在玩 eBPF 时,我尝试了 tcpstates,发现 TCP 状态转换 SYN_RECV -> ESTABLISHED 的时间非常短
我的测试数字:
SYN_RECV -> ESTABLISHED 0.015
SYN_RECV -> ESTABLISHED 0.017
SYN_RECV -> ESTABLISHED 0.051
从握手图中看起来从 SYN_RECV 到 ESTABLISHED 的转换时间应该接近主机之间的 RTT?
TCP 快速打开在主机上关闭。
操作系统:Ubuntu 18.10(GNU/Linux 4.18.0-21-generic x86_64)
是错误还是我错了?
更新:
tcpdump -ttttv
00:00:00.000000 IP (tos 0x28, ttl 49, id 280, offset 0, flags [DF], proto TCP (6), length 60)
dst_host > src_host: Flags [S], cksum 0x46ae (correct), seq 4063608731, win 29200, options [mss 1460,sackOK,TS val 332512899 ecr 0,nop,wscale 6], length 0
00:00:00.000071 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
src_host > dst_host: Flags [S.], cksum 0x84c2 (incorrect -> 0x3c01), seq 1516815880, ack 4063608732, win 28960, options [mss 1460,sackOK,TS val 2341429130 ecr 332512899,nop,wscale 7], length 0
00:00:00.079183 IP (tos 0x28, ttl 49, id 281, offset 0, flags [DF], proto TCP (6), length 52)
dst_host > src_host: Flags [.], cksum 0xda11 (correct), ack 1, win 457, options [nop,nop,TS val 332512918 ecr 2341429130], length 0
00:00:00.093311 IP (tos 0x0, ttl 64, id 60333, offset 0, flags [DF], proto TCP (6), length 93)
src_host > dst_host: Flags [P.], cksum 0x84e3 (incorrect -> 0xb341), seq 1:42, ack 1, win 227, options [nop,nop,TS val 2341429223 ecr 332512918], length 41
such low numbers are between syn_recv and syn+ack send, but between syn_recv and established it should be 00:00:00.079183
此 tcpdump 中主机之间的 ping 时间约为 83 毫秒