TCP 同时打开和自连接预防
TCP 标准具有同时打开"的特性.
TCP standard has "simultaneous open" feature.
该功能的含义,客户端尝试连接本地端口,当端口来自临时范围,偶尔可以连接到自身(参见这里).
The implication of the feature, client trying to connect to local port, when the port is from ephemeral range, can occasionally connect to itself (see here).
所以客户端认为它连接到服务器,而它实际上连接到自己.另一方面,服务器无法打开它的服务器端口,因为它被客户端占用/窃取了.
So client think it's connected to server, while it actually connected to itself. From other side, server can not open its server port, since it's occupied/stolen by client.
我使用的是 RHEL 5.3,我的客户端不断尝试连接到本地服务器.最终客户端连接到自身.
I'm using RHEL 5.3 and my clients constantly tries to connect to local server. Eventually client connects to itself.
我想阻止这种情况.我看到了该问题的两种可能解决方案:
I want to prevent the situation. I see two possible solutions to the problem:
- 不要将临时端口用于服务器端口.同意临时端口范围并在您的机器上配置它(请参阅临时范围)
- 检查connect(),因为有人建议在这里.
- Don't use ephemeral ports for server ports. Agree ephemeral port range and configure it on your machines (see ephemeral range)
- Check connect() as somebody propose here.
你怎么看?你是如何处理这个问题的?
What do you thinks? How do you handle the issue?
P.S.1
除了我显然在寻找的解决方案,我希望您能分享一下您对这个问题的真实体验.
Except of the solution, which I obviously looking for, I'd like you to share your real life experience with the problem.
当我找到问题的原因时,我对我的工作场所不熟悉的人感到惊讶".通过定期连接轮询服务器是恕我直言的常见做法,所以这个问题是如何不为人所知的.
When I found the cause of the problem, I was "astonished" on my work place people are not familiar with it. Polling server by connecting it periodically is IMHO common practice, so how it's that the problem is not commonly known.
推荐答案
对于服务器,你需要 bind() 套接字到端口.一旦 addr:port 对绑定了套接字,它将不再用于 connect() 中的隐式绑定.
For server you need to bind() socket to port. Once addr:port pair had socket bound, it will no longer be used for implicit binding in connect().
没问题,没问题.
相关文章