€•       Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ+/translations/zh_CN/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/zh_TW/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/it_IT/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ja_JP/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ko_KR/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/pt_BR/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/sp_SP/networking/snmp_counter”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒSNMP counter”h]”hŒSNMP counter”…””}”(hh¼h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhh·h²hh³ŒE/var/lib/git/docbuild/linux/Documentation/networking/snmp_counter.rst”h´KubhŒ	paragraph”“”)”}”(hŒ4This document explains the meaning of SNMP counters.”h]”hŒ4This document explains the meaning of SNMP counters.”…””}”(hhÍh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubh¶)”}”(hhh]”(h»)”}”(hŒGeneral IPv4 counters”h]”hŒGeneral IPv4 counters”…””}”(hhÞh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhhÛh²hh³hÊh´KubhÌ)”}”(hŒ•All layer 4 packets and ICMP packets will change these counters, but
these counters won't be changed by layer 2 packets (such as STP) or
ARP packets.”h]”hŒ—All layer 4 packets and ICMP packets will change these counters, but
these counters wonâ€™t be changed by layer 2 packets (such as STP) or
ARP packets.”…””}”(hhìh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K	hhÛh²hubhŒbullet_list”“”)”}”(hhh]”hŒ	list_item”“”)”}”(hŒIpInReceives
”h]”hÌ)”}”(hŒIpInReceives”h]”hŒIpInReceives”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhhüh²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1húh³hÊh´KhhÛh²hubhÌ)”}”(hŒ"Defined in `RFC1213 ipInReceives`_”h]”(hŒDefined in ”…””}”(hj!  h²hh³Nh´NubhŒ	reference”“”)”}”(hŒ`RFC1213 ipInReceives`_”h]”hŒRFC1213 ipInReceives”…””}”(hj+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipInReceives”Œrefuri”Œ+https://tools.ietf.org/html/rfc1213#page-26”uh1j)  hj!  Œresolved”Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubhŒtarget”“”)”}”(hŒE.. _RFC1213 ipInReceives: https://tools.ietf.org/html/rfc1213#page-26”h]”h}”(h]”Œrfc1213-ipinreceives”ah ]”h"]”Œrfc1213 ipinreceives”ah$]”h&]”j;  j<  uh1jD  h´KhhÛh²hh³hÊŒ
referenced”KubhÌ)”}”(hXY  The number of packets received by the IP layer. It gets increasing at the
beginning of ip_rcv function, always be updated together with
IpExtInOctets. It will be increased even if the packet is dropped
later (e.g. due to the IP header is invalid or the checksum is wrong
and so on).  It indicates the number of aggregated segments after
GRO/LRO.”h]”hXY  The number of packets received by the IP layer. It gets increasing at the
beginning of ip_rcv function, always be updated together with
IpExtInOctets. It will be increased even if the packet is dropped
later (e.g. due to the IP header is invalid or the checksum is wrong
and so on).  It indicates the number of aggregated segments after
GRO/LRO.”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubhû)”}”(hhh]”j   )”}”(hŒIpInDelivers
”h]”hÌ)”}”(hŒIpInDelivers”h]”hŒIpInDelivers”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhja  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KhhÛh²hubhÌ)”}”(hŒ"Defined in `RFC1213 ipInDelivers`_”h]”(hŒDefined in ”…””}”(hj‚  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipInDelivers`_”h]”hŒRFC1213 ipInDelivers”…””}”(hjŠ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipInDelivers”j;  Œ+https://tools.ietf.org/html/rfc1213#page-28”uh1j)  hj‚  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubjE  )”}”(hŒE.. _RFC1213 ipInDelivers: https://tools.ietf.org/html/rfc1213#page-28”h]”h}”(h]”Œrfc1213-ipindelivers”ah ]”h"]”Œrfc1213 ipindelivers”ah$]”h&]”j;  jš  uh1jD  h´KhhÛh²hh³hÊjR  KubhÌ)”}”(hŒÿThe number of packets delivers to the upper layer protocols. E.g. TCP, UDP,
ICMP and so on. If no one listens on a raw socket, only kernel
supported protocols will be delivered, if someone listens on the raw
socket, all valid IP packets will be delivered.”h]”hŒÿThe number of packets delivers to the upper layer protocols. E.g. TCP, UDP,
ICMP and so on. If no one listens on a raw socket, only kernel
supported protocols will be delivered, if someone listens on the raw
socket, all valid IP packets will be delivered.”…””}”(hj­  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K hhÛh²hubhû)”}”(hhh]”j   )”}”(hŒIpOutRequests
”h]”hÌ)”}”(hŒIpOutRequests”h]”hŒIpOutRequests”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K%hj¾  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj»  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´K%hhÛh²hubhÌ)”}”(hŒ#Defined in `RFC1213 ipOutRequests`_”h]”(hŒDefined in ”…””}”(hjÜ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipOutRequests`_”h]”hŒRFC1213 ipOutRequests”…””}”(hjä  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipOutRequests”j;  Œ+https://tools.ietf.org/html/rfc1213#page-28”uh1j)  hjÜ  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K'hhÛh²hubjE  )”}”(hŒF.. _RFC1213 ipOutRequests: https://tools.ietf.org/html/rfc1213#page-28”h]”h}”(h]”Œrfc1213-ipoutrequests”ah ]”h"]”Œrfc1213 ipoutrequests”ah$]”h&]”j;  jô  uh1jD  h´K)hhÛh²hh³hÊjR  KubhÌ)”}”(hŒŽThe number of packets sent via IP layer, for both single cast and
multicast packets, and would always be updated together with
IpExtOutOctets.”h]”hŒŽThe number of packets sent via IP layer, for both single cast and
multicast packets, and would always be updated together with
IpExtOutOctets.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K+hhÛh²hubhû)”}”(hhh]”j   )”}”(hŒ!IpExtInOctets and IpExtOutOctets
”h]”hÌ)”}”(hŒ IpExtInOctets and IpExtOutOctets”h]”hŒ IpExtInOctets and IpExtOutOctets”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K/hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´K/hhÛh²hubhÌ)”}”(hX?  They are Linux kernel extensions, no RFC definitions. Please note,
RFC1213 indeed defines ifInOctets  and ifOutOctets, but they
are different things. The ifInOctets and ifOutOctets include the MAC
layer header size but IpExtInOctets and IpExtOutOctets don't, they
only include the IP layer header and the IP layer data.”h]”hXA  They are Linux kernel extensions, no RFC definitions. Please note,
RFC1213 indeed defines ifInOctets  and ifOutOctets, but they
are different things. The ifInOctets and ifOutOctets include the MAC
layer header size but IpExtInOctets and IpExtOutOctets donâ€™t, they
only include the IP layer header and the IP layer data.”…””}”(hj6  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K1hhÛh²hubhû)”}”(hhh]”j   )”}”(hŒBIpExtInNoECTPkts, IpExtInECT1Pkts, IpExtInECT0Pkts, IpExtInCEPkts
”h]”hÌ)”}”(hŒAIpExtInNoECTPkts, IpExtInECT1Pkts, IpExtInECT0Pkts, IpExtInCEPkts”h]”hŒAIpExtInNoECTPkts, IpExtInECT1Pkts, IpExtInECT0Pkts, IpExtInCEPkts”…””}”(hjK  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K7hjG  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjD  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´K7hhÛh²hubhÌ)”}”(hŒ|They indicate the number of four kinds of ECN IP packets, please refer
`Explicit Congestion Notification`_ for more details.”h]”(hŒGThey indicate the number of four kinds of ECN IP packets, please refer
”…””}”(hje  h²hh³Nh´Nubj*  )”}”(hŒ#`Explicit Congestion Notification`_”h]”hŒ Explicit Congestion Notification”…””}”(hjm  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ Explicit Congestion Notification”j;  Œ*https://tools.ietf.org/html/rfc3168#page-6”uh1j)  hje  j=  KubhŒ for more details.”…””}”(hje  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K9hhÛh²hubjE  )”}”(hŒP.. _Explicit Congestion Notification: https://tools.ietf.org/html/rfc3168#page-6”h]”h}”(h]”Œ explicit-congestion-notification”ah ]”h"]”Œ explicit congestion notification”ah$]”h&]”j;  j}  uh1jD  h´K<hhÛh²hh³hÊjR  KubhÌ)”}”(hŒæThese 4 counters calculate how many packets received per ECN
status. They count the real frame number regardless the LRO/GRO. So
for the same packet, you might find that IpInReceives count 1, but
IpExtInNoECTPkts counts 2 or more.”h]”hŒæThese 4 counters calculate how many packets received per ECN
status. They count the real frame number regardless the LRO/GRO. So
for the same packet, you might find that IpInReceives count 1, but
IpExtInNoECTPkts counts 2 or more.”…””}”(hj”  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K>hhÛh²hubhû)”}”(hhh]”j   )”}”(hŒIpInHdrErrors
”h]”hÌ)”}”(hŒIpInHdrErrors”h]”hŒIpInHdrErrors”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KChj¥  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj¢  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KChhÛh²hubhÌ)”}”(hŒšDefined in `RFC1213 ipInHdrErrors`_. It indicates the packet is
dropped due to the IP header error. It might happen in both IP input
and IP forward paths.”h]”(hŒDefined in ”…””}”(hjÃ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipInHdrErrors`_”h]”hŒRFC1213 ipInHdrErrors”…””}”(hjË  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipInHdrErrors”j;  Œ+https://tools.ietf.org/html/rfc1213#page-27”uh1j)  hjÃ  j=  KubhŒw. It indicates the packet is
dropped due to the IP header error. It might happen in both IP input
and IP forward paths.”…””}”(hjÃ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KEhhÛh²hubjE  )”}”(hŒF.. _RFC1213 ipInHdrErrors: https://tools.ietf.org/html/rfc1213#page-27”h]”h}”(h]”Œrfc1213-ipinhdrerrors”ah ]”h"]”Œrfc1213 ipinhdrerrors”ah$]”h&]”j;  jÛ  uh1jD  h´KIhhÛh²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒIpInAddrErrors
”h]”hÌ)”}”(hŒIpInAddrErrors”h]”hŒIpInAddrErrors”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KKhjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjò  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KKhhÛh²hubhÌ)”}”(hŒÂDefined in `RFC1213 ipInAddrErrors`_. It will be increased in two
scenarios: (1) The IP address is invalid. (2) The destination IP
address is not a local address and IP forwarding is not enabled”h]”(hŒDefined in ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipInAddrErrors`_”h]”hŒRFC1213 ipInAddrErrors”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipInAddrErrors”j;  Œ+https://tools.ietf.org/html/rfc1213#page-27”uh1j)  hj  j=  KubhŒž. It will be increased in two
scenarios: (1) The IP address is invalid. (2) The destination IP
address is not a local address and IP forwarding is not enabled”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KMhhÛh²hubjE  )”}”(hŒG.. _RFC1213 ipInAddrErrors: https://tools.ietf.org/html/rfc1213#page-27”h]”h}”(h]”Œrfc1213-ipinaddrerrors”ah ]”h"]”Œrfc1213 ipinaddrerrors”ah$]”h&]”j;  j+  uh1jD  h´KQhhÛh²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒIpExtInNoRoutes
”h]”hÌ)”}”(hŒIpExtInNoRoutes”h]”hŒIpExtInNoRoutes”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KShjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjB  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KShhÛh²hubhÌ)”}”(hX  This counter means the packet is dropped when the IP stack receives a
packet and can't find a route for it from the route table. It might
happen when IP forwarding is enabled and the destination IP address is
not a local address and there is no route for the destination IP
address.”h]”hX  This counter means the packet is dropped when the IP stack receives a
packet and canâ€™t find a route for it from the route table. It might
happen when IP forwarding is enabled and the destination IP address is
not a local address and there is no route for the destination IP
address.”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KUhhÛh²hubhû)”}”(hhh]”j   )”}”(hŒIpInUnknownProtos
”h]”hÌ)”}”(hŒIpInUnknownProtos”h]”hŒIpInUnknownProtos”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K[hjt  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjq  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´K[hhÛh²hubhÌ)”}”(hŒóDefined in `RFC1213 ipInUnknownProtos`_. It will be increased if the
layer 4 protocol is unsupported by kernel. If an application is using
raw socket, kernel will always deliver the packet to the raw socket
and this counter won't be increased.”h]”(hŒDefined in ”…””}”(hj’  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipInUnknownProtos`_”h]”hŒRFC1213 ipInUnknownProtos”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipInUnknownProtos”j;  Œ+https://tools.ietf.org/html/rfc1213#page-27”uh1j)  hj’  j=  KubhŒÎ. It will be increased if the
layer 4 protocol is unsupported by kernel. If an application is using
raw socket, kernel will always deliver the packet to the raw socket
and this counter wonâ€™t be increased.”…””}”(hj’  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K]hhÛh²hubjE  )”}”(hŒJ.. _RFC1213 ipInUnknownProtos: https://tools.ietf.org/html/rfc1213#page-27”h]”h}”(h]”Œrfc1213-ipinunknownprotos”ah ]”h"]”Œrfc1213 ipinunknownprotos”ah$]”h&]”j;  jª  uh1jD  h´KbhhÛh²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒIpExtInTruncatedPkts
”h]”hÌ)”}”(hŒIpExtInTruncatedPkts”h]”hŒIpExtInTruncatedPkts”…””}”(hjÈ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KdhjÄ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÁ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KdhhÛh²hubhÌ)”}”(hŒkFor IPv4 packet, it means the actual data size is smaller than the
"Total Length" field in the IPv4 header.”h]”hŒoFor IPv4 packet, it means the actual data size is smaller than the
â€œTotal Lengthâ€ field in the IPv4 header.”…””}”(hjâ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KfhhÛh²hubhû)”}”(hhh]”j   )”}”(hŒIpInDiscards
”h]”hÌ)”}”(hŒIpInDiscards”h]”hŒIpInDiscards”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kihjó  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjð  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KihhÛh²hubhÌ)”}”(hŒ›Defined in `RFC1213 ipInDiscards`_. It indicates the packet is dropped
in the IP receiving path and due to kernel internal reasons (e.g. no
enough memory).”h]”(hŒDefined in ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipInDiscards`_”h]”hŒRFC1213 ipInDiscards”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipInDiscards”j;  Œ+https://tools.ietf.org/html/rfc1213#page-28”uh1j)  hj  j=  KubhŒy. It indicates the packet is dropped
in the IP receiving path and due to kernel internal reasons (e.g. no
enough memory).”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KkhhÛh²hubjE  )”}”(hŒE.. _RFC1213 ipInDiscards: https://tools.ietf.org/html/rfc1213#page-28”h]”h}”(h]”Œrfc1213-ipindiscards”ah ]”h"]”Œrfc1213 ipindiscards”ah$]”h&]”j;  j)  uh1jD  h´KohhÛh²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒIpOutDiscards
”h]”hÌ)”}”(hŒIpOutDiscards”h]”hŒIpOutDiscards”…””}”(hjG  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KqhjC  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj@  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KqhhÛh²hubhÌ)”}”(hŒ‚Defined in `RFC1213 ipOutDiscards`_. It indicates the packet is
dropped in the IP sending path and due to kernel internal reasons.”h]”(hŒDefined in ”…””}”(hja  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipOutDiscards`_”h]”hŒRFC1213 ipOutDiscards”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipOutDiscards”j;  Œ+https://tools.ietf.org/html/rfc1213#page-28”uh1j)  hja  j=  KubhŒ_. It indicates the packet is
dropped in the IP sending path and due to kernel internal reasons.”…””}”(hja  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KshhÛh²hubjE  )”}”(hŒF.. _RFC1213 ipOutDiscards: https://tools.ietf.org/html/rfc1213#page-28”h]”h}”(h]”Œrfc1213-ipoutdiscards”ah ]”h"]”Œrfc1213 ipoutdiscards”ah$]”h&]”j;  jy  uh1jD  h´KvhhÛh²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒIpOutNoRoutes
”h]”hÌ)”}”(hŒIpOutNoRoutes”h]”hŒIpOutNoRoutes”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kxhj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KxhhÛh²hubhÌ)”}”(hŒ|Defined in `RFC1213 ipOutNoRoutes`_. It indicates the packet is
dropped in the IP sending path and no route is found for it.”h]”(hŒDefined in ”…””}”(hj±  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 ipOutNoRoutes`_”h]”hŒRFC1213 ipOutNoRoutes”…””}”(hj¹  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 ipOutNoRoutes”j;  Œ+https://tools.ietf.org/html/rfc1213#page-29”uh1j)  hj±  j=  KubhŒY. It indicates the packet is
dropped in the IP sending path and no route is found for it.”…””}”(hj±  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KzhhÛh²hubjE  )”}”(hŒF.. _RFC1213 ipOutNoRoutes: https://tools.ietf.org/html/rfc1213#page-29”h]”h}”(h]”Œrfc1213-ipoutnoroutes”ah ]”h"]”Œrfc1213 ipoutnoroutes”ah$]”h&]”j;  jÉ  uh1jD  h´K}hhÛh²hh³hÊjR  Kubeh}”(h]”Œgeneral-ipv4-counters”ah ]”h"]”Œgeneral ipv4 counters”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒICMP counters”h]”hŒICMP counters”…””}”(hjë  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjè  h²hh³hÊh´K€ubhû)”}”(hhh]”j   )”}”(hŒIcmpInMsgs and IcmpOutMsgs
”h]”hÌ)”}”(hŒIcmpInMsgs and IcmpOutMsgs”h]”hŒIcmpInMsgs and IcmpOutMsgs”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjü  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjù  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Khjè  h²hubhÌ)”}”(hŒ;Defined by `RFC1213 icmpInMsgs`_ and `RFC1213 icmpOutMsgs`_”h]”(hŒDefined by ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInMsgs`_”h]”hŒRFC1213 icmpInMsgs”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInMsgs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-41”uh1j)  hj  j=  KubhŒ and ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutMsgs`_”h]”hŒRFC1213 icmpOutMsgs”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutMsgs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-43”uh1j)  hj  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kƒhjè  h²hubjE  )”}”(hŒC.. _RFC1213 icmpInMsgs: https://tools.ietf.org/html/rfc1213#page-41”h]”h}”(h]”Œrfc1213-icmpinmsgs”ah ]”h"]”Œrfc1213 icmpinmsgs”ah$]”h&]”j;  j2  uh1jD  h´K…hjè  h²hh³hÊjR  KubjE  )”}”(hŒD.. _RFC1213 icmpOutMsgs: https://tools.ietf.org/html/rfc1213#page-43”h]”h}”(h]”Œrfc1213-icmpoutmsgs”ah ]”h"]”Œrfc1213 icmpoutmsgs”ah$]”h&]”j;  jG  uh1jD  h´K†hjè  h²hh³hÊjR  KubhÌ)”}”(hX"  As mentioned in the RFC1213, these two counters include errors, they
