So untersuchen Sie einen zufälligen Reset am TCP-Client-Port, der über eine Loopback-Schnittstelle mit einem Server verbunden ist

10

Ich habe eine Testsuite, die einen Server auf dem lokalen Host initialisiert und dann Tausende von Stresstests ausführt, einschließlich des Startens und Stoppens von Clients, die eine Verbindung zu diesem lokalen Server auf demselben Computer herstellen. Ich versuche, den Grund für eine vom Client an den Server gesendete RST zu finden.

Dies ist die Reihenfolge der Ereignisse:

  1. Client initialisiert SYN
  2. Der Server sendet SYN, ACK zurück
  3. Client sendet RST (anstelle von ACK und Herstellen einer Verbindung)

Eine Beobachtung ist, dass auf Servern in vielen Fällen rund 99 Prozent der CPU ausgeführt werden, obwohl sie in wenigen Sekunden / Minuten wieder normal sind.

Anfangs dachte ich, dies könnte daran liegen, dass der Client einen Port von einer zuvor geschlossenen Verbindung verwendet, die sich im Status TIME_WAIT befindet. Wenn der Server eine SYN sendet, gibt ACK auf diesem Verbindungsclient RST aus. Ich war zwar skeptisch, warum der Client einen Port im Status TIME_WAIT verwenden sollte, aber dann verwende ich den alten Fedora Core 4 und dachte, dass TCP / IP möglicherweise nicht ordnungsgemäß implementiert ist :-).

Jetzt glaube ich nicht, dass dies der Grund ist, da all die Optimierungen, die zur Behebung des oben genannten Problems vorgenommen wurden, nicht dazu beigetragen haben, das Problem zu lösen. Zu Ihrer Information sind die folgenden Änderungen, die ich versucht habe /etc/sysctl.conf:

net.ipv4.ip_local_port_range = 1024     65535
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_tw_reuse = 1

Noch ein Punkt, dieses Problem ist nicht konsistent. Tatsächlich kann ich dieses Problem erst reproduzieren, nachdem ich 15 bis 35 Zyklen durchlaufen habe, in denen der Server neu gestartet und alle Client-Tests ausgeführt wurden.

Mir sind alle Gründe ausgegangen, warum ich mir vorstellen kann, warum dies passieren könnte. Lassen Sie mich wissen, wenn jemand Ideen dazu hat, was passieren könnte.

Paketdetails

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:45.378209 1032719 1858.494749 ::1                   ::1                   TCP      94     netview-aix-5 navisphere netview-aix-5 > navisphere [SYN] Seq=0 Win=32752 Len=0 MSS=16376 SACK_PERM=1 TSval=1587252 TSecr=0 WS=128

Frame 1032719: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
    Arrival Time: Jun 25, 2014 14:49:45.378209000 EDT
    Epoch Time: 1403722185.378209000 seconds
    [Time delta from previous captured frame: 0.005893000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 1858.494749000 seconds]
    Frame Number: 1032719
    Frame Length: 94 bytes (752 bits)
    Capture Length: 94 bytes (752 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 40
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: netview-aix-5 (1665), Dst Port: navisphere (2162), Seq: 0, Len: 0
    Source port: netview-aix-5 (1665)
    Destination port: navisphere (2162)
    [Stream index: 3374]
    Sequence number: 0    (relative sequence number)
    Header length: 40 bytes
    Flags: 0x02 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgement: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port navisphere]
        .... .... ...0 = Fin: Not set
    Window size value: 32752
    [Calculated window size: 32752]
    Checksum: 0xf489 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 16376 bytes
        TCP SACK Permitted Option: True
        Timestamps: TSval 1587252, TSecr 0
        No-Operation (NOP)
        Window scale: 7 (multiply by 128)

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:45.378222 1032720 1858.494762 ::1                   ::1                   TCP      94     navisphere  netview-aix-5 navisphere > netview-aix-5 [SYN, ACK] Seq=0 Ack=1 Win=32728 Len=0 MSS=16376 SACK_PERM=1 TSval=1587252 TSecr=1587252 WS=128

