Try this workaround for time-out issues in kernel 2.6.17 and higher

Have you found that there are some Web sites that time out on you, and you're not sure why? It may be due to the TCP window scaling issue in Linux kernel 2.6.17 and higher. This tip gives you the background on the problem and a workaround.

Because of a recent change in TCP window scale settings in Linux 2.6.17 kernel and higher, you may have had some problems connecting to certain Web sites. In this tip, I'll show you a workaround for the time-out problem, but first, let me give you the background on this issue.

A typical TCP packet has a window field that allows for a maximum window size of 64 KB. While this was sufficient when the Internet was young and most systems didn't have the power to handle anything greater, it's quite small for today's bandwidth-hungry applications.

As a result, a solution called window scaling was codified back in 1992; this provided an extra TCP option that contains an eight-bit scale factor. The value of this field indicates how much larger the window size should be by shifting the value of the window sizes by a certain number of bits. For instance, if the scale factor is set to 5, the window size would be shifted by 5 bits or multiplied by 32.

The problem is that in 2.6.16 and earlier, the default scale factor was 0, so there was no increase in TCP window sizes. In the 2.6.17 kernel, this was changed to a value of 7. In an ideal world, this wouldn't be a problem. In practice, however, some "broken" routers are rewriting the window scale TCP option — setting the scale factor to 0 but leaving the actual enabling option in place.

Essentially, all of this means that there are some Web sites that cannot be connected to from a system using kernel 2.6.17 and higher. The kernel developer's stance is that those routers are broken and need to be replaced. In the real world, these routers may continue to operate for years before being fixed or replaced.

One solution is to reset the Linux kernel's window scaling option. While this doesn't fix broken routers, it will allow your system to connect to a remote site if you find you are experiencing the window scaling problem. If you're unsure whether this is the problem you are having, you can test it by executing:

echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale

To make the setting permanent, edit /etc/sysctl.conf and add:

net.ipv4.tcp_default_win_scale = 0

This will disable window scaling completely, which will allow you to reach some sites you couldn't before. Right or wrong, the kernel developers refuse to revert the change, so options are either to disable window scaling on your own and go back to pre-2.6.17 defaults, or contact those sites that can't be reached and try to convince them to find and replace the broken routers.

Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About Vincent Danen

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks

Free Newsletters, In your Inbox