如果您不调用recv,则TCP / IP堆栈中的缓冲区在哪里?
[英]Where does the Buffer from TCP/IP stack if you don't call recv?
问题描述
Say I have a server that listen's on Port X. 
假设我有一台侦听端口X的服务器。
Several client's are connected to the server and send data via the send command. 几个客户端连接到服务器,并通过send命令发送数据。
What happens if the server does NOT have a recv routine to "flush" the buffer? 如果服务器没有发生什么recv程序来“刷新”缓冲区?
Does the buffer reside in your own process or in Windows? 缓冲区驻留在您自己的进程中还是在Windows中?
Is it also possible to "DDos" still? 是否还可以“ DDos”?
2 个解决方案
解决方案1
4 已采纳 2014-05-28 14:19:14
What happens if the server does NOT have a recv routine to "flush" the buffer?
The receive buffer that corresponds to this socket will fill up. 与此套接字对应的接收缓冲区将填满。 When that has happened, UDP will silently discard incoming datagrams. 发生这种情况时,UDP将静默丢弃传入的数据报。 TCP will discard incoming datagrams and not acknowledge them, triggering congestion control (halving the window size under Reno/XP or switching to the delay-window under CompoundTCP/Vista+). TCP将丢弃传入的数据报,而不对其进行确认,从而触发拥塞控制(在Reno / XP下将窗口大小减半,或者在CompoundTCP / Vista +下切换到延迟窗口)。
When you remove some data from the buffer, UDP will resume accepting datagrams as if nothing had happened (it's your problem to figure out that you lost data!), and TCP will continue accepting and acknowledging packets, gradually increasing the window size again (data in the simulated stream will be consistent as if nothing was dropped, ever). 当您从缓冲区中删除一些数据时,UDP将恢复接收数据报,就像什么都没发生一样(找出丢失的数据是您的问题!),而TCP将继续接受和确认数据包,并逐渐增加窗口大小(数据在模拟流中将保持一致,就好像什么都没掉一样)。
Does the buffer reside in your own process or in Windows?
It could be both, there is no urgent requirement for either, as long as it is managed/owned by the library layer it could as well reside in user space (though it's practically in kernel space). 可能两者都有,也没有紧迫的要求,只要它由库层管理/拥有,它就可以驻留在用户空间中(尽管实际上在内核空间中)。 This is a detail that isn't important though, since you have no way of directly accessing the raw buffer either way. 但是,这个细节并不重要,因为您无法直接访问任何一种原始缓冲区。 You can only access it via the API provided by your networking library (either Winsock functions or Berkeley-like socket functions). 您只能通过网络库提供的API(Winsock函数或类似Berkeley的套接字函数)访问它。
Is it also possible to "DDos" still?
Yes. 是。 A DDoS is an attack that physically saturates the network cable. DDoS是一种使网络电缆物理饱和的攻击。 It does not matter a lot (or, at all) what you do on the software side. 在软件方面做什么并不重要(或根本不重要)。 A DDoS needs to be addressed at a higher network layer (one that you usually don't have access to!). DDoS需要在更高的网络层上寻址(您通常无法访问的一个!)。 Once the rogue traffic made it past the "fat pipes" onto your server's subnet (or onto the router connecting it upstream), there is nothing more you can do. 一旦恶意流量通过“胖管道”到达服务器的子网(或上游连接它的路由器),您将无能为力。
Networks come in different physical (optical or electric) and logical (eg token) flavors, but in either case, there can only be one sender at any time on the cable. 网络具有不同的物理(光学或电气)和逻辑(例如令牌)形式,但是在任何一种情况下,电缆上的任何时间都只能有一个发送者。 If someone saturates your line's capacity with a DDoS, neither you nor the router will be able to put packets on the wire, except occasionally, by chance. 如果有人通过DDoS使您的线路容量达到饱和,则您和路由器都将无法将数据包放在线路上,除非偶尔是偶然的。 Routers, however, are built to have short forward queues and discard packets quickly when the queue fills up, so practically you're out of luck. 但是,路由器的构建具有短的转发队列,并在队列填满时迅速丢弃数据包,因此实际上您很不走运。
解决方案2
1 2014-05-28 13:38:01
I don't have a very thorough understanding of TCP, so this layman's explanation may not be entirely correct. 我对TCP不太了解,因此外行的解释可能并不完全正确。 Relevant search terms to learn more are "flow control", "window", "throughput" and "saturation". 要了解更多信息的相关搜索词是“流量控制”,“窗口”,“吞吐量”和“饱和度”。
See what happens when tcp/udp server is publishing faster than client is consuming? 看看tcp / udp服务器发布的速度快于客户端消耗的速度吗? , where the answer says "it won't": a connection allows only for a certain amount of data to be "in flight" and stop sending once it detects that maximum has been reached. ,答案为“不会”:连接仅允许一定数量的数据“处于传输中”,并在检测到达到最大值后停止发送。
When all receive buffers (NIC, kernel) are full and not being processed by the receiving application, and the sender keeps sending data (maliciously not adhering to the TCP protocol), the receiving NIC will drop the incoming packets. 当所有接收缓冲区(NIC,内核)已满并且未被接收应用程序处理时,发送方继续发送数据(恶意不遵循TCP协议),接收NIC将丢弃传入的数据包。
This will still cost bandwidth as the packets end up in the NIC, so yes, that is still a DDOS vulnerability. 由于数据包最终会出现在NIC中,因此这仍然会占用带宽,因此是的,这仍然是DDOS漏洞。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.