堆栈内存溢出
  简体   繁体   English

乱序FIN包和覆盖?

[英]out of order FIN packet and overwrite?

 原文  2015-07-07 06:43:41       sockets/ networking/ tcp/ network-programming/ protocols

问题描述

While going through an open source code-base, I was thinking of an interesting scenario. 在浏览开源代码库时,我想到了一个有趣的场景。 Lets say after the successful TCP connection establishment , A TCP client has to send a packet with sequence number = 101. Instead it sends a FIN with sequence number 201. Now that the TCP server thinks FIN as out of order and queues it and waits for a data packet to arrive. 假设成功建立TCP连接后,TCP客户端必须发送序列号为101的数据包。而是发送序列号为201的FIN。现在TCP服务器将FIN视为乱序并排队并等待到达的数据包。 My question is what should be the behavior of a TCP end point according to RFC, if a server receives a data packet with sequence number = 101 and length = 150. Does it overwrite the FIN sent earlier? 我的问题是,如果服务器收到序列号= 101且长度= 150的数据包,那么根据RFC的TCP端点的行为应该是什么。它是否会覆盖先前发送的FIN? Or server trims the data packet till the FIN sequence number? 或者服务器修剪数据包直到FIN序列号? Or it dependent on the TCP implementations? 或者它依赖于TCP实现?

1 个解决方案

解决方案1
 3 已采纳  2015-07-07 15:36:26

According to some paragraphs in RFC 793 根据RFC 793中的一些段落

"3. If the connection is in a synchronized state (ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT), any unacceptable segment (out of window sequence number or unacceptable acknowledgment number) must elicit only an empty acknowledgment segment containing the current send-sequence number and an acknowledgment indicating the next sequence number expected to be received, and the connection remains in the same state." “3.如果连接处于同步状态(ESTABLISHED,FIN-WAIT-1,FIN-WAIT-2,CLOSE-WAIT,CLOSING,LAST-ACK,TIME-WAIT),则任何不可接受的段(窗口序列号外)或不可接受的确认号)必须仅引出包含当前发送序列号的空确认段和表示预期接收的下一个序列号的确认,并且连接保持相同状态。

.... ....

"A natural way to think about processing incoming segments is to imagine that they are first tested for proper sequence number (ie, that their contents lie in the range of the expected "receive window" in the sequence number space) and then that they are generally queued and processed in sequence number order. “考虑处理传入段的一种自然方式是想象它们首先被测试正确的序列号(即,它们的内容位于序列号空间中​​预期的”接收窗口“的范围内)然后它们是通常按顺序编号顺序排队和处理。

When a segment overlaps other already received segments we reconstruct the segment to contain just the new data, and adjust the header fields to be consistent." 当一个片段与其他已经收到的片段重叠时,我们重新构建片段以仅包含新数据,并将头部字段调整为一致。“

... ...

My Resposne: Remember that if this happen, it is because of a bad-behaving TCP at the client. 我的Resposne:请记住,如果发生这种情况,那是因为客户端的TCP性能不佳。 Not for the out-of-order but for the wrong sequence in the segment with the FIN flag. 不是乱序,而是带有FIN标志的段中的错误序列。 Or maybe an attack. 或许是一次袭击。

When TCP, in the server side, receives the segment with SEQ=201, it will store this segment for a limited time and will send back an ACK for 101 because it is waiting for that SEQ number. 当服务器端的TCP接收到具有SEQ = 201的段时,它将在有限的时间内存储该段,并将为101发送回ACK,因为它正在等待该SEQ号。 Then when the segment with SEQ=101 arrives, TCP in the receiving side, after receiving the segment with SEQ=101 will have a new receive window. 然后,当具有SEQ = 101的段到达时,接收侧的TCP在接收到具有SEQ = 101的段之后将具有新的接收窗口。 From the first arrived segment with SEQ=201, it should get only the data beyond Byte 251 (in my test instead of doing this it removed the overlapping Bytes from the segment with SEQ=101 - This might be implementation dependent), if any, and accept the FIN. 从SEQ = 201的第一个到达段开始,它应该只获得超过字节251的数据(在我的测试中,而不是这样做,它从SEQ = 101的段中删除了重叠的字节 - 这可能是依赖于实现的),如果有的话,并接受FIN。 The receiving TCP will send back an ACK. 接收TCP将发回ACK。 When the socket is closed in the server side, the receiving TCP will send back a [FIN, ACK] segment. 当套接字在服务器端关闭时,接收TCP将发回[FIN,ACK]段。

