每隔几天我就会遇到以下问题。我的笔记本电脑(经过Debian测试)突然变得无法使用与Internet的TCP连接。
以下内容可以正常运行:
但是,当我尝试通过笔记本电脑进行TCP连接时,它们会超时(对SYN数据包无响应)。这是典型的curl输出:
% curl -v google.com
* About to connect() to google.com port 80 (#0)
* Trying 173.194.39.105...
* Connection timed out
* Trying 173.194.39.110...
* Connection timed out
* Trying 173.194.39.97...
* Connection timed out
* Trying 173.194.39.102...
* Timeout
* Trying 173.194.39.98...
* Timeout
* Trying 173.194.39.96...
* Timeout
* Trying 173.194.39.103...
* Timeout
* Trying 173.194.39.99...
* Timeout
* Trying 173.194.39.101...
* Timeout
* Trying 173.194.39.104...
* Timeout
* Trying 173.194.39.100...
* Timeout
* Trying 2a00:1450:400d:803::1009...
* Failed to connect to 2a00:1450:400d:803::1009: Network is unreachable
* Success
* couldn't connect to host
* Closing connection #0
curl: (7) Failed to connect to 2a00:1450:400d:803::1009: Network is unreachable
重新启动连接和/或重新加载网卡内核模块无济于事。唯一有用的是重新启动。
显然我的系统出了点问题(其他所有东西都可以正常工作),但是我不知道到底是什么。
我的设置是通过PPPoE连接到ISP的无线路由器。
有什么建议吗?
12:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01)
Subsystem: Dell Inspiron M5010 / XPS 8300
Flags: bus master, fast devsel, latency 0, IRQ 17
Memory at fbb00000 (64-bit, non-prefetchable) [size=16K]
Capabilities: [40] Power Management version 3
Capabilities: [58] Vendor Specific Information: Len=78 <?>
Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+
Capabilities: [d0] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [13c] Virtual Channel
Capabilities: [160] Device Serial Number 00-00-9d-ff-ff-aa-1c-65
Capabilities: [16c] Power Budgeting <?>
Kernel driver in use: brcmsmac
iptables-save 什么都不打印。
ip rule show:
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
ip route show table all:
default via 192.168.1.1 dev wlan0
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.105
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 table local proto kernel scope link src 192.168.1.105
local 192.168.1.105 dev wlan0 table local proto kernel scope host src 192.168.1.105
broadcast 192.168.1.255 dev wlan0 table local proto kernel scope link src 192.168.1.105
fe80::/64 dev wlan0 proto kernel metric 256
unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0
local fe80::1e65:9dff:feaa:b1f1 via :: dev lo table local proto none metric 0
ff00::/8 dev wlan0 table local metric 256
unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 hoplimit 255
当机器在正常模式下工作时,以上所有内容都是相同的。
ifconfig—我运行了它,但是以某种方式忘记了保存,然后重新启动。将不得不等到下一次出现问题。对于那个很抱歉。
可能不是-至少我还没有做任何专门的事情来启用它。
我多次运行curl和tcpdump,有两种模式。
第一个只是没有答案的SYN数据包。
17:14:37.836917 IP (tos 0x0, ttl 64, id 4563, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.105.42030 > fra07s07-in-f102.1e100.net.http: Flags [S], cksum 0x27fc (incorrect -> 0xbea8), seq 3764607647, win 13600, options [mss 1360,sackOK,TS val 33770316 ecr 0,nop,wscale 4], length 0
17:14:38.836650 IP (tos 0x0, ttl 64, id 4564, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.105.42030 > fra07s07-in-f102.1e100.net.http: Flags [S], cksum 0x27fc (incorrect -> 0xbdae), seq 3764607647, win 13600, options [mss 1360,sackOK,TS val 33770566 ecr 0,nop,wscale 4], length 0
17:14:40.840649 IP (tos 0x0, ttl 64, id 4565, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.105.42030 > fra07s07-in-f102.1e100.net.http: Flags [S], cksum 0x27fc (incorrect -> 0xbbb9), seq 3764607647, win 13600, options [mss 1360,sackOK,TS val 33771067 ecr 0,nop,wscale 4], length 0
第二个是这样的:
17:22:56.507827 IP (tos 0x0, ttl 64, id 41583, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.105.42036 > fra07s07-in-f102.1e100.net.http: Flags [S], cksum 0x27fc (incorrect -> 0x2244), seq 1564709704, win 13600, options [mss 1360,sackOK,TS val 33894944 ecr 0,nop,wscale 4], length 0
17:22:56.546763 IP (tos 0x58, ttl 54, id 65442, offset 0, flags [none], proto TCP (6), length 60)