would be increased even if the ICMP packet has an invalid type. The
ICMP output path will check the header of a raw socket, so the
IcmpOutMsgs would still be updated if the IP header is constructed by
a userspace program.”h]”hX"  As mentioned in the RFC1213, these two counters include errors, they
would be increased even if the ICMP packet has an invalid type. The
ICMP output path will check the header of a raw socket, so the
IcmpOutMsgs would still be updated if the IP header is constructed by
a userspace program.”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kˆhjè  h²hubhû)”}”(hhh]”j   )”}”(hŒICMP named types
”h]”hÌ)”}”(hŒICMP named types”h]”hŒICMP named types”…””}”(hj{  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KŽhjw  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjt  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KŽhjè  h²hubhŒ
line_block”“”)”}”(hhh]”(hh´“”)”}”(hŒ;These counters include most of common ICMP types, they are:”h]”hŒ;These counters include most of common ICMP types, they are:”…””}”(hj›  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h´Œindent”K hj—  h²hh³hÊh´Kubjš  )”}”(hŒ1IcmpInDestUnreachs: `RFC1213 icmpInDestUnreachs`_”h]”(hŒIcmpInDestUnreachs: ”…””}”(hjª  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInDestUnreachs`_”h]”hŒRFC1213 icmpInDestUnreachs”…””}”(hj²  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInDestUnreachs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-41”uh1j)  hjª  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K‘ubjš  )”}”(hŒ+IcmpInTimeExcds: `RFC1213 icmpInTimeExcds`_”h]”(hŒIcmpInTimeExcds: ”…””}”(hjÉ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInTimeExcds`_”h]”hŒRFC1213 icmpInTimeExcds”…””}”(hjÑ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInTimeExcds”j;  Œ+https://tools.ietf.org/html/rfc1213#page-41”uh1j)  hjÉ  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K’ubjš  )”}”(hŒ+IcmpInParmProbs: `RFC1213 icmpInParmProbs`_”h]”(hŒIcmpInParmProbs: ”…””}”(hjè  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInParmProbs`_”h]”hŒRFC1213 icmpInParmProbs”…””}”(hjð  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInParmProbs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-42”uh1j)  hjè  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K“ubjš  )”}”(hŒ-IcmpInSrcQuenchs: `RFC1213 icmpInSrcQuenchs`_”h]”(hŒIcmpInSrcQuenchs: ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInSrcQuenchs`_”h]”hŒRFC1213 icmpInSrcQuenchs”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInSrcQuenchs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-42”uh1j)  hj  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K”ubjš  )”}”(hŒ+IcmpInRedirects: `RFC1213 icmpInRedirects`_”h]”(hŒIcmpInRedirects: ”…””}”(hj&  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInRedirects`_”h]”hŒRFC1213 icmpInRedirects”…””}”(hj.  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInRedirects”j;  Œ+https://tools.ietf.org/html/rfc1213#page-42”uh1j)  hj&  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K•ubjš  )”}”(hŒ#IcmpInEchos: `RFC1213 icmpInEchos`_”h]”(hŒIcmpInEchos: ”…””}”(hjE  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInEchos`_”h]”hŒRFC1213 icmpInEchos”…””}”(hjM  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInEchos”j;  Œ+https://tools.ietf.org/html/rfc1213#page-42”uh1j)  hjE  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K–ubjš  )”}”(hŒ)IcmpInEchoReps: `RFC1213 icmpInEchoReps`_”h]”(hŒIcmpInEchoReps: ”…””}”(hjd  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInEchoReps`_”h]”hŒRFC1213 icmpInEchoReps”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInEchoReps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-42”uh1j)  hjd  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K—ubjš  )”}”(hŒ-IcmpInTimestamps: `RFC1213 icmpInTimestamps`_”h]”(hŒIcmpInTimestamps: ”…””}”(hjƒ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInTimestamps`_”h]”hŒRFC1213 icmpInTimestamps”…””}”(hj‹  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInTimestamps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-42”uh1j)  hjƒ  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K˜ubjš  )”}”(hŒ3IcmpInTimestampReps: `RFC1213 icmpInTimestampReps`_”h]”(hŒIcmpInTimestampReps: ”…””}”(hj¢  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInTimestampReps`_”h]”hŒRFC1213 icmpInTimestampReps”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInTimestampReps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-43”uh1j)  hj¢  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K™ubjš  )”}”(hŒ+IcmpInAddrMasks: `RFC1213 icmpInAddrMasks`_”h]”(hŒIcmpInAddrMasks: ”…””}”(hjÁ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInAddrMasks`_”h]”hŒRFC1213 icmpInAddrMasks”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInAddrMasks”j;  Œ+https://tools.ietf.org/html/rfc1213#page-43”uh1j)  hjÁ  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´Kšubjš  )”}”(hŒ1IcmpInAddrMaskReps: `RFC1213 icmpInAddrMaskReps`_”h]”(hŒIcmpInAddrMaskReps: ”…””}”(hjà  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInAddrMaskReps`_”h]”hŒRFC1213 icmpInAddrMaskReps”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInAddrMaskReps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-43”uh1j)  hjà  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K›ubjš  )”}”(hŒ3IcmpOutDestUnreachs: `RFC1213 icmpOutDestUnreachs`_”h]”(hŒIcmpOutDestUnreachs: ”…””}”(hjÿ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutDestUnreachs`_”h]”hŒRFC1213 icmpOutDestUnreachs”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutDestUnreachs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-44”uh1j)  hjÿ  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´Kœubjš  )”}”(hŒ-IcmpOutTimeExcds: `RFC1213 icmpOutTimeExcds`_”h]”(hŒIcmpOutTimeExcds: ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutTimeExcds`_”h]”hŒRFC1213 icmpOutTimeExcds”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutTimeExcds”j;  Œ+https://tools.ietf.org/html/rfc1213#page-44”uh1j)  hj  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´Kubjš  )”}”(hŒ-IcmpOutParmProbs: `RFC1213 icmpOutParmProbs`_”h]”(hŒIcmpOutParmProbs: ”…””}”(hj=  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutParmProbs`_”h]”hŒRFC1213 icmpOutParmProbs”…””}”(hjE  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutParmProbs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-44”uh1j)  hj=  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´Kžubjš  )”}”(hŒ/IcmpOutSrcQuenchs: `RFC1213 icmpOutSrcQuenchs`_”h]”(hŒIcmpOutSrcQuenchs: ”…””}”(hj\  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutSrcQuenchs`_”h]”hŒRFC1213 icmpOutSrcQuenchs”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutSrcQuenchs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-44”uh1j)  hj\  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´KŸubjš  )”}”(hŒ-IcmpOutRedirects: `RFC1213 icmpOutRedirects`_”h]”(hŒIcmpOutRedirects: ”…””}”(hj{  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutRedirects`_”h]”hŒRFC1213 icmpOutRedirects”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutRedirects”j;  Œ+https://tools.ietf.org/html/rfc1213#page-44”uh1j)  hj{  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K ubjš  )”}”(hŒ%IcmpOutEchos: `RFC1213 icmpOutEchos`_”h]”(hŒIcmpOutEchos: ”…””}”(hjš  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutEchos`_”h]”hŒRFC1213 icmpOutEchos”…””}”(hj¢  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutEchos”j;  Œ+https://tools.ietf.org/html/rfc1213#page-45”uh1j)  hjš  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K¡ubjš  )”}”(hŒ+IcmpOutEchoReps: `RFC1213 icmpOutEchoReps`_”h]”(hŒIcmpOutEchoReps: ”…””}”(hj¹  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutEchoReps`_”h]”hŒRFC1213 icmpOutEchoReps”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutEchoReps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-45”uh1j)  hj¹  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K¢ubjš  )”}”(hŒ/IcmpOutTimestamps: `RFC1213 icmpOutTimestamps`_”h]”(hŒIcmpOutTimestamps: ”…””}”(hjØ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutTimestamps`_”h]”hŒRFC1213 icmpOutTimestamps”…””}”(hjà  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutTimestamps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-45”uh1j)  hjØ  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K£ubjš  )”}”(hŒ5IcmpOutTimestampReps: `RFC1213 icmpOutTimestampReps`_”h]”(hŒIcmpOutTimestampReps: ”…””}”(hj÷  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutTimestampReps`_”h]”hŒRFC1213 icmpOutTimestampReps”…””}”(hjÿ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutTimestampReps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-45”uh1j)  hj÷  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K¤ubjš  )”}”(hŒ-IcmpOutAddrMasks: `RFC1213 icmpOutAddrMasks`_”h]”(hŒIcmpOutAddrMasks: ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutAddrMasks`_”h]”hŒRFC1213 icmpOutAddrMasks”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutAddrMasks”j;  Œ+https://tools.ietf.org/html/rfc1213#page-45”uh1j)  hj  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K¥ubjš  )”}”(hŒ3IcmpOutAddrMaskReps: `RFC1213 icmpOutAddrMaskReps`_”h]”(hŒIcmpOutAddrMaskReps: ”…””}”(hj5  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutAddrMaskReps`_”h]”hŒRFC1213 icmpOutAddrMaskReps”…””}”(hj=  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutAddrMaskReps”j;  Œ+https://tools.ietf.org/html/rfc1213#page-46”uh1j)  hj5  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1h´j©  K hj—  h²hh³hÊh´K¦ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjè  h²hh³hÊh´KubjE  )”}”(hŒK.. _RFC1213 icmpInDestUnreachs: https://tools.ietf.org/html/rfc1213#page-41”h]”h}”(h]”Œrfc1213-icmpindestunreachs”ah ]”h"]”Œrfc1213 icmpindestunreachs”ah$]”h&]”j;  jÂ  uh1jD  h´K¨hjè  h²hh³hÊjR  KubjE  )”}”(hŒH.. _RFC1213 icmpInTimeExcds: https://tools.ietf.org/html/rfc1213#page-41”h]”h}”(h]”Œrfc1213-icmpintimeexcds”ah ]”h"]”Œrfc1213 icmpintimeexcds”ah$]”h&]”j;  já  uh1jD  h´K©hjè  h²hh³hÊjR  KubjE  )”}”(hŒH.. _RFC1213 icmpInParmProbs: https://tools.ietf.org/html/rfc1213#page-42”h]”h}”(h]”Œrfc1213-icmpinparmprobs”ah ]”h"]”Œrfc1213 icmpinparmprobs”ah$]”h&]”j;  j   uh1jD  h´Kªhjè  h²hh³hÊjR  KubjE  )”}”(hŒI.. _RFC1213 icmpInSrcQuenchs: https://tools.ietf.org/html/rfc1213#page-42”h]”h}”(h]”Œrfc1213-icmpinsrcquenchs”ah ]”h"]”Œrfc1213 icmpinsrcquenchs”ah$]”h&]”j;  j  uh1jD  h´K«hjè  h²hh³hÊjR  KubjE  )”}”(hŒH.. _RFC1213 icmpInRedirects: https://tools.ietf.org/html/rfc1213#page-42”h]”h}”(h]”Œrfc1213-icmpinredirects”ah ]”h"]”Œrfc1213 icmpinredirects”ah$]”h&]”j;  j>  uh1jD  h´K¬hjè  h²hh³hÊjR  KubjE  )”}”(hŒD.. _RFC1213 icmpInEchos: https://tools.ietf.org/html/rfc1213#page-42”h]”h}”(h]”Œrfc1213-icmpinechos”ah ]”h"]”Œrfc1213 icmpinechos”ah$]”h&]”j;  j]  uh1jD  h´K­hjè  h²hh³hÊjR  KubjE  )”}”(hŒG.. _RFC1213 icmpInEchoReps: https://tools.ietf.org/html/rfc1213#page-42”h]”h}”(h]”Œrfc1213-icmpinechoreps”ah ]”h"]”Œrfc1213 icmpinechoreps”ah$]”h&]”j;  j|  uh1jD  h´K®hjè  h²hh³hÊjR  KubjE  )”}”(hŒI.. _RFC1213 icmpInTimestamps: https://tools.ietf.org/html/rfc1213#page-42”h]”h}”(h]”Œrfc1213-icmpintimestamps”ah ]”h"]”Œrfc1213 icmpintimestamps”ah$]”h&]”j;  j›  uh1jD  h´K¯hjè  h²hh³hÊjR  KubjE  )”}”(hŒL.. _RFC1213 icmpInTimestampReps: https://tools.ietf.org/html/rfc1213#page-43”h]”h}”(h]”Œrfc1213-icmpintimestampreps”ah ]”h"]”Œrfc1213 icmpintimestampreps”ah$]”h&]”j;  jº  uh1jD  h´K°hjè  h²hh³hÊjR  KubjE  )”}”(hŒH.. _RFC1213 icmpInAddrMasks: https://tools.ietf.org/html/rfc1213#page-43”h]”h}”(h]”Œrfc1213-icmpinaddrmasks”ah ]”h"]”Œrfc1213 icmpinaddrmasks”ah$]”h&]”j;  jÙ  uh1jD  h´K±hjè  h²hh³hÊjR  KubjE  )”}”(hŒK.. _RFC1213 icmpInAddrMaskReps: https://tools.ietf.org/html/rfc1213#page-43”h]”h}”(h]”Œrfc1213-icmpinaddrmaskreps”ah ]”h"]”Œrfc1213 icmpinaddrmaskreps”ah$]”h&]”j;  jø  uh1jD  h´K²hjè  h²hh³hÊjR  KubjE  )”}”(hŒL.. _RFC1213 icmpOutDestUnreachs: https://tools.ietf.org/html/rfc1213#page-44”h]”h}”(h]”Œrfc1213-icmpoutdestunreachs”ah ]”h"]”Œrfc1213 icmpoutdestunreachs”ah$]”h&]”j;  j  uh1jD  h´K´hjè  h²hh³hÊjR  KubjE  )”}”(hŒI.. _RFC1213 icmpOutTimeExcds: https://tools.ietf.org/html/rfc1213#page-44”h]”h}”(h]”Œrfc1213-icmpouttimeexcds”ah ]”h"]”Œrfc1213 icmpouttimeexcds”ah$]”h&]”j;  j6  uh1jD  h´Kµhjè  h²hh³hÊjR  KubjE  )”}”(hŒI.. _RFC1213 icmpOutParmProbs: https://tools.ietf.org/html/rfc1213#page-44”h]”h}”(h]”Œrfc1213-icmpoutparmprobs”ah ]”h"]”Œrfc1213 icmpoutparmprobs”ah$]”h&]”j;  jU  uh1jD  h´K¶hjè  h²hh³hÊjR  KubjE  )”}”(hŒJ.. _RFC1213 icmpOutSrcQuenchs: https://tools.ietf.org/html/rfc1213#page-44”h]”h}”(h]”Œrfc1213-icmpoutsrcquenchs”ah ]”h"]”Œrfc1213 icmpoutsrcquenchs”ah$]”h&]”j;  jt  uh1jD  h´K·hjè  h²hh³hÊjR  KubjE  )”}”(hŒI.. _RFC1213 icmpOutRedirects: https://tools.ietf.org/html/rfc1213#page-44”h]”h}”(h]”Œrfc1213-icmpoutredirects”ah ]”h"]”Œrfc1213 icmpoutredirects”ah$]”h&]”j;  j“  uh1jD  h´K¸hjè  h²hh³hÊjR  KubjE  )”}”(hŒE.. _RFC1213 icmpOutEchos: https://tools.ietf.org/html/rfc1213#page-45”h]”h}”(h]”Œrfc1213-icmpoutechos”ah ]”h"]”Œrfc1213 icmpoutechos”ah$]”h&]”j;  j²  uh1jD  h´K¹hjè  h²hh³hÊjR  KubjE  )”}”(hŒH.. _RFC1213 icmpOutEchoReps: https://tools.ietf.org/html/rfc1213#page-45”h]”h}”(h]”Œrfc1213-icmpoutechoreps”ah ]”h"]”Œrfc1213 icmpoutechoreps”ah$]”h&]”j;  jÑ  uh1jD  h´Kºhjè  h²hh³hÊjR  KubjE  )”}”(hŒJ.. _RFC1213 icmpOutTimestamps: https://tools.ietf.org/html/rfc1213#page-45”h]”h}”(h]”Œrfc1213-icmpouttimestamps”ah ]”h"]”Œrfc1213 icmpouttimestamps”ah$]”h&]”j;  jð  uh1jD  h´K»hjè  h²hh³hÊjR  KubjE  )”}”(hŒM.. _RFC1213 icmpOutTimestampReps: https://tools.ietf.org/html/rfc1213#page-45”h]”h}”(h]”Œrfc1213-icmpouttimestampreps”ah ]”h"]”Œrfc1213 icmpouttimestampreps”ah$]”h&]”j;  j  uh1jD  h´K¼hjè  h²hh³hÊjR  KubjE  )”}”(hŒI.. _RFC1213 icmpOutAddrMasks: https://tools.ietf.org/html/rfc1213#page-45”h]”h}”(h]”Œrfc1213-icmpoutaddrmasks”ah ]”h"]”Œrfc1213 icmpoutaddrmasks”ah$]”h&]”j;  j.  uh1jD  h´K½hjè  h²hh³hÊjR  KubjE  )”}”(hŒL.. _RFC1213 icmpOutAddrMaskReps: https://tools.ietf.org/html/rfc1213#page-46”h]”h}”(h]”Œrfc1213-icmpoutaddrmaskreps”ah ]”h"]”Œrfc1213 icmpoutaddrmaskreps”ah$]”h&]”j;  jM  uh1jD  h´K¾hjè  h²hh³hÊjR  KubhÌ)”}”(hX	  Every ICMP type has two counters: 'In' and 'Out'. E.g., for the ICMP
Echo packet, they are IcmpInEchos and IcmpOutEchos. Their meanings are
straightforward. The 'In' counter means kernel receives such a packet
and the 'Out' counter means kernel sends such a packet.”h]”hX  Every ICMP type has two counters: â€˜Inâ€™ and â€˜Outâ€™. E.g., for the ICMP
Echo packet, they are IcmpInEchos and IcmpOutEchos. Their meanings are
straightforward. The â€˜Inâ€™ counter means kernel receives such a packet
and the â€˜Outâ€™ counter means kernel sends such a packet.”…””}”(hjb	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÀhjè  h²hubhû)”}”(hhh]”j   )”}”(hŒICMP numeric types
”h]”hÌ)”}”(hŒICMP numeric types”h]”hŒICMP numeric types”…””}”(hjw	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÅhjs	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjp	  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KÅhjè  h²hubhÌ)”}”(hŒÛThey are IcmpMsgInType[N] and IcmpMsgOutType[N], the [N] indicates the
ICMP type number. These counters track all kinds of ICMP packets. The
ICMP type number definition could be found in the `ICMP parameters`_
document.”h]”(hŒ¿They are IcmpMsgInType[N] and IcmpMsgOutType[N], the [N] indicates the
ICMP type number. These counters track all kinds of ICMP packets. The
ICMP type number definition could be found in the ”…””}”(hj‘	  h²hh³Nh´Nubj*  )”}”(hŒ`ICMP parameters`_”h]”hŒICMP parameters”…””}”(hj™	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒICMP parameters”j;  ŒFhttps://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml”uh1j)  hj‘	  j=  KubhŒ

document.”…””}”(hj‘	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÇhjè  h²hubjE  )”}”(hŒ[.. _ICMP parameters: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml”h]”h}”(h]”Œicmp-parameters”ah ]”h"]”Œicmp parameters”ah$]”h&]”j;  j©	  uh1jD  h´KÌhjè  h²hh³hÊjR  KubhÌ)”}”(hŒ°For example, if the Linux kernel sends an ICMP Echo packet, the
IcmpMsgOutType8 would increase 1. And if kernel gets an ICMP Echo Reply
packet, IcmpMsgInType0 would increase 1.”h]”hŒ°For example, if the Linux kernel sends an ICMP Echo packet, the
IcmpMsgOutType8 would increase 1. And if kernel gets an ICMP Echo Reply
packet, IcmpMsgInType0 would increase 1.”…””}”(hjÀ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÎhjè  h²hubhû)”}”(hhh]”j   )”}”(hŒIcmpInCsumErrors
”h]”hÌ)”}”(hŒIcmpInCsumErrors”h]”hŒIcmpInCsumErrors”…””}”(hjÕ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÒhjÑ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÎ	  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KÒhjè  h²hubhÌ)”}”(hX  This counter indicates the checksum of the ICMP packet is
wrong. Kernel verifies the checksum after updating the IcmpInMsgs and