To test it I have a client that does exactly what you described (this is done with raw sockets in user space, it's not possible to simulate it with TCP sockets. The server is a simple nodejs server), a FIN segment is sent and 15 seconds later the previous segment is sent. 为了测试它我有一个客户端完全按照你的描述(这是通过用户空间中的原始套接字来完成的,不可能用TCP套接字来模拟它。服务器是一个简单的nodejs服务器),FIN段被发送,15几秒钟后发送上一个段。 The server reads the data received and after 10 seconds it closes the socket. 服务器读取收到的数据,10秒后关闭套接字。

Here is the tcpdump, you can see TCP server side responses: 这是tcpdump,你可以看到TCP服务器端的响应: 

    [rodolk@localhost ~]$ sudo tcpdump -i p2p1 -vv tcp
tcpdump: listening on p2p1, link-type EN10MB (Ethernet), capture size 65535 bytes
19:33:03.648216 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.56.101.16345 > 192.168.56.1.webcache: Flags [S], cksum 0x5f49 (correct), seq 523645, win 500, length 0
19:33:03.649826 IP (tos 0x0, ttl 128, id 26590, offset 0, flags [DF], proto TCP (6), length 44)
    192.168.56.1.webcache > 192.168.56.101.16345: Flags [S.], cksum 0x1ac8 (correct), seq 1576251572, ack 523646, win 8192, options [mss 1460], length 0
19:33:03.651208 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.56.101.16345 > 192.168.56.1.webcache: Flags [.], cksum 0x5091 (correct), seq 1, ack 1, win 500, length 0
19:33:03.651567 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 74)
    192.168.56.101.16345 > 192.168.56.1.webcache: Flags [F.], cksum 0x8121 (correct), seq 122:156, ack 1, win 500, length 34
19:33:03.651891 IP (tos 0x0, ttl 128, id 26591, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.56.1.webcache > 192.168.56.101.16345: Flags [.], cksum 0x5314 (correct), seq 1, ack 1, win 65392, length 0
19:33:18.652083 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 171)
    192.168.56.101.16345 > 192.168.56.1.webcache: Flags [P.], cksum 0xf973 (correct), seq 1:132, ack 1, win 500, length 131
19:33:18.652834 IP (tos 0x0, ttl 128, id 26593, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.56.1.webcache > 192.168.56.101.16345: Flags [.], cksum 0x5313 (correct), seq 1, ack 157, win 65237, length 0
19:33:28.661041 IP (tos 0x0, ttl 128, id 26594, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.56.1.webcache > 192.168.56.101.16345: Flags [F.], cksum 0x5312 (correct), seq 1, ack 157, win 65237, length 0
19:33:28.961756 IP (tos 0x0, ttl 128, id 26595, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.56.1.webcache > 192.168.56.101.16345: Flags [F.], cksum 0x5312 (correct), seq 1, ack 157, win 65237, length 0

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 发送FIN数据包以通知数据已发送 - Send a FIN packet to notify that the data was sent 套接字-close(2)发送RST数据包而不是FIN数据包 - socket - close(2) send RST packet instead of FIN packet 如果第一个FIN数据包在TCP连接中丢失会怎样? - What happens if the first `FIN` packet lost in TCP connections? C LINUX \\ WINSOCK-检查发送中的FIN数据包 - C LINUX\WINSOCK- check FIN packet in Send Linux应用程序未确认FIN数据包并发生了重传 - Linux application doesn't ACK the FIN packet and retransmission occurs PDOException:数据包乱序。 预期 0 收到 1。数据包大小 = 23 - PDOException: Packets out of order. Expected 0 received 1. Packet size=23 使用WSARecv()和IOCP时,如何知道套接字何时收到FIN数据包? - How to know when the socket has received a FIN packet when using WSARecv() and IOCP? FIN-WAIT-2时间用尽时,主动关闭器将处于什么状态? - what state will the active closer go when FIN-WAIT-2 time runs out? 省略FIN,发送FIN-ACK - FIN omitted, FIN-ACK sent 在应用程序级别的接收方处理TCP数据包顺序 - Handling of TCP packet order on receiver side on application level
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM