| mint-13 ~ # uname -a Linux mint-13 3.2.0-31-generic #50-Ubuntu SMP Fri Sep 7 16:16:45 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux mint-13 ~ # tail -1 /etc/lsb-release DISTRIB_DESCRIPTION="Linux Mint 13 Maya" |
When I access to secure sites (https) , the load time of secure sites is very slow , I’ve faced timed out.
the load time of non secure sites are Okay , I can access to http site without stress.
why ??
Here’s a capture data when accessing to a secure site.
scaling factor is ..-1 ??? and window size is small..
| mint-13 ~ # tshark -i eth0 port 443 -V | grep -i window tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled Running as user "root" and group "root". This could be dangerous. Capturing on eth0 .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 942 [Calculated window size: 942] [Window size scaling factor: -1 (unknown)] .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 306 [Calculated window size: 306] [Window size scaling factor: -1 (unknown)] .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 331 [Calculated window size: 331] [Window size scaling factor: -1 (unknown)] .... 0... .... = Congestion Window Reduced (CWR): Not set |
window scaling is enabled by default
| mint-13 ~ # cat /proc/sys/net/ipv4/tcp_window_scaling 1 |
disable window scale to try.
| mint-13 ~ # echo 0 > /proc/sys/net/ipv4/tcp_window_scaling mint-13 ~ # cat /proc/sys/net/ipv4/tcp_window_scaling 0 |
access to the secure site again.
I could access to the secure site without stress.
Here’s capture data.
scaling factor is still -1 , however window size seems to become normal.
| mint-13 ~ # tshark -i eth0 port 443 -V | grep -i window tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled Running as user "root" and group "root". This could be dangerous. Capturing on eth0 .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 41850 [Calculated window size: 41850] [Window size scaling factor: -1 (unknown)] .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 41850 [Calculated window size: 41850] [Window size scaling factor: -1 (unknown)] .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 62851 [Calculated window size: 62851] [Window size scaling factor: -1 (unknown)] .... 0... .... = Congestion Window Reduced (CWR): Not set Window size value: 41850 [Calculated window size: 41850] |
wired behavior.
tshark version
| mint-13 ~ # tshark -v | head -1 tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled TShark 1.6.7 |
turn off window scaling permanently
| mint-13 ~ # tail -1 /etc/sysctl.conf net.ipv4.tcp_window_scaling = 0 |
the value of scaling factor "-1" seems to be tshark’s issue..
when enabling window scale.
| mint-13 ~ # tshark -i eth0 port 443 | grep -i syn tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled Running as user "root" and group "root". This could be dangerous. Capturing on eth0 4.818885 192.168.11.100 -> 74.125.235.111 TCP 74 49827 > https [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=552473 TSecr=0 WS=128 4.823766 74.125.235.111 -> 192.168.11.100 TCP 74 https > 49827 [SYN, ACK] Seq=0 Ack=1 Win=14180 Len=0 MSS=1430 SACK_PERM=1 TSval=21743779 TSecr=552473 WS=64 |
when disabling window scale. there’s no scaling option in the TCP header.
| mint-13 ~ # tshark -i eth0 port 443 | grep -i syn tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:45: dofile has been disabled Running as user "root" and group "root". This could be dangerous. Capturing on eth0 1.545670 192.168.11.100 -> 74.125.235.113 TCP 70 59065 > https [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=543894 TSecr=0 1.555951 74.125.235.113 -> 192.168.11.100 TCP 70 https > 59065 [SYN, ACK] Seq=0 Ack=1 Win=14180 Len=0 MSS=1430 SACK_PERM=1 TSval=21139320 TSecr=543894 |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.