before updating IcmpMsgInType[N]. If a packet has bad checksum, the
IcmpInMsgs would be updated but none of IcmpMsgInType[N] would be updated.”h]”hX  This counter indicates the checksum of the ICMP packet is
wrong. Kernel verifies the checksum after updating the IcmpInMsgs and
before updating IcmpMsgInType[N]. If a packet has bad checksum, the
IcmpInMsgs would be updated but none of IcmpMsgInType[N] would be updated.”…””}”(hjï	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÔhjè  h²hubhû)”}”(hhh]”j   )”}”(hŒIcmpInErrors and IcmpOutErrors
”h]”hÌ)”}”(hŒIcmpInErrors and IcmpOutErrors”h]”hŒIcmpInErrors and IcmpOutErrors”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÙhj 
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjý	  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´KÙhjè  h²hubhÌ)”}”(hŒ?Defined by `RFC1213 icmpInErrors`_ and `RFC1213 icmpOutErrors`_”h]”(hŒDefined by ”…””}”(hj
  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpInErrors`_”h]”hŒRFC1213 icmpInErrors”…””}”(hj&
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpInErrors”j;  Œ+https://tools.ietf.org/html/rfc1213#page-41”uh1j)  hj
  j=  KubhŒ and ”…””}”(hj
  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 icmpOutErrors`_”h]”hŒRFC1213 icmpOutErrors”…””}”(hj;
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 icmpOutErrors”j;  Œ+https://tools.ietf.org/html/rfc1213#page-43”uh1j)  hj
  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÛhjè  h²hubjE  )”}”(hŒE.. _RFC1213 icmpInErrors: https://tools.ietf.org/html/rfc1213#page-41”h]”h}”(h]”Œrfc1213-icmpinerrors”ah ]”h"]”Œrfc1213 icmpinerrors”ah$]”h&]”j;  j6
  uh1jD  h´KÝhjè  h²hh³hÊjR  KubjE  )”}”(hŒF.. _RFC1213 icmpOutErrors: https://tools.ietf.org/html/rfc1213#page-43”h]”h}”(h]”Œrfc1213-icmpouterrors”ah ]”h"]”Œrfc1213 icmpouterrors”ah$]”h&]”j;  jK
  uh1jD  h´KÞhjè  h²hh³hÊjR  KubhÌ)”}”(hX  When an error occurs in the ICMP packet handler path, these two
counters would be updated. The receiving packet path use IcmpInErrors
and the sending packet path use IcmpOutErrors. When IcmpInCsumErrors
is increased, IcmpInErrors would always be increased too.”h]”hX  When an error occurs in the ICMP packet handler path, these two
counters would be updated. The receiving packet path use IcmpInErrors
and the sending packet path use IcmpOutErrors. When IcmpInCsumErrors
is increased, IcmpInErrors would always be increased too.”…””}”(hjj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kàhjè  h²hubh¶)”}”(hhh]”(h»)”}”(hŒ!relationship of the ICMP counters”h]”hŒ!relationship of the ICMP counters”…””}”(hj{
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjx
  h²hh³hÊh´KæubhÌ)”}”(hŒüThe sum of IcmpMsgOutType[N] is always equal to IcmpOutMsgs, as they
are updated at the same time. The sum of IcmpMsgInType[N] plus
IcmpInErrors should be equal or larger than IcmpInMsgs. When kernel
receives an ICMP packet, kernel follows below logic:”h]”hŒüThe sum of IcmpMsgOutType[N] is always equal to IcmpOutMsgs, as they
are updated at the same time. The sum of IcmpMsgInType[N] plus
IcmpInErrors should be equal or larger than IcmpInMsgs. When kernel
receives an ICMP packet, kernel follows below logic:”…””}”(hj‰
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kçhjx
  h²hubhŒenumerated_list”“”)”}”(hhh]”(j   )”}”(hŒincrease IcmpInMsgs”h]”hÌ)”}”(hjž
  h]”hŒincrease IcmpInMsgs”…””}”(hj 
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kìhjœ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj™
  h²hh³hÊh´Nubj   )”}”(hŒ<if has any error, update IcmpInErrors and finish the process”h]”hÌ)”}”(hjµ
  h]”hŒ<if has any error, update IcmpInErrors and finish the process”…””}”(hj·
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kíhj³
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj™
  h²hh³hÊh´Nubj   )”}”(hŒupdate IcmpMsgOutType[N]”h]”hÌ)”}”(hjÌ
  h]”hŒupdate IcmpMsgOutType[N]”…””}”(hjÎ
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KîhjÊ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj™
  h²hh³hÊh´Nubj   )”}”(hŒfhandle the packet depending on the type, if has any error, update
IcmpInErrors and finish the process
”h]”hÌ)”}”(hŒehandle the packet depending on the type, if has any error, update
IcmpInErrors and finish the process”h]”hŒehandle the packet depending on the type, if has any error, update
IcmpInErrors and finish the process”…””}”(hjå
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kïhjá
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj™
  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œenumtype”Œarabic”Œprefix”hŒsuffix”Œ.”uh1j—
  hjx
  h²hh³hÊh´KìubhÌ)”}”(hXP  So if all errors occur in step (2), IcmpInMsgs should be equal to the
sum of IcmpMsgOutType[N] plus IcmpInErrors. If all errors occur in
step (4), IcmpInMsgs should be equal to the sum of
IcmpMsgOutType[N]. If the errors occur in both step (2) and step (4),
IcmpInMsgs should be less than the sum of IcmpMsgOutType[N] plus
IcmpInErrors.”h]”hXP  So if all errors occur in step (2), IcmpInMsgs should be equal to the
sum of IcmpMsgOutType[N] plus IcmpInErrors. If all errors occur in
step (4), IcmpInMsgs should be equal to the sum of
IcmpMsgOutType[N]. If the errors occur in both step (2) and step (4),
IcmpInMsgs should be less than the sum of IcmpMsgOutType[N] plus
IcmpInErrors.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kòhjx
  h²hubeh}”(h]”Œ!relationship-of-the-icmp-counters”ah ]”h"]”Œ!relationship of the icmp counters”ah$]”h&]”uh1hµhjè  h²hh³hÊh´Kæubeh}”(h]”Œicmp-counters”ah ]”h"]”Œicmp counters”ah$]”h&]”uh1hµhh·h²hh³hÊh´K€ubh¶)”}”(hhh]”(h»)”}”(hŒGeneral TCP counters”h]”hŒGeneral TCP counters”…””}”(hj%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj"  h²hh³hÊh´Kúubhû)”}”(hhh]”j   )”}”(hŒ
TcpInSegs
”h]”hÌ)”}”(hŒ	TcpInSegs”h]”hŒ	TcpInSegs”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kûhj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj3  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Kûhj"  h²hubhÌ)”}”(hŒDefined in `RFC1213 tcpInSegs`_”h]”(hŒDefined in ”…””}”(hjT  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpInSegs`_”h]”hŒRFC1213 tcpInSegs”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpInSegs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-48”uh1j)  hjT  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kýhj"  h²hubjE  )”}”(hŒB.. _RFC1213 tcpInSegs: https://tools.ietf.org/html/rfc1213#page-48”h]”h}”(h]”Œrfc1213-tcpinsegs”ah ]”h"]”Œrfc1213 tcpinsegs”ah$]”h&]”j;  jl  uh1jD  h´Kÿhj"  h²hh³hÊjR  KubhÌ)”}”(hX‚  The number of packets received by the TCP layer. As mentioned in
RFC1213, it includes the packets received in error, such as checksum
error, invalid TCP header and so on. Only one error won't be included:
if the layer 2 destination address is not the NIC's layer 2
address. It might happen if the packet is a multicast or broadcast
packet, or the NIC is in promiscuous mode. In these situations, the
packets would be delivered to the TCP layer, but the TCP layer will discard
these packets before increasing TcpInSegs. The TcpInSegs counter
isn't aware of GRO. So if two packets are merged by GRO, the TcpInSegs
counter would only increase 1.”h]”hXˆ  The number of packets received by the TCP layer. As mentioned in
RFC1213, it includes the packets received in error, such as checksum
error, invalid TCP header and so on. Only one error wonâ€™t be included:
if the layer 2 destination address is not the NICâ€™s layer 2
address. It might happen if the packet is a multicast or broadcast
packet, or the NIC is in promiscuous mode. In these situations, the
packets would be delivered to the TCP layer, but the TCP layer will discard
these packets before increasing TcpInSegs. The TcpInSegs counter
isnâ€™t aware of GRO. So if two packets are merged by GRO, the TcpInSegs
counter would only increase 1.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpOutSegs
”h]”hÌ)”}”(hŒ
TcpOutSegs”h]”hŒ
TcpOutSegs”…””}”(hj”  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhj"  h²hubhÌ)”}”(hŒ Defined in `RFC1213 tcpOutSegs`_”h]”(hŒDefined in ”…””}”(hj®  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpOutSegs`_”h]”hŒRFC1213 tcpOutSegs”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpOutSegs”j;  Œ+https://tools.ietf.org/html/rfc1213#page-48”uh1j)  hj®  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj"  h²hubjE  )”}”(hŒC.. _RFC1213 tcpOutSegs: https://tools.ietf.org/html/rfc1213#page-48”h]”h}”(h]”Œrfc1213-tcpoutsegs”ah ]”h"]”Œrfc1213 tcpoutsegs”ah$]”h&]”j;  jÆ  uh1jD  h´Mhj"  h²hh³hÊjR  KubhÌ)”}”(hX  The number of packets sent by the TCP layer. As mentioned in RFC1213,
it excludes the retransmitted packets. But it includes the SYN, ACK
and RST packets. Doesn't like TcpInSegs, the TcpOutSegs is aware of
GSO, so if a packet would be split to 2 by GSO, TcpOutSegs will
increase 2.”h]”hX  The number of packets sent by the TCP layer. As mentioned in RFC1213,
it excludes the retransmitted packets. But it includes the SYN, ACK
and RST packets. Doesnâ€™t like TcpInSegs, the TcpOutSegs is aware of
GSO, so if a packet would be split to 2 by GSO, TcpOutSegs will
increase 2.”…””}”(hjÙ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpActiveOpens
”h]”hÌ)”}”(hŒTcpActiveOpens”h]”hŒTcpActiveOpens”…””}”(hjî  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjê  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjç  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhj"  h²hubhÌ)”}”(hŒ$Defined in `RFC1213 tcpActiveOpens`_”h]”(hŒDefined in ”…””}”(hj  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpActiveOpens`_”h]”hŒRFC1213 tcpActiveOpens”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpActiveOpens”j;  Œ+https://tools.ietf.org/html/rfc1213#page-47”uh1j)  hj  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj"  h²hubjE  )”}”(hŒG.. _RFC1213 tcpActiveOpens: https://tools.ietf.org/html/rfc1213#page-47”h]”h}”(h]”Œrfc1213-tcpactiveopens”ah ]”h"]”Œrfc1213 tcpactiveopens”ah$]”h&]”j;  j   uh1jD  h´Mhj"  h²hh³hÊjR  KubhÌ)”}”(hŒ‘It means the TCP layer sends a SYN, and come into the SYN-SENT
state. Every time TcpActiveOpens increases 1, TcpOutSegs should always
increase 1.”h]”hŒ‘It means the TCP layer sends a SYN, and come into the SYN-SENT
state. Every time TcpActiveOpens increases 1, TcpOutSegs should always
increase 1.”…””}”(hj3  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpPassiveOpens
”h]”hÌ)”}”(hŒTcpPassiveOpens”h]”hŒTcpPassiveOpens”…””}”(hjH  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M"hjD  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjA  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M"hj"  h²hubhÌ)”}”(hŒ%Defined in `RFC1213 tcpPassiveOpens`_”h]”(hŒDefined in ”…””}”(hjb  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpPassiveOpens`_”h]”hŒRFC1213 tcpPassiveOpens”…””}”(hjj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpPassiveOpens”j;  Œ+https://tools.ietf.org/html/rfc1213#page-47”uh1j)  hjb  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M$hj"  h²hubjE  )”}”(hŒH.. _RFC1213 tcpPassiveOpens: https://tools.ietf.org/html/rfc1213#page-47”h]”h}”(h]”Œrfc1213-tcppassiveopens”ah ]”h"]”Œrfc1213 tcppassiveopens”ah$]”h&]”j;  jz  uh1jD  h´M&hj"  h²hh³hÊjR  KubhÌ)”}”(hŒWIt means the TCP layer receives a SYN, replies a SYN+ACK, come into
the SYN-RCVD state.”h]”hŒWIt means the TCP layer receives a SYN, replies a SYN+ACK, come into
the SYN-RCVD state.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M(hj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPRcvCoalesce
”h]”hÌ)”}”(hŒTcpExtTCPRcvCoalesce”h]”hŒTcpExtTCPRcvCoalesce”…””}”(hj¢  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M+hjž  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj›  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M+hj"  h²hubhÌ)”}”(hX3  When packets are received by the TCP layer and are not be read by the
application, the TCP layer will try to merge them. This counter
indicate how many packets are merged in such situation. If GRO is
enabled, lots of packets would be merged by GRO, these packets
wouldn't be counted to TcpExtTCPRcvCoalesce.”h]”hX5  When packets are received by the TCP layer and are not be read by the
application, the TCP layer will try to merge them. This counter
indicate how many packets are merged in such situation. If GRO is
enabled, lots of packets would be merged by GRO, these packets
wouldnâ€™t be counted to TcpExtTCPRcvCoalesce.”…””}”(hj¼  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M-hj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAutoCorking
”h]”hÌ)”}”(hŒTcpExtTCPAutoCorking”h]”hŒTcpExtTCPAutoCorking”…””}”(hjÑ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M3hjÍ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÊ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M3hj"  h²hubhÌ)”}”(hŒêWhen sending packets, the TCP layer will try to merge small packets to
a bigger one. This counter increase 1 for every packet merged in such
situation. Please refer to the LWN article for more details:
https://lwn.net/Articles/576263/”h]”(hŒÊWhen sending packets, the TCP layer will try to merge small packets to
a bigger one. This counter increase 1 for every packet merged in such
situation. Please refer to the LWN article for more details:
”…””}”(hjë  h²hh³Nh´Nubj*  )”}”(hŒ https://lwn.net/Articles/576263/”h]”hŒ https://lwn.net/Articles/576263/”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jõ  uh1j)  hjë  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M5hj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPOrigDataSent
”h]”hÌ)”}”(hŒTcpExtTCPOrigDataSent”h]”hŒTcpExtTCPOrigDataSent”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M:hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M:hj"  h²hubhÌ)”}”(hŒYThis counter is explained by kernel commit f19c29e3e391, I pasted the
explanation below::”h]”hŒXThis counter is explained by kernel commit f19c29e3e391, I pasted the
explanation below:”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M<hj"  h²hubhŒliteral_block”“”)”}”(hX  TCPOrigDataSent: number of outgoing packets with original data (excluding
retransmission but including data-in-SYN). This counter is different from
TcpOutSegs because TcpOutSegs also tracks pure ACKs. TCPOrigDataSent is
more useful to track the TCP retransmission rate.”h]”hX  TCPOrigDataSent: number of outgoing packets with original data (excluding
retransmission but including data-in-SYN). This counter is different from
TcpOutSegs because TcpOutSegs also tracks pure ACKs. TCPOrigDataSent is
more useful to track the TCP retransmission rate.”…””}”hj9  sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1j7  h³hÊh´M?hj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTCPSynRetrans
”h]”hÌ)”}”(hŒTCPSynRetrans”h]”hŒTCPSynRetrans”…””}”(hjP  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MDhjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjI  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MDhj"  h²hubhÌ)”}”(hŒYThis counter is explained by kernel commit f19c29e3e391, I pasted the
explanation below::”h]”hŒXThis counter is explained by kernel commit f19c29e3e391, I pasted the
explanation below:”…””}”(hjj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MFhj"  h²hubj8  )”}”(hŒˆTCPSynRetrans: number of SYN and SYN/ACK retransmits to break down
retransmissions into SYN, fast-retransmits, timeout retransmits, etc.”h]”hŒˆTCPSynRetrans: number of SYN and SYN/ACK retransmits to break down
retransmissions into SYN, fast-retransmits, timeout retransmits, etc.”…””}”hjx  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MIhj"  h²hubhû)”}”(hhh]”j   )”}”(hŒTCPFastOpenActiveFail
”h]”hÌ)”}”(hŒTCPFastOpenActiveFail”h]”hŒTCPFastOpenActiveFail”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MLhj‰  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj†  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MLhj"  h²hubhÌ)”}”(hŒYThis counter is explained by kernel commit f19c29e3e391, I pasted the
explanation below::”h]”hŒXThis counter is explained by kernel commit f19c29e3e391, I pasted the
explanation below:”…””}”(hj§  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MNhj"  h²hubj8  )”}”(hŒ|TCPFastOpenActiveFail: Fast Open attempts (SYN/data) failed because
the remote does not accept it or the attempts timed out.”h]”hŒ|TCPFastOpenActiveFail: Fast Open attempts (SYN/data) failed because
the remote does not accept it or the attempts timed out.”…””}”hjµ  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MQhj"  h²hubhû)”}”(hhh]”j   )”}”(hŒ,TcpExtListenOverflows and TcpExtListenDrops
”h]”hÌ)”}”(hŒ+TcpExtListenOverflows and TcpExtListenDrops”h]”hŒ+TcpExtListenOverflows and TcpExtListenDrops”…””}”(hjÊ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MThjÆ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÃ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MThj"  h²hubhÌ)”}”(hX9  When kernel receives a SYN from a client, and if the TCP accept queue
is full, kernel will drop the SYN and add 1 to TcpExtListenOverflows.
At the same time kernel will also add 1 to TcpExtListenDrops. When a
TCP socket is in LISTEN state, and kernel need to drop a packet,
kernel would always add 1 to TcpExtListenDrops. So increase
TcpExtListenOverflows would let TcpExtListenDrops increasing at the
same time, but TcpExtListenDrops would also increase without
TcpExtListenOverflows increasing, e.g. a memory allocation fail would
also let TcpExtListenDrops increase.”h]”hX9  When kernel receives a SYN from a client, and if the TCP accept queue
is full, kernel will drop the SYN and add 1 to TcpExtListenOverflows.
