CLOSE-WAIT bug

Question

CLOSE-WAIT bug

f4nff opened this issue a year ago · 26 comments

./ssserver -s "[::]:1" -m "aes-256-gcm" -k "pass" -U --tcp-no-delay --tcp-keep-alive 120 --udp-timeout 60

./sslocal --protocol tun -s "[2a01:1700:2::7:18b]:1" -m "aes-256-gcm" -k "pass" --outbound-bind-interface pppoe-wan --tun-interface-name tun0 -U --tcp-no-delay --tcp-keep-alive 120 --udp-timeout 60

查看netstat -an

服务端被连接放出现了CLOSE-WAIT

明显程序有问题.

tcp CLOSE-WAIT 0 0 [2a01:1700:2::7:18b]:1 [2a08:a220:9a17:bcb0::1]:57902

Answer 1 · 2023-05-15T09:48:59.000Z

zhboner/realm#87

可以参考一下这个,之前realm之前也存在这种问题,后来作者修复了,

Answer 2 · 2023-05-15T09:56:20.000Z

https://docs.rs/tokio/latest/tokio/net/struct.TcpStream.html

这个玩意有bug,有人提过,但是没解决.

Answer 3 · 2023-05-15T10:00:18.000Z

Instead of obsessing with stats you don't understand and opening useless issues, you should take some time to learn some networking basics.

Answer 4 · 2023-05-15T10:02:02.000Z

@database64128
如果close-wait一闪即逝是正常的,但是一直需要等待就不是正常的,
你应该多去学习一下.

golang c项目都没问题.

Answer 5 · 2023-05-15T10:04:02.000Z

FIN-WAIT-1
FIN-WAIT-2
存在一会是正常的,
但是CLOSE-WAIT一直存在,就是程序问题.

Answer 6 · 2023-05-15T10:07:26.000Z

zhboner/realm#87

cargo build --release --features 'brutal-shutdown'
增加 brutal-shutdown 编译选项后，测试无问题了

他底层socket没有使用tokio的，是他自己写的,调用了c的原生接口,就没有close-wait

有没有问题,自己多看看书噢,

Answer 7 · 2023-05-15T15:40:42.000Z

客户端一样存在很多 close-wait,
我的客户端运行在openwrt

Answer 8 · 2023-05-16T15:33:19.000Z

I don't think the solution in zhboner/realm#87 is the final solution but just a temporary solution.

We should put more discussion on why there were so many connections left in CLOSE-WAIT state.

Answer 9 · 2023-05-16T15:37:37.000Z

io对拷出的问题，没有正确释放另外一端，而golang有个defer，是无条件可以触发的，
所以golang项目不存在CLOSE-WAIT,

Answer 10 · 2023-05-16T15:38:30.000Z

realm早期版本也存在 CLOSE-WAIT 的问题,后来的版本就解决了.

Answer 11 · 2023-05-16T15:41:29.000Z

io对拷出的问题，没有正确释放另外一端，而golang有个defer，是无条件可以触发的

This behavior is wrong. It will lose data if there are something still left unread in another transfer direction.

所以golang项目不存在CLOSE-WAIT,

realm早期版本也存在 CLOSE-WAIT 的问题,后来的版本就解决了.

Yes, and they will definitely lose data in some situation. I don't think it is "solved".

I won't do the same unless there is no correct solution on this issue.

Answer 12 · 2023-05-16T15:45:51.000Z

一方都主动关闭了连接,你保持连接就会继续传输数据嘛?

Answer 13 · 2023-05-16T15:46:08.000Z

一方主动关闭了连接,就要主动释放另一端连接.

Answer 14 · 2023-05-16T15:46:51.000Z

For reference, in go-shadowsocks2:

https://github.com/shadowsocks/go-shadowsocks2/blob/828576df0a9415d1f49e9433577389821e862f3c/tcp.go#L145-L166

It calls io.Copy on both direction. Set a Read timeout when one of them ends.

Answer 15 · 2023-05-16T15:46:59.000Z

代理的本质就是数据转发,跟realm没有本质的区别.

Answer 16 · 2023-05-16T15:47:40.000Z

我测试发现，如果转发通道建立了，但是不发数据，服务端死了，通道感知不到

Answer 17 · 2023-05-16T15:48:38.000Z

go-shadowsocks2 不存在这种问题,但是shadowsocks-rust出现了这种问题.

Answer 18 · 2023-05-16T15:48:45.000Z

这个tokio的底层，我也没整明白

Answer 19 · 2023-05-16T15:48:48.000Z

我测试发现，如果转发通道建立了，但是不发数据，服务端死了，通道感知不到

If it is corrent,

Why your server don't send RST to local clients?
Why your local client couldn't receive RST.

这个tokio的底层，我也没整明白

There is nothing about tokio. It is Linux's network behavior.

Answer 20 · 2023-05-16T15:49:27.000Z

然后我测试发现，如果转发通道建立了，但是不发数据，服务端死了，通道感知不到，我感觉就是这里有问题，

Answer 21 · 2023-05-16T15:49:34.000Z

然后修复的，就是考虑了这情况

Answer 22 · 2023-05-16T15:50:44.000Z

You don't need to repeat that solution. I know exactly what it aims to and what it solved.

Answer 23 · 2023-05-16T15:52:32.000Z

出现大量的CLOSE-WAIT是对的?
你认为对就是对的吧,随后我自己来修复.

Answer 24 · 2023-05-16T15:53:10.000Z

如果出现大量的CLOSE-WAIT是对的,
为什么那些C项目,还有golang项目都没有?
偏偏只有你家项目存在呢?

Answer 25 · 2023-05-16T15:53:46.000Z

I have never said that. If you continue attacking, discussion ends here.

Answer 26 · 2023-05-16T15:56:06.000Z

就这样吧,过几天我自己来修复.
已经断开了,又哪里来的数据,,,