Problem accessing some https sites

Rick Stevens rstevens at vitalstream.com
Thu Feb 1 23:14:06 UTC 2007 

On Thu, 2007-02-01 at 17:48 -0500, Jacques B. wrote:
> > Hi, Jacques and others,
> >         I am having a similar problem, but the window scaling didn't fix the
> > issue.  As I read the information in the link, I saw that they had ECN
> > disabled.  However, I didn't see how or where to do that.  Can someone
> > please tell me where that control exists?
> >
> > Regards,
> > Les H
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
> The best I can offer is this that I found online @ http://www.tux.org/lkml/
> 
> # Why does the 2.4 kernel report Connection refused when connecting to
> sites which work fine with earlier kernels?
> 
>     * (DW) The 2.4 kernel is designed to make your Internet Experience
> more pleasurable. One of the ways in which it does so is by
> implementing Explicit Congestion Notification - a new method defined
> in RFC 3168 for improving TCP performance in the presence of
> congestion by allowing routers to provide an early warning of traffic
> flow problems.
>       Unfortunately, there are bugs in some firewall products which
> cause them to reject incoming packets with ECN enabled. If your own
> firewall is broken in this respect, you should check with your vendor
> for a fix.
>       If the site to which you cannot connect is not under your
> control, then after you have contacted the administrator of the
> offending site to let them know about their problem, you can disable
> ECN in the 2.4 kernel either by disabling the CONFIG_INET_ECN option
> and recompiling the kernel, or by executing the following command as
> root:
>       # echo 0 > /proc/sys/net/ipv4/tcp_ecn
> 
> Looks like they are creating a file with a 0 value.  But strange that
> it would be a /proc file seeing that is gone on shutdown.

The file is created on boot by the kernel (ever hear of "procfs"?) and
by default contains a "1".  Doing the echo replaces the "1" with a "0"
and turns off ECN.  If you want to make it permanent, then put an entry
in /etc/sysctl.conf:

	net.ipv4.tcp_ecn = 0

and it'll get set to 0 when sysctl is run via the /etc/rc.d/rc.sysinit
script during startup.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   Never test for an error condition you don't know how to handle.  -
----------------------------------------------------------------------

More information about the fedora-list mailing list