At the same time kernel will also add 1 to TcpExtListenDrops. When a
TCP socket is in LISTEN state, and kernel need to drop a packet,
kernel would always add 1 to TcpExtListenDrops. So increase
TcpExtListenOverflows would let TcpExtListenDrops increasing at the
same time, but TcpExtListenDrops would also increase without
TcpExtListenOverflows increasing, e.g. a memory allocation fail would
also let TcpExtListenDrops increase.”…””}”(hjä  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MVhj"  h²hubhÌ)”}”(hXÏ  Note: The above explanation is based on kernel 4.10 or above version, on
an old kernel, the TCP stack has different behavior when TCP accept
queue is full. On the old kernel, TCP stack won't drop the SYN, it
would complete the 3-way handshake. As the accept queue is full, TCP
stack will keep the socket in the TCP half-open queue. As it is in the
half open queue, TCP stack will send SYN+ACK on an exponential backoff
timer, after client replies ACK, TCP stack checks whether the accept
queue is still full, if it is not full, moves the socket to the accept
queue, if it is full, keeps the socket in the half-open queue, at next
time client replies ACK, this socket will get another chance to move
to the accept queue.”h]”hXÑ  Note: The above explanation is based on kernel 4.10 or above version, on
an old kernel, the TCP stack has different behavior when TCP accept
queue is full. On the old kernel, TCP stack wonâ€™t drop the SYN, it
would complete the 3-way handshake. As the accept queue is full, TCP
stack will keep the socket in the TCP half-open queue. As it is in the
half open queue, TCP stack will send SYN+ACK on an exponential backoff
timer, after client replies ACK, TCP stack checks whether the accept
queue is still full, if it is not full, moves the socket to the accept
queue, if it is full, keeps the socket in the half-open queue, at next
time client replies ACK, this socket will get another chance to move
to the accept queue.”…””}”(hjò  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M`hj"  h²hubeh}”(h]”Œgeneral-tcp-counters”ah ]”h"]”Œgeneral tcp counters”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kúubh¶)”}”(hhh]”(h»)”}”(hŒTCP Fast Open”h]”hŒTCP Fast Open”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj  h²hh³hÊh´Mnubhû)”}”(hhh]”j   )”}”(hŒTcpEstabResets
”h]”hÌ)”}”(hŒTcpEstabResets”h]”hŒTcpEstabResets”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mohj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mohj  h²hubhÌ)”}”(hŒ%Defined in `RFC1213 tcpEstabResets`_.”h]”(hŒDefined in ”…””}”(hj:  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpEstabResets`_”h]”hŒRFC1213 tcpEstabResets”…””}”(hjB  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpEstabResets”j;  Œ+https://tools.ietf.org/html/rfc1213#page-48”uh1j)  hj:  j=  KubhŒ.”…””}”(hj:  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mqhj  h²hubjE  )”}”(hŒG.. _RFC1213 tcpEstabResets: https://tools.ietf.org/html/rfc1213#page-48”h]”h}”(h]”Œrfc1213-tcpestabresets”ah ]”h"]”Œrfc1213 tcpestabresets”ah$]”h&]”j;  jR  uh1jD  h´Mshj  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpAttemptFails
”h]”hÌ)”}”(hŒTcpAttemptFails”h]”hŒTcpAttemptFails”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Muhjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhji  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Muhj  h²hubhÌ)”}”(hŒ&Defined in `RFC1213 tcpAttemptFails`_.”h]”(hŒDefined in ”…””}”(hjŠ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpAttemptFails`_”h]”hŒRFC1213 tcpAttemptFails”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpAttemptFails”j;  Œ+https://tools.ietf.org/html/rfc1213#page-48”uh1j)  hjŠ  j=  KubhŒ.”…””}”(hjŠ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mwhj  h²hubjE  )”}”(hŒH.. _RFC1213 tcpAttemptFails: https://tools.ietf.org/html/rfc1213#page-48”h]”h}”(h]”Œrfc1213-tcpattemptfails”ah ]”h"]”Œrfc1213 tcpattemptfails”ah$]”h&]”j;  j¢  uh1jD  h´Myhj  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpOutRsts
”h]”hÌ)”}”(hŒ
TcpOutRsts”h]”hŒ
TcpOutRsts”…””}”(hjÀ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M{hj¼  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj¹  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M{hj  h²hubhÌ)”}”(hX  Defined in `RFC1213 tcpOutRsts`_. The RFC says this counter indicates
the 'segments sent containing the RST flag', but in linux kernel, this
counter indicates the segments kernel tried to send. The sending
process might be failed due to some errors (e.g. memory alloc failed).”h]”(hŒDefined in ”…””}”(hjÚ  h²hh³Nh´Nubj*  )”}”(hŒ`RFC1213 tcpOutRsts`_”h]”hŒRFC1213 tcpOutRsts”…””}”(hjâ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC1213 tcpOutRsts”j;  Œ+https://tools.ietf.org/html/rfc1213#page-52”uh1j)  hjÚ  j=  KubhŒø. The RFC says this counter indicates
the â€˜segments sent containing the RST flagâ€™, but in linux kernel, this
counter indicates the segments kernel tried to send. The sending
process might be failed due to some errors (e.g. memory alloc failed).”…””}”(hjÚ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M}hj  h²hubjE  )”}”(hŒC.. _RFC1213 tcpOutRsts: https://tools.ietf.org/html/rfc1213#page-52”h]”h}”(h]”Œrfc1213-tcpoutrsts”ah ]”h"]”Œrfc1213 tcpoutrsts”ah$]”h&]”j;  jò  uh1jD  h´M‚hj  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSpuriousRtxHostQueues
”h]”hÌ)”}”(hŒTcpExtTCPSpuriousRtxHostQueues”h]”hŒTcpExtTCPSpuriousRtxHostQueues”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M„hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj	  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M„hj  h²hubhÌ)”}”(hX  When the TCP stack wants to retransmit a packet, and finds that packet
is not lost in the network, but the packet is not sent yet, the TCP
stack would give up the retransmission and update this counter. It
might happen if a packet stays too long time in a qdisc or driver
queue.”h]”hX  When the TCP stack wants to retransmit a packet, and finds that packet
is not lost in the network, but the packet is not sent yet, the TCP
stack would give up the retransmission and update this counter. It
might happen if a packet stays too long time in a qdisc or driver
queue.”…””}”(hj*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M†hj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpEstabResets
”h]”hÌ)”}”(hŒTcpEstabResets”h]”hŒTcpEstabResets”…””}”(hj?  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MŒhj;  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj8  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MŒhj  h²hubhÌ)”}”(hŒAThe socket receives a RST packet in Establish or CloseWait state.”h]”hŒAThe socket receives a RST packet in Establish or CloseWait state.”…””}”(hjY  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MŽhj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPKeepAlive
”h]”hÌ)”}”(hŒTcpExtTCPKeepAlive”h]”hŒTcpExtTCPKeepAlive”…””}”(hjn  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjg  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhj  h²hubhÌ)”}”(hŒ²This counter indicates many keepalive packets were sent. The keepalive
won't be enabled by default. A userspace program could enable it by
setting the SO_KEEPALIVE socket option.”h]”hŒ´This counter indicates many keepalive packets were sent. The keepalive
wonâ€™t be enabled by default. A userspace program could enable it by
setting the SO_KEEPALIVE socket option.”…””}”(hjˆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M’hj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSpuriousRTOs
”h]”hÌ)”}”(hŒTcpExtTCPSpuriousRTOs”h]”hŒTcpExtTCPSpuriousRTOs”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M–hj™  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj–  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M–hj  h²hubhÌ)”}”(hŒGThe spurious retransmission timeout detected by the `F-RTO`_
algorithm.”h]”(hŒ4The spurious retransmission timeout detected by the ”…””}”(hj·  h²hh³Nh´Nubj*  )”}”(hŒ`F-RTO`_”h]”hŒF-RTO”…””}”(hj¿  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒF-RTO”j;  Œ#https://tools.ietf.org/html/rfc5682”uh1j)  hj·  j=  KubhŒ
algorithm.”…””}”(hj·  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M˜hj  h²hubjE  )”}”(hŒ... _F-RTO: https://tools.ietf.org/html/rfc5682”h]”h}”(h]”Œf-rto”ah ]”h"]”Œf-rto”ah$]”h&]”j;  jÏ  uh1jD  h´M›hj  h²hh³hÊjR  Kubeh}”(h]”Œtcp-fast-open”ah ]”h"]”Œtcp fast open”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mnubh¶)”}”(hhh]”(h»)”}”(hŒTCP Fast Path”h]”hŒTCP Fast Path”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjî  h²hh³hÊ•      h´MžubhÌ)”}”(hŒÈWhen kernel receives a TCP packet, it has two paths to handler the
packet, one is fast path, another is slow path. The comment in kernel
code provides a good explanation of them, I pasted them below::”h]”hŒÇWhen kernel receives a TCP packet, it has two paths to handler the
packet, one is fast path, another is slow path. The comment in kernel
code provides a good explanation of them, I pasted them below:”…””}”(hjÿ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MŸhjî  h²hubj8  )”}”(hXV  It is split into a fast path and a slow path. The fast path is
disabled when:

- A zero window was announced from us
- zero window probing
  is only handled properly on the slow path.
- Out of order segments arrived.
- Urgent data is expected.
- There is no buffer space left
- Unexpected TCP flags/window values/header lengths are received
  (detected by checking the TCP header against pred_flags)
- Data is sent in both directions. The fast path only supports pure senders
  or pure receivers (this means either the sequence number or the ack
  value must stay constant)
- Unexpected TCP option.”h]”hXV  It is split into a fast path and a slow path. The fast path is
disabled when:

- A zero window was announced from us
- zero window probing
  is only handled properly on the slow path.
- Out of order segments arrived.
- Urgent data is expected.
- There is no buffer space left
- Unexpected TCP flags/window values/header lengths are received
  (detected by checking the TCP header against pred_flags)
- Data is sent in both directions. The fast path only supports pure senders
  or pure receivers (this means either the sequence number or the ack
  value must stay constant)
- Unexpected TCP option.”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M£hjî  h²hubhÌ)”}”(hXx  Kernel will try to use fast path unless any of the above conditions
are satisfied. If the packets are out of order, kernel will handle
them in slow path, which means the performance might be not very
good. Kernel would also come into slow path if the "Delayed ack" is
used, because when using "Delayed ack", the data is sent in both
directions. When the TCP window scale option is not used, kernel will
try to enable fast path immediately when the connection comes into the
established state, but if the TCP window scale option is used, kernel
will disable the fast path at first, and try to enable it after kernel
receives packets.”h]”hX€  Kernel will try to use fast path unless any of the above conditions
are satisfied. If the packets are out of order, kernel will handle
them in slow path, which means the performance might be not very
good. Kernel would also come into slow path if the â€œDelayed ackâ€ is
used, because when using â€œDelayed ackâ€, the data is sent in both
directions. When the TCP window scale option is not used, kernel will
try to enable fast path immediately when the connection comes into the
established state, but if the TCP window scale option is used, kernel
will disable the fast path at first, and try to enable it after kernel
receives packets.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M³hjî  h²hubhû)”}”(hhh]”j   )”}”(hŒ&TcpExtTCPPureAcks and TcpExtTCPHPAcks
”h]”hÌ)”}”(hŒ%TcpExtTCPPureAcks and TcpExtTCPHPAcks”h]”hŒ%TcpExtTCPPureAcks and TcpExtTCPHPAcks”…””}”(hj0  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¾hj,  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj)  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M¾hjî  h²hubhÌ)”}”(hŒÔIf a packet set ACK flag and has no data, it is a pure ACK packet, if
kernel handles it in the fast path, TcpExtTCPHPAcks will increase 1,
if kernel handles it in the slow path, TcpExtTCPPureAcks will
increase 1.”h]”hŒÔIf a packet set ACK flag and has no data, it is a pure ACK packet, if
kernel handles it in the fast path, TcpExtTCPHPAcks will increase 1,
if kernel handles it in the slow path, TcpExtTCPPureAcks will
increase 1.”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÀhjî  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPHPHits
”h]”hÌ)”}”(hŒTcpExtTCPHPHits”h]”hŒTcpExtTCPHPHits”…””}”(hj_  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÅhj[  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjX  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÅhjî  h²hubhÌ)”}”(hŒ‘If a TCP packet has data (which means it is not a pure ACK packet),
and this packet is handled in the fast path, TcpExtTCPHPHits will
increase 1.”h]”hŒ‘If a TCP packet has data (which means it is not a pure ACK packet),
and this packet is handled in the fast path, TcpExtTCPHPHits will
increase 1.”…””}”(hjy  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÇhjî  h²hubeh}”(h]”Œtcp-fast-path”ah ]”h"]”Œtcp fast path”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mžubh¶)”}”(hhh]”(h»)”}”(hŒ	TCP abort”h]”hŒ	TCP abort”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj  h²hh³hÊh´MÍubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAbortOnData
”h]”hÌ)”}”(hŒTcpExtTCPAbortOnData”h]”hŒTcpExtTCPAbortOnData”…””}”(hj§  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÎhj£  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj   h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÎhj  h²hubhÌ)”}”(hX.  It means TCP layer has data in flight, but need to close the
connection. So TCP layer sends a RST to the other side, indicate the
connection is not closed very graceful. An easy way to increase this
counter is using the SO_LINGER option. Please refer to the SO_LINGER
section of the `socket man page`_:”h]”(hX  It means TCP layer has data in flight, but need to close the
connection. So TCP layer sends a RST to the other side, indicate the
connection is not closed very graceful. An easy way to increase this
counter is using the SO_LINGER option. Please refer to the SO_LINGER
section of the ”…””}”(hjÁ  h²hh³Nh´Nubj*  )”}”(hŒ`socket man page`_”h]”hŒsocket man page”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œsocket man page”j;  Œ2http://man7.org/linux/man-pages/man7/socket.7.html”uh1j)  hjÁ  j=  KubhŒ:”…””}”(hjÁ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÐhj  h²hubjE  )”}”(hŒG.. _socket man page: http://man7.org/linux/man-pages/man7/socket.7.html”h]”h}”(h]”Œsocket-man-page”ah ]”h"]”Œsocket man page”ah$]”h&]”j;  jÙ  uh1jD  h´MÖhj  h²hh³hÊjR  KubhÌ)”}”(hX#  By default, when an application closes a connection, the close function
will return immediately and kernel will try to send the in-flight data
async. If you use the SO_LINGER option, set l_onoff to 1, and l_linger
to a positive number, the close function won't return immediately, but
wait for the in-flight data are acked by the other side, the max wait
time is l_linger seconds. If set l_onoff to 1 and set l_linger to 0,
when the application closes a connection, kernel will send a RST
immediately and increase the TcpExtTCPAbortOnData counter.”h]”hX%  By default, when an application closes a connection, the close function
will return immediately and kernel will try to send the in-flight data
async. If you use the SO_LINGER option, set l_onoff to 1, and l_linger
to a positive number, the close function wonâ€™t return immediately, but
wait for the in-flight data are acked by the other side, the max wait
time is l_linger seconds. If set l_onoff to 1 and set l_linger to 0,
when the application closes a connection, kernel will send a RST
immediately and increase the TcpExtTCPAbortOnData counter.”…””}”(hjð  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MØhj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAbortOnClose
”h]”hÌ)”}”(hŒTcpExtTCPAbortOnClose”h]”hŒTcpExtTCPAbortOnClose”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Máhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjþ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Máhj  h²hubhÌ)”}”(hŒÐThis counter means the application has unread data in the TCP layer when
the application wants to close the TCP connection. In such a situation,
kernel will send a RST to the other side of the TCP connection.”h]”hŒÐThis counter means the application has unread data in the TCP layer when
the application wants to close the TCP connection. In such a situation,
kernel will send a RST to the other side of the TCP connection.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mãhj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAbortOnMemory
”h]”hÌ)”}”(hŒTcpExtTCPAbortOnMemory”h]”hŒTcpExtTCPAbortOnMemory”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mçhj0  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj-  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mçhj  h²hubhÌ)”}”(hXÈ  When an application closes a TCP connection, kernel still need to track
the connection, let it complete the TCP disconnect process. E.g. an
app calls the close method of a socket, kernel sends fin to the other
side of the connection, then the app has no relationship with the
socket any more, but kernel need to keep the socket, this socket
becomes an orphan socket, kernel waits for the reply of the other side,
and would come to the TIME_WAIT state finally. When kernel has no
enough memory to keep the orphan socket, kernel would send an RST to
the other side, and delete the socket, in such situation, kernel will
increase 1 to the TcpExtTCPAbortOnMemory. Two conditions would trigger
TcpExtTCPAbortOnMemory:”h]”hXÈ  When an application closes a TCP connection, kernel still need to track
the connection, let it complete the TCP disconnect process. E.g. an
app calls the close method of a socket, kernel sends fin to the other
side of the connection, then the app has no relationship with the
socket any more, but kernel need to keep the socket, this socket
becomes an orphan socket, kernel waits for the reply of the other side,
and would come to the TIME_WAIT state finally. When kernel has no
enough memory to keep the orphan socket, kernel would send an RST to
the other side, and delete the socket, in such situation, kernel will
increase 1 to the TcpExtTCPAbortOnMemory. Two conditions would trigger
TcpExtTCPAbortOnMemory:”…””}”(hjN  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Méhj  h²hubhÌ)”}”(hŒŽ1. the memory used by the TCP protocol is higher than the third value of
the tcp_mem. Please refer the tcp_mem section in the `TCP man page`_:”h]”(hŒ~1. the memory used by the TCP protocol is higher than the third value of
the tcp_mem. Please refer the tcp_mem section in the ”…””}”(hj\  h²hh³Nh´Nubj*  )”}”(hŒ`TCP man page`_”h]”hŒTCP man page”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒTCP man page”j;  Œ/http://man7.org/linux/man-pages/man7/tcp.7.html”uh1j)  hj\  j=  KubhŒ:”…””}”(hj\  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mõhj  h²hubjE  )”}”(hŒA.. _TCP man page: http://man7.org/linux/man-pages/man7/tcp.7.html”h]”h}”(h]”Œtcp-man-page”ah ]”h"]”Œtcp man page”ah$]”h&]”j;  jt  uh1jD  h´Møhj  h²hh³hÊjR  Kubj˜
  )”}”(hhh]”j   )”}”(hŒAthe orphan socket count is higher than net.ipv4.tcp_max_orphans

”h]”hÌ)”}”(hŒ?the orphan socket count is higher than net.ipv4.tcp_max_orphans”h]”hŒ?the orphan socket count is higher than net.ipv4.tcp_max_orphans”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MúhjŽ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj‹  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”jÿ
  j   j  hj  j  Œstart”Kuh1j—
  hj  h²hh³hÊh´Múubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAbortOnTimeout
”h]”hÌ)”}”(hŒTcpExtTCPAbortOnTimeout”h]”hŒTcpExtTCPAbortOnTimeout”…””}”(hj´  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mýhj°  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj­  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mýhj  h²hubhÌ)”}”(hŒ„This counter will increase when any of the TCP timers expire. In such
situation, kernel won't send RST, just give up the connection.”h]”hŒ†This counter will increase when any of the TCP timers expire. In such
situation, kernel wonâ€™t send RST, just give up the connection.”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mÿhj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAbortOnLinger
”h]”hÌ)”}”(hŒTcpExtTCPAbortOnLinger”h]”hŒTcpExtTCPAbortOnLinger”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÜ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhj  h²hubhÌ)”}”(hX=  When a TCP connection comes into FIN_WAIT_2 state, instead of waiting
for the fin packet from the other side, kernel could send a RST and
delete the socket immediately. This is not the default behavior of
Linux kernel TCP stack. By configuring the TCP_LINGER2 socket option,
you could let kernel follow this behavior.”h]”hX=  When a TCP connection comes into FIN_WAIT_2 state, instead of waiting
for the fin packet from the other side, kernel could send a RST and
delete the socket immediately. This is not the default behavior of
Linux kernel TCP stack. By configuring the TCP_LINGER2 socket option,
you could let kernel follow this behavior.”…””}”(hjý  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPAbortFailed
”h]”hÌ)”}”(hŒTcpExtTCPAbortFailed”h]”hŒTcpExtTCPAbortFailed”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M
hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M
