firestarter

TCP-connection stalled due to tcp_sack, tcp_window_scaling and tcp_timestamps are disabled by firestarter

Bug #258863 reported by nick
2
Affects Status Importance Assigned to Milestone
firestarter
New
Undecided
Unassigned
firestarter (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Sometimes ago I found a problem in tcp connections between my
home computer (connected to Internet through an ADSL-router) and the lab
computer (connected through a broadband Ethernet cable), both running
Ubuntu 8.04 (kernel 2.6.24-19-generic).

When I tried to upload/download any not very small file (a few
megabytes) using scp or wget, the tcp connection hung up after a few
seconds. When I tried to use vncviewer from the home computer to see the desktop
of the lab computer, the connection hangs too.

My home computer is connected to Internet through an ADSL-router. I tried using directly a PPPoE connection, change the MTU value, but nothing
gave result.

Wiresharking shows that after a 400K downloading some incoming
packets get lost. My home computer send an ACK, asking to retransmit the
lost packet, but the lab computer continue transmitting next packets.
After about 10 duplicated ACK-s, the lab computer send a necessary packet,
but then continue sending new packets. The situation replays and
the speed of communicating falls to negligible values. The lab
computer transmit packets, but the home computer could not accept them,
because he waits for a earlier packet.

I found out that this situation is preserved by common TCP mechanisms: SACK, Window-scaling and TCP-timestamps that are controlled in linux
by kernel variables:
      /proc/sys/net/ipv4/tcp_sack
      /proc/sys/net/ipv4/tcp_window_scaling
      /proc/sys/net/ipv4/tcp_timestamps

I checked these variables and found out that in my Ubuntu 8.04 they all were "0"!

I didn't know why there were disabled but when I have done this:
      root@ubuhome:~# echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
      root@ubuhome:~# echo 1 > /proc/sys/net/ipv4/tcp_sack
      root@ubuhome:~# echo 1 > /proc/sys/net/ipv4/tcp_timestamps
and this
      root@lab:~# echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
      root@lab:~# echo 1 > /proc/sys/net/ipv4/tcp_sack
      root@lab:~# echo 1 > /proc/sys/net/ipv4/tcp_timestamps
the problem is solved. Scp and wget copy files, vncviewer shows remote desktop and I am happy :)

I think that many users can have the same problem when they are using
communication between two computers, running Ubuntu, and when some
packets are lost (for example, when an Internet provider adjusts а user's
bandwidth by dropping some packets). Moreover, I have noticed that
this leads to hanging up of uploading files to some other servers, in
particular, to gmail.com.

So I think that in Ubuntu these variables must be set to "1" by default.

Tags: firestarter
Revision history for this message
Dimitrios Symeonidis (azimout) wrote :

These files are set to 1 on my system... So maybe there's some other reason why they're set to 0 on your system?

Revision history for this message
nick (nmn1) wrote :

Yes, they are possible set by firestarter firewall. I have uninstalled it, and after reboot the variables are correct :)

Revision history for this message
nick (nmn1) wrote :

Exactly, this is firestarter. The rules are described in file /etc/firestarter/sysctl-tuning:

.........................................
# --------( Sysctl Tuning - TCP Parameters )--------

# Turn off TCP Timestamping in kernel
if [ -e /proc/sys/net/ipv4/tcp_timestamps ]; then
  echo 0 > /proc/sys/net/ipv4/tcp_timestamps
fi

# Set TCP Re-Ordering value in kernel to '5'
if [ -e /proc/sys/net/ipv4/tcp_reordering ]; then
  echo 5 > /proc/sys/net/ipv4/tcp_reordering
fi

# Turn off TCP ACK in kernel
if [ -e /proc/sys/net/ipv4/tcp_sack ]; then
  echo 0 > /proc/sys/net/ipv4/tcp_sack
fi

#Turn off TCP Window Scaling in kernel
if [ -e /proc/sys/net/ipv4/tcp_window_scaling ]; then
  echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
fi

#Set Keepalive timeout to 1800 seconds
if [ -e /proc/sys/net/ipv4/tcp_keepalive_time ]; then
  echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
fi

#Set FIN timeout to 30 seconds
if [ -e /proc/sys/net/ipv4/tcp_fin_timeout ]; then
  echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
fi

# Set TCP retry count to 3
if [ -e /proc/sys/net/ipv4/tcp_retries1 ]; then
  echo 3 > /proc/sys/net/ipv4/tcp_retries1
fi

#Turn off ECN notification in kernel
if [ -e /proc/sys/net/ipv4/tcp_ecn ]; then
  echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
..............................................................

Revision history for this message
Phillip Susi (psusi) wrote :

This package has been removed from Ubuntu. Closing all related bugs.

Changed in firestarter (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.