TCP stale transfer with erroneous SACK information
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
Cisco PIX/FWSM changes TCP sequence numbers but doesn't change numbers in SACK TCP options.
When this erroneous information comes to Linux server there is some corruption in TCP stack in some circunstances with CUBIC TCP congestion algorithm and transfer stales.
Problem can be reproduced in Ubuntu Server 14.04 when a Cisco FWSM is changing sequence numbers (default configuration) and a big file (30MB, for example) is being transfered.
Can be solved deactivating SACK:
sysctl -w net.ipv4.tcp_sack=0
We have solved it also with this configuration:
sysctl -w net.ipv4.
sysctl -w net.ipv4.tcp_frto=1
sysctl -w net.ipv4.
We can also fix it by changing firewall configuration.
Find attached a wireshark capture where you can see at 16613 frame how client requests segment 853521869 and server (158.42.250.128) resends again a previous segment for 87 seconds until it stops transfer.
Thanks
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu): | |
status: | Expired → In Progress |
This is the bugtracker for the Launchpad.net software development collaboration website. You'll need to contact Cisco support for bugs in Cisco devices.