Networking

SSL / HTTP / 無響應 Curl

  • June 2, 2010

我正在嘗試向 SOAP 服務發送命令,但沒有得到任何回复。SOAP 服務位於與我正在測試的任一伺服器完全不同的站點上。

我編寫了一個嵌入了 SOAP XML 的虛擬腳本。當我在我的本地站點上執行它時,在三台機器中的任何一台上——OSX、Ubuntu 或 CentOS 5.3——它成功完成並獲得了良好的響應。

然後,我將腳本發送到位於 Slicehost 的公共主機,但無法從 SOAP 服務返迴響應。它接受 TCP 套接字並繼續進行 SSL 握手。但是,我沒有收到任何有效的 HTTP 響應。

無論我在命令行上使用我的腳本還是 curl 都是這種情況。我已經使用 SOAP4R、Net::HTTP 和 Curb 重寫了腳本。所有這些都在我的本地站點上工作,在 Slicehost 站點上都沒有工作。

我試圖盡可能地組裝 CentOS 機器以匹配我的 Slicehost 伺服器。我將 Slice 重建為庫存 CentOS 5.3 和庫存 CentOS 5.4,結果相同。

當我查看 Slicehost 上壞會話的 tcpdump 時,我看到我的腳本或 curl 將 XML 發送到遠端伺服器,但沒有任何返回。當我查看本地站點的 tcpdump 時,我看到響應很好。我在 Slice 上完全禁用了 iptables。

有誰知道是什麼導致了這些結果?請讓我知道我可以提供哪些其他資訊。

謝謝!

下面是一個範例會話的線跡。以 173 開頭的 IP 是我的伺服器,而以 12 開頭的 IP 是 SOAP 伺服器的。

No.     Time        Source                Destination           Protocol Info
     1 0.000000    173.45.x.x        12.36.x.x         TCP      36872 > https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=137633469 TSER=0 WS=6

Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 0, Len: 0

No.     Time        Source                Destination           Protocol Info
     2 0.040000    12.36.x.x         173.45.x.x        TCP      https > 36872 [SYN, ACK] Seq=0 Ack=1 Win=8760 Len=0 MSS=1460

Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 0, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Info
     3 0.040000    173.45.x.x        12.36.x.x         TCP      36872 > https [ACK] Seq=1 Ack=1 Win=5840 Len=0

Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Info
     4 0.050000    173.45.x.x        12.36.x.x         SSLv2    Client Hello

Frame 4 (156 bytes on wire, 156 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 1, Ack: 1, Len: 102
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
     5 0.130000    12.36.x.x         173.45.x.x        TCP      [TCP segment of a reassembled PDU]

Frame 5 (1434 bytes on wire, 1434 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 1, Ack: 103, Len: 1380
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
     6 0.130000    173.45.x.x        12.36.x.x         TCP      36872 > https [ACK] Seq=103 Ack=1381 Win=8280 Len=0

Frame 6 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 103, Ack: 1381, Len: 0

No.     Time        Source                Destination           Protocol Info
     7 0.130000    12.36.x.x         173.45.x.x        TLSv1    Server Hello, Certificate, Server Hello Done

Frame 7 (1280 bytes on wire, 1280 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 1381, Ack: 103, Len: 1226
[Reassembled TCP Segments (2606 bytes): #5(1380), #7(1226)]
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
     8 0.130000    173.45.x.x        12.36.x.x         TCP      36872 > https [ACK] Seq=103 Ack=2607 Win=11040 Len=0

Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 103, Ack: 2607, Len: 0

No.     Time        Source                Destination           Protocol Info
     9 0.130000    173.45.x.x        12.36.x.x         TLSv1    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

Frame 9 (236 bytes on wire, 236 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 103, Ack: 2607, Len: 182
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    10 0.190000    12.36.x.x         173.45.x.x        TLSv1    Change Cipher Spec, Encrypted Handshake Message

Frame 10 (97 bytes on wire, 97 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 2607, Ack: 285, Len: 43
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    11 0.190000    173.45.x.x        12.36.x.x         TLSv1    Application Data

Frame 11 (347 bytes on wire, 347 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 285, Ack: 2650, Len: 293
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    12 0.190000    173.45.x.x        12.36.x.x         TCP      [TCP segment of a reassembled PDU]

Frame 12 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    13 0.450000    12.36.x.x         173.45.x.x        TCP      https > 36872 [ACK] Seq=2650 Ack=578 Win=64958 Len=0

Frame 13 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 2650, Ack: 578, Len: 0

No.     Time        Source                Destination           Protocol Info
    14 0.450000    173.45.x.x        12.36.x.x         TCP      [TCP segment of a reassembled PDU]

Frame 14 (206 bytes on wire, 206 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 2038, Ack: 2650, Len: 152

No.     Time        Source                Destination           Protocol Info
    15 0.510000    12.36.x.x         173.45.x.x        TCP      [TCP Dup ACK 13#1] https > 36872 [ACK] Seq=2650 Ack=578 Win=64958 Len=0

Frame 15 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Dell_fb:49:a1 (00:21:9b:fb:49:a1), Dst: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6)
Internet Protocol, Src: 12.36.x.x (12.36.x.x), Dst: 173.45.x.x (173.45.x.x)
Transmission Control Protocol, Src Port: https (443), Dst Port: 36872 (36872), Seq: 2650, Ack: 578, Len: 0

No.     Time        Source                Destination           Protocol Info
    16 0.850000    173.45.x.x        12.36.x.x         TCP      [TCP Retransmission] [TCP segment of a reassembled PDU]

Frame 16 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    17 1.650000    173.45.x.x        12.36.x.x         TCP      [TCP Retransmission] [TCP segment of a reassembled PDU]

Frame 17 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    18 3.250000    173.45.x.x        12.36.x.x         TCP      [TCP Retransmission] [TCP segment of a reassembled PDU]

Frame 18 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer

No.     Time        Source                Destination           Protocol Info
    19 6.450000    173.45.x.x        12.36.x.x         TCP      [TCP Retransmission] [TCP segment of a reassembled PDU]

Frame 19 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 40:40:17:3a:f4:e6 (40:40:17:3a:f4:e6), Dst: Dell_fb:49:a1 (00:21:9b:fb:49:a1)
Internet Protocol, Src: 173.45.x.x (173.45.x.x), Dst: 12.36.x.x (12.36.x.x)
Transmission Control Protocol, Src Port: 36872 (36872), Dst Port: https (443), Seq: 578, Ack: 2650, Len: 1460
Secure Socket Layer

我認為你有某種 MTU 問題。當您在Don't fragment設置了位的網路路徑 (PMTU) 上發送大於最小 MTU 的數據包,並且 ICMP 錯誤消息Fragmentation needed but Don't Fragment bit set在某處被阻止時,就會發生這種情況。

您應該首先檢查本地和遠端防火牆以允許 ICMP。

然後跟踪路徑以查看 PMTU 是什麼以及可能發生包失去的位置。打開Don't fragment一點!您應該在用於客戶端-伺服器通信的同一埠上執行此操作。例如,使用hping2

如果沒有任何幫助,請關閉兩台機器上的 PMTU 發現。

sudo sysctl net.ipv4.ip_no_pmtu_disc = 0

使用它不是一個好主意,但如果它有效,你可以確定你有 MTU 問題。

祝你好運!

引用自:https://serverfault.com/questions/90884