Abstract of received a question from a reader. He was confused during the interview because the interviewer asked him such an online question.
This article is shared from HUAWEI CLOUD COMMUNITY " How to deal with out-of-sequence FIN packets received by TCP waved four times? ", author: Kobayashi coding.
I received a question from a reader. When he was interviewing, he was confused because the interviewer asked him such an online question:
However, this network question may be that the reader who asked the question has a problem, because if the FIN message arrives at the client before the data packet, then the FIN message is actually an out-of-sequence message. At this time, the client's TCP connection is not It will transition from FIN_WAIT_2 state to TIME_WAIT state.
Therefore, we need to pay attention to "In the FIN_WAIT_2 state, how to deal with the received out-of-sequence FIN message, and then when did the TCP connection enter the TIME_WAIT state?".
Let me start with the conclusion directly:
in the FIN_WAIT_2 state, if it receives an out-of-order FIN message, it will be added to the "out-of-order queue" and will not enter the TIME_WAIT state.
When the data packet delayed by the network is received again, it will judge whether there is data in the out-of-order queue, and then check whether there is available data in the out-of-order queue, if it can find the sequence number of the current packet in the out-of-order queue For messages in the order of keeping, it will be checked whether the message has a FIN mark. If a FIN mark is found, then it will enter the TIME_WAIT state.
I also drew a picture, you can combine it to understand.
TCP source code analysis
Next, I will take you to look at the source code, and some students may be embarrassed when they hear that source code analysis is required.
In fact, to analyze our problem today, as long as you understand if else, I will also use Chinese to express the logic of the code, so it's okay to just look at my text.
This time we focused on the analysis of how the received FIN message is processed in the FIN_WAIT_2 state.
In the Linux kernel, after the IP layer has processed the message, it will transfer the message to the TCP layer through the callback tcp_v4_rcv function, so this function is the entry point for the TCP layer to receive the message.
The client in the FIN_WAIT_2 state will eventually call the tcp_v4_do_rcv function after receiving the message from the server.
Next, the tcp_v4_do_rcv method will call tcp_rcv_state_process, where the corresponding processing will be done according to the TCP state, here we only focus on the FIN_WAIT_2 state.
In the above code, you can see that if shutdown disables the read direction, then when receiving a data packet from the other party, it will reply with an RST message.
In our topic this time, shutdown only closes the writing direction, so we will continue to call the tcp_data_queue function (because there is no break statement in the case TCP_FIN_WAIT2 code block, so we will go to this function).
In the above tcp_data_queue function, if the sequence number of the received message is what we expected, that is, in order:
- It will determine whether the message has a FIN flag, and if so, it will call the tcp_fin function, which is responsible for converting the FIN_WAIT_2 state to TIME_WAIT.
- Then we will see if there is data in the out-of-order queue. If so, the tcp_ofo_queue function will be called. This function is responsible for checking whether there are data packets available in the out-of-order queue. Packets.
When the sequence number of the received message is not what we expected, that is, if it is out of order, the tcp_data_queue_ofo function is called to add the message to the out-of-order queue. The data structure of this queue is a red-black tree.
In our question, the FIN message received by the client is actually an out-of-order message, so the tcp_fin function is not called for state transition at this time, but the message is added to the out-of-order queue through the tcp_data_queue_ofo function.
Then when the client receives the data packet delayed by the network, because the sequence number of the data packet is expected, and then because the last received out of order FIN message is added to the out of order queue, indicating out of order The queue has data, so the tcp_ofo_queue function is called.
Let's take a look at the tcp_ofo_queue function.
In the above tcp_ofo_queue function, after finding a message in the out-of-order queue that can maintain the sequence of the current message, it will check whether the message has a FIN flag, and if there is, tcp_fin() will be called function.
Finally, let's take a look at the processing of the tcp_fin function.
It can be seen that if the current TCP status is TCP_FIN_WAIT2, it will send a fourth wave of ack, and then call the tcp_time_wait function, which will change the TCP status to TIME_WAIT and start the TIME_WAIT timer.
How to read the TCP source code?
Many students asked me before, how do I view the TCP source code?
In fact, when I look at the TCP source code, I don't directly open the Linux source code and look at it directly, because the Linux source code is too large. If I don't know where the TCP entry function is, it is simply looking for a needle in a haystack.
So, when looking at the TCP source code, we can go to the Internet to search for other people's source code analysis. Many predecessors on the Internet have helped us analyze the TCP source code, and they have written out the call links of each function.
For example, if you want to understand the source code implementation of TCP three-way handshake/four wave hands, you can search with keywords like "TCP three-way handshake/four wave hands source code analysis". The comments of most articles are still very clear, I In the beginning, I learned the TCP source code in this way.
Online articles generally only focus on the important parts, and many code details are not posted. If you want to see all the code of the function in full, then you have to look at the kernel code.
Here is an online website to see the Linux kernel code: https://elixir.bootlin.com/linux/latest/source
I think it's quite easy to use. There are all versions of the code on the left, and you can search for functions in the upper right corner.
Therefore, my experience in viewing the TCP source code is to find the TCP source code analysis written by the predecessors on the Internet, and then know the call link of the entire function. If you want to know the specific implementation of a function, you can look at the one I said. Search for this function on the online website of the Linux kernel code, you can see the complete function implementation. If you encounter code that you don't understand, you can also copy the code to Baidu or Google to search. Generally, you can find the process of analysis by others.
Learning to look at the TCP source code actually helps us analyze some abnormal problems. For example, today’s network problem can’t find the answer on the Internet, and it’s difficult for us to simulate it by experiment.
So if you want to know the answer, you can only look at the source code.
Click to follow to learn about Huawei Cloud's fresh technology for the first time~
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。