TCP发送FIN后收不到ACK会发生什么
如果接收不到
下列表格分为两部分:第一部分是客户端的FIN未能到达Server。第二部分是客户端接收不到服务端对FIN的ACK应答。
– | Server(111) | Client(108) | 说明 |
---|---|---|---|
nc -l 9999 |
`cat /dev/zero | nc 192.168.0.111 9999` | |
等待一段时间 | |||
iptables -A INPUT -p tcp -s 192.168.0.111 --tcp-flags ACK,FIN ACK -j DROP |
把来自服务端的FIN=1 ACK=1报文DROP掉 | ||
killall nc |
促使Client发送FIN请求(实际上会丢失) | ||
ESTABLISHED | FIN_WAIT1 | 说明Client的FIN并没有到达Server | |
ESTABLISHED | 自动销毁 | 超时后不会进入TIME_WAIT,直接销毁 | |
---- | ---- | ||
nc -l 9999 |
nc -vn 192.168.0.111 9999 |
||
iptables -A INPUT -p tcp -s 192.168.0.111 --tcp-flags ACK ACK -j DROP |
把来自服务端的ACK=1报文DROP掉 | ||
killall nc |
促使Client发送FIN请求 | ||
LAST_ACK | FIN_WAIT1 | ||
自动销毁 | 自动销毁 |
Linux下FIN_WAIT1,FIN_WAIT2超时时间
- tcp_fin_timeout
tcp_fin_timeout (integer; default: 60; since Linux 2.2)
This specifies how many seconds to wait for a final FIN packet before the socket is forcibly closed. This is
strictly a violation of the TCP specification, but required to prevent denial-of-service attacks. In Linux 2.2,
the default value was 180.
- tcp_orphan_retries
- This value influences the timeout of a locally closed TCP connection,
when RTO retransmissions remain unacknowledged.
See tcp_retries2 for more details. The default value is 8.
If your machine is a loaded WEB server,
you should think about lowering this value, such sockets
may consume significant resources. Cf. tcp_max_orphans. - 这个参数表示如果一直都收不到针对FIN的ACK,那么在彻底销毁这个FIN_WAIT1的连接前,等待几轮RTO退避。
- This value influences the timeout of a locally closed TCP connection,
TCP发送FIN后收不到ACK会发生什么
http://www.tung7.com/实践出真知/TCP发送FIN后收不到ACK会发生什么.html