Problem:
- 1 client 1 server, connected with non-block tcp socket. Linux 2.6.*+.
- Client 寫入大概 3k 數(shù)據(jù)到 socket。
- Write()正確返回實(shí)際寫入字節(jié)數(shù)。
- Server 什么也收不到。
Causes:
- 發(fā)送端 MTU稍大于路由器上的MTU設(shè)置
- 通知發(fā)送端需要拆包的ICMP在某處被殺掉了
- 發(fā)送端不停的重發(fā)包
設(shè)置了DF標(biāo)志的ip包當(dāng)遇到路由器的MTU比包小的時(shí)候,不會(huì)被路由器拆包。而路由器發(fā)送icmp消息到發(fā)送端,通知它應(yīng)該拆包。
但icmp消息被防火墻攔截下來(lái)。
環(huán)境和現(xiàn)象:
這個(gè)例子中,MTU在client和server都是1500.
dump出來(lái)的包如下:
客戶端看到的:
發(fā)送了2個(gè)包,后1個(gè)包成功,第1個(gè)過(guò)大而不停的被發(fā)送:
17:23:06.933574 IP (tos 0×0, ttl 64, id 57558, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.54.40.43.43145 > 10.29.14.74.http: ., cksum 0×5096 (incorrect (-> 0×5c4e), 0:1448(1448) ack 1 win 46
17:23:06.933580 IP (tos 0×0, ttl 64, id 57559, offset 0, flags [DF], proto: TCP (6), length: 730) 10.54.40.43.43145 > 10.29.14.74.http: P, cksum 0×4d94 (incorrect (-> 0×3933), 1448:2126(678) ack 1 win 46
17:23:07.167049 IP (tos 0×0, ttl 64, id 57560, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.54.40.43.43145 > 10.29.14.74.http: ., cksum 0×5096 (incorrect (-> 0×5b5b), 0:1448(1448) ack 1 win 46
17:23:07.634922 IP (tos 0×0, ttl 64, id 57561, offset 0, flags [DF], proto: TCP (6), length: 1500) 10.54.40.43.43145 > 10.29.14.74.http: ., cksum 0×5096 (incorrect (-> 0×5987), 0:1448(1448) ack 1 win 46
接受端看到的:
只有730大小的包接受成功
17:23:08.605622 IP (tos 0×0, ttl 59, id 57559, offset 0, flags [DF], proto: TCP (6), length: 730) 202.108.3.204.43145 > 10.29.14.74.http: P, cksum 0×9d5b (correct), 1448:2126(678) ack 1 win 46
解決方法:
調(diào)整發(fā)送端機(jī)器的配置:(任選1個(gè))
在網(wǎng)絡(luò)層上:
Decrease mtu on network adapter:
ifconfig eth* mtu 1400
操作系統(tǒng)配置:
Clear the default ‘MTU discovery’ flag with sysctl:
net.ipv4.ip_no_pmtu_disc = 1
或在應(yīng)用程序里:
Set socket option ‘IP_MTU_DISCOVER’ with setsockopt(2) to clear ‘DF’ flag of IP package.
Reference:
- DF flag of IP package Header
- Internet Control Message Protocol
- IP fragmentation
- MTU or Maximum transmission unit
- IP programming
- Path MTU Discovery
- sysctl
Thanks:
esx kobe steve
來(lái)自:http://blog.developers.api.sina.com.cn/?p=672
原文:http://drdr-xp-tech.blogspot.com/2009/04/black-hole-socket-problem.html
posted on 2010-01-28 18:47
小王 閱讀(5338)
評(píng)論(1) 編輯 收藏 引用 所屬分類:
網(wǎng)絡(luò)通訊