[squid-users] POST upload splits tcp stream in many small 39byte sized pakets

Squid admin squid at aws-it.at
Tue Oct 20 13:49:47 UTC 2015 

Dear squid team,

first of all thanks for developing such a great product!

Unfortunately on uploading a big test file (unencrypted POST) to  
apache webserver using a squid proxy (V 3.5.10 or 4.0.1) the upstream  
pakets get slized into thousands of small 39 byte sized pakets.

Excerpt from cache.log:

2015/10/20 13:51:08.201 kid1| 5,5| Write.cc(35) Write:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: sz 583:  
asynCall 0x244b670*1
2015/10/20 13:51:08.201 kid1| 5,5| Write.cc(66) HandleWrite:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: off 0, sz 583.
2015/10/20 13:51:08.203 kid1| 5,5| Write.cc(35) Write:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: sz 16422:  
asynCall 0x2447d40*1
2015/10/20 13:51:08.203 kid1| 5,5| Write.cc(66) HandleWrite:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: off 0, sz  
16422.
2015/10/20 13:51:08.204 kid1| 5,5| Write.cc(35) Write:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: sz 39:  
asynCall 0x2448ec0*1
2015/10/20 13:51:08.205 kid1| 5,5| Write.cc(66) HandleWrite:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: off 0, sz 39.
2015/10/20 13:51:08.206 kid1| 5,5| Write.cc(35) Write:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: sz 39:  
asynCall 0x2464bb0*1
2015/10/20 13:51:08.207 kid1| 5,5| Write.cc(66) HandleWrite:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: off 0, sz 39.
2015/10/20 13:51:08.208 kid1| 5,5| Write.cc(35) Write:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: sz 39:  
asynCall 0x2448ec0*1
2015/10/20 13:51:08.209 kid1| 5,5| Write.cc(66) HandleWrite:  
local=10.1.1.210:46731 remote=10.1.1.19:81 FD 17 flags=1: off 0, sz 39.
...



Attached you can find a tar file containing squid configuration,
test network topology, network trace from traffic from client to squid,
network trace from squid to webserver and a full debug log from squid

One incoming paket of size ~ 1500 bytes gets sliced into more as 40 pakets.
On the target webserver the squid upstream traffic therefore looks  
like a DOS attack.

The problem can be reproduced using squid 3.5.x and squid 4.0.x (32bit  
and 64bit variants)
The where no such problems using squid 3.2.x

Hopefully you can help me to fix this problem as this is a showstopper  
for me to upgrade to squid 3.5.x and higher.

Best regards,

Toni

-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid_upload_splits_tcp_traffic_into_39byte_packets.tar.gz
Type: application/x-compressed-tar
Size: 38350 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151020/b92eb2c0/attachment-0001.bin>

More information about the squid-users mailing list