Frame 1032720: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
    Arrival Time: Jun 25, 2014 14:49:45.378222000 EDT
    Epoch Time: 1403722185.378222000 seconds
    [Time delta from previous captured frame: 0.000013000 seconds]
    [Time delta from previous displayed frame: 0.000013000 seconds]
    [Time since reference or first frame: 1858.494762000 seconds]
    Frame Number: 1032720
    Frame Length: 94 bytes (752 bits)
    Capture Length: 94 bytes (752 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 40
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: navisphere (2162), Dst Port: netview-aix-5 (1665), Seq: 0, Ack: 1, Len: 0
    Source port: navisphere (2162)
    Destination port: netview-aix-5 (1665)
    [Stream index: 3374]
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 40 bytes
    Flags: 0x12 (SYN, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgement: Set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port navisphere]
        .... .... ...0 = Fin: Not set
    Window size value: 32728
    [Calculated window size: 32728]
    Checksum: 0xf7fa [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 16376 bytes
        TCP SACK Permitted Option: True
        Timestamps: TSval 1587252, TSecr 1587252
        No-Operation (NOP)
        Window scale: 7 (multiply by 128)
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 1032719]
        [The RTT to ACK the segment was: 0.000013000 seconds]

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:45.378228 1032721 1858.494768 ::1                   ::1                   TCP      74     netview-aix-5 navisphere netview-aix-5 > navisphere [RST] Seq=1 Win=0 Len=0

Frame 1032721: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
    Arrival Time: Jun 25, 2014 14:49:45.378228000 EDT
    Epoch Time: 1403722185.378228000 seconds
    [Time delta from previous captured frame: 0.000006000 seconds]
    [Time delta from previous displayed frame: 0.000006000 seconds]
    [Time since reference or first frame: 1858.494768000 seconds]
    Frame Number: 1032721
    Frame Length: 74 bytes (592 bits)
    Capture Length: 74 bytes (592 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: TCP RST]
    [Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 20
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: netview-aix-5 (1665), Dst Port: navisphere (2162), Seq: 1, Len: 0
    Source port: netview-aix-5 (1665)
    Destination port: navisphere (2162)
    [Stream index: 3374]
    Sequence number: 1    (relative sequence number)
    Header length: 20 bytes
    Flags: 0x04 (RST)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgement: Not set
        .... .... 0... = Push: Not set
        .... .... .1.. = Reset: Set
            [Expert Info (Chat/Sequence): Connection reset (RST)]
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 0
    [Calculated window size: 0]
    [Window size scaling factor: 128]
    Checksum: 0x4eea [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:48.375927 1032722 1861.492467 ::1                   ::1                   TCP      94     netview-aix-5 navisphere netview-aix-5 > navisphere [SYN] Seq=0 Win=32752 Len=0 MSS=16376 SACK_PERM=1 TSval=1588002 TSecr=0 WS=128

Frame 1032722: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
    Arrival Time: Jun 25, 2014 14:49:48.375927000 EDT
    Epoch Time: 1403722188.375927000 seconds
    [Time delta from previous captured frame: 2.997699000 seconds]
    [Time delta from previous displayed frame: 2.997699000 seconds]
    [Time since reference or first frame: 1861.492467000 seconds]
    Frame Number: 1032722
    Frame Length: 94 bytes (752 bits)
    Capture Length: 94 bytes (752 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 40
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: netview-aix-5 (1665), Dst Port: navisphere (2162), Seq: 0, Len: 0
    Source port: netview-aix-5 (1665)
    Destination port: navisphere (2162)
    [Stream index: 3374]
    Sequence number: 0    (relative sequence number)
    Header length: 40 bytes
    Flags: 0x02 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgement: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port navisphere]
        .... .... ...0 = Fin: Not set
    Window size value: 32752
    [Calculated window size: 32752]
    Checksum: 0xf19b [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 16376 bytes
        TCP SACK Permitted Option: True
        Timestamps: TSval 1588002, TSecr 0
        No-Operation (NOP)
        Window scale: 7 (multiply by 128)

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:48.375950 1032723 1861.492490 ::1                   ::1                   TCP      94     navisphere  netview-aix-5 [TCP Previous segment lost] navisphere > netview-aix-5 [SYN, ACK] Seq=2997725 Ack=1 Win=32728 Len=0 MSS=16376 SACK_PERM=1 TSval=1588002 TSecr=1588002 WS=128

