我正在运行 ArchLinux,最近遇到了这个奇怪的问题。一段时间后,连接到 Google 将超时,因为我的系统在从服务器接收 SYN/ACK 数据包时不断发送 RST 数据包。 Google的其他IP和端口号也是一样的。 yahoo.com 也会发生这种情况。
这在以前从未发生过。我想我的系统可能有问题,但我不记得我最近更改过系统配置。
[更新]
这又发生了,我得到了以下 tcpdump 输出,正如 skjaidev 所建议的:
$ sudo tcpdump -i eth0 "ip host 209.85.153.100"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:44:15.737180 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [S], seq 1037252805, win 14600, options [mss 1460,sackOK,TS val 33830667 ecr 0,nop,wscale 6], length 0
13:44:15.905741 IP encrypted.google.com.https > 10.20.1.113.53894: Flags [S.], seq 371070936, ack 1037252806, win 5672, options [mss 1430,sackOK,TS val 266521270 ecr 33818028,nop,wscale 6], length 0
13:44:15.905761 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [R], seq 1037252806, win 0, length 0
13:44:16.209090 IP encrypted.google.com.https > 10.20.1.113.53894: Flags [S.], seq 371070936, ack 1037252806, win 5672, options [mss 1430,sackOK,TS val 266521573 ecr 33818028,nop,wscale 6], length 0
13:44:16.209111 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [R], seq 1037252806, win 0, length 0
13:44:18.738936 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [S], seq 1037252805, win 14600, options [mss 1460,sackOK,TS val 33831568 ecr 0,nop,wscale 6], length 0
13:44:18.896373 IP encrypted.google.com.https > 10.20.1.113.53894: Flags [S.], seq 417800121, ack 1037252806, win 5672, options [mss 1430,sackOK,TS val 266524260 ecr 33818028,nop,wscale 6], length 0
13:44:18.896391 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [R], seq 1037252806, win 0, length 0
13:44:24.752266 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [S], seq 1037252805, win 14600, options [mss 1460,sackOK,TS val 33833372 ecr 0,nop,wscale 6], length 0
13:44:25.102758 IP encrypted.google.com.https > 10.20.1.113.53894: Flags [S.], seq 514770952, ack 1037252806, win 5672, options [mss 1430,sackOK,TS val 266530467 ecr 33818028,nop,wscale 6], length 0
13:44:25.102777 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [R], seq 1037252806, win 0, length 0
13:44:36.765603 IP 10.20.1.113.53894 > encrypted.google.com.https: Flags [S], seq 1037252805, win 14600, options [mss 1460,sackOK,TS val 33836976 ecr 0,nop,wscale 6], length 0
13:45:28.236165 IP 10.20.1.113.53890 > encrypted.google.com.https: Flags [P.], seq 31651351:31651378, ack 2535469155, win 279, options [nop,nop,TS val 33852417 ecr 299514426], length 27
13:45:28.236184 IP 10.20.1.113.53890 > encrypted.google.com.https: Flags [F.], seq 27, ack 1, win 279, options [nop,nop,TS val 33852417 ecr 299514426], length 0
13:45:28.426021 IP encrypted.google.com.https > 10.20.1.113.53890: Flags [F.], seq 1, ack 27, win 194, options [nop,nop,TS val 299629642 ecr 33852417], length 0
13:45:28.426044 IP 10.20.1.113.53890 > encrypted.google.com.https: Flags [.], ack 2, win 279, options [nop,nop,TS val 33852474 ecr 299629642], length 0
13:45:28.426983 IP encrypted.google.com.https > 10.20.1.113.53890: Flags [.], ack 28, win 194, options [nop,nop,TS val 299629644 ecr 33852417], length 0
最佳答案
我终于找到了一个解决方案---禁用 TCP 时间戳 (sysctl net.ipv4.tcp_timestamps=0) 为我解决了这个问题。不知何故,这些数据包的时间戳似乎无效。
关于networking - 为什么在接收到 SYN/ACK 时,某些站点会发送 RST 数据包,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6799404/