|
you understand maybe only Vodafone could kick SE and make it program more
carefully. :)
Any they should, since SE is gaining momentum on the market. For some
reason vodafone is busier figuring out how their SOA portfolio should look
like for their potential customers than to actually address unimportant
things like a buggy TCP stack. Either we find out directly what's wrong
with those phones or we try to find an elegant solution for LVS, without
breaking it for all the other people. The immediate fix I have in mind is
too intrusive and severely lacks security, so we have to think about it a
bit.
I found the problem!
By solving another problem it appeared that new Sony Ericsson phones
cannot
reconstruct fragmented packets!
Our IPVS director host communicates with phones via GRE tunnel with MTU
1476.
So when full size packet arrives, director chops it into two fragments sends
them to phone and SE phones goes crazy.
To resolve it I had to add one more hack:
iptables -A INPUT -p tcp -m mark --mark 0x1 -m tcp --tcp-flags SYN,RST
SYN -m tcpmss --mss ! 0:1430 -j TCPMSS --set-mss 1430
Now I'm changing MSS to 1430 from default 1460 and TCP/IP packets arrives
less
than 1476 bytes (tunnel interface MTU).
Mindaugas
|