Frame 1032723: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
    Arrival Time: Jun 25, 2014 14:49:48.375950000 EDT
    Epoch Time: 1403722188.375950000 seconds
    [Time delta from previous captured frame: 0.000023000 seconds]
    [Time delta from previous displayed frame: 0.000023000 seconds]
    [Time since reference or first frame: 1861.492490000 seconds]
    Frame Number: 1032723
    Frame Length: 94 bytes (752 bits)
    Capture Length: 94 bytes (752 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: Bad TCP]
    [Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 40
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: navisphere (2162), Dst Port: netview-aix-5 (1665), Seq: 2997725, Ack: 1, Len: 0
    Source port: navisphere (2162)
    Destination port: netview-aix-5 (1665)
    [Stream index: 3374]
    Sequence number: 2997725    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 40 bytes
    Flags: 0x12 (SYN, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgement: Set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port navisphere]
        .... .... ...0 = Fin: Not set
    Window size value: 32728
    [Calculated window size: 32728]
    Checksum: 0x3414 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 16376 bytes
        TCP SACK Permitted Option: True
        Timestamps: TSval 1588002, TSecr 1588002
        No-Operation (NOP)
        Window scale: 7 (multiply by 128)
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 1032722]
        [The RTT to ACK the segment was: 0.000023000 seconds]
        [TCP Analysis Flags]
            [A segment before this frame was lost]
                [Expert Info (Warn/Sequence): Previous segment lost (common at capture start)]

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:48.375958 1032724 1861.492498 ::1                   ::1                   TCP      74     netview-aix-5 navisphere netview-aix-5 > navisphere [RST] Seq=1 Win=0 Len=0

Frame 1032724: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
    Arrival Time: Jun 25, 2014 14:49:48.375958000 EDT
    Epoch Time: 1403722188.375958000 seconds
    [Time delta from previous captured frame: 0.000008000 seconds]
    [Time delta from previous displayed frame: 0.000008000 seconds]
    [Time since reference or first frame: 1861.492498000 seconds]
    Frame Number: 1032724
    Frame Length: 74 bytes (592 bits)
    Capture Length: 74 bytes (592 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: TCP RST]
    [Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 20
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: netview-aix-5 (1665), Dst Port: navisphere (2162), Seq: 1, Len: 0
    Source port: netview-aix-5 (1665)
    Destination port: navisphere (2162)
    [Stream index: 3374]
    Sequence number: 1    (relative sequence number)
    Header length: 20 bytes
    Flags: 0x04 (RST)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgement: Not set
        .... .... 0... = Push: Not set
        .... .... .1.. = Reset: Set
            [Expert Info (Chat/Sequence): Connection reset (RST)]
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 0
    [Calculated window size: 0]
    [Window size scaling factor: 128]
    Checksum: 0x4eea [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]

Date & Time                No.     Time        Source                Destination           Protocol Length Source port Dest port Info
2014-06-25 14:49:54.376072 1032725 1867.492612 ::1                   ::1                   TCP      94     netview-aix-5 navisphere netview-aix-5 > navisphere [SYN] Seq=0 Win=32752 Len=0 MSS=16376 SACK_PERM=1 TSval=1589502 TSecr=0 WS=128

Frame 1032725: 94 bytes on wire (752 bits), 94 bytes captured (752 bits)
    Arrival Time: Jun 25, 2014 14:49:54.376072000 EDT
    Epoch Time: 1403722194.376072000 seconds
    [Time delta from previous captured frame: 6.000114000 seconds]
    [Time delta from previous displayed frame: 6.000114000 seconds]
    [Time since reference or first frame: 1867.492612000 seconds]
    Frame Number: 1032725
    Frame Length: 94 bytes (752 bits)
    Capture Length: 94 bytes (752 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ipv6:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
    Destination: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:00:00_00:00:00 (00:00:00:00:00:00)
        Address: 00:00:00_00:00:00 (00:00:00:00:00:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: ::1 (::1), Dst: ::1 (::1)
    0110 .... = Version: 6
        [0110 .... = This field makes the filter "ip.version == 6" possible: 6]
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
        .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
        .... .... ...0 .... .... .... .... .... = ECN-CE: Not set
    .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
    Payload length: 40
    Next header: TCP (0x06)
    Hop limit: 64
    Source: ::1 (::1)
    Destination: ::1 (::1)
Transmission Control Protocol, Src Port: netview-aix-5 (1665), Dst Port: navisphere (2162), Seq: 0, Len: 0
    Source port: netview-aix-5 (1665)
    Destination port: navisphere (2162)
    [Stream index: 3374]
    Sequence number: 0    (relative sequence number)
    Header length: 40 bytes
    Flags: 0x02 (SYN)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...0 .... = Acknowledgement: Not set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port navisphere]
        .... .... ...0 = Fin: Not set
    Window size value: 32752
    [Calculated window size: 32752]
    Checksum: 0xebbf [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 16376 bytes
        TCP SACK Permitted Option: True
        Timestamps: TSval 1589502, TSecr 0
        No-Operation (NOP)
        Window scale: 7 (multiply by 128)

iptables-save Ausgabe:

# Generated by iptables-save v1.3.0 on Thu Jun 26 10:15:33 2014
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [675:236200]
:OUTPUT ACCEPT [241:21540]
COMMIT
# Completed on Thu Jun 26 10:15:33 2014
carolinian
quelle
Befindet sich der Socket vom Client im nicht blockierenden Modus? Ist es möglich, dass der Client-Socket geschlossen ist, wenn der Server dies akzeptiert? Haben Sie Timings für diese Pakete? Ein PCap vielleicht?
Stéphane Chazelas
1
Überprüfen Sie den Rückgabewert von connect()s? Ist es möglich, dass Sie zwei nicht blockierende connect()san derselben Steckdose ausführen? Ist es möglich, dass einige Kunden alarm()mitten in einem auf irgendeine Weise ( ?) Getötet oder unterbrochen werden connect()? Können Sie es mit dem Client reproduzieren, der unter strace -ffoder ausgeführt wird autrace?
Stéphane Chazelas
1
Irgendwas Besonderes (nfqueue, Verbindungsbegrenzung ...) in der Ausgabe von iptables-save? Möglichkeit, dass ein Ressourcenlimit erreicht wird? Wie viele Kunden gleichzeitig? Tun diese bindzu einem bestimmten Quellport?
Stéphane Chazelas
1
Wäre besser zu der Frage hinzugefügt. Die Frage ist mehr, ob diese Grenzen in Ihrem Test erreicht werden (oder wahrscheinlich erreicht werden) als was sie tatsächlich sind.
Stéphane Chazelas
1
Meine Vermutung wäre, dass die Belastung des Stacks einen Verbindungsabfall in der Timeout-Client-Seite bei halb geöffnetem Zustand hat. Diese Verbindung wird getrennt (was bedeutet, dass die Client-App sie als sehen sollte ETIMEDOUT), und wenn die Synchronisierung / Bestätigung schließlich vom Stapel verarbeitet wird, gibt es keine Verbindungen mehr, auf die sie bezogen werden kann, und daher wird sie zurückgesetzt. Haben Sie versucht, das Syn-Backlog ( sysctl -w net.ipv4.tcp_max_syn_backlog=???) zu vergrößern ?
Didierc

Antworten:

1

Ich möchte diesen Thread nur mit einer angenommenen Lösung abschließen, da keine Lösung für die Grundursache vorliegt, die meiner Meinung nach in der Fedora 4 TCP-Stack-Implementierung liegt. Als Lösung habe ich einfach einen sofortigen Wiederverbindungsversuch eingeführt, falls der Fehler auf ETIMEDOUT zurückzuführen ist und das verwendete Protokoll IPV6 ist. Dies hat das Problem für mich und mein Team endgültig behoben, mit dem möglichen Risiko einer zusätzlichen Verzögerung von 3 Minuten bei der Meldung von Fehlern bei anderen Verbindungsproblemen, die zu ETIMEDOUT führen. Dies ist nicht die wirkliche / ideale Lösung für das Problem, sondern bringt uns dazu, weiterzumachen ... da dies nur Auswirkungen auf unsere automatisierte Testsuite hat und nicht an den Kunden versendet wird. Ich hoffe, dass irgendwann jemand, der die Implementierung von Fedora 4 TCP / IP-Stacks gut genug kennt, dieses Rätsel endgültig lösen wird.

carolinian
quelle