我尝试向 SOAP 服务发送命令,但没有收到任何回复。SOAP 服务与我测试的服务器完全位于不同的站点。
我编写了一个嵌入了 SOAP XML 的虚拟脚本。当我在本地站点的三台机器(OSX、Ubuntu 或 CentOS 5.3)上运行该脚本时,它都能成功完成并得到良好的响应。
然后我将脚本发送到我们在 Slicehost 的公共主机,在那里我未能从 SOAP 服务获得响应。它接受 TCP 套接字并继续进行 SSL 握手。但是我没有收到任何有效的 HTTP 响应。
无论我使用脚本还是命令行上的 curl,情况都是如此。我使用 SOAP4R、Net::HTTP 和 Curb 重写了脚本。所有这些在我的本地站点上都可以运行,但在 Slicehost 站点上都无法运行。
我尝试将 CentOS 盒组装得尽可能与我的 Slicehost 服务器相匹配。我将 Slice 重建为原版 CentOS 5.3 和原版 CentOS 5.4,结果相同。
当我查看 Slicehost 上不良会话的 tcpdump 时,我看到我的脚本或 curl 将 XML 发送到远程服务器,但没有任何返回结果。当我查看本地站点的 tcpdump 时,我看到响应正常。我已完全禁用 Slice 上的 iptables。
有人知道是什么原因导致了这些结果吗?请让我知道我可以提供哪些其他信息。
谢谢你!
下面是示例会话的线路跟踪。以 173 开头的 IP 是我的服务器,而以 12 开头的 IP 是 SOAP 服务器的。
No. Time Source Destination Protocol Info
1 0.000000 173.45.x.x 12.36.x.x TCP 36872 > https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=137633469 TSER=0 WS=6
Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 0, Len: 0
No. Time Source Destination Protocol Info
2 0.040000 12.36.x.x 173.45.x.x TCP https > 36872 [SYN, ACK] Seq=0 Ack=1 Win=8760 Len=0 MSS=1460
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
3 0.040000 173.45.x.x 12.36.x.x TCP 36872 > https [ACK] Seq=1 Ack=1 Win=5840 Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Info
4 0.050000 173.45.x.x 12.36.x.x SSLv2 Client Hello
Frame 4 (156 bytes on wire, 156 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 1, Ack: 1, Len: 102
Secure Socket Layer
No. Time Source Destination Protocol Info
5 0.130000 12.36.x.x 173.45.x.x TCP [TCP segment of a reassembled PDU]
Frame 5 (1434 bytes on wire, 1434 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 1, Ack: 103, Len: 1380
Secure Socket Layer
No. Time Source Destination Protocol Info
6 0.130000 173.45.x.x 12.36.x.x TCP 36872 > https [ACK] Seq=103 Ack=1381 Win=8280 Len=0
Frame 6 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 103, Ack: 1381, Len: 0
No. Time Source Destination Protocol Info
7 0.130000 12.36.x.x 173.45.x.x TLSv1 Server Hello, Certificate, Server Hello Done
Frame 7 (1280 bytes on wire, 1280 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 1381, Ack: 103, Len: 1226
[Reassembled TCP Segments (2606 bytes): #5(1380), #7(1226)]
Secure Socket Layer
No. Time Source Destination Protocol Info
8 0.130000 173.45.x.x 12.36.x.x TCP 36872 > https [ACK] Seq=103 Ack=2607 Win=11040 Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 103, Ack: 2607, Len: 0
No. Time Source Destination Protocol Info
9 0.130000 173.45.x.x 12.36.x.x TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
Frame 9 (236 bytes on wire, 236 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 103, Ack: 2607, Len: 182
Secure Socket Layer
No. Time Source Destination Protocol Info
10 0.190000 12.36.x.x 173.45.x.x TLSv1 Change Cipher Spec, Encrypted Handshake Message
Frame 10 (97 bytes on wire, 97 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 2607, Ack: 285, Len: 43
Secure Socket Layer
No. Time Source Destination Protocol Info
11 0.190000 173.45.x.x 12.36.x.x TLSv1 Application Data
Frame 11 (347 bytes on wire, 347 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 285, Ack: 2650, Len: 293
Secure Socket Layer
No. Time Source Destination Protocol Info
12 0.190000 173.45.x.x 12.36.x.x TCP [TCP segment of a reassembled PDU]
Frame 12 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer
No. Time Source Destination Protocol Info
13 0.450000 12.36.x.x 173.45.x.x TCP https > 36872 [ACK] Seq=2650 Ack=578 Win=64958 Len=0
Frame 13 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 2650, Ack: 578, Len: 0
No. Time Source Destination Protocol Info
14 0.450000 173.45.x.x 12.36.x.x TCP [TCP segment of a reassembled PDU]
Frame 14 (206 bytes on wire, 206 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 2038, Ack: 2650, Len: 152
No. Time Source Destination Protocol Info
15 0.510000 12.36.x.x 173.45.x.x TCP [TCP Dup ACK 13#1] https > 36872 [ACK] Seq=2650 Ack=578 Win=64958 Len=0
Frame 15 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 2650, Ack: 578, Len: 0
No. Time Source Destination Protocol Info
16 0.850000 173.45.x.x 12.36.x.x TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
Frame 16 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer
No. Time Source Destination Protocol Info
17 1.650000 173.45.x.x 12.36.x.x TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
Frame 17 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer
No. Time Source Destination Protocol Info
18 3.250000 173.45.x.x 12.36.x.x TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
Frame 18 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer
No. Time Source Destination Protocol Info
19 6.450000 173.45.x.x 12.36.x.x TCP [TCP Retransmission] [TCP segment of a reassembled PDU]
Frame 19 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer
答案1
我认为您遇到了某种 MTU 问题。当您发送大于网络路径上的最小 MTU (PMTU) 且Don't fragment设置了位的数据包时,会发生这种情况,并且 ICMP 错误消息Fragmentation needed but Don't Fragment bit set在某处被阻止。
您应该首先检查本地和远程防火墙以允许 ICMP。
然后跟踪路径以查看 PMTU 是什么以及数据包丢失可能发生的位置。打开位Don't fragment!您应该在用于客户端-服务器通信的同一端口上执行此操作。使用hping2, 例如。
如果没有任何帮助,请关闭两台机器上的 PMTU 发现。
sudo sysctl net.ipv4.ip_no_pmtu_disc = 0
使用这个不是一个好主意,但是如果它有效,你可以肯定你有 MTU 问题。
祝你好运!
答案2
您能否提供来自切片和本地主机的 tcpdup(如果需要,可删除 IP)?
这可能有助于找出沟通失败/差异的地方。
最好使用 -v 运行 tcpdump 以获得更好的输出。