search

WALL-E / tcp-ip-labs

tcp ip labs
2 stars 1 forks source link

SO_RESUSEPORT验证内核是否存在已知问题 #11

Open WALL-E opened 7 years ago

WALL-E commented 7 years ago

commit c617f398edd4db2b8567a28e899a88f8f574798d Merge: 4a633a6 72289b9 Author: David S. Miller davem@davemloft.net Date: Wed Jan 23 13:44:10 2013 -0500

The TCP implementation has a problem in that the request sockets for a listener are attached to a listener socket. If a SYN is received, a listener socket is chosen and request structure is created (SYN-RECV state). If the subsequent ack in 3WHS does not match the same port by so_reusport, the connection state is not found (reset) and the request structure is orphaned. This scenario would occur when the number of listener sockets bound to a port changes (new ones are added, or old ones closed). We are looking for a solution to this, maybe allow multiple sockets to share the same request table...

WALL-E commented 7 years ago

实验

前置条件

  1. 两台主机
    • 172.28.32.101
    • 172.28.32.102
  2. 终端
    • 终端1 root@172.28.32.101
    • 终端2 root@172.28.32.102
    • 终端3 root@172.28.32.102
  3. 安装软件
    • sock 172.28.32.101,172.28.32.102
    • tcpdump 172.28.32.102

步骤

  1. 终端1 修改TCP三次握手,增大syn/ack的重试次数 
    sysctl -w net.ipv4.tcp_synack_retries=7
  2. 终端1 启动10个进程监听1235端口 
    sock -s 0.0.0.0 1235 -T &
  3. 终端1 查看启动的10个进程,是否监听同一个端口 
    [root@vagrant-172-28-32-101 ~]# ss -ltn|grep 1235|cat -n
 1  LISTEN     0      5            *:1235                     *:*
 2  LISTEN     0      5            *:1235                     *:*
 3  LISTEN     0      5            *:1235                     *:*
 4  LISTEN     0      5            *:1235                     *:*
 5  LISTEN     0      5            *:1235                     *:*
 6  LISTEN     0      5            *:1235                     *:*
 7  LISTEN     0      5            *:1235                     *:*
 8  LISTEN     0      5            *:1235                     *:*
 9  LISTEN     0      5            *:1235                     *:*
10  LISTEN     0      5            *:1235                     *:*
  4. 终端2 启动Tcpdump进程监听端口数据 
    tcpdump -i any port 1234 -n -ttt
  5. 终端3 增加iptables,丢弃三次握手的最后一个ack 
    iptables -I OUTPUT -p tcp --dport 1235 --tcp-flags ACK ACK -j DROP
  6. 终端3 启动客户端进程,观察终端2的输出 
    sock 172.28.32.101 1235
  7. 终端1 再启动10个进程,观察终端2的输出 
    
[root@vagrant-172-28-32-101 ~]# sock -s 0.0.0.0 1235 -T &

[root@vagrant-172-28-32-101 ~]# ss -ltn|grep 1235|cat -n 1 LISTEN 0 5 :1235 : 2 LISTEN 0 5 :1235 : 3 LISTEN 0 5 :1235 : 4 LISTEN 0 5 :1235 : 5 LISTEN 0 5 :1235 : 6 LISTEN 0 5 :1235 : 7 LISTEN 0 5 :1235 : 8 LISTEN 0 5 :1235 : 9 LISTEN 0 5 :1235 : 10 LISTEN 0 5 :1235 : 11 LISTEN 0 5 :1235 : 12 LISTEN 0 5 :1235 : 13 LISTEN 0 5 :1235 : 14 LISTEN 0 5 :1235 : 15 LISTEN 0 5 :1235 : 16 LISTEN 0 5 :1235 : 17 LISTEN 0 5 :1235 : 18 LISTEN 0 5 :1235 : 19 LISTEN 0 5 :1235 : 20 LISTEN 0 5 :1235 :



## 结论
从实验数据来看,Linux内核已经修复了题目描述的问题
WALL-E commented 7 years ago

查看内核源码,没有找到明确的信息。 git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git