kernel network problem ?

kernel network problem ?

[Nicolas Parpandet]

Hi all,

I'm testing 2.4 series for few weeks,
even the last prerelease

I've seen stranges things  :

I cannot access to some ips adresses ! :
in http or in smtp using "konqueror", "netscape",
"mail",  "telnet 25".

I cannot login to hotmail (in the web page:http) 
or send mail (smtp) to hotmail users (don't blame me !!)
All the others network things works well, the network in general seems
good only very few sites like hotmail doesn't works.

And only with 2.4 series !! not with 2.2 ...

maybe it's a glibc or kernel issue, I'dont know.
I have an intel SMP motherboard connected to the net (cable) 
with a PCI realtek 8019.

I didn't analyse packets sent. If somebody else have the
same problems ...

Nicolas.

Sorry for my poor english.

PS: funny "bug" isn't it ? (hotmail !)
PS2: thanks for all, very good job done, 
      2.4 is very fast and seems stable.



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Matti Aarnio]

On Fri, Jan 05, 2001 at 03:34:07PM +0100, Nicolas Parpandet wrote:
> Hi all,
> 
> I'm testing 2.4 series for few weeks,
> even the last prerelease
> 
> I've seen stranges things  :
> 
> I cannot access to some ips adresses ! :
> in http or in smtp using "konqueror", "netscape",
> "mail",  "telnet 25".


	Turn off the TCP_ECN option from your configuration,
	or do:
		echo 0 > /proc/sys/net/ipv4/tcp_ecn 
	(as root)

	For foreseeable future, the world will be full of firewalls
	doing wrong thing when they see TCP ECN bits in TCP header's
	formerly "reserved, set to zero" bits.

> Nicolas.

/Matti Aarnio
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Nicolas Noble]

> 	Turn off the TCP_ECN option from your configuration,
> 	or do:
> 		echo 0 > /proc/sys/net/ipv4/tcp_ecn 
> 	(as root)
> 
> 	For foreseeable future, the world will be full of firewalls
> 	doing wrong thing when they see TCP ECN bits in TCP header's
> 	formerly "reserved, set to zero" bits.
> 

Yup, it worked fine. Thanks a lot.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Mathieu Chouquet-Stringer]

You have to take a look at ENC:
Explicit Congestion Notification (ECN) allows routers to notify
clients about network congestion, resulting in fewer dropped packets
and increased network performance. This option adds ECN support to the
Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) which
allows ECN support to be disabled at runtime.

Note that, on the Internet, there are many broken firewalls which
refuse connections from ECN-enabled machines, and it may be a while
before these firewalls are fixed. Until then, to access a site behind
such a firewall (some of which are major sites, at the time of this
writing) you will have to disable this option, either by saying N now
or by using the sysctl.

You can disable it at runtime with:
echo 0 > /proc/sys/net/ipv4/tcp_ecn

nparpand@perinfo.com ("Nicolas Parpandet") writes:
> Hi all,
> 
> I'm testing 2.4 series for few weeks,
> even the last prerelease
> 
> I've seen stranges things  :
> 
> I cannot access to some ips adresses ! :
> in http or in smtp using "konqueror", "netscape",
> "mail",  "telnet 25".
> 
> I cannot login to hotmail (in the web page:http) 
> or send mail (smtp) to hotmail users (don't blame me !!)
> All the others network things works well, the network in general seems
> good only very few sites like hotmail doesn't works.
> 
> And only with 2.4 series !! not with 2.2 ...
> 
> maybe it's a glibc or kernel issue, I'dont know.
> I have an intel SMP motherboard connected to the net (cable) 
> with a PCI realtek 8019.
> 
> I didn't analyse packets sent. If somebody else have the
> same problems ...
> 
> Nicolas.
> 
> Sorry for my poor english.
> 
> PS: funny "bug" isn't it ? (hotmail !)
> PS2: thanks for all, very good job done, 
>       2.4 is very fast and seems stable.
> 
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> Please read the FAQ at http://www.tux.org/lkml/
> 

