三次握手出现syn->aync,ack->rst诡异的包
Nginx做反向代理(70.210,系统为centos6.0,内核版本为2.6.32)
后端服务(70.47,系统为ubuntu12.04,内核版本为3.11.0)
两台机器上抓包,均能看到该现象。
1、排除掉iptables(已卸载模块)的原因
2、从包上看,第二次握手syn,ack好像没有异常
3、查看内核2.6.32代码,从tcp_rcv_synsent_state_process函数看,
第二次握手有ack标记,进入代码块:if (th->ack)
/* rfc793:
* "If the state is SYN-SENT then
* first check the ACK bit
* If the ACK bit is set
* If SEG.ACK =< ISS, or SEG.ACK > SND.NXT, send
* a reset (unless the RST bit is set, if so drop
* the segment and return)"
*
*We do not send data with SYN, so that RFC-correct
*test reduces to:
*/
/*1、已经发过SYN*/
if (TCP_SKB_CB(skb)->ack_seq != tp->snd_nxt)
goto reset_and_undo;
/*从包上看,没有tsecr*/
if (tp->rx_opt.saw_tstamp && tp->rx_opt.rcv_tsecr &&
!between(tp->rx_opt.rcv_tsecr, tp->retrans_stamp,
tcp_time_stamp)) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_PAWSACTIVEREJECTED);
goto reset_and_undo;
}
/* Now ACK is acceptable.
*
* "If the RST bit is set
* If the ACK was acceptable then signal the user "error:
* connection reset", drop the segment, enter CLOSED state,
* delete TCB, and return."
*/
/*没有该标记*/
if (th->rst) {
tcp_reset(sk);
goto discard;
}
/* rfc793:
* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*
* See note below!
* --ANK(990513)
*/
/*存在SYN标记*/
if (!th->syn)
goto discard_and_undo;
/*上面的检查流程都通过了,下面再做其他处理就返回0了*/
/* Ok.. it's good. Set up sequence numbers and
* move to established.
*/求助各位,这种状况什么原因发出RST? 有可能第二个包超时了吧 建议从47 和 210两方抓包分析 回复 1# thedaydreamer
看TCP 窗口没有问题,那就有可能是timestmap的问题了, 截图是什么工具显示的?wireshark? 两边都抓过,一样的表现。回复 3# lims_xlh
回复 4# gaojl0728
wireshark不显示TSval?
47上的timestamp也是关闭的
页:
[1]