change to tcp_sack coming from Brute Force monitor

freakie

Verified User
Joined
Jan 16, 2006
Messages
75
Location
Apeldoorn, Netherlands
After days of digging i found out that setting /proc/sys/net/ipv4/tcp_sack to 0 gives our centos 6 and 7 servers problems when downloading from wordpress

All customers with wordpress websites can't download or update wordpress themes and plugins.

When downloading wordpress via the CLI: wget https://nl.wordpress.org/wordpress-4.9.2-nl_NL.zip hangs after 10 seconds and stalls completely.

When undoing the change:

echo 1 > /proc/sys/net/ipv4/tcp_sack

The download is ready in a few seconds and all wordpress websites can dowload again.

Has anyone seen this before?

The machines all are virtual servers on vmware. most of them use intel drivers and some the vmxnet drivers
 
I will add that this happens with wordpress websites and downloads coming from the wordpress platform.

I suspect that the loadbalancers or rate limiters they triggers this bug.

I have also tested the setting (echo 0 > /proc/sys/net/ipv4/tcp_sack) on a dedicated non directadmin server and have found the same problem.
 
Hello,


I don't see the issue on my end:

- net.ipv4.tcp_sack = 1


Code:
[root@server2 ~]# sysctl -a | grep tcp_sack
net.ipv4.tcp_sack = 1
[root@server2 ~]# cd /tmp
[root@server2 tmp]#  wget https://nl.wordpress.org/wordpress-4.9.2-nl_NL.zip
--2018-01-24 20:05:44--  https://nl.wordpress.org/wordpress-4.9.2-nl_NL.zip
Resolving nl.wordpress.org... 66.155.40.249, 66.155.40.250
Connecting to nl.wordpress.org|66.155.40.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10064419 (9.6M) [application/zip]
Saving to: “wordpress-4.9.2-nl_NL.zip”


100%[==============================================================================================================================>] 10,064,419  3.57M/s   in 2.7s


2018-01-24 20:05:47 (3.57 MB/s) - “wordpress-4.9.2-nl_NL.zip” saved [10064419/10064419]


[root@server2 tmp]#

- net.ipv4.tcp_sack = 0


Code:
[root@server2 tmp]# echo 0 > /proc/sys/net/ipv4/tcp_sack
[root@server2 tmp]# sysctl -a | grep tcp_sack
net.ipv4.tcp_sack = 0
[root@server2 tmp]#  wget https://nl.wordpress.org/wordpress-4.9.2-nl_NL.zip
--2018-01-24 20:06:05--  https://nl.wordpress.org/wordpress-4.9.2-nl_NL.zip
Resolving nl.wordpress.org... 66.155.40.249, 66.155.40.250
Connecting to nl.wordpress.org|66.155.40.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10064419 (9.6M) [application/zip]
Saving to: “wordpress-4.9.2-nl_NL.zip.1”


100%[==============================================================================================================================>] 10,064,419  3.25M/s   in 3.0s


2018-01-24 20:06:08 (3.25 MB/s) - “wordpress-4.9.2-nl_NL.zip.1” saved [10064419/10064419]


[root@server2 tmp]#

tested on 2 different VPS (CentOS 6) from the different VPS providers in NL: TransIP and Tilaa.

Probably somebody else will test it too.
 
Back
Top