-- 
Mathieu CHOUQUET-STRINGER              E-Mail : mchouque@e-steel.com
     Learning French is trivial: the word for horse is cheval, and
               everything else follows in the same way.
                        -- Alan J. Perlis
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Graham Murray]

Mathieu Chouquet-Stringer <mchouque@e-steel.com> writes:

> Note that, on the Internet, there are many broken firewalls which
> refuse connections from ECN-enabled machines, and it may be a while
> before these firewalls are fixed. Until then, to access a site behind
> such a firewall (some of which are major sites, at the time of this
> writing) you will have to disable this option, either by saying N now
> or by using the sysctl.

As well as this, it might be worthwhile to complain to these
sites. Otherwise if everyone just turns off ECN then those sites which
block it will probably not fix their problem and ECN will not gain
"public" acceptance. It would be great pity if this were to happen as
ECN has the potential (if widely supported) to greatly reduce network
congestion and bandwidth "waste".

Would it perhaps be possible to have ECN enabled but use something
such as IPTables to unset it when connecting to those sites which
reject ECN connections? So that you could define a rule something like

iptables -A OUTPUT -p tcp --syn -d 1.2.3.4 -j unsetecn
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Nicolas Noble]

> 
> Hi all,
> 
> I'm testing 2.4 series for few weeks,
> even the last prerelease
> 
> I've seen stranges things  :
> 
> I cannot access to some ips adresses ! :
> in http or in smtp using "konqueror", "netscape",
> "mail",  "telnet 25".
> 
> I cannot login to hotmail (in the web page:http) 
> or send mail (smtp) to hotmail users (don't blame me !!)
> All the others network things works well, the network in general seems
> good only very few sites like hotmail doesn't works.
> 
> And only with 2.4 series !! not with 2.2 ...
> 
> maybe it's a glibc or kernel issue, I'dont know.
> I have an intel SMP motherboard connected to the net (cable) 
> with a PCI realtek 8019.
> 
> I didn't analyse packets sent. If somebody else have the
> same problems ...
> 
> Nicolas.
> 
> Sorry for my poor english.
> 
> PS: funny "bug" isn't it ? (hotmail !)
> PS2: thanks for all, very good job done, 
>       2.4 is very fast and seems stable.
> 

I noticed the same bug. This is very weired, I can send a list of sites
which I can't connect anymore. I've "solved" the problem by installing a
gateway onto a 2.2.18 with a squid on it, so this is the squid which is
doing the http's traffic for my 2.4.0 box.

I though it was a misconfiguration from my side but wasn't able to detect
it.

Perhaps it's linked...

  Regards,


  -- Nicolas Noble


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Helge Hafting]

Nicolas Noble wrote:
[...]
As others have told already, this is the ECN problem.

> I noticed the same bug. This is very weired, I can send a list of sites
> which I can't connect anymore. 

You have a list?  Send all of them a message stating that they ought
to upgrade their firewalls which cause this problem.  Or they
will loose customers/visitors.  Cisco already have an upgrade for them,
so fixing is dead easy, and they can then boast compatibility with
the latest internet standards.  

If they don't care about linux users, tell them that windows eventually
will use ECN too.  They definitely don't want to have a ECN problem when
that happens.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Steven N. Hirsch]

On Tue, 9 Jan 2001, Helge Hafting wrote:

> Nicolas Noble wrote:
> [...]
> As others have told already, this is the ECN problem.
> 
> > I noticed the same bug. This is very weired, I can send a list of sites
> > which I can't connect anymore. 
> 
> You have a list?  Send all of them a message stating that they ought
> to upgrade their firewalls which cause this problem.  Or they
> will loose customers/visitors.  Cisco already have an upgrade for them,
> so fixing is dead easy, and they can then boast compatibility with
> the latest internet standards.  
> 
> If they don't care about linux users, tell them that windows eventually
> will use ECN too.  They definitely don't want to have a ECN problem when
> that happens.

After upgrading to kernel 2.4.0, I found myself unable to retrieve mail
from Adelphia's (2-way cable ISP) POP server.  It took several days to
figure out that _one_ of their routers was configured to block ECN.  After
bringing this to the attention of their network engineers, I was informed
that their policy prohibits making any router changes on the basis of one
trouble report.  The person I spoke with did NOT try to defend their
setup, but it was made clear that they'll do nothing until Windows breaks.

If I were packaging a Linux distribution, I'd be sure to have ECN disabled
by default, FWIW.

Steve


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Alan Cox]

> trouble report.  The person I spoke with did NOT try to defend their
> setup, but it was made clear that they'll do nothing until Windows breaks.
> 
> If I were packaging a Linux distribution, I'd be sure to have ECN disabled
> by default, FWIW.

Probably the case. However the more people who pester the faulty sites the
better. Did you ask the person how many reports he needed ....

I certainly intend to run ECN on my mailhost once I trust 2.4 a bit more.

Alan


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Gregory Maxwell]

On Tue, Jan 09, 2001 at 01:32:49PM +0000, Alan Cox wrote:
> > If I were packaging a Linux distribution, I'd be sure to have ECN disabled
> > by default, FWIW.
> 
> Probably the case. However the more people who pester the faulty sites the
> better. Did you ask the person how many reports he needed ....
> 
> I certainly intend to run ECN on my mailhost once I trust 2.4 a bit more.
> 
> Alan

Is anyone maintaing an automated sweep of sites that I can complain to all
at once (for each 2.4 ecn system I install of course) rather then finding
them one at a time as my connections fail?

:)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Nicolas Parpandet]

> On Tue, Jan 09, 2001 at 01:32:49PM +0000, Alan Cox wrote:
> > > If I were packaging a Linux distribution, I'd be sure to have ECN
disabled
> > > by default, FWIW.
> >
> > Probably the case. However the more people who pester the faulty sites
the
> > better. Did you ask the person how many reports he needed ....
> >
> > I certainly intend to run ECN on my mailhost once I trust 2.4 a bit
more.
> >
> > Alan
>
> Is anyone maintaing an automated sweep of sites that I can complain to all
> at once (for each 2.4 ecn system I install of course) rather then finding
> them one at a time as my connections fail?
>
> :)


With 2.4, disabling ECN correct the problem, at this time,

the few known sites are :

http://www.creative.com
http://www.fnac.com
http://ftpsearch.ntnu.no
http://www.hotmail.com


I'll create a site this week-end to maintain a list,
meanwhile everybody can send me bad hostnames.

Nicolas.





-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Gerhard Mack]

On Tue, 9 Jan 2001, Steven N. Hirsch wrote:

> On Tue, 9 Jan 2001, Helge Hafting wrote:
> 
> > Nicolas Noble wrote:
> > [...]
> > As others have told already, this is the ECN problem.
> > 
> > > I noticed the same bug. This is very weired, I can send a list of sites
> > > which I can't connect anymore. 
> > 
> > You have a list?  Send all of them a message stating that they ought
> > to upgrade their firewalls which cause this problem.  Or they
> > will loose customers/visitors.  Cisco already have an upgrade for them,
> > so fixing is dead easy, and they can then boast compatibility with
> > the latest internet standards.  
> > 
> > If they don't care about linux users, tell them that windows eventually
> > will use ECN too.  They definitely don't want to have a ECN problem when
> > that happens.
> 
> After upgrading to kernel 2.4.0, I found myself unable to retrieve mail
> from Adelphia's (2-way cable ISP) POP server.  It took several days to
> figure out that _one_ of their routers was configured to block ECN.  After
> bringing this to the attention of their network engineers, I was informed
> that their policy prohibits making any router changes on the basis of one
> trouble report.  The person I spoke with did NOT try to defend their
> setup, but it was made clear that they'll do nothing until Windows breaks.
> 
> If I were packaging a Linux distribution, I'd be sure to have ECN disabled
> by default, FWIW.
> 

It's not a matter of changing network setup... if those are cisco routers
there are patches to fix the bugs.

Here is what little info I have on the topic (shamelessly ripped from an
earlier email by "Dax Kelson <dax@gurulabs.com>" )


Here is the fix for PIX:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds23698

    Bud ID:        CSCds23698
    Headline:      PIX sends RSET in response to tcp connections with ECN
 bits set
    Product:       PIX
    Component:     fw
    Severity:      2            Status:           R [Resolved]
    Version Found: 5.1(1)       Fixed-in Version: 5.1(2.206) 5.1(2.207)
 5.2(1.200)

Here is the fix for Local Director:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds40921

Bug Id : CSCds40921
 Headline:  LD rejects syn with reserved bits set in flags field of TCP
hdr
 Product:  ld
 Component: rotor
 Severity: 3                     Status:        R [Resolved]
 Version Found: 3.3(3)           Fixed-in Version: 3.3.3.107


--
Gerhard Mack

gmack@innerfire.net

<>< As a computer I find your faith in technology amusing.



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Richard Rak]

    Try typing "echo 0 > /proc/sys/net/ipv4/tcp_ecn" at a shell to
    disable TPC ECN support.



On 05 Jan 2001 15:34:07 +0100, Nicolas Parpandet wrote:
> 
> Hi all,
> 
> I'm testing 2.4 series for few weeks,
> even the last prerelease
> 
> I've seen stranges things  :
> 
> I cannot access to some ips adresses ! :
> in http or in smtp using "konqueror", "netscape",
> "mail",  "telnet 25".
> 
> I cannot login to hotmail (in the web page:http) 
> or send mail (smtp) to hotmail users (don't blame me !!)
> All the others network things works well, the network in general seems
> good only very few sites like hotmail doesn't works.
> 
> And only with 2.4 series !! not with 2.2 ...
> 
> maybe it's a glibc or kernel issue, I'dont know.
> I have an intel SMP motherboard connected to the net (cable) 
> with a PCI realtek 8019.
> 
> I didn't analyse packets sent. If somebody else have the
> same problems ...
> 
> Nicolas.
> 
> Sorry for my poor english.
> 
> PS: funny "bug" isn't it ? (hotmail !)
> PS2: thanks for all, very good job done, 
>       2.4 is very fast and seems stable.
> 
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> Please read the FAQ at http://www.tux.org/lkml/



-- 
        Richard Rak
        (richardr@corel.com)
        Software Engineer
        A+ Certified Service Technician

        Experience CorelDRAW 10 Graphics Suite - creative power with an attitude. 
        Visit http://www.corel.com/draw10

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[Nicolas Noble]

> I cannot login to hotmail (in the web page:http) 
> or send mail (smtp) to hotmail users (don't blame me !!)
> All the others network things works well, the network in general seems
> good only very few sites like hotmail doesn't works.

By the way, I just tried to connect to hotmail without my squid and,
effectively, it's like all those others sites:

http://www.creative.com
http://www.fnac.com
http://ftpsearch.ntnu.no

I have to use the squid on my 2.2.18 to access to them. A direct connexion
from my 2.4.0 will be refused.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: kernel network problem ?

[J Sloan]

Nicolas Parpandet wrote:

> Hi all,
>
> I'm testing 2.4 series for few weeks,
> even the last prerelease
>
> I've seen stranges things  :
>
> I cannot access to some ips adresses ! :
> in http or in smtp using "konqueror", "netscape",
> "mail",  "telnet 25".
>
> I cannot login to hotmail (in the web page:http)
> or send mail (smtp) to hotmail users (don't blame me !!)
> All the others network things works well, the network in general seems
> good only very few sites like hotmail doesn't works.

Do you have "explicit congestion notification" enabled?

If so,

echo "0" >  /proc/sys/net/ipv4/tcp_ecn

jjs

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/