[GTER] problemas com UOL - OT

Alexandre Hautequest hquest at onda.com.br
Fri Oct 15 14:29:39 -03 2004


Rubens Marins wrote:
>  > habilitado. Bastava-me desabilitar, e o acesso funcionava magicamente.
> 
>>perdoe a ignorância do macaco, mas o que é ECN?
>>
> 
> 
> Retirado do help do kernel do Linux :
> 
> Explicit Congestion Notification (ECN) allows routers to notify
> clients about network congestion, resulting in fewer dropped packets
> and increased network performance.  This option adds ECN support to
> the Linux kernel, as well as a sysctl (/proc/sys/net/ipv4/tcp_ecn) 
> which allows ECN support to be disabled at runtime.
> 
> Mais detalhes  tem na RFC 3168 , mas eu acho que  ainda nao e standard.
> 

Ainda no Linux, outro exemplo "pratico":

http://www.tux.org/lkml/#s14-2

Why does the 2.4 kernel report Connection refused when connecting to
sites which work fine with earlier kernels?

    * (DW) The 2.4 kernel is designed to make your Internet Experience
more pleasurable. One of the ways in which it does so is by implementing
Explicit Congestion Notification - a new method defined in RFC 3168 for
improving TCP performance in the presence of congestion by allowing
routers to provide an early warning of traffic flow problems.
      Unfortunately, there are bugs in some firewall products which
cause them to reject incoming packets with ECN enabled. If your own
firewall is broken in this respect, you should check with your vendor
for a fix.
      If the site to which you cannot connect is not under your control,
then after you have contacted the administrator of the offending site to
let them know about their problem, you can disable ECN in the 2.4 kernel
either by disabling the CONFIG_INET_ECN option and recompiling the
kernel, or by executing the following command as root:
      # echo 0 > /proc/sys/net/ipv4/tcp_ecn
    * (REG) Fixes are available from some router vendors, and have been
since at least mid-2000. These are not "feature patches" (which may add
new features and have new bugs), but purely bug fixes, and thus should
be safe to use, even for the most paranoid. If you have problems
connecting to a site, please contact their support. Note that some major
sites are known to have lied about fixes from their router/firewall
vendor, so if you hear the excuse "we are waiting on a fix from our
vendor", be skeptical. While there is a workaround available (see
above), it is important to encourage sites and ISPs to be ECN tolerant.
This doesn't mean that these sites need to support ECN (although it's in
their interests), but they need to fix buggy routers so that ECN-enabled
systems can fall back to non-ECN mode, rather than having refused or
timed out connections. The specific RFC that these buggy routers are
violating is: RFC 793.
      vger.kernel.org is running an ECN-enabled kernel. This means if
your email account is with an ISP which has a buggy router, you will not
be able to receive linux-kernel mail (as well as other mailing lists
hosted on vger). You should check if your ISP is ECN tolerant, and get
them to fix their routers or switch to another ISP.

      Patches for the following products are available:
          o CISCO PIX. Patch available for download here. Patch information:

Bug ID:        CSCds23698
Headline:      PIX sends RSET in response to tcp connections with ECN
bits set
Product:       PIX
Component:     fw
Severity:      2            Status:           R [Resolved]
Version Found: 5.1(1)       Fixed-in Version: 5.1(2.206) 5.1(2.207)
5.2(1.200)

          o CISCO Local Director. Patch available for download here.
Patch information:

Bug Id : CSCds40921
 Headline:  LD rejects syn with reserved bits set in flags field of TCP
hdr
 Product:  ld
 Component: rotor
 Severity: 3                     Status:        R [Resolved]
 Version Found: 3.3(3)           Fixed-in Version: 3.3.3.107

      Further information may obtained from http://gtf.org/garzik/ecn/


-- 
Alexandre



More information about the gter mailing list