SDB:Problem with establishing TCP/IP connection in openSUSE 10.2

From openSUSE

Version: 10.2

Situation

Accessing a particular website with a web browser can fail in some cases on the default installation of openSUSE 10.2.

Examples of unaccessible sites:
http://www.keh.com/
http://www.marymount.edu/
http://www.packetstormsecurity.org/
http://furniture33.com/

Problem description

Responsible for this behavour is one of the Linux Kernel networking features called "TCP window scaling". Window Scaling is a TCP extension for higher network performance. For more information, please check RFC 1323.

According to Olaf Kirch (Bug#229848) the problem consist in the inability of affected remote sites to handle scaled windows properly. The following text is a snippit from Comment #24 in BUG #229848

[...]

This problem has been cropping up for quite some time on the netdev 
mailing list and in other places. Essentially what happens is that 
the router happily passes all TCP options during the SYN handshake,
including the options announcing window scaling. However, the 
router doesn't understand window scaling, so when it sees the Linux
client announcing a window of "47" (which is really (47 << some 
scaling factor)), it will discard any packets that are not fully 
inside that 47 byte window.

[...]

Workarounds

A quick one

echo "0" > /proc/sys/net/ipv4/tcp_window_scaling

This change can be made permanent by editing the file /etc/sysctl.conf and adding the following line:

net.ipv4.tcp_window_scaling = 0

Another one

by Karsten Keil

This workaround does not limit the window to 64K globally, you can add a special route for the problematic sites.

ip route add IP.ADD.RE.SS/32 via <your default gateway> window 65535

Where IP.ADD.RE.SS is the IP address of the affected site.

Links

https://bugzilla.novell.com/show_bug.cgi?id=229848
http://kerneltrap.org/node/6723
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/tcpwslfn.htm
http://www.ietf.org/rfc/rfc1323.txt