On Mon, 24 Jan 2011 18:56:48 +0100, Ralf Hildebrandt wrote:
> * Max Feil:
>> Already did use Wireshark. Here is some more info:
>>
>> If you look through the traces you'll notice that at some point Squid
>> sends a TCP [FIN, ACK] right in the middle of a connection for
seemingly
>> no reason. (Attempting to close the connection) The server ignores this
>> and sends the rest of the data, which Squid responds to with TCP RST
>> (request to reset) since it now believes the connection to be closed.
>
> That sounds like a Checkpoint FW-1 with "smart defense" (aka bloody
> stupid crap) somewhere in the path
Ooh, thanks. So that was the Checkpoint problem.
Yes Squid will not send FIN or RST to just one end of the connection mid
way. Either both will get the FIN/RST or the server will be re-tried and
the client connection will get the latter response.
FWIW; the Linux guys have added demo config for this type of TCP link
aborting to their public recommendations.
Note that it is really only useful for *DDoS* situations. Not for normal
traffic.
Amos
Received on Mon Jan 24 2011 - 22:29:22 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 25 2011 - 12:00:03 MST