hj  h²hubhÌ)”}”(hŒ¨The kernel TCP layer will send RST if the `RFC2525 2.17 section`_ is
satisfied. If an internal error occurs during this process,
TcpExtTCPAbortFailed will be increased.”h]”(hŒ*The kernel TCP layer will send RST if the ”…””}”(hj,  h²hh³Nh´Nubj*  )”}”(hŒ`RFC2525 2.17 section`_”h]”hŒRFC2525 2.17 section”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC2525 2.17 section”j;  Œ+https://tools.ietf.org/html/rfc2525#page-50”uh1j)  hj,  j=  KubhŒg is
satisfied. If an internal error occurs during this process,
TcpExtTCPAbortFailed will be increased.”…””}”(hj,  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj  h²hubjE  )”}”(hŒE.. _RFC2525 2.17 section: https://tools.ietf.org/html/rfc2525#page-50”h]”h}”(h]”Œrfc2525-2-17-section”ah ]”h"]”Œrfc2525 2.17 section”ah$]”h&]”j;  jD  uh1jD  h´Mhj  h²hh³hÊjR  Kubeh}”(h]”Œ	tcp-abort”ah ]”h"]”Œ	tcp abort”ah$]”h&]”uh1hµhh·h²hh³hÊh´MÍubh¶)”}”(hhh]”(h»)”}”(hŒTCP Hybrid Slow Start”h]”hŒTCP Hybrid Slow Start”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjc  h²hh³hÊh´MubhÌ)”}”(hXÍ  The Hybrid Slow Start algorithm is an enhancement of the traditional
TCP congestion window Slow Start algorithm. It uses two pieces of
information to detect whether the max bandwidth of the TCP path is
approached. The two pieces of information are ACK train length and
increase in packet delay. For detail information, please refer the
`Hybrid Slow Start paper`_. Either ACK train length or packet delay
hits a specific threshold, the congestion control algorithm will come
into the Congestion Avoidance state. Until v4.20, two congestion
control algorithms are using Hybrid Slow Start, they are cubic (the
default congestion control algorithm) and cdg. Four snmp counters
relate with the Hybrid Slow Start algorithm.”h]”(hXP  The Hybrid Slow Start algorithm is an enhancement of the traditional
TCP congestion window Slow Start algorithm. It uses two pieces of
information to detect whether the max bandwidth of the TCP path is
approached. The two pieces of information are ACK train length and
increase in packet delay. For detail information, please refer the
”…””}”(hjt  h²hh³Nh´Nubj*  )”}”(hŒ`Hybrid Slow Start paper`_”h]”hŒHybrid Slow Start paper”…””}”(hj|  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒHybrid Slow Start paper”j;  ŒNhttps://pdfs.semanticscholar.org/25e9/ef3f03315782c7f1cbcd31b587857adae7d1.pdf”uh1j)  hjt  j=  KubhXc  . Either ACK train length or packet delay
hits a specific threshold, the congestion control algorithm will come
into the Congestion Avoidance state. Until v4.20, two congestion
control algorithms are using Hybrid Slow Start, they are cubic (the
default congestion control algorithm) and cdg. Four snmp counters
relate with the Hybrid Slow Start algorithm.”…””}”(hjt  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjc  h²hubjE  )”}”(hŒk.. _Hybrid Slow Start paper: https://pdfs.semanticscholar.org/25e9/ef3f03315782c7f1cbcd31b587857adae7d1.pdf”h]”h}”(h]”Œhybrid-slow-start-paper”ah ]”h"]”Œhybrid slow start paper”ah$]”h&]”j;  jŒ  uh1jD  h´M hjc  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPHystartTrainDetect
”h]”hÌ)”}”(hŒTcpExtTCPHystartTrainDetect”h]”hŒTcpExtTCPHystartTrainDetect”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M"hj¦  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj£  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M"hjc  h²hubhÌ)”}”(hŒ9How many times the ACK train length threshold is detected”h]”hŒ9How many times the ACK train length threshold is detected”…””}”(hjÄ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M$hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPHystartTrainCwnd
”h]”hÌ)”}”(hŒTcpExtTCPHystartTrainCwnd”h]”hŒTcpExtTCPHystartTrainCwnd”…””}”(hjÙ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M&hjÕ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÒ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M&hjc  h²hubhÌ)”}”(hŒœThe sum of CWND detected by ACK train length. Dividing this value by
TcpExtTCPHystartTrainDetect is the average CWND which detected by the
ACK train length.”h]”hŒœThe sum of CWND detected by ACK train length. Dividing this value by
TcpExtTCPHystartTrainDetect is the average CWND which detected by the
ACK train length.”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M(hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPHystartDelayDetect
”h]”hÌ)”}”(hŒTcpExtTCPHystartDelayDetect”h]”hŒTcpExtTCPHystartDelayDetect”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M,hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M,hjc  h²hubhÌ)”}”(hŒ6How many times the packet delay threshold is detected.”h]”hŒ6How many times the packet delay threshold is detected.”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M.hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPHystartDelayCwnd
”h]”hÌ)”}”(hŒTcpExtTCPHystartDelayCwnd”h]”hŒTcpExtTCPHystartDelayCwnd”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M0hj3  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj0  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M0hjc  h²hubhÌ)”}”(hŒ”The sum of CWND detected by packet delay. Dividing this value by
TcpExtTCPHystartDelayDetect is the average CWND which detected by the
packet delay.”h]”hŒ”The sum of CWND detected by packet delay. Dividing this value by
TcpExtTCPHystartDelayDetect is the average CWND which detected by the
packet delay.”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M2hjc  h²hubeh}”(h]”Œtcp-hybrid-slow-start”ah ]”h"]”Œtcp hybrid slow start”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒ)TCP retransmission and congestion control”h]”hŒ)TCP retransmission and congestion control”…””}”(hjj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjg  h²hh³hÊh´M7ubhÌ)”}”(hXP  The TCP protocol has two retransmission mechanisms: SACK and fast
recovery. They are exclusive with each other. When SACK is enabled,
the kernel TCP stack would use SACK, or kernel would use fast
recovery. The SACK is a TCP option, which is defined in `RFC2018`_,
the fast recovery is defined in `RFC6582`_, which is also called
'Reno'.”h]”(hŒüThe TCP protocol has two retransmission mechanisms: SACK and fast
recovery. They are exclusive with each other. When SACK is enabled,
the kernel TCP stack would use SACK, or kernel would use fast
recovery. The SACK is a TCP option, which is defined in ”…””}”(hjx  h²hh³Nh´Nubj*  )”}”(hŒ
`RFC2018`_”h]”hŒRFC2018”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC2018”j;  Œ#https://tools.ietf.org/html/rfc2018”uh1j)  hjx  j=  KubhŒ",
the fast recovery is defined in ”…””}”(hjx  h²hh³Nh´Nubj*  )”}”(hŒ
`RFC6582`_”h]”hŒRFC6582”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC6582”j;  Œ#https://tools.ietf.org/html/rfc6582”uh1j)  hjx  j=  KubhŒ", which is also called
â€˜Renoâ€™.”…””}”(hjx  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M8hjg  h²hubhÌ)”}”(hX~  The TCP congestion control is a big and complex topic. To understand
the related snmp counter, we need to know the states of the congestion
control state machine. There are 5 states: Open, Disorder, CWR,
Recovery and Loss. For details about these states, please refer page 5
and page 6 of this document:
https://pdfs.semanticscholar.org/0e9c/968d09ab2e53e24c4dca5b2d67c7f7140f8e.pdf”h]”(hX0  The TCP congestion control is a big and complex topic. To understand
the related snmp counter, we need to know the states of the congestion
control state machine. There are 5 states: Open, Disorder, CWR,
Recovery and Loss. For details about these states, please refer page 5
and page 6 of this document:
”…””}”(hj°  h²hh³Nh´Nubj*  )”}”(hŒNhttps://pdfs.semanticscholar.org/0e9c/968d09ab2e53e24c4dca5b2d67c7f7140f8e.pdf”h]”hŒNhttps://pdfs.semanticscholar.org/0e9c/968d09ab2e53e24c4dca5b2d67c7f7140f8e.pdf”…””}”(hj¸  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jº  uh1j)  hj°  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M?hjg  h²hubjE  )”}”(hŒ0.. _RFC2018: https://tools.ietf.org/html/rfc2018”h]”h}”(h]”Œrfc2018”ah ]”h"]”Œrfc2018”ah$]”h&]”j;  j  uh1jD  h´MFhjg  h²hh³hÊjR  KubjE  )”}”(hŒ0.. _RFC6582: https://tools.ietf.org/html/rfc6582”h]”h}”(h]”Œrfc6582”ah ]”h"]”Œrfc6582”ah$]”h&]”j;  j¥  uh1jD  h´MGhjg  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒ0TcpExtTCPRenoRecovery and TcpExtTCPSackRecovery
”h]”hÌ)”}”(hŒ/TcpExtTCPRenoRecovery and TcpExtTCPSackRecovery”h]”hŒ/TcpExtTCPRenoRecovery and TcpExtTCPSackRecovery”…””}”(hjì  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MIhjè  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjå  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MIhjg  h²hubhÌ)”}”(hŒïWhen the congestion control comes into Recovery state, if sack is
used, TcpExtTCPSackRecovery increases 1, if sack is not used,
TcpExtTCPRenoRecovery increases 1. These two counters mean the TCP
stack begins to retransmit the lost packets.”h]”hŒïWhen the congestion control comes into Recovery state, if sack is
used, TcpExtTCPSackRecovery increases 1, if sack is not used,
TcpExtTCPRenoRecovery increases 1. These two counters mean the TCP
stack begins to retransmit the lost packets.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MKhjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSACKReneging
”h]”hÌ)”}”(hŒTcpExtTCPSACKReneging”h]”hŒTcpExtTCPSACKReneging”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MPhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MPhjg  h²hubhÌ)”}”(hXÿ  A packet was acknowledged by SACK, but the receiver has dropped this
packet, so the sender needs to retransmit this packet. In this
situation, the sender adds 1 to TcpExtTCPSACKReneging. A receiver
could drop a packet which has been acknowledged by SACK, although it is
unusual, it is allowed by the TCP protocol. The sender doesn't really
know what happened on the receiver side. The sender just waits until
the RTO expires for this packet, then the sender assumes this packet
has been dropped by the receiver.”h]”hX  A packet was acknowledged by SACK, but the receiver has dropped this
packet, so the sender needs to retransmit this packet. In this
situation, the sender adds 1 to TcpExtTCPSACKReneging. A receiver
could drop a packet which has been acknowledged by SACK, although it is
unusual, it is allowed by the TCP protocol. The sender doesnâ€™t really
know what happened on the receiver side. The sender just waits until
the RTO expires for this packet, then the sender assumes this packet
has been dropped by the receiver.”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MRhjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPRenoReorder
”h]”hÌ)”}”(hŒTcpExtTCPRenoReorder”h]”hŒTcpExtTCPRenoReorder”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M[hjF  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjC  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M[hjg  h²hubhÌ)”}”(hX  The reorder packet is detected by fast recovery. It would only be used
if SACK is disabled. The fast recovery algorithm detects recorder by
the duplicate ACK number. E.g., if retransmission is triggered, and
the original retransmitted packet is not lost, it is just out of
order, the receiver would acknowledge multiple times, one for the
retransmitted packet, another for the arriving of the original out of
order packet. Thus the sender would find more ACks than its
expectation, and the sender knows out of order occurs.”h]”hX  The reorder packet is detected by fast recovery. It would only be used
if SACK is disabled. The fast recovery algorithm detects recorder by
the duplicate ACK number. E.g., if retransmission is triggered, and
the original retransmitted packet is not lost, it is just out of
order, the receiver would acknowledge multiple times, one for the
retransmitted packet, another for the arriving of the original out of
order packet. Thus the sender would find more ACks than its
expectation, and the sender knows out of order occurs.”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M]hjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPTSReorder
”h]”hÌ)”}”(hŒTcpExtTCPTSReorder”h]”hŒTcpExtTCPTSReorder”…””}”(hjy  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mfhju  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjr  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mfhjg  h²hubhÌ)”}”(hX·  The reorder packet is detected when a hole is filled. E.g., assume the
sender sends packet 1,2,3,4,5, and the receiving order is
1,2,4,5,3. When the sender receives the ACK of packet 3 (which will
fill the hole), two conditions will let TcpExtTCPTSReorder increase
1: (1) if the packet 3 is not re-retransmitted yet. (2) if the packet
3 is retransmitted but the timestamp of the packet 3's ACK is earlier
than the retransmission timestamp.”h]”hX¹  The reorder packet is detected when a hole is filled. E.g., assume the
sender sends packet 1,2,3,4,5, and the receiving order is
1,2,4,5,3. When the sender receives the ACK of packet 3 (which will
fill the hole), two conditions will let TcpExtTCPTSReorder increase
1: (1) if the packet 3 is not re-retransmitted yet. (2) if the packet
3 is retransmitted but the timestamp of the packet 3â€™s ACK is earlier
than the retransmission timestamp.”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhhjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSACKReorder
”h]”hÌ)”}”(hŒTcpExtTCPSACKReorder”h]”hŒTcpExtTCPSACKReorder”…””}”(hj¨  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mphj¤  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj¡  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mphjg  h²hubhÌ)”}”(hXn  The reorder packet detected by SACK. The SACK has two methods to
detect reorder: (1) DSACK is received by the sender. It means the
sender sends the same packet more than one times. And the only reason
is the sender believes an out of order packet is lost so it sends the
packet again. (2) Assume packet 1,2,3,4,5 are sent by the sender, and
the sender has received SACKs for packet 2 and 5, now the sender
receives SACK for packet 4 and the sender doesn't retransmit the
packet yet, the sender would know packet 4 is out of order. The TCP
stack of kernel will increase TcpExtTCPSACKReorder for both of the
above scenarios.”h]”hXp  The reorder packet detected by SACK. The SACK has two methods to
detect reorder: (1) DSACK is received by the sender. It means the
sender sends the same packet more than one times. And the only reason
is the sender believes an out of order packet is lost so it sends the
packet again. (2) Assume packet 1,2,3,4,5 are sent by the sender, and
the sender has received SACKs for packet 2 and 5, now the sender
receives SACK for packet 4 and the sender doesnâ€™t retransmit the
packet yet, the sender would know packet 4 is out of order. The TCP
stack of kernel will increase TcpExtTCPSACKReorder for both of the
above scenarios.”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mrhjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSlowStartRetrans
”h]”hÌ)”}”(hŒTcpExtTCPSlowStartRetrans”h]”hŒTcpExtTCPSlowStartRetrans”…””}”(hj×  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M}hjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÐ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M}hjg  h²hubhÌ)”}”(hŒVThe TCP stack wants to retransmit a packet and the congestion control
state is 'Loss'.”h]”hŒZThe TCP stack wants to retransmit a packet and the congestion control
state is â€˜Lossâ€™.”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFastRetrans
”h]”hÌ)”}”(hŒTcpExtTCPFastRetrans”h]”hŒTcpExtTCPFastRetrans”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‚hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÿ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M‚hjg  h²hubhÌ)”}”(hŒZThe TCP stack wants to retransmit a packet and the congestion control
state is not 'Loss'.”h]”hŒ^The TCP stack wants to retransmit a packet and the congestion control
state is not â€˜Lossâ€™.”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M„hjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPLostRetransmit
”h]”hÌ)”}”(hŒTcpExtTCPLostRetransmit”h]”hŒTcpExtTCPLostRetransmit”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‡hj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj.  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M‡hjg  h²hubhÌ)”}”(hŒ=A SACK points out that a retransmission packet is lost again.”h]”hŒ=A SACK points out that a retransmission packet is lost again.”…””}”(hjO  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‰hjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPRetransFail
”h]”hÌ)”}”(hŒTcpExtTCPRetransFail”h]”hŒTcpExtTCPRetransFail”…””}”(hjd  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‹hj`  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj]  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M‹hjg  h²hubhÌ)”}”(hŒlThe TCP stack tries to deliver a retransmission packet to lower layers
but the lower layers return an error.”h]”hŒlThe TCP stack tries to deliver a retransmission packet to lower layers
but the lower layers return an error.”…””}”(hj~  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjg  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSynRetrans
”h]”hÌ)”}”(hŒTcpExtTCPSynRetrans”h]”hŒTcpExtTCPSynRetrans”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjŒ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhjg  h²hubhÌ)”}”(hŒ'The TCP stack retransmits a SYN packet.”h]”hŒ'The TCP stack retransmits a SYN packet.”…””}”(hj­  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M’hjg  h²hubeh}”(h]”Œ)tcp-retransmission-and-congestion-control”ah ]”h"]”Œ)tcp retransmission and congestion control”ah$]”h&]”uh1hµhh·h²hh³hÊh´M7ubh¶)”}”(hhh]”(h»)”}”(hŒDSACK”h]”hŒDSACK”…””}”(hjÆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjÃ  h²hh³hÊh´M•ubhÌ)”}”(hXG  The DSACK is defined in `RFC2883`_. The receiver uses DSACK to report
duplicate packets to the sender. There are two kinds of
duplications: (1) a packet which has been acknowledged is
duplicate. (2) an out of order packet is duplicate. The TCP stack
counts these two kinds of duplications on both receiver side and
sender side.”h]”(hŒThe DSACK is defined in ”…””}”(hjÔ  h²hh³Nh´Nubj*  )”}”(hŒ
`RFC2883`_”h]”hŒRFC2883”…””}”(hjÜ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC2883”j;  Œ#https://tools.ietf.org/html/rfc2883”uh1j)  hjÔ  j=  KubhX%  . The receiver uses DSACK to report
duplicate packets to the sender. There are two kinds of
duplications: (1) a packet which has been acknowledged is
duplicate. (2) an out of order packet is duplicate. The TCP stack
counts these two kinds of duplications on both receiver side and
sender side.”…””}”(hjÔ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M–hjÃ  h²hubjE  )”}”(hŒ1.. _RFC2883 : https://tools.ietf.org/html/rfc2883”h]”h}”(h]”Œrfc2883”ah ]”h"]”Œrfc2883”ah$]”h&]”j;  jì  uh1jD  h´MhjÃ  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPDSACKOldSent
”h]”hÌ)”}”(hŒTcpExtTCPDSACKOldSent”h]”hŒTcpExtTCPDSACKOldSent”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MŸhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MŸhjÃ  h²hubhÌ)”}”(hŒbThe TCP stack receives a duplicate packet which has been acked, so it
sends a DSACK to the sender.”h]”hŒbThe TCP stack receives a duplicate packet which has been acked, so it
sends a DSACK to the sender.”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¡hjÃ  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPDSACKOfoSent
”h]”hÌ)”}”(hŒTcpExtTCPDSACKOfoSent”h]”hŒTcpExtTCPDSACKOfoSent”…””}”(hj9  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¤hj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj2  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M¤hjÃ  h²hubhÌ)”}”(hŒ[The TCP stack receives an out of order duplicate packet, so it sends a
DSACK to the sender.”h]”hŒ[The TCP stack receives an out of order duplicate packet, so it sends a
DSACK to the sender.”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¦hjÃ  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPDSACKRecv
”h]”hÌ)”}”(hŒTcpExtTCPDSACKRecv”h]”hŒTcpExtTCPDSACKRecv”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M©hjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhja  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M©hjÃ  h²hubhÌ)”}”(hŒ]The TCP stack receives a DSACK, which indicates an acknowledged
duplicate packet is received.”h]”hŒ]The TCP stack receives a DSACK, which indicates an acknowledged
duplicate packet is received.”…””}”(hj‚  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M«hjÃ  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPDSACKOfoRecv
”h]”hÌ)”}”(hŒTcpExtTCPDSACKOfoRecv”h]”hŒTcpExtTCPDSACKOfoRecv”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M®hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M®hjÃ  h²hubhÌ)”}”(hŒ\The TCP stack receives a DSACK, which indicate an out of order
duplicate packet is received.”h]”hŒ\The TCP stack receives a DSACK, which indicate an out of order
duplicate packet is received.”…””}”(hj±  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M°hjÃ  h²hubeh}”(h]”Œdsack”ah ]”h"]”Œdsack”ah$]”h&]”uh1hµhh·h²hh³hÊh´M•ubh¶)”}”(hhh]”(h»)”}”(hŒinvalid SACK and DSACK”h]”hŒinvalid SACK and DSACK”…””}”(hjÊ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjÇ  h²hh³hÊh´M´ubhÌ)”}”(hX*  When a SACK (or DSACK) block is invalid, a corresponding counter would
be updated. The validation method is base on the start/end sequence
number of the SACK block. For more details, please refer the comment
of the function tcp_is_sackblock_valid in the kernel source code. A
SACK option could have up to 4 blocks, they are checked
individually. E.g., if 3 blocks of a SACk is invalid, the
