Hacker News new | past | comments | ask | show | jobs | submit login

the "Cneonction: close" thing is a quirk of Netscaler loadbalancers. It's done to nullify any "Connection: close" headers the webserver spits out, as the Netscaler wants to manage it better. It's scrambled instead of removed so that it doesn't have to regenerate packets (length is the same) and it's scrambled semi-randomly so that people don't just assume it's a misspelling and add compatibility for it.

Interesting, I wonder why they didn't go with something more self explanatory:

  Connection: -> X-Ignore-X:

X-Ignore-X is longer than close, which I suppose would mess up the packet length. Or maybe having an unrecognized value for the Connection key would still default to a close? Just guessing here.

TCP checksums are fairly simple; a TCP stack basically just sums up the 16-bit words in a packet and stores the result in the checksum field; this will not detect 16-bit words being swapped around.

My guess is that the load balancer tried to invalidate the header while preserving the TCP checksum.

Ah yes, forgot about the checksum field :) thx

I meant:

  Connection: close
replaced with

  X-Ignore-X: close

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact