RTO-WAR test-sandflee-ChinaUnix博客

sandfleesandflee.blog.chinaunix.net

首页　| 　博文目录　| 　关于我

sandflee

博客访问： 524243
博文数量： 122
博客积分： 2024
博客等级：上尉
技术积分： 1484
用户组：普通用户
注册时间： 2010-01-08 21:17

文章分类

全部博文（122）

cpp（2）
使用手册（16）
linux工具（3）
c/c++（0）
生活（1）
安全（2）
算法（0）
TCP/IP（4）
socket programmi（0）
linux kernel（2）
shell（2）
思维之角（7）
记录点滴（10）
linux-kernel（18）
未分配的博文（55）

文章存档

2012年（2）

2011年（25）

2010年（95）

我的朋友

相关博文

RTO-WAR test

分类： LINUX

2010-08-18 18:11:58

Description of problem:
Make sure, that TCP has a nonzero RTT estimation after three-way handshake.
Currently, a listening TCP has a value of 0 for srtt, rttvar and rto right
after the three-way handshake is completed with TCP timestamps disabled. This
will lead to corrupt RTO recalculation and retransmission flood when RTO is
recalculated on backoff reversion as introduced in "Revert RTO on ICMP
destination unreachable"
(f1ecd5d9e7366609d640ff4040304ea197fbc618). This behaviour can be provoked by
connecting to a server which "responds first" (like SMTP) and rejecting every
packet after the handshake with dest-unreachable, which will lead to softirq
load on the server (up to 30% per socket in some tests).

Upstream commit:


"Revert RTO on ICMP destination unreachable" was introduced in:

(v2.6.32-rc1)

Reference:
http://www.securityfocus.com/bid/38355

steps:
1, start smtp server
2, sysctl -w net.ipv4.tcp_timestamps=0 ,disable tcp timestamp options at server
and client
3, at client,create iptables rule to pass three handshake date and drop the
other
sudo iptables -A INPUT -p tcp --sport 25 --tcp-flag SYN,ACK SYN,ACK -j ACCEPT
sudo iptables -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED -j REJECT
--reject-with icmp-host-unreachable
4,at client ,telnet the server
5,tcpdump output:
17:57:33.789727 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.789751 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.791119 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.794241 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.794976 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.795000 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.797605 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.800766 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.801585 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.801671 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.801682 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.801696 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.801704 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101
17:57:33.801731 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.45805: Flags [P.], seq 1:102, ack 1, win 46, length
101

normal output:
 25 17:46:15.914268 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.39061: Flags [S.], seq 4028304493, ack 3892500450,
win 5840, options [mss 1    360,nop,nop,sackOK,nop,wscale 7], length 0
 26 17:46:15.914326 IP dhcp-65-173.nay.redhat.com.39061 >
intel-s3e36-01.lab.bos.redhat.com.smtp: Flags [.], ack 1, win 46, length 0
 27 17:46:16.221711 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.39061: Flags [P.], seq 1:102, ack 1, win 46, length
101
 28 17:46:16.221749 IP dhcp-65-173.nay.redhat.com >
intel-s3e36-01.lab.bos.redhat.com: ICMP host dhcp-65-173.nay.redhat.com
unreachable, length 149
 29 17:46:19.220237 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.39061: Flags [P.], seq 1:102, ack 1, win 46, length
101
 30 17:46:19.220270 IP dhcp-65-173.nay.redhat.com >
intel-s3e36-01.lab.bos.redhat.com: ICMP host dhcp-65-173.nay.redhat.com
unreachable, length 149
 31 17:46:22.219841 IP intel-s3e36-01.lab.bos.redhat.com.smtp >
dhcp-65-173.nay.redhat.com.39061: Flags [P.], seq 1:102, ack 1, win 46, length
101

阅读(2528) | 评论(1) | 转发(0) |

上一篇：我就一大头

下一篇：TCP: keepalive probes bug

给主人留下些什么吧！~~

chinaunix网友2010-08-25 23:23:03

MBT Shoes are a mobile gym, it can virtually exercise your body. Nike Air Max 2009 nike air max 2010 womens air max 2010 回复 | 举报