corresponding counter would be updated 3 times. The comment of commit
18f02545a9a1 ("[TCP] MIB: Add counters for discarded SACK blocks")
has additional explanation:”h]”hX.  When a SACK (or DSACK) block is invalid, a corresponding counter would
be updated. The validation method is base on the start/end sequence
number of the SACK block. For more details, please refer the comment
of the function tcp_is_sackblock_valid in the kernel source code. A
SACK option could have up to 4 blocks, they are checked
individually. E.g., if 3 blocks of a SACk is invalid, the
corresponding counter would be updated 3 times. The comment of commit
18f02545a9a1 (â€œ[TCP] MIB: Add counters for discarded SACK blocksâ€)
has additional explanation:”…””}”(hjØ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MµhjÇ  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSACKDiscard
”h]”hÌ)”}”(hŒTcpExtTCPSACKDiscard”h]”hŒTcpExtTCPSACKDiscard”…””}”(hjí  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¿hjé  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjæ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M¿hjÇ  h²hubhÌ)”}”(hŒ¯This counter indicates how many SACK blocks are invalid. If the invalid
SACK block is caused by ACK recording, the TCP stack will only ignore
it and won't update this counter.”h]”hŒ±This counter indicates how many SACK blocks are invalid. If the invalid
SACK block is caused by ACK recording, the TCP stack will only ignore
it and wonâ€™t update this counter.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÁhjÇ  h²hubhû)”}”(hhh]”j   )”}”(hŒ9TcpExtTCPDSACKIgnoredOld and TcpExtTCPDSACKIgnoredNoUndo
”h]”hÌ)”}”(hŒ8TcpExtTCPDSACKIgnoredOld and TcpExtTCPDSACKIgnoredNoUndo”h]”hŒ8TcpExtTCPDSACKIgnoredOld and TcpExtTCPDSACKIgnoredNoUndo”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÅhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÅhjÇ  h²hubhÌ)”}”(hX%  When a DSACK block is invalid, one of these two counters would be
updated. Which counter will be updated depends on the undo_marker flag
of the TCP socket. If the undo_marker is not set, the TCP stack isn't
likely to re-transmit any packets, and we still receive an invalid
DSACK block, the reason might be that the packet is duplicated in the
middle of the network. In such scenario, TcpExtTCPDSACKIgnoredNoUndo
will be updated. If the undo_marker is set, TcpExtTCPDSACKIgnoredOld
will be updated. As implied in its name, it might be an old packet.”h]”hX'  When a DSACK block is invalid, one of these two counters would be
updated. Which counter will be updated depends on the undo_marker flag
of the TCP socket. If the undo_marker is not set, the TCP stack isnâ€™t
likely to re-transmit any packets, and we still receive an invalid
DSACK block, the reason might be that the packet is duplicated in the
middle of the network. In such scenario, TcpExtTCPDSACKIgnoredNoUndo
will be updated. If the undo_marker is set, TcpExtTCPDSACKIgnoredOld
will be updated. As implied in its name, it might be an old packet.”…””}”(hj6  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÇhjÇ  h²hubeh}”(h]”Œinvalid-sack-and-dsack”ah ]”h"]”Œinvalid sack and dsack”ah$]”h&]”uh1hµhh·h²hh³hÊh´M´ubh¶)”}”(hhh]”(h»)”}”(hŒ
SACK shift”h]”hŒ
SACK shift”…””}”(hjO  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjL  h²hh³hÊh´MÑubhÌ)”}”(hX	  The linux networking stack stores data in sk_buff struct (skb for
short). If a SACK block acrosses multiple skb, the TCP stack will try
to re-arrange data in these skb. E.g. if a SACK block acknowledges seq
10 to 15, skb1 has seq 10 to 13, skb2 has seq 14 to 20. The seq 14 and
15 in skb2 would be moved to skb1. This operation is 'shift'. If a
SACK block acknowledges seq 10 to 20, skb1 has seq 10 to 13, skb2 has
seq 14 to 20. All data in skb2 will be moved to skb1, and skb2 will be
discard, this operation is 'merge'.”h]”hX  The linux networking stack stores data in sk_buff struct (skb for
short). If a SACK block acrosses multiple skb, the TCP stack will try
to re-arrange data in these skb. E.g. if a SACK block acknowledges seq
10 to 15, skb1 has seq 10 to 13, skb2 has seq 14 to 20. The seq 14 and
15 in skb2 would be moved to skb1. This operation is â€˜shiftâ€™. If a
SACK block acknowledges seq 10 to 20, skb1 has seq 10 to 13, skb2 has
seq 14 to 20. All data in skb2 will be moved to skb1, and skb2 will be
discard, this operation is â€˜mergeâ€™.”…””}”(hj]  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÒhjL  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSackShifted
”h]”hÌ)”}”(hŒTcpExtTCPSackShifted”h]”hŒTcpExtTCPSackShifted”…””}”(hjr  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÛhjn  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjk  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÛhjL  h²hubhÌ)”}”(hŒA skb is shifted”h]”hŒA skb is shifted”…””}”(hjŒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÝhjL  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSackMerged
”h]”hÌ)”}”(hŒTcpExtTCPSackMerged”h]”hŒTcpExtTCPSackMerged”…””}”(hj¡  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mßhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjš  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MßhjL  h²hubhÌ)”}”(hŒA skb is merged”h]”hŒA skb is merged”…””}”(hj»  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MáhjL  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSackShiftFallback
”h]”hÌ)”}”(hŒTcpExtTCPSackShiftFallback”h]”hŒTcpExtTCPSackShiftFallback”…””}”(hjÐ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MãhjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÉ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MãhjL  h²hubhÌ)”}”(hŒTA skb should be shifted or merged, but the TCP stack doesn't do it for
some reasons.”h]”hŒVA skb should be shifted or merged, but the TCP stack doesnâ€™t do it for
some reasons.”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MåhjL  h²hubeh}”(h]”Œ
sack-shift”ah ]”h"]”Œ
sack shift”ah$]”h&]”uh1hµhh·h²hh³hÊh´MÑubh¶)”}”(hhh]”(h»)”}”(hŒTCP out of order”h]”hŒTCP out of order”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj   h²hh³hÊh´Méubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPOFOQueue
”h]”hÌ)”}”(hŒTcpExtTCPOFOQueue”h]”hŒTcpExtTCPOFOQueue”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mêhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mêhj   h²hubhÌ)”}”(hŒPThe TCP layer receives an out of order packet and has enough memory
to queue it.”h]”hŒPThe TCP layer receives an out of order packet and has enough memory
to queue it.”…””}”(hj2  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mìhj   h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPOFODrop
”h]”hÌ)”}”(hŒTcpExtTCPOFODrop”h]”hŒTcpExtTCPOFODrop”…””}”(hjG  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MïhjC  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj@  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mïhj   h²hubhÌ)”}”(hŒThe TCP layer receives an out of order packet but doesn't have enough
memory, so drops it. Such packets won't be counted into
TcpExtTCPOFOQueue.”h]”hŒ”The TCP layer receives an out of order packet but doesnâ€™t have enough
memory, so drops it. Such packets wonâ€™t be counted into
TcpExtTCPOFOQueue.”…””}”(hja  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mñhj   h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPOFOMerge
”h]”hÌ)”}”(hŒTcpExtTCPOFOMerge”h]”hŒTcpExtTCPOFOMerge”…””}”(hjv  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mõhjr  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjo  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mõhj   h²hubhÌ)”}”(hŒ¹The received out of order packet has an overlay with the previous
packet. the overlay part will be dropped. All of TcpExtTCPOFOMerge
packets will also be counted into TcpExtTCPOFOQueue.”h]”hŒ¹The received out of order packet has an overlay with the previous
packet. the overlay part will be dropped. All of TcpExtTCPOFOMerge
packets will also be counted into TcpExtTCPOFOQueue.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M÷hj   h²hubeh}”(h]”Œtcp-out-of-order”ah ]”h"]”Œtcp out of order”ah$]”h&]”uh1hµhh·h²hh³hÊh´Méubh¶)”}”(hhh]”(h»)”}”(hŒTCP PAWS”h]”hŒTCP PAWS”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj¦  h²hh³hÊh´MüubhÌ)”}”(hŒÚPAWS (Protection Against Wrapped Sequence numbers) is an algorithm
which is used to drop old packets. It depends on the TCP
timestamps. For detail information, please refer the `timestamp wiki`_
and the `RFC of PAWS`_.”h]”(hŒ±PAWS (Protection Against Wrapped Sequence numbers) is an algorithm
which is used to drop old packets. It depends on the TCP
timestamps. For detail information, please refer the ”…””}”(hj·  h²hh³Nh´Nubj*  )”}”(hŒ`timestamp wiki`_”h]”hŒtimestamp wiki”…””}”(hj¿  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œtimestamp wiki”j;  ŒJhttps://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_timestamps”uh1j)  hj·  j=  KubhŒ	
and the ”…””}”(hj·  h²hh³Nh´Nubj*  )”}”(hŒ`RFC of PAWS`_”h]”hŒRFC of PAWS”…””}”(hjÔ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC of PAWS”j;  Œ+https://tools.ietf.org/html/rfc1323#page-17”uh1j)  hj·  j=  KubhŒ.”…””}”(hj·  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mýhj¦  h²hubjE  )”}”(hŒ<.. _RFC of PAWS: https://tools.ietf.org/html/rfc1323#page-17”h]”h}”(h]”Œrfc-of-paws”ah ]”h"]”Œrfc of paws”ah$]”h&]”j;  jä  uh1jD  h´Mhj¦  h²hh³hÊjR  KubjE  )”}”(hŒ^.. _timestamp wiki: https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_timestamps”h]”h}”(h]”Œtimestamp-wiki”ah ]”h"]”Œtimestamp wiki”ah$]”h&]”j;  jÏ  uh1jD  h´Mhj¦  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtPAWSActive
”h]”hÌ)”}”(hŒTcpExtPAWSActive”h]”hŒTcpExtPAWSActive”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhj¦  h²hubhÌ)”}”(hŒ/Packets are dropped by PAWS in Syn-Sent status.”h]”hŒ/Packets are dropped by PAWS in Syn-Sent status.”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj¦  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtPAWSEstab
”h]”hÌ)”}”(hŒTcpExtPAWSEstab”h]”hŒTcpExtPAWSEstab”…””}”(hj=  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M	hj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj6  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M	hj¦  h²hubhÌ)”}”(hŒ>Packets are dropped by PAWS in any status other than Syn-Sent.”h]”hŒ>Packets are dropped by PAWS in any status other than Syn-Sent.”…””}”(hjW  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj¦  h²hubeh}”(h]”Œtcp-paws”ah ]”h"]”Œtcp paws”ah$]”h&]”uh1hµhh·h²hh³hÊh´Müubh¶)”}”(hhh]”(h»)”}”(hŒTCP ACK skip”h]”hŒTCP ACK skip”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjm  h²hh³hÊh´MubhÌ)”}”(hX¡  In some scenarios, kernel would avoid sending duplicate ACKs too
frequently. Please find more details in the tcp_invalid_ratelimit
section of the `sysctl document`_. When kernel decides to skip an ACK
due to tcp_invalid_ratelimit, kernel would update one of below
counters to indicate the ACK is skipped in which scenario. The ACK
would only be skipped if the received packet is either a SYN packet or
it has no data.”h]”(hŒ’In some scenarios, kernel would avoid sending duplicate ACKs too
frequently. Please find more details in the tcp_invalid_ratelimit
section of the ”…””}”(hj~  h²hh³Nh´Nubj*  )”}”(hŒ`sysctl document`_”h]”hŒsysctl document”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œsysctl document”j;  ŒAhttps://www.kernel.org/doc/Documentation/networking/ip-sysctl.rst”uh1j)  hj~  j=  KubhŒý. When kernel decides to skip an ACK
due to tcp_invalid_ratelimit, kernel would update one of below
counters to indicate the ACK is skipped in which scenario. The ACK
would only be skipped if the received packet is either a SYN packet or
it has no data.”…””}”(hj~  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjm  h²hubjE  )”}”(hŒV.. _sysctl document: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.rst”h]”h}”(h]”Œsysctl-document”ah ]”h"]”Œsysctl document”ah$]”h&]”j;  j–  uh1jD  h´Mhjm  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPACKSkippedSynRecv
”h]”hÌ)”}”(hŒTcpExtTCPACKSkippedSynRecv”h]”hŒTcpExtTCPACKSkippedSynRecv”…””}”(hj´  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj°  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj­  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mhjm  h²hubhÌ)”}”(hX•  The ACK is skipped in Syn-Recv status. The Syn-Recv status means the
TCP stack receives a SYN and replies SYN+ACK. Now the TCP stack is
waiting for an ACK. Generally, the TCP stack doesn't need to send ACK
in the Syn-Recv status. But in several scenarios, the TCP stack need
to send an ACK. E.g., the TCP stack receives the same SYN packet
repeately, the received packet does not pass the PAWS check, or the
received packet sequence number is out of window. In these scenarios,
the TCP stack needs to send ACK. If the ACk sending frequency is higher than
tcp_invalid_ratelimit allows, the TCP stack will skip sending ACK and
increase TcpExtTCPACKSkippedSynRecv.”h]”hX—  The ACK is skipped in Syn-Recv status. The Syn-Recv status means the
TCP stack receives a SYN and replies SYN+ACK. Now the TCP stack is
waiting for an ACK. Generally, the TCP stack doesnâ€™t need to send ACK
in the Syn-Recv status. But in several scenarios, the TCP stack need
to send an ACK. E.g., the TCP stack receives the same SYN packet
repeately, the received packet does not pass the PAWS check, or the
received packet sequence number is out of window. In these scenarios,
the TCP stack needs to send ACK. If the ACk sending frequency is higher than
tcp_invalid_ratelimit allows, the TCP stack will skip sending ACK and
increase TcpExtTCPACKSkippedSynRecv.”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjm  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPACKSkippedPAWS
”h]”hÌ)”}”(hŒTcpExtTCPACKSkippedPAWS”h]”hŒTcpExtTCPACKSkippedPAWS”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M'hjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÜ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M'hjm  h²hubhÌ)”}”(hXm  The ACK is skipped due to PAWS (Protect Against Wrapped Sequence
numbers) check fails. If the PAWS check fails in Syn-Recv, Fin-Wait-2
or Time-Wait statuses, the skipped ACK would be counted to
TcpExtTCPACKSkippedSynRecv, TcpExtTCPACKSkippedFinWait2 or
TcpExtTCPACKSkippedTimeWait. In all other statuses, the skipped ACK
would be counted to TcpExtTCPACKSkippedPAWS.”h]”hXm  The ACK is skipped due to PAWS (Protect Against Wrapped Sequence
numbers) check fails. If the PAWS check fails in Syn-Recv, Fin-Wait-2
or Time-Wait statuses, the skipped ACK would be counted to
TcpExtTCPACKSkippedSynRecv, TcpExtTCPACKSkippedFinWait2 or
TcpExtTCPACKSkippedTimeWait. In all other statuses, the skipped ACK
would be counted to TcpExtTCPACKSkippedPAWS.”…””}”(hjý  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M)hjm  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPACKSkippedSeq
”h]”hÌ)”}”(hŒTcpExtTCPACKSkippedSeq”h]”hŒTcpExtTCPACKSkippedSeq”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M0hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M0hjm  h²hubhÌ)”}”(hŒ‹The sequence number is out of window and the timestamp passes the PAWS
check and the TCP status is not Syn-Recv, Fin-Wait-2, and Time-Wait.”h]”hŒ‹The sequence number is out of window and the timestamp passes the PAWS
check and the TCP status is not Syn-Recv, Fin-Wait-2, and Time-Wait.”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M2hjm  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPACKSkippedFinWait2
”h]”hÌ)”}”(hŒTcpExtTCPACKSkippedFinWait2”h]”hŒTcpExtTCPACKSkippedFinWait2”…””}”(hjA  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M5hj=  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj:  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M5hjm  h²hubhÌ)”}”(hŒ†The ACK is skipped in Fin-Wait-2 status, the reason would be either
PAWS check fails or the received sequence number is out of window.”h]”hŒ†The ACK is skipped in Fin-Wait-2 status, the reason would be either
PAWS check fails or the received sequence number is out of window.”…””}”(hj[  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M7hjm  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPACKSkippedTimeWait
”h]”hÌ)”}”(hŒTcpExtTCPACKSkippedTimeWait”h]”hŒTcpExtTCPACKSkippedTimeWait”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M:hjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhji  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M:hjm  h²hubhÌ)”}”(hŒ†The ACK is skipped in Time-Wait status, the reason would be either
PAWS check failed or the received sequence number is out of window.”h]”hŒ†The ACK is skipped in Time-Wait status, the reason would be either
PAWS check failed or the received sequence number is out of window.”…””}”(hjŠ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M<hjm  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPACKSkippedChallenge
”h]”hÌ)”}”(hŒTcpExtTCPACKSkippedChallenge”h]”hŒTcpExtTCPACKSkippedChallenge”…””}”(hjŸ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M?hj›  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj˜  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M?hjm  h²hubhÌ)”}”(hXˆ  The ACK is skipped if the ACK is a challenge ACK. The RFC 5961 defines
3 kind of challenge ACK, please refer `RFC 5961 section 3.2`_,
`RFC 5961 section 4.2`_ and `RFC 5961 section 5.2`_. Besides these
three scenarios, In some TCP status, the linux TCP stack would also
send challenge ACKs if the ACK number is before the first
unacknowledged number (more strict than `RFC 5961 section 5.2`_).”h]”(hŒmThe ACK is skipped if the ACK is a challenge ACK. The RFC 5961 defines
3 kind of challenge ACK, please refer ”…””}”(hj¹  h²hh³Nh´Nubj*  )”}”(hŒ`RFC 5961 section 3.2`_”h]”hŒRFC 5961 section 3.2”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC 5961 section 3.2”j;  Œ*https://tools.ietf.org/html/rfc5961#page-7”uh1j)  hj¹  j=  KubhŒ,
”…””}”(hj¹  h²hh³Nh´Nubj*  )”}”(hŒ`RFC 5961 section 4.2`_”h]”hŒRFC 5961 section 4.2”…””}”(hjÖ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC 5961 section 4.2”j;  Œ*https://tools.ietf.org/html/rfc5961#page-9”uh1j)  hj¹  j=  KubhŒ and ”…””}”(hj¹  h²hh³Nh´Nubj*  )”}”(hŒ`RFC 5961 section 5.2`_”h]”hŒRFC 5961 section 5.2”…””}”(hjë  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC 5961 section 5.2”j;  Œ+https://tools.ietf.org/html/rfc5961#page-11”uh1j)  hj¹  j=  KubhŒ¶. Besides these
three scenarios, In some TCP status, the linux TCP stack would also
send challenge ACKs if the ACK number is before the first
unacknowledged number (more strict than ”…””}”(hj¹  h²hh³Nh´Nubj*  )”}”(hŒ`RFC 5961 section 5.2`_”h]”hŒRFC 5961 section 5.2”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒRFC 5961 section 5.2”j;  jû  uh1j)  hj¹  j=  KubhŒ).”…””}”(hj¹  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MAhjm  h²hubjE  )”}”(hŒD.. _RFC 5961 section 3.2: https://tools.ietf.org/html/rfc5961#page-7”h]”h}”(h]”Œrfc-5961-section-3-2”ah ]”h"]”Œrfc 5961 section 3.2”ah$]”h&]”j;  jÑ  uh1jD  h´MHhjm  h²hh³hÊjR  KubjE  )”}”(hŒD.. _RFC 5961 section 4.2: https://tools.ietf.org/html/rfc5961#page-9”h]”h}”(h]”Œrfc-5961-section-4-2”ah ]”h"]”Œrfc 5961 section 4.2”ah$]”h&]”j;  jæ  uh1jD  h´MIhjm  h²hh³hÊjR  KubjE  )”}”(hŒE.. _RFC 5961 section 5.2: https://tools.ietf.org/html/rfc5961#page-11”h]”h}”(h]”Œrfc-5961-section-5-2”ah ]”h"]”Œrfc 5961 section 5.2”ah$]”h&]”j;  jû  uh1jD  h´MJhjm  h²hh³hÊjR  Kubeh}”(h]”Œtcp-ack-skip”ah ]”h"]”Œtcp ack skip”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒTCP receive window”h]”hŒTCP receive window”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjF  h²hh³hÊh´MMubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPWantZeroWindowAdv
”h]”hÌ)”}”(hŒTcpExtTCPWantZeroWindowAdv”h]”hŒTcpExtTCPWantZeroWindowAdv”…””}”(hj^  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MNhjZ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjW  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MNhjF  h²hubhÌ)”}”(hXC  Depending on current memory usage, the TCP stack tries to set receive
window to zero. But the receive window might still be a no-zero
value. For example, if the previous window size is 10, and the TCP
stack receives 3 bytes, the current window size would be 7 even if the
window size calculated by the memory usage is zero.”h]”hXC  Depending on current memory usage, the TCP stack tries to set receive
window to zero. But the receive window might still be a no-zero
value. For example, if the previous window size is 10, and the TCP
stack receives 3 bytes, the current window size would be 7 even if the
window size calculated by the memory usage is zero.”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MPhjF  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPToZeroWindowAdv
”h]”hÌ)”}”(hŒTcpExtTCPToZeroWindowAdv”h]”hŒTcpExtTCPToZeroWindowAdv”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MVhj‰  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj†  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MVhjF  h²hubhÌ)”}”(hŒ;The TCP receive window is set to zero from a no-zero value.”h]”hŒ;The TCP receive window is set to zero from a no-zero value.”…””}”(hj§  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MXhjF  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFromZeroWindowAdv
”h]”hÌ)”}”(hŒTcpExtTCPFromZeroWindowAdv”h]”hŒTcpExtTCPFromZeroWindowAdv”…””}”(hj¼  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MZhj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjµ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MZhjF  h²hubhÌ)”}”(hŒ9The TCP receive window is set to no-zero value from zero.”h]”hŒ9The TCP receive window is set to no-zero value from zero.”…””}”(hjÖ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M\hjF  h²hubeh}”(h]”Œtcp-receive-window”ah ]”h"]”Œtcp receive window”ah$]”h&]”uh1hµhh·h²hh³hÊh´MMubh¶)”}”(hhh]”(h»)”}”(hŒDelayed ACK”h]”hŒDelayed ACK”…””}”(hjï  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjì  h²hh³hÊh´M`ubhÌ)”}”(hŒ•The TCP Delayed ACK is a technique which is used for reducing the
