The firewall (or router) behind which packages.gentoo.org hides mangles the 'wscale' TCP option, causing packages.g.o to believe the client has an impossibly small TCP window, leading to a dead connection (due to SWS avoidance). To fix, recent 2.6.7 users should issue: echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale The real fix is for the network maintainers to fix the firewall or router servicing packages.gentoo.org. Relevant thread: http://lkml.org/lkml/2004/7/6/146
See also: http://lkml.org/lkml/2004/7/7/235
This bug should probably be against "Web-www.gentoo.org"?
I don't admin this site. I don't even have root access. And further more, I haven't been able to get to packages.g.o or www.g.o either. ;-)
Yet more information and workaround at: http://lkml.org/lkml/2004/7/8/19 Current theory is that there is some uebersmart firewall in between that tries to verify windows and sequence numbers (and not smart enough to grok window scaling). Another possibility is that there is a very dumb machine in between that stamps out the wscale option. This latter possibility can be verified by root@packages.gentoo.org performing a tcpdump on a selected IP address that has the problem, and watching the absence or presence of wscale.
It's definitely not our firewall as we run the same firewall version and script on all our boxes. It's possible it's the upstream router. I will contact the ISP and ask them if they know anything about it.
You can ask the ISP if they run with 'ip inspect' if they have a Cisco, which they appear to do. 'ip inspect' does things with window sizes and validation. Thanks!
From DaveM: It's the netfilter patches added to the gentoo WOLK kernel running on packages.gentoo.org Specifically, it's the tcp-window-tracking patch from netfilter's patch-o-matic. There's some bug in there wrt. it's window scaling support. I bet if the tcp-window-scaling diff is removed from the kernel running there, the problem will totally go away. I note that it is using a very old version of the tcp-window-tracking patch, the current version is 2.2 and probably fixes this bug. The gentoo linux-2.4.20-wolk-4.14 kernel is using version 1.7
We upgraded the kernel on vulture today and it seems to have fixed it. I also found out what proc setting will fix this. We had issues with vulture's new kernel today, so I didn't want to try and break finch too. I figured out that the below command fixes the problem by disabling the scaling patch. echo 0 > /proc/sys/net/ipv4/tcp_window_scaling Please try the site now, and vulture.gentoo.org to see if the issue is still there. I had one person confirm that it was fixed on both.
Both URLs work fine for me now. Thanks a lot. :-)
