > > > >
> > > > > So far, I've been able to narrow down that this is only happening on
> my
> > > > > CentOS5 machines and not CentOS4.4Server installations.
> > > > >
> > > > > Could anyone please advise? Its the strangest problem - especially
> as it
> > > > > only affects certain websites.
> > > > >
> > > > > Regards,
> > > > > Garron Kramer
> > > > > _______________________________________________
> > > > > CentOS mailing list
> > > > > CentOS at centos.org
> > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Alain Spineux
> > > > aspineux gmail com
> > > > May the sources be with you
> > > >
> > >
> > >
> > > --
> > > Alain Spineux
> > > aspineux gmail com
> > > May the sources be with you
> > >
> >
> >
> > --
> > Alain Spineux
> > aspineux gmail com
> > May the sources be with you
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>
>
> Alain,
>
> I'm seeing exactly the same issues as yourself.
>
> I've got multiple CentOS5 machines and CentOS4.4 machines in my office
> network - as well as CentOS4.4 and CentOS5 at home - I'm seeing exactly the
> same issues behind iptables and BSD PF NAT.
>
> I'm hoping someone will be able to suggest an answer - as my primary proxy
> server at the office is built on a CentOS5 machine.
>
> Re your TCPdump... I see exactly the same thing as yourself. TCP session
> opens successfully, but as soon as you request a page, the session is
> closed.
>
> Any ideas?
>
> Regards,
> Garron
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
Alain Spineux
aspineux gmail com
May the sources be with you



More information about the CentOS mailing list