packet count in the network. For more details, please refer the
`Delayed ACK wiki`_”h]”(hŒ‚The TCP Delayed ACK is a technique which is used for reducing the
packet count in the network. For more details, please refer the
”…””}”(hjý  h²hh³Nh´Nubj*  )”}”(hŒ`Delayed ACK wiki`_”h]”hŒDelayed ACK wiki”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒDelayed ACK wiki”j;  Œ8https://en.wikipedia.org/wiki/TCP_delayed_acknowledgment”uh1j)  hjý  j=  Kubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mahjì  h²hubjE  )”}”(hŒN.. _Delayed ACK wiki: https://en.wikipedia.org/wiki/TCP_delayed_acknowledgment”h]”h}”(h]”Œdelayed-ack-wiki”ah ]”h"]”Œdelayed ack wiki”ah$]”h&]”j;  j  uh1jD  h´Mehjì  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtDelayedACKs
”h]”hÌ)”}”(hŒTcpExtDelayedACKs”h]”hŒTcpExtDelayedACKs”…””}”(hj/  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mghj+  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj(  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mghjì  h²hubhÌ)”}”(hŒeA delayed ACK timer expires. The TCP stack will send a pure ACK packet
and exit the delayed ACK mode.”h]”hŒeA delayed ACK timer expires. The TCP stack will send a pure ACK packet
and exit the delayed ACK mode.”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mihjì  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtDelayedACKLocked
”h]”hÌ)”}”(hŒTcpExtDelayedACKLocked”h]”hŒTcpExtDelayedACKLocked”…””}”(hj^  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MlhjZ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjW  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mlhjì  h²hubhÌ)”}”(hXW  A delayed ACK timer expires, but the TCP stack can't send an ACK
immediately due to the socket is locked by a userspace program. The
TCP stack will send a pure ACK later (after the userspace program
unlock the socket). When the TCP stack sends the pure ACK later, the
TCP stack will also update TcpExtDelayedACKs and exit the delayed ACK
mode.”h]”hXY  A delayed ACK timer expires, but the TCP stack canâ€™t send an ACK
immediately due to the socket is locked by a userspace program. The
TCP stack will send a pure ACK later (after the userspace program
unlock the socket). When the TCP stack sends the pure ACK later, the
TCP stack will also update TcpExtDelayedACKs and exit the delayed ACK
mode.”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mnhjì  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtDelayedACKLost
”h]”hÌ)”}”(hŒTcpExtDelayedACKLost”h]”hŒTcpExtDelayedACKLost”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Muhj‰  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj†  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Muhjì  h²hubhÌ)”}”(hŒØIt will be updated when the TCP stack receives a packet which has been
ACKed. A Delayed ACK loss might cause this issue, but it would also be
triggered by other reasons, such as a packet is duplicated in the
network.”h]”hŒØIt will be updated when the TCP stack receives a packet which has been
ACKed. A Delayed ACK loss might cause this issue, but it would also be
triggered by other reasons, such as a packet is duplicated in the
network.”…””}”(hj§  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mwhjì  h²hubeh}”(h]”Œdelayed-ack”ah ]”h"]”Œdelayed ack”ah$]”h&]”uh1hµhh·h²hh³hÊh´M`ubh¶)”}”(hhh]”(h»)”}”(hŒTail Loss Probe (TLP)”h]”hŒTail Loss Probe (TLP)”…””}”(hjÀ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj½  h²hh³hÊh´M}ubhÌ)”}”(hŒmTLP is an algorithm which is used to detect TCP packet loss. For more
details, please refer the `TLP paper`_.”h]”(hŒ`TLP is an algorithm which is used to detect TCP packet loss. For more
details, please refer the ”…””}”(hjÎ  h²hh³Nh´Nubj*  )”}”(hŒ`TLP paper`_”h]”hŒ	TLP paper”…””}”(hjÖ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ	TLP paper”j;  ŒBhttps://tools.ietf.org/html/draft-dukkipati-tcpm-tcp-loss-probe-01”uh1j)  hjÎ  j=  KubhŒ.”…””}”(hjÎ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M~hj½  h²hubjE  )”}”(hŒQ.. _TLP paper: https://tools.ietf.org/html/draft-dukkipati-tcpm-tcp-loss-probe-01”h]”h}”(h]”Œ	tlp-paper”ah ]”h"]”Œ	tlp paper”ah$]”h&]”j;  jæ  uh1jD  h´Mhj½  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPLossProbes
”h]”hÌ)”}”(hŒTcpExtTCPLossProbes”h]”hŒTcpExtTCPLossProbes”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mƒhj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjý  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mƒhj½  h²hubhÌ)”}”(hŒA TLP probe packet is sent.”h]”hŒA TLP probe packet is sent.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M…hj½  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPLossProbeRecovery
”h]”hÌ)”}”(hŒTcpExtTCPLossProbeRecovery”h]”hŒTcpExtTCPLossProbeRecovery”…””}”(hj3  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‡hj/  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj,  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M‡hj½  h²hubhÌ)”}”(hŒ/A packet loss is detected and recovered by TLP.”h]”hŒ/A packet loss is detected and recovered by TLP.”…””}”(hjM  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‰hj½  h²hubeh}”(h]”Œtail-loss-probe-tlp”ah ]”h"]”Œtail loss probe (tlp)”ah$]”h&]”uh1hµhh·h²hh³hÊh´M}ubh¶)”}”(hhh]”(h»)”}”(hŒTCP Fast Open description”h]”hŒTCP Fast Open description”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjc  h²hh³hÊh´MŒubhÌ)”}”(hŒŸTCP Fast Open is a technology which allows data transfer before the
3-way handshake complete. Please refer the `TCP Fast Open wiki`_ for a
general description.”h]”(hŒoTCP Fast Open is a technology which allows data transfer before the
3-way handshake complete. Please refer the ”…””}”(hjt  h²hh³Nh´Nubj*  )”}”(hŒ`TCP Fast Open wiki`_”h]”hŒTCP Fast Open wiki”…””}”(hj|  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒTCP Fast Open wiki”j;  Œ+https://en.wikipedia.org/wiki/TCP_Fast_Open”uh1j)  hjt  j=  KubhŒ for a
general description.”…””}”(hjt  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjc  h²hubjE  )”}”(hŒC.. _TCP Fast Open wiki: https://en.wikipedia.org/wiki/TCP_Fast_Open”•—      h]”h}”(h]”Œtcp-fast-open-wiki”ah ]”h"]”Œtcp fast open wiki”ah$]”h&]”j;  jŒ  uh1jD  h´M‘hjc  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFastOpenActive
”h]”hÌ)”}”(hŒTcpExtTCPFastOpenActive”h]”hŒTcpExtTCPFastOpenActive”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M“hj¦  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj£  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M“hjc  h²hubhÌ)”}”(hŒâWhen the TCP stack receives an ACK packet in the SYN-SENT status, and
the ACK packet acknowledges the data in the SYN packet, the TCP stack
understand the TFO cookie is accepted by the other side, then it
updates this counter.”h]”hŒâWhen the TCP stack receives an ACK packet in the SYN-SENT status, and
the ACK packet acknowledges the data in the SYN packet, the TCP stack
understand the TFO cookie is accepted by the other side, then it
updates this counter.”…””}”(hjÄ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M•hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFastOpenActiveFail
”h]”hÌ)”}”(hŒTcpExtTCPFastOpenActiveFail”h]”hŒTcpExtTCPFastOpenActiveFail”…””}”(hjÙ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MšhjÕ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÒ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mšhjc  h²hubhÌ)”}”(hXµ  This counter indicates that the TCP stack initiated a TCP Fast Open,
but it failed. This counter would be updated in three scenarios: (1)
the other side doesn't acknowledge the data in the SYN packet. (2) The
SYN packet which has the TFO cookie is timeout at least once. (3)
after the 3-way handshake, the retransmission timeout happens
net.ipv4.tcp_retries1 times, because some middle-boxes may black-hole
fast open after the handshake.”h]”hX·  This counter indicates that the TCP stack initiated a TCP Fast Open,
but it failed. This counter would be updated in three scenarios: (1)
the other side doesnâ€™t acknowledge the data in the SYN packet. (2) The
SYN packet which has the TFO cookie is timeout at least once. (3)
after the 3-way handshake, the retransmission timeout happens
net.ipv4.tcp_retries1 times, because some middle-boxes may black-hole
fast open after the handshake.”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mœhjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFastOpenPassive
”h]”hÌ)”}”(hŒTcpExtTCPFastOpenPassive”h]”hŒTcpExtTCPFastOpenPassive”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¤hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M¤hjc  h²hubhÌ)”}”(hŒRThis counter indicates how many times the TCP stack accepts the fast
open request.”h]”hŒRThis counter indicates how many times the TCP stack accepts the fast
open request.”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¦hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFastOpenPassiveFail
”h]”hÌ)”}”(hŒTcpExtTCPFastOpenPassiveFail”h]”hŒTcpExtTCPFastOpenPassiveFail”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M©hj3  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj0  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M©hjc  h²hubhÌ)”}”(hŒÇThis counter indicates how many times the TCP stack rejects the fast
open request. It is caused by either the TFO cookie is invalid or the
TCP stack finds an error during the socket creating process.”h]”hŒÇThis counter indicates how many times the TCP stack rejects the fast
open request. It is caused by either the TFO cookie is invalid or the
TCP stack finds an error during the socket creating process.”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M«hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒ TcpExtTCPFastOpenListenOverflow
”h]”hÌ)”}”(hŒTcpExtTCPFastOpenListenOverflow”h]”hŒTcpExtTCPFastOpenListenOverflow”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¯hjb  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj_  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M¯hjc  h²hubhÌ)”}”(hXŽ  When the pending fast open request number is larger than
fastopenq->max_qlen, the TCP stack will reject the fast open request
and update this counter. When this counter is updated, the TCP stack
won't update TcpExtTCPFastOpenPassive or
TcpExtTCPFastOpenPassiveFail. The fastopenq->max_qlen is set by the
TCP_FASTOPEN socket operation and it could not be larger than
net.core.somaxconn. For example:”h]”hX  When the pending fast open request number is larger than
fastopenq->max_qlen, the TCP stack will reject the fast open request
and update this counter. When this counter is updated, the TCP stack
wonâ€™t update TcpExtTCPFastOpenPassive or
TcpExtTCPFastOpenPassiveFail. The fastopenq->max_qlen is set by the
TCP_FASTOPEN socket operation and it could not be larger than
net.core.somaxconn. For example:”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M±hjc  h²hubhÌ)”}”(hŒ<setsockopt(sfd, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen));”h]”hŒ<setsockopt(sfd, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen));”…””}”(hjŽ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¹hjc  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPFastOpenCookieReqd
”h]”hÌ)”}”(hŒTcpExtTCPFastOpenCookieReqd”h]”hŒTcpExtTCPFastOpenCookieReqd”…””}”(hj£  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M»hjŸ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjœ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M»hjc  h²hubhÌ)”}”(hŒMThis counter indicates how many times a client wants to request a TFO
cookie.”h]”hŒMThis counter indicates how many times a client wants to request a TFO
cookie.”…””}”(hj½  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M½hjc  h²hubeh}”(h]”Œtcp-fast-open-description”ah ]”h"]”Œtcp fast open description”ah$]”h&]”uh1hµhh·h²hh³hÊh´MŒubh¶)”}”(hhh]”(h»)”}”(hŒSYN cookies”h]”hŒSYN cookies”…””}”(hjÖ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjÓ  h²hh³hÊh´MÁubhÌ)”}”(hŒ^SYN cookies are used to mitigate SYN flood, for details, please refer
the `SYN cookies wiki`_.”h]”(hŒJSYN cookies are used to mitigate SYN flood, for details, please refer
the ”…””}”(hjä  h²hh³Nh´Nubj*  )”}”(hŒ`SYN cookies wiki`_”h]”hŒSYN cookies wiki”…””}”(hjì  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒSYN cookies wiki”j;  Œ)https://en.wikipedia.org/wiki/SYN_cookies”uh1j)  hjä  j=  KubhŒ.”…””}”(hjä  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÂhjÓ  h²hubjE  )”}”(hŒ?.. _SYN cookies wiki: https://en.wikipedia.org/wiki/SYN_cookies”h]”h}”(h]”Œsyn-cookies-wiki”ah ]”h"]”Œsyn cookies wiki”ah$]”h&]”j;  jü  uh1jD  h´MÅhjÓ  h²hh³hÊjR  Kubhû)”}”(hhh]”j   )”}”(hŒTcpExtSyncookiesSent
”h]”hÌ)”}”(hŒTcpExtSyncookiesSent”h]”hŒTcpExtSyncookiesSent”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÇhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÇhjÓ  h²hubhÌ)”}”(hŒ+It indicates how many SYN cookies are sent.”h]”hŒ+It indicates how many SYN cookies are sent.”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÉhjÓ  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtSyncookiesRecv
”h]”hÌ)”}”(hŒTcpExtSyncookiesRecv”h]”hŒTcpExtSyncookiesRecv”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MËhjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjB  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MËhjÓ  h²hubhÌ)”}”(hŒAHow many reply packets of the SYN cookies the TCP stack receives.”h]”hŒAHow many reply packets of the SYN cookies the TCP stack receives.”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÍhjÓ  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtSyncookiesFailed
”h]”hÌ)”}”(hŒTcpExtSyncookiesFailed”h]”hŒTcpExtSyncookiesFailed”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÏhjt  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjq  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÏhjÓ  h²hubhÌ)”}”(hŒ¹The MSS decoded from the SYN cookie is invalid. When this counter is
updated, the received packet won't be treated as a SYN cookie and the
TcpExtSyncookiesRecv counter won't be updated.”h]”hŒ½The MSS decoded from the SYN cookie is invalid. When this counter is
updated, the received packet wonâ€™t be treated as a SYN cookie and the
TcpExtSyncookiesRecv counter wonâ€™t be updated.”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÑhjÓ  h²hubeh}”(h]”Œsyn-cookies”ah ]”h"]”Œsyn cookies”ah$]”h&]”uh1hµhh·h²hh³hÊh´MÁubh¶)”}”(hhh]”(h»)”}”(hŒChallenge ACK”h]”hŒChallenge ACK”…””}”(hj«  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj¨  h²hh³hÊh´MÖubhÌ)”}”(hŒ[For details of challenge ACK, please refer the explanation of
TcpExtTCPACKSkippedChallenge.”h]”hŒ[For details of challenge ACK, please refer the explanation of
TcpExtTCPACKSkippedChallenge.”…””}”(hj¹  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M×hj¨  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPChallengeACK
”h]”hÌ)”}”(hŒTcpExtTCPChallengeACK”h]”hŒTcpExtTCPChallengeACK”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÚhjÊ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÇ  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÚhj¨  h²hubhÌ)”}”(hŒ"The number of challenge acks sent.”h]”hŒ"The number of challenge acks sent.”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÜhj¨  h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPSYNChallenge
”h]”hÌ)”}”(hŒTcpExtTCPSYNChallenge”h]”hŒTcpExtTCPSYNChallenge”…””}”(hjý  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÞhjù  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjö  h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´MÞhj¨  h²hubhÌ)”}”(hX	  The number of challenge acks sent in response to SYN packets. After
updates this counter, the TCP stack might send a challenge ACK and
update the TcpExtTCPChallengeACK counter, or it might also skip to
send the challenge and update the TcpExtTCPACKSkippedChallenge.”h]”hX	  The number of challenge acks sent in response to SYN packets. After
updates this counter, the TCP stack might send a challenge ACK and
update the TcpExtTCPChallengeACK counter, or it might also skip to
send the challenge and update the TcpExtTCPACKSkippedChallenge.”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Màhj¨  h²hubeh}”(h]”Œchallenge-ack”ah ]”h"]”Œchallenge ack”ah$]”h&]”uh1hµhh·h²hh³hÊh´MÖubh¶)”}”(hhh]”(h»)”}”(hŒprune”h]”hŒprune”…””}”(hj0   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj-   h²hh³hÊh´MæubhÌ)”}”(hX  When a socket is under memory pressure, the TCP stack will try to
reclaim memory from the receiving queue and out of order queue. One of
the reclaiming method is 'collapse', which means allocate a big skb,
copy the contiguous skbs to the single big skb, and free these
contiguous skbs.”h]”hX!  When a socket is under memory pressure, the TCP stack will try to
reclaim memory from the receiving queue and out of order queue. One of
the reclaiming method is â€˜collapseâ€™, which means allocate a big skb,
copy the contiguous skbs to the single big skb, and free these
contiguous skbs.”…””}”(hj>   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mçhj-   h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtPruneCalled
”h]”hÌ)”}”(hŒTcpExtPruneCalled”h]”hŒTcpExtPruneCalled”…””}”(hjS   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MíhjO   ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjL   h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Míhj-   h²hubhÌ)”}”(hX4  The TCP stack tries to reclaim memory for a socket. After updates this
counter, the TCP stack will try to collapse the out of order queue and
the receiving queue. If the memory is still not enough, the TCP stack
will try to discard packets from the out of order queue (and update the
TcpExtOfoPruned counter)”h]”hX4  The TCP stack tries to reclaim memory for a socket. After updates this
counter, the TCP stack will try to collapse the out of order queue and
the receiving queue. If the memory is still not enough, the TCP stack
will try to discard packets from the out of order queue (and update the
TcpExtOfoPruned counter)”…””}”(hjm   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mïhj-   h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtOfoPruned
”h]”hÌ)”}”(hŒTcpExtOfoPruned”h]”hŒTcpExtOfoPruned”…””}”(hj‚   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mõhj~   ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj{   h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mõhj-   h²hubhÌ)”}”(hŒ@The TCP stack tries to discard packet on the out of order queue.”h]”hŒ@The TCP stack tries to discard packet on the out of order queue.”…””}”(hjœ   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M÷hj-   h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtRcvPruned
”h]”hÌ)”}”(hŒTcpExtRcvPruned”h]”hŒTcpExtRcvPruned”…””}”(hj±   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mùhj­   ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjª   h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mùhj-   h²hubhÌ)”}”(hŒÄAfter 'collapse' and discard packets from the out of order queue, if
the actually used memory is still larger than the max allowed memory,
this counter will be updated. It means the 'prune' fails.”h]”hŒÌAfter â€˜collapseâ€™ and discard packets from the out of order queue, if
the actually used memory is still larger than the max allowed memory,
this counter will be updated. It means the â€˜pruneâ€™ fails.”…””}”(hjË   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mûhj-   h²hubhû)”}”(hhh]”j   )”}”(hŒTcpExtTCPRcvCollapsed
”h]”hÌ)”}”(hŒTcpExtTCPRcvCollapsed”h]”hŒTcpExtTCPRcvCollapsed”…””}”(hjà   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÿhjÜ   ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjÙ   h²hh³hÊh´Nubah}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´Mÿhj-   h²hubhÌ)”}”(hŒAThis counter indicates how many skbs are freed during 'collapse'.”h]”hŒEThis counter indicates how many skbs are freed during â€˜collapseâ€™.”…””}”(hjú   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj-   h²hubeh}”(h]”Œprune”ah ]”h"]”Œprune”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mæubh¶)”}”(hhh]”(h»)”}”(hŒexamples”h]”hŒexamples”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj!  h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒ	ping test”h]”hŒ	ping test”…””}”(hj$!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj!!  h²hh³hÊh´MubhÌ)”}”(hŒ<Run the ping command against the public dns server 8.8.8.8::”h]”hŒ;Run the ping command against the public dns server 8.8.8.8:”…””}”(hj2!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj!!  h²hubj8  )”}”(hX  nstatuser@nstat-a:~$ ping 8.8.8.8 -c 1
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=17.8 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 17.875/17.875/17.875/0.000 ms”h]”hX  nstatuser@nstat-a:~$ ping 8.8.8.8 -c 1
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=17.8 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 17.875/17.875/17.875/0.000 ms”…””}”hj@!  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M
hj!!  h²hubhÌ)”}”(hŒThe nstayt result::”h]”hŒThe nstayt result:”…””}”(hjN!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj!!  h²hubj8  )”}”(hX¶  nstatuser@nstat-a:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
IcmpInMsgs                      1                  0.0
IcmpInEchoReps                  1                  0.0
IcmpOutMsgs                     1                  0.0
IcmpOutEchos                    1                  0.0
