Chinaunix

标题: 求助：tcp rst不成功的原因 [打印本页]

---

作者: devilcash    时间: 2011-02-12 17:59
标题: 求助：tcp rst不成功的原因
编程实现tcp rst阻断tcp链接，下面是我用tcpdump抓的包，明明已经收到了tcp rst包，但是为什么没有阻断这个tcp连接

04:51:18.920884 IP 192.168.8.206.jvclient > 192.168.8.209.http: S 3920581985:3920581985(0) win 65535 <mss 1460,nop,nop,sackOK>
04:51:18.920905 IP 192.168.8.209.http > 192.168.8.206.jvclient: S 1441956853:1441956853(0) ack 3920581986 win 5840 <mss 1460,nop,nop,sackOK>
04:51:18.921189 IP 192.168.8.206.jvclient > 192.168.8.209.http: . ack 1 win 65535
04:51:18.921394 IP 192.168.8.206.jvclient > 192.168.8.209.http: P 1:306(305) ack 1 win 65535
04:51:18.921415 IP 192.168.8.209.http > 192.168.8.206.jvclient: . ack 306 win 6432
04:51:18.921425 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 1 win 0
04:51:18.921581 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 1 win 0
04:51:18.922055 IP 192.168.8.209.http > 192.168.8.206.jvclient: . 1:1461(1460) ack 306 win 6432
04:51:18.922062 IP 192.168.8.209.http > 192.168.8.206.jvclient: . 1461:2921(1460) ack 306 win 6432
04:51:18.922461 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 1461 win 0
04:51:18.922582 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 2921 win 0
04:51:18.922746 IP 192.168.8.206.jvclient > 192.168.8.209.http: . ack 2921 win 65535
04:51:18.922756 IP 192.168.8.209.http > 192.168.8.206.jvclient: . 2921:4381(1460) ack 306 win 6432
04:51:18.922760 IP 192.168.8.209.http > 192.168.8.206.jvclient: FP 4381:5241(860) ack 306 win 6432
04:51:18.922763 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 2921 win 0
04:51:18.923155 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 4381 win 0
04:51:18.923158 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 5241 win 0
04:51:18.923340 IP 192.168.8.206.jvclient > 192.168.8.209.http: . ack 5242 win 65535
04:51:18.923346 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 5242 win 0
04:51:18.924057 IP 192.168.8.206.jvclient > 192.168.8.209.http: F 306:306(0) ack 5242 win 65535
04:51:18.924062 IP 192.168.8.209.http > 192.168.8.206.jvclient: . ack 307 win 6432
04:51:18.924074 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 306:306(0) ack 5242 win 0
04:51:18.924221 IP 192.168.8.206.jvclient > 192.168.8.209.http: R 307:307(0) ack 5242 win 0

---

作者: devilcash    时间: 2011-02-12 19:18
自己顶一下

---

作者: wzypunk    时间: 2011-02-14 08:16
你-v一下出来看看？

---

作者: devilcash    时间: 2011-02-14 13:51
00:33:10.299633 IP (tos 0x0, ttl 128, id 43263, offset 0, flags [DF], proto: TCP (6), length: 4 192.168.8.206.sophia-lm > 192.168.8.209.http: S, cksum 0x66ba (correct), 1477782416:1477782416(0) win 65535 <mss 1460,nop,nop,sackOK>
00:33:10.299655 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 4 192.168.8.209.http > 192.168.8.206.sophia-lm: S, cksum 0xb8de (correct), 67015420:67015420(0) ack 1477782417 win 5840 <mss 1460,nop,nop,sackOK>
00:33:10.299923 IP (tos 0x0, ttl 128, id 43265, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: ., cksum 0xfc72 (correct), ack 1 win 65535
00:33:10.300375 IP (tos 0x0, ttl 128, id 43266, offset 0, flags [DF], proto: TCP (6), length: 345) 192.168.8.206.sophia-lm > 192.168.8.209.http: P 1:306(305) ack 1 win 65535
00:33:10.300393 IP (tos 0x0, ttl  64, id 4710, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.209.http > 192.168.8.206.sophia-lm: ., cksum 0xe221 (correct), ack 306 win 6432
00:33:10.300401 IP (tos 0x0, ttl 255, id 43267, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0x1711 (incorrect (-> 0xfb3d), 306:306(0) ack 1 win 65535
00:33:10.300561 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0xfdf0 (incorrect (-> 0xe21d), 306:306(0) ack 1 win 6432
00:33:10.301034 IP (tos 0x0, ttl  64, id 4711, offset 0, flags [DF], proto: TCP (6), length: 1500) 192.168.8.209.http > 192.168.8.206.sophia-lm: . 1:1461(1460) ack 306 win 6432
00:33:10.301042 IP (tos 0x0, ttl  64, id 4712, offset 0, flags [DF], proto: TCP (6), length: 1500) 192.168.8.209.http > 192.168.8.206.sophia-lm: . 1461:2921(1460) ack 306 win 6432
00:33:10.301442 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0xfdf0 (incorrect (-> 0xdc69), 306:306(0) ack 1461 win 6432
00:33:10.301564 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0xfdf0 (incorrect (-> 0xd6b5), 306:306(0) ack 2921 win 6432
00:33:10.301686 IP (tos 0x0, ttl 128, id 43268, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: ., cksum 0xefd9 (correct), ack 2921 win 65535
00:33:10.301697 IP (tos 0x0, ttl  64, id 4713, offset 0, flags [DF], proto: TCP (6), length: 1500) 192.168.8.209.http > 192.168.8.206.sophia-lm: . 2921:4381(1460) ack 306 win 6432
00:33:10.301701 IP (tos 0x0, ttl  64, id 4714, offset 0, flags [DF], proto: TCP (6), length: 900) 192.168.8.209.http > 192.168.8.206.sophia-lm: FP 4381:5241(860) ack 306 win 6432
00:33:10.301704 IP (tos 0x0, ttl 255, id 43269, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0x1711 (incorrect (-> 0xefd5), 306:306(0) ack 2921 win 65535
00:33:10.302115 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0xfdf0 (incorrect (-> 0xd101), 306:306(0) ack 4381 win 6432
00:33:10.302117 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0xfdf0 (incorrect (-> 0xcda5), 306:306(0) ack 5241 win 6432
00:33:10.302299 IP (tos 0x0, ttl 128, id 43270, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: ., cksum 0xe6c8 (correct), ack 5242 win 65535
00:33:10.302305 IP (tos 0x0, ttl 255, id 43271, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0x1711 (incorrect (-> 0xe6c4), 306:306(0) ack 5242 win 65535
00:33:10.302693 IP (tos 0x0, ttl 128, id 43271, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: F, cksum 0xe6c7 (correct), 306:306(0) ack 5242 win 65535
00:33:10.302698 IP (tos 0x0, ttl  64, id 4715, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.209.http > 192.168.8.206.sophia-lm: ., cksum 0xcda7 (correct), ack 307 win 6432
00:33:10.302712 IP (tos 0x0, ttl 255, id 43272, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0x1711 (incorrect (-> 0xe6c4), 306:306(0) ack 5242 win 65535
00:33:10.302853 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.8.206.sophia-lm > 192.168.8.209.http: R, cksum 0xfdf0 (incorrect (-> 0xcda3), 307:307(0) ack 5242 win 6432


显示校验和不正确


        char buf[128] = {0};
        psd_hdr_t psd;
        psd.src = new_ipv4->src_ip;
        psd.dst = new_ipv4->dst_ip;
        psd.mbz = 0;
        psd.protocol = 6;
        psd.tcp_hdr = 20;//sizeof(ewx_dpi_tcp_hdr_t);
        memcpy(buf, &psd, 12);//sizeof(psd_hdr_t));
        memcpy(buf+12, new_tcp, 20);
        new_tcp->checksum = check((uint16_t*)buf, 32);

计算tcp校验和哪里不对了，PS：check函数应该是对，不然ip校验和也会报错

---

作者: luoyan_xy    时间: 2011-02-16 09:23
如果check函数是正确的话，是不是你在计算之前没有把tcp->checksum给置0，我原来遇到一次问题就是这个样子的，不过我是在内核中直接修改的。。。

---

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)

Powered by Discuz! X3.2