首页 > 系统相关 >TCP Dup ACK linux kernel 3.2

TCP Dup ACK linux kernel 3.2

时间:2022-09-29 15:34:46浏览次数:62  
标签:kernel Sequence ACK SACK TCP packet Dup

 

The Problem

Your throughput issues appear to be caused by a buggy implementation of TCP Sequence Number randomization. I have seen this in the past on Cisco ASAs.

To give a bit of background, it was observed in the past that some TCP implementations did not use enough randomness when choosing an Initial Sequence Number (ISN) which made it easier for attackers to manipulate TCP connections by making educated guesses at what the Sequence number would be.

To attempt to fix this issue, some firewall providers implemented a feature called TCP sequence number randomization, which rewrites the Sequence number (SEQ) to a more random value, when it sees TCP packets flowing through the firewall. Unfortunately some implementations of this feature are a bit buggy and do not account for TCPs Selective Acknowledgement (SACK) feature.

You can see Sequence Number randomization in action in your trace. Look at the SYN/ACK packet from the server (packet #51 server capture), where you can see that the ISN chosen is 2847541373. However look at the same SYN/ACK packet when it is received on the client side (packet #8 client capture), the ISN has been changed to 2098751282!

This behavior is fine up until the point that packet loss is experienced on the network.

On the client side, look at the first Duplicate Acknowledgement (Dup ACK) at packet 259. You can see that a SACK block has been set covering bytes 2098977399-2098978787. This packet effectively tells the server, I'm waiting on packet with SEQ 2098974623, however I have received 2098977399-2098978787 so you don't need to send those again.

Now, if you look at the same Dup ACK as it is received on the server side (#369), you can see the ACK number has been correctly converted by the firewall (2098974623 > 2847764714), however the SACK block hasn't and still shows 2098977399-2098978787!

When a Dup ACK is received with an invalid SACK block, the Dup ACK is ignored.

As a result, you lose out on the ability to use Fast Retransmission (retransmit after 3 duplicate ACKs received) and rely solely on Retranmission Timeouts. This is really, really bad for performance and will reduce your throughput substantially.

So what can you do?

You can investigate whether TCP Sequence Number randomisation is still required for your purposes and if not, consider testing with it disabled. Perhaps this issue has been resolved in a newer firmware?

You could also turn off the TCP SACK option on your server(s) to prevent clients from using SACK in the first place ​​/proc/sys/net/ipv4/tcp_sack​​ however please note that SACK is meant to be used to improve TCP performance and the actual issue is with the firewalls (buggy) implementation of Sequence number randomization. Turning off SACK will mean that Dup ACK's from clients will no longer be ignored and the connection will be able to recover from loss a lot quicker. Throughput should go up.



标签:kernel,Sequence,ACK,SACK,TCP,packet,Dup
From: https://blog.51cto.com/u_847102/5723012

相关文章

  • Failed to install the following Android SDK packages as some licences have not b
     问题如图:    解决办法cd到路径 /Users/yyj/Library/Android/sdk/tools/bin下执行 ./sdkmanager--licenses  执行过程需要多次确认,全都选Y然后重新build即可......
  • Cinema 4d R25 C4D Mac版本的Arnold 渲染器 crack.
    官网下载Mac版C4DR25的安装包之后安装:https://wdown.solidangle.com/c4dtoa/C4DtoA-4.4.0-darwin-R25.pkg再下载:链接:https://pan.baidu.com/s/1XSfbps41kDRESHSMpbQiW......
  • Python错误:scrapy框架中callback无法调用
    问题描述:当碰到scrapy框架中callback无法调用,直接略过了,别提多头疼了!scrapy.Request(url,headers=self.header,callback=self.details) 解决办法:原因分析:url可......
  • Longhorn 的正确使用姿势:如何处理增量 replica 与其中的 snapshot/backup
    作者简介吴硕,SUSESeniorSoftwareDevelopmentEngineer,已为Longhorn项目工作近四年,是项目maintainer之一。本文将介绍Longhorn的基本功能和架构,replica和backup......
  • 夯实基础之tcp优化四次挥手性能
    TCP四次挥手的性能提升接下来,我们一起看看针对TCP四次挥手关闭连接时,如何优化性能。在开始之前,我们得先了解四次挥手状态变迁的过程。客户端和服务端双方都可以主......
  • 代码阅读题-StackOverflowError
    publicclassTest{publicstaticvoidmain(String[]args){System.out.println(newA());}}classA{@OverridepublicStringtoString(......
  • TCP Server
    TCP服务器(单客户端)1.获取本地主机的IP和端口号若本地主机有多个IP地址,则需要获取本地主机所有IP地址,指定某个IP地址用于创建服务器。 char**addresses=NULL; char......
  • C#中使用BackgroundWorker控件
    在C#中,BackgroundWorker控件允许在单独的专用线程上运行操作。耗时的操作(如下载和数据库事务)在长时间运行时可能会导致用户界面(UI)似乎处于停止响应状态。如果需要能进行......
  • TCP和UDP有啥区别?
    TCP全称:TransmissionControlProtocol中文名:传输控制协议解释:是一种面向连接的、可靠的、基于字节流的传输层通信协议,由IETF的RFC793定义。用途:TCP旨在适应支持多......
  • Linux 网络编程——TCP 和 UDP 数据报格式详解
    TCP报文格式TCP(TransmissionControlProtocol传输控制协议)是一种面向连接的、可靠的、基于字节流的传输层通信协议。TCP报文段的报头有10个必需的字段和1个可选字段......