fra07s07-in-f102.1e100.net.http > 192.168.1.105.42036: Flags [S.], cksum 0x6b1e (correct), seq 1407776542, ack 1564709705, win 14180, options [mss 1430,sackOK,TS val 3721836586 ecr 33883552,nop,wscale 6], length 0
17:22:56.546799 IP (tos 0x58, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.105.42036 > fra07s07-in-f102.1e100.net.http: Flags [R], cksum 0xf301 (correct), seq 1564709705, win 0, length 0
17:22:58.511843 IP (tos 0x0, ttl 64, id 41584, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.105.42036 > fra07s07-in-f102.1e100.net.http: Flags [S], cksum 0x27fc (incorrect -> 0x204f), seq 1564709704, win 13600, options [mss 1360,sackOK,TS val 33895445 ecr 0,nop,wscale 4], length 0
17:22:58.555423 IP (tos 0x58, ttl 54, id 65443, offset 0, flags [none], proto TCP (6), length 60)
fra07s07-in-f102.1e100.net.http > 192.168.1.105.42036: Flags [S.], cksum 0x3b03 (correct), seq 1439178112, ack 1564709705, win 14180, options [mss 1430,sackOK,TS val 3721838596 ecr 33883552,nop,wscale 6], length 0
17:22:58.555458 IP (tos 0x58, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
192.168.1.105.42036 > fra07s07-in-f102.1e100.net.http: Flags [R], cksum 0xf301 (correct), seq 1564709705, win 0, length 0
ethtool -k wlan0:
Features for wlan0:
rx-checksumming: off [fixed]
tx-checksumming: off
tx-checksum-ipv4: off [fixed]
tx-checksum-unneeded: off [fixed]
tx-checksum-ip-generic: off [fixed]
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: off
tx-scatter-gather: off [fixed]
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
tx-tcp-segmentation: off [fixed]
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off [requested on]
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: off [fixed]
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: off [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: on [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
# namei -l "$(command -v iptables)"
f: /sbin/iptables
drwxr-xr-x root root /
drwxr-xr-x root root sbin
lrwxrwxrwx root root iptables -> xtables-multi
-rwxr-xr-x root root xtables-multi
# dpkg -S "$(command -v iptables)"
iptables: /sbin/iptables
# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# iptables -t security -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
# ethtool -i wlan0
driver: brcmsmac
version: 3.2.0-3-686-pae
firmware-version: N/A
bus-info: 0000:12:00.0
supports-statistics: no
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no
# modinfo brcmsmac
filename: /lib/modules/3.2.0-3-686-pae/kernel/drivers/net/wireless/brcm80211/brcmsmac/brcmsmac.ko
license: Dual BSD/GPL
description: Broadcom 802.11n wireless LAN driver.
author: Broadcom Corporation
alias: pci:v000014E4d00000576sv*sd*bc*sc*i*
alias: pci:v000014E4d00004727sv*sd*bc*sc*i*
alias: pci:v000014E4d00004353sv*sd*bc*sc*i*
alias: pci:v000014E4d00004357sv*sd*bc*sc*i*
depends: mac80211,brcmutil,cfg80211,cordic,crc8
intree: Y
vermagic: 3.2.0-3-686-pae SMP mod_unload modversions 686
没有/sys/module/brcmsmac/parameters。这是我在那儿的东西:
# tree /sys/module/brcmsmac
/sys/module/brcmsmac
├── drivers
│ └── pci:brcmsmac -> ../../../bus/pci/drivers/brcmsmac
├── holders
├── initstate
├── notes
├── refcnt
├── sections
│ └── __bug_table
└── uevent
正如dr博士所建议,我尝试了其他一些站点,但令我惊讶的是,其中一些站点确实工作了。以下是一些有效的主机:
这里有一些没有:
我进行了网络捕获并将其上传到此处。
在您提供的捕获中,第二个数据包中的SYN-ACK中的时间戳回显应答与第一个数据包中的SYN中的TSVal不匹配,并且落后了几秒钟。
并查看173.194.70.108和209.85.148.100发送的所有TSecr如何与发送的TSVal完全相同且无关。
看起来好像有些东西混入了TCP时间戳。我不知道是什么原因造成的,但听起来好像是在您的计算机外部。重新启动路由器在这种情况下是否有帮助?
我不知道这是什么导致您的计算机发送RST(在第3个数据包上)。但这绝对不喜欢SYN-ACK,这是我唯一能发现的错误。我能想到的唯一其他解释是,如果不是您的计算机正在发送RST,但是考虑到SYN-ACK和RST之间的时间差,我会对此表示怀疑。但是以防万一,您是否在此计算机上使用虚拟机或容器或网络名称空间?
您可以尝试完全禁用TCP时间戳,以查看是否有帮助:
sudo sysctl -w net.ipv4.tcp_timestamps=0
因此,这些站点要么发送伪造的TSecr,要么在途中(正在运行的任何路由器,或透明的代理)处理传出的TSVal或传入的TSecr,或带有伪造的TCP堆栈的代理。为什么我会弄乱tcp时间戳,我只能推测:错误,入侵检测逃避,过于智能/虚假的流量整形算法。我以前从未听说过(但是那时我不是该领域的专家)。
如何进一步调查:
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句