Received: (qmail 1022 invoked by uid 2012); 15 Apr 1999 07:26:46 -0000 Message-Id: <19990415072646.1021.qmail@hyperreal.org> Date: 15 Apr 1999 07:26:46 -0000 From: Don Rude Reply-To: don@steem.com To: apbugs@hyperreal.org Subject: Clients (incorrectly?) receive TCP reset packets. X-Send-Pr-Version: 3.2 >Number: 4251 >Category: os-linux >Synopsis: Clients (incorrectly?) receive TCP reset packets. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Apr 15 00:30:01 PDT 1999 >Last-Modified: Tue Apr 20 11:30:01 PDT 1999 >Originator: don@steem.com >Organization: >Release: 1.3.6 >Environment: Linux 2.2.5 (SMP) -- RedHat 5.2 -- gcc 2.7.2.3 Also using mod_ssl 2.2.7-1.3.6 (rsaref 2.0 and openssl 0.9.2b) and mod_php 3.0.7. Both are compiled in, not dynamically loaded. >Description: All services on the box run with no TCP problems. HTTPS (mod_ssl) works with no problems. For text/html content that is small enough to fit in the same TCP packet as the HTTP response header (in other words the request is served with only one DATA packet needed) the server ends the connection with TCP packets flagged with RST (reset connection). This causes Netscape, Internet Explorer, and Lynx to all warn of the unexpected reset. For larger responses (and it seems even small text/plain responses) the TCP session ends as expected with packets flagged with FIN (no more data, close connection). The problem was noticed when a remote server was setup (node1.steem.com). A box with the same software and different hardware appears to be exhibiting the same problem when remote connections are established. But, it being a dev/testing box it is on a local LAN and the browser doesn't warn of the reset. BUT, observing the raw data with a packet sniffer it does appear to be sending RST packets. A packet sniffer (NetXray) was used to verify all these TCP sessions in question. >How-To-Repeat: The default 404 error is small enough to exhibit the behavior: http://node1.steem.com/blah The dev box that may or may not exhibit the problem: http://masq.steem.com/blah >Fix: My only remaining theory is that it is related to the connection, hardware, or operating system. But, I have had other people load these from various locations and have received the browser warnings. The network cards are both 100Mb/s but they are different brands (both supported natively by Linux). I have gotten this error with a different Linux version (2.2.3 I think I tried) >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: dgaudet State-Changed-When: Tue Apr 20 10:43:38 PDT 1999 State-Changed-Why: If this is the case it's a kernel bug. Post to linux-kernel describing it... better yet, try 2.2.6 now that it's out. Dean Category-Changed-From-To: protocol-os-linux Category-Changed-By: dgaudet Category-Changed-When: Tue Apr 20 10:43:38 PDT 1999 From: Don Rude To: dgaudet@apache.org Cc: apbugs@apache.org Subject: Re: os-linux/4251: Clients (incorrectly?) receive TCP reset packets. Date: Tue, 20 Apr 1999 14:19:44 -0400 dgaudet@apache.org wrote: > > If this is the case it's a kernel bug. Post to linux-kernel > describing it... better yet, try 2.2.6 now that it's out. As mentioned I have tried at least one other kernel. Now, I have also upgraded both boxes to 2.2.6 and I get the same packet sequence. -- Don Rude Lead Hacker (V)301-208-1658 (F)301-208-9731 Build your world. http://STEEM.com From: Dean Gaudet To: Don Rude Cc: apbugs@apache.org Subject: Re: os-linux/4251: Clients (incorrectly?) receive TCP reset packets. Date: Tue, 20 Apr 1999 11:24:29 -0700 (PDT) Well Apache does nothing to put an RST on a packet. That's a TCP layer decision outside the control of the application. It's a kernel bug if it is happenning. I know it's not happenning on my 2.0.36 servers. Get a tcpdump of the thing and send a report to linux-kernel... if they say it's apache's fault then report it back to us, thanks. Dean On Tue, 20 Apr 1999, Don Rude wrote: > dgaudet@apache.org wrote: > > > > If this is the case it's a kernel bug. Post to linux-kernel > > describing it... better yet, try 2.2.6 now that it's out. > > As mentioned I have tried at least one other kernel. Now, I have also upgraded > both boxes to 2.2.6 and I get the same packet sequence. > > -- > Don Rude Lead Hacker > (V)301-208-1658 (F)301-208-9731 > Build your world. http://STEEM.com > >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]