0

This particular web site (gops.tay.be) serves objects quick if I try to request the page using windows, but I get them very slow if trying using linux. There is no difference if I use browser or curl:

Windows:

C:\curl>curl http://gops.tay.be/RadControls/Upload/Skins/Office2007/RadUpload.css -w %{time_total} -o 1.txt -s
0,078

Linux:

[root@ ~]# curl http://gops.tay.be/RadControls/Upload/Skins/Office2007/RadUpload.css -w   %{time_total} -o 1.txt -s
5.551

[root@ ~]# host gops.tay.be
gops.tay.be has address 194.7.31.58

[root@ ~]# ip -s -o r s c |grep 194.7.31.58
194.7.31.58 from 192.168.252.176 via 192.168.252.254 dev eth0 \    cache  used 2 age   2sec ipid 0x26de rtt 98ms rttvar 110ms cwnd 10
194.7.31.58 via 192.168.252.254 dev eth0  src 192.168.252.176 \    cache  age 8sec ipid 0x26de rtt 98ms rttvar 110ms cwnd 10
local 192.168.252.176 from 194.7.31.58 dev lo  src 192.168.252.176 \    cache <local>  used 6 age 2sec iif eth0

In wireshark both downloads (sessions initialisation etc.) seems to be identical except the linux has tcp.options.wscale.multiplier = 4 and windows has 256. The gops.tay.be server has always tcp.options.wscale.multiplier = 1.

Any other downloads from the linux box work just fine. For example for http://cdn.sstatic.net/serverfault/all.css?v=b1f1055f1c12 linux starts with tcp.options.wscale.multiplier = 4 and cdn.sstatic.net has a value of 1024.

What could cause such throttling? And why is a download from Windows box so quick in comparison?

Giacomo1968
  • 3,522
  • 25
  • 38
user174704
  • 33
  • 1
  • 5

1 Answers1

3

The difference is due to tcp timestamps being used in Linux but not in windows. Turning them off makes the problem go away.

I have no answer as to why you are losing packets because of this option being on though.

Matthew Ife
  • 22,927
  • 2
  • 54
  • 71
  • Probably a firewall is dropping them. Some people seem to [recommend this](http://www.tmltechnologies.com/html-2012/index.php/linux-rescue-kits/82-secret/91-disable-tcp-timestamps-on-linux) – Michael Hampton Feb 15 '14 at 21:02
  • sharp eye! I haven't noticed it but now I see the difference simply by using tcpdump. My assumption that wscale could be the issue was wrong because the object in question is only 2,5 KB (2 segments max). Have you found the difference by comparing the tcpdumps visually or using some smart trick? – user174704 Feb 16 '14 at 21:27
  • I compared two wireshark outputs, one for windows and one for linux and compared the tcp options headers. – Matthew Ife Feb 16 '14 at 22:15
  • Will it help if I place a intermediate http/socks proxy with disabled tcp_timestamps between the client and gops.tay.be? – user174704 Feb 17 '14 at 00:26
  • Yes that should do it. – Matthew Ife Feb 17 '14 at 01:06
  • There is a netfilter target which can strip tcp options, like timestamps. https://github.com/wadobo/iptables/blob/master/extensions/libxt_TCPOPTSTRIP.c – Alexander Janssen Sep 09 '14 at 06:44