IcmpMsgInType0                  1                  0.0
IcmpMsgOutType8                 1                  0.0
IpExtInOctets                   84                 0.0
IpExtOutOctets                  84                 0.0
IpExtInNoECTPkts                1                  0.0”h]”hX¶  nstatuser@nstat-a:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
IcmpInMsgs                      1                  0.0
IcmpInEchoReps                  1                  0.0
IcmpOutMsgs                     1                  0.0
IcmpOutEchos                    1                  0.0
IcmpMsgInType0                  1                  0.0
IcmpMsgOutType8                 1                  0.0
IpExtInOctets                   84                 0.0
IpExtOutOctets                  84                 0.0
IpExtInNoECTPkts                1                  0.0”…””}”hj\!  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mhj!!  h²hubhÌ)”}”(hXÏ  The Linux server sent an ICMP Echo packet, so IpOutRequests,
IcmpOutMsgs, IcmpOutEchos and IcmpMsgOutType8 were increased 1. The
server got ICMP Echo Reply from 8.8.8.8, so IpInReceives, IcmpInMsgs,
IcmpInEchoReps and IcmpMsgInType0 were increased 1. The ICMP Echo Reply
was passed to the ICMP layer via IP layer, so IpInDelivers was
increased 1. The default ping data size is 48, so an ICMP Echo packet
and its corresponding Echo Reply packet are constructed by:”h]”hXÏ  The Linux server sent an ICMP Echo packet, so IpOutRequests,
IcmpOutMsgs, IcmpOutEchos and IcmpMsgOutType8 were increased 1. The
server got ICMP Echo Reply from 8.8.8.8, so IpInReceives, IcmpInMsgs,
IcmpInEchoReps and IcmpMsgInType0 were increased 1. The ICMP Echo Reply
was passed to the ICMP layer via IP layer, so IpInDelivers was
increased 1. The default ping data size is 48, so an ICMP Echo packet
and its corresponding Echo Reply packet are constructed by:”…””}”(hjj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M#hj!!  h²hubhû)”}”(hhh]”(j   )”}”(hŒ14 bytes MAC header”h]”hÌ)”}”(hj}!  h]”hŒ14 bytes MAC header”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M+hj{!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjx!  h²hh³hÊh´Nubj   )”}”(hŒ20 bytes IP header”h]”hÌ)”}”(hj”!  h]”hŒ20 bytes IP header”…””}”(hj–!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M,hj’!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjx!  h²hh³hÊh´Nubj   )”}”(hŒ16 bytes ICMP header”h]”hÌ)”}”(hj«!  h]”hŒ16 bytes ICMP header”…””}”(hj­!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M-hj©!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjx!  h²hh³hÊh´Nubj   )”}”(hŒ248 bytes data (default value of the ping command)
”h]”hÌ)”}”(hŒ148 bytes data (default value of the ping command)”h]”hŒ148 bytes data (default value of the ping command)”…””}”(hjÄ!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M.hjÀ!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhjx!  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j   uh1húh³hÊh´M+hj!!  h²hubhÌ)”}”(hŒ8So the IpExtInOctets and IpExtOutOctets are 20+16+48=84.”h]”hŒ8So the IpExtInOctets and IpExtOutOctets are 20+16+48=84.”…””}”(hjÞ!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M0hj!!  h²hubeh}”(h]”Œ	ping-test”ah ]”h"]”Œ	ping test”ah$]”h&]”uh1hµhj!  h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒtcp 3-way handshake”h]”hŒtcp 3-way handshake”…””}”(hj÷!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjô!  h²hh³hÊh´M3ubhÌ)”}”(hŒOn server side, we run::”h]”hŒOn server side, we run:”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M4hjô!  h²hubj8  )”}”(hŒWnstatuser@nstat-b:~$ nc -lknv 0.0.0.0 9000
Listening on [0.0.0.0] (family 0, port 9000)”h]”hŒWnstatuser@nstat-b:~$ nc -lknv 0.0.0.0 9000
Listening on [0.0.0.0] (family 0, port 9000)”…””}”hj"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M6hjô!  h²hubhÌ)”}”(hŒOn client side, we run::”h]”hŒOn client side, we run:”…””}”(hj!"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M9hjô!  h²hubj8  )”}”(hŒknstatuser@nstat-a:~$ nc -nv 192.168.122.251 9000
Connection to 192.168.122.251 9000 port [tcp/*] succeeded!”h]”hŒknstatuser@nstat-a:~$ nc -nv 192.168.122.251 9000
Connection to 192.168.122.251 9000 port [tcp/*] succeeded!”…””}”hj/"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M;hjô!  h²hubhÌ)”}”(hŒeThe server listened on tcp 9000 port, the client connected to it, they
completed the 3-way handshake.”h]”hŒeThe server listened on tcp 9000 port, the client connected to it, they
completed the 3-way handshake.”…””}”(hj="  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M>hjô!  h²hubhÌ)”}”(hŒ0On server side, we can find below nstat output::”h]”hŒ/On server side, we can find below nstat output:”…””}”(hjK"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MAhjô!  h²hubj8  )”}”(hX  nstatuser@nstat-b:~$ nstat | grep -i tcp
TcpPassiveOpens                 1                  0.0
TcpInSegs                       2                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPPureAcks               1                  0.0”h]”hX  nstatuser@nstat-b:~$ nstat | grep -i tcp
TcpPassiveOpens                 1                  0.0
TcpInSegs                       2                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPPureAcks               1                  0.0”…””}”hjY"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MChjô!  h²hubhÌ)”}”(hŒ0On client side, we can find below nstat output::”h]”hŒ/On client side, we can find below nstat output:”…””}”(hjg"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MIhjô!  h²hubj8  )”}”(hŒÍnstatuser@nstat-a:~$ nstat | grep -i tcp
TcpActiveOpens                  1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      2                  0.0”h]”hŒÍnstatuser@nstat-a:~$ nstat | grep -i tcp
TcpActiveOpens                  1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      2                  0.0”…””}”hju"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MKhjô!  h²hubhÌ)”}”(hXn  When the server received the first SYN, it replied a SYN+ACK, and came into
SYN-RCVD state, so TcpPassiveOpens increased 1. The server received
SYN, sent SYN+ACK, received ACK, so server sent 1 packet, received 2
packets, TcpInSegs increased 2, TcpOutSegs increased 1. The last ACK
of the 3-way handshake is a pure ACK without data, so
TcpExtTCPPureAcks increased 1.”h]”hXn  When the server received the first SYN, it replied a SYN+ACK, and came into
SYN-RCVD state, so TcpPassiveOpens increased 1. The server received
SYN, sent SYN+ACK, received ACK, so server sent 1 packet, received 2
packets, TcpInSegs increased 2, TcpOutSegs increased 1. The last ACK
of the 3-way handshake is a pure ACK without data, so
TcpExtTCPPureAcks increased 1.”…””}”(hjƒ"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MPhjô!  h²hubhÌ)”}”(hŒîWhen the client sent SYN, the client came into the SYN-SENT state, so
TcpActiveOpens increased 1, the client sent SYN, received SYN+ACK, sent
ACK, so client sent 2 packets, received 1 packet, TcpInSegs increased
1, TcpOutSegs increased 2.”h]”hŒîWhen the client sent SYN, the client came into the SYN-SENT state, so
TcpActiveOpens increased 1, the client sent SYN, received SYN+ACK, sent
ACK, so client sent 2 packets, received 1 packet, TcpInSegs increased
1, TcpOutSegs increased 2.”…””}”(hj‘"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MWhjô!  h²hubeh}”(h]”Œtcp-3-way-handshake”ah ]”h"]”Œtcp 3-way handshake”ah$]”h&]”uh1hµhj!  h²hh³hÊh´M3ubh¶)”}”(hhh]”(h»)”}”(hŒTCP normal traffic”h]”hŒTCP normal traffic”…””}”(hjª"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj§"  h²hh³hÊh´M]ubhÌ)”}”(hŒRun nc on server::”h]”hŒRun nc on server:”…””}”(hj¸"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M^hj§"  h²hubj8  )”}”(hŒVnstatuser@nstat-b:~$ nc -lkv 0.0.0.0 9000
Listening on [0.0.0.0] (family 0, port 9000)”h]”hŒVnstatuser@nstat-b:~$ nc -lkv 0.0.0.0 9000
Listening on [0.0.0.0] (family 0, port 9000)”…””}”hjÆ"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M`hj§"  h²hubhÌ)”}”(hŒRun nc on client::”h]”hŒRun nc on client:”…””}”(hjÔ"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mchj§"  h²hubj8  )”}”(hŒZnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!”h]”hŒZnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!”…””}”hjâ"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mehj§"  h²hubhÌ)”}”(hŒ:Input a string in the nc client ('hello' in our example)::”h]”hŒ=Input a string in the nc client (â€˜helloâ€™ in our example):”…””}”(hjð"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhhj§"  h²hubj8  )”}”(hŒ`nstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!
hello”h]”hŒ`nstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!
hello”…””}”hjþ"  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mjhj§"  h²hubhÌ)”}”(hŒThe client side nstat output::”h]”hŒThe client side nstat output:”…””}”(hj#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mnhj§"  h²hubj8  )”}”(hXH  nstatuser@nstat-a:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPPureAcks               1                  0.0
TcpExtTCPOrigDataSent           1                  0.0
IpExtInOctets                   52                 0.0
IpExtOutOctets                  58                 0.0
IpExtInNoECTPkts                1                  0.0”h]”hXH  nstatuser@nstat-a:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPPureAcks               1                  0.0
TcpExtTCPOrigDataSent           1                  0.0
IpExtInOctets                   52                 0.0
IpExtOutOctets                  58                 0.0
IpExtInNoECTPkts                1                  0.0”…””}”hj#  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mphj§"  h²hubhÌ)”}”(hŒThe server side nstat output::”h]”hŒThe server side nstat output:”…””}”(hj(#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M}hj§"  h²hubj8  )”}”(hXÚ  nstatuser@nstat-b:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
IpExtInOctets                   58                 0.0
IpExtOutOctets                  52                 0.0
IpExtInNoECTPkts                1                  0.0”h]”hXÚ  nstatuser@nstat-b:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
IpExtInOctets                   58                 0.0
IpExtOutOctets                  52                 0.0
IpExtInNoECTPkts                1                  0.0”…””}”hj6#  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mhj§"  h²hubhÌ)”}”(hŒAInput a string in nc client side again ('world' in our example)::”h]”hŒDInput a string in nc client side again (â€˜worldâ€™ in our example):”…””}”(hjD#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MŠhj§"  h²hubj8  )”}”(hŒfnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!
hello
world”h]”hŒfnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!
hello
world”…””}”hjR#  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MŒhj§"  h²hubhÌ)”}”(hŒClient side nstat output::”h]”hŒClient side nstat output:”…””}”(hj`#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‘hj§"  h²hubj8  )”}”(hXH  nstatuser@nstat-a:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPHPAcks                 1                  0.0
TcpExtTCPOrigDataSent           1                  0.0
IpExtInOctets                   52                 0.0
IpExtOutOctets                  58                 0.0
IpExtInNoECTPkts                1                  0.0”h]”hXH  nstatuser@nstat-a:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPHPAcks                 1                  0.0
TcpExtTCPOrigDataSent           1                  0.0
IpExtInOctets                   52                 0.0
IpExtOutOctets                  58                 0.0
IpExtInNoECTPkts                1                  0.0”…””}”hjn#  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M“hj§"  h²hubhÌ)”}”(hŒServer side nstat output::”h]”hŒServer side nstat output:”…””}”(hj|#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¡hj§"  h²hubj8  )”}”(hX  nstatuser@nstat-b:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPHPHits                 1                  0.0
IpExtInOctets                   58                 0.0
IpExtOutOctets                  52                 0.0
IpExtInNoECTPkts                1                  0.0”h]”hX  nstatuser@nstat-b:~$ nstat
#kernel
IpInReceives                    1                  0.0
IpInDelivers                    1                  0.0
IpOutRequests                   1                  0.0
TcpInSegs                       1                  0.0
TcpOutSegs                      1                  0.0
TcpExtTCPHPHits                 1                  0.0
IpExtInOctets                   58                 0.0
IpExtOutOctets                  52                 0.0
IpExtInNoECTPkts                1                  0.0”…””}”hjŠ#  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M£hj§"  h²hubhÌ)”}”(hX¶  Compare the first client-side nstat and the second client-side nstat,
we could find one difference: the first one had a 'TcpExtTCPPureAcks',
but the second one had a 'TcpExtTCPHPAcks'. The first server-side
nstat and the second server-side nstat had a difference too: the
second server-side nstat had a TcpExtTCPHPHits, but the first
server-side nstat didn't have it. The network traffic patterns were
exactly the same: the client sent a packet to the server, the server
replied an ACK. But kernel handled them in different ways. When the
TCP window scale option is not used, kernel will try to enable fast
path immediately when the connection comes into the established state,
but if the TCP window scale option is used, kernel will disable the
fast path at first, and try to enable it after kernel receives
packets. We could use the 'ss' command to verify whether the window
scale option is used. e.g. run below command on either server or
client::”h]”hXÃ  Compare the first client-side nstat and the second client-side nstat,
we could find one difference: the first one had a â€˜TcpExtTCPPureAcksâ€™,
but the second one had a â€˜TcpExtTCPHPAcksâ€™. The first server-side
nstat and the second server-side nstat had a difference too: the
second server-side nstat had a TcpExtTCPHPHits, but the first
server-side nstat didnâ€™t have it. The network traffic patterns were
exactly the same: the client sent a packet to the server, the server
replied an ACK. But kernel handled them in different ways. When the
TCP window scale option is not used, kernel will try to enable fast
path immediately when the connection comes into the established state,
but if the TCP window scale option is used, kernel will disable the
fast path at first, and try to enable it after kernel receives
packets. We could use the â€˜ssâ€™ command to verify whether the window
scale option is used. e.g. run below command on either server or
client:”…””}”(hj˜#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¯hj§"  h²hubj8  )”}”(hX  nstatuser@nstat-a:~$ ss -o state established -i '( dport = :9000 or sport = :9000 )
Netid    Recv-Q     Send-Q            Local Address:Port             Peer Address:Port
tcp      0          0               192.168.122.250:40654         192.168.122.251:9000
           ts sack cubic wscale:7,7 rto:204 rtt:0.98/0.49 mss:1448 pmtu:1500 rcvmss:536 advmss:1448 cwnd:10 bytes_acked:1 segs_out:2 segs_in:1 send 118.2Mbps lastsnd:46572 lastrcv:46572 lastack:46572 pacing_rate 236.4Mbps rcv_space:29200 rcv_ssthresh:29200 minrtt:0.98”h]”hX  nstatuser@nstat-a:~$ ss -o state established -i '( dport = :9000 or sport = :9000 )
Netid    Recv-Q     Send-Q            Local Address:Port             Peer Address:Port
tcp      0          0               192.168.122.250:40654         192.168.122.251:9000
           ts sack cubic wscale:7,7 rto:204 rtt:0.98/0.49 mss:1448 pmtu:1500 rcvmss:536 advmss:1448 cwnd:10 bytes_acked:1 segs_out:2 segs_in:1 send 118.2Mbps lastsnd:46572 lastrcv:46572 lastack:46572 pacing_rate 236.4Mbps rcv_space:29200 rcv_ssthresh:29200 minrtt:0.98”…””}”hj¦#  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M¿hj§"  h²hubhÌ)”}”(hŒ‚The 'wscale:7,7' means both server and client set the window scale
option to 7. Now we could explain the nstat output in our test:”h]”hŒ†The â€˜wscale:7,7â€™ means both server and client set the window scale
option to 7. Now we could explain the nstat output in our test:”…””}”(hj´#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÄhj§"  h²hubhÌ)”}”(hŒÆIn the first nstat output of client side, the client sent a packet, server
reply an ACK, when kernel handled this ACK, the fast path was not
enabled, so the ACK was counted into 'TcpExtTCPPureAcks'.”h]”hŒÊIn the first nstat output of client side, the client sent a packet, server
reply an ACK, when kernel handled this ACK, the fast path was not
enabled, so the ACK was counted into â€˜TcpExtTCPPureAcksâ€™.”…””}”(hjÂ#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÇhj§"  h²hubhÌ)”}”(hX  In the second nstat output of client side, the client sent a packet again,
and received another ACK from the server, in this time, the fast path is
enabled, and the ACK was qualified for fast path, so it was handled by
the fast path, so this ACK was counted into TcpExtTCPHPAcks.”h]”hX  In the second nstat output of client side, the client sent a packet again,
and received another ACK from the server, in this time, the fast path is
enabled, and the ACK was qualified for fast path, so it was handled by
the fast path, so this ACK was counted into TcpExtTCPHPAcks.”…””}”(hjÐ#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MËhj§"  h²hubhÌ)”}”(hŒgIn the first nstat output of server side, fast path was not enabled,
so there was no 'TcpExtTCPHPHits'.”h]”hŒkIn the first nstat output of server side, fast path was not enabled,
so there was no â€˜TcpExtTCPHPHitsâ€™.”…””}”(hjÞ#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÐhj§"  h²hubhÌ)”}”(hŒ¬In the second nstat output of server side, the fast path was enabled,
and the packet received from client qualified for fast path, so it
was counted into 'TcpExtTCPHPHits'.”h]”hŒ°In the second nstat output of server side, the fast path was enabled,
and the packet received from client qualified for fast path, so it
was counted into â€˜TcpExtTCPHPHitsâ€™.”…””}”(hjì#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÓhj§"  h²hubeh}”(h]”Œtcp-normal-traffic”ah ]”h"]”Œtcp normal traffic”ah$]”h&]”uh1hµhj!  h²hh³hÊh´M]ubh¶)”}”(hhh]”(h»)”}”(hŒTcpExtTCPAbortOnClose”h]”hŒTcpExtTCPAbortOnClose”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj$  h²hh³hÊh´MØubhÌ)”}”(hŒ0On the server side, we run below python script::”h]”hŒ/On the server side, we run below python script:”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÙhj$  h²hubj8  )”}”(hŒ¿import socket
import time

port = 9000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(1)
sock, addr = s.accept()
while True:
    time.sleep(9999999)”h]”hŒ¿import socket
import time

port = 9000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(1)
sock, addr = s.accept()
while True:
    time.sleep(9999999)”…””}”hj!$  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MÛhj$  h²hubhÌ)”}”(hŒVThis python script listen on 9000 port, but doesn't read anything from
the connection.”h]”hŒXThis python script listen on 9000 port, but doesnâ€™t read anything from
the connection.”…””}”(hj/$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mçhj$  h²hubhÌ)”}”(hŒ6On the client side, we send the string "hello" by nc::”h]”hŒ9On the client side, we send the string â€œhelloâ€ by nc:”…””}”(hj=$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mêhj$  h²hubj8  )”}”(hŒ3nstatuser@nstat-a:~$ echo "hello" | nc nstat-b 9000”h]”hŒ3nstatuser@nstat-a:~$ echo "hello" | nc nstat-b 9000”…””}”hjK$  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mìhj$  h²hubhÌ)”}”(hX  Then, we come back to the server side, the server has received the "hello"
packet, and the TCP layer has acked this packet, but the application didn't
read it yet. We type Ctrl-C to terminate the server script. Then we
could find TcpExtTCPAbortOnClose increased 1 on the server side::”h]”hX!  Then, we come back to the server side, the server has received the â€œhelloâ€
packet, and the TCP layer has acked this packet, but the application didnâ€™t
read it yet. We type Ctrl-C to terminate the server script. Then we
could find TcpExtTCPAbortOnClose increased 1 on the server side:”…””}”(hjY$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mîhj$  h²hubj8  )”}”(hŒanstatuser@nstat-b:~$ nstat | grep -i abort
TcpExtTCPAbortOnClose           1                  0.0”h]”hŒanstatuser@nstat-b:~$ nstat | grep -i abort
TcpExtTCPAbortOnClose           1                  0.0”…””}”hjg$  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Móhj$  h²hubhÌ)”}”(hŒ_If we run tcpdump on the server side, we could find the server sent a
RST after we type Ctrl-C.”h]”hŒ_If we run tcpdump on the server side, we could find the server sent a
RST after we type Ctrl-C.”…””}”(hju$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Möhj$  h²hubeh}”(h]”Œtcpexttcpabortonclose”ah ]”h"]”Œtcpexttcpabortonclose”ah$]”h&]”uh1hµhj!  h²hh³hÊh´MØubh¶)”}”(hhh]”(h»)”}”(hŒ2TcpExtTCPAbortOnMemory and TcpExtTCPAbortOnTimeout”h]”hŒ2TcpExtTCPAbortOnMemory and TcpExtTCPAbortOnTimeout”…””}”(hjŽ$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj‹$  h²hh³hÊh´MúubhÌ)”}”(hŒ”Below is an example which let the orphan socket count be higher than
net.ipv4.tcp_max_orphans.
Change tcp_max_orphans to a smaller value on client::”h]”hŒ“Below is an example which let the orphan socket count be higher than
net.ipv4.tcp_max_orphans.
Change tcp_max_orphans to a smaller value on client:”…””}”(hjœ$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mûhj‹$  h²hubj8  )”}”(hŒ;sudo bash -c "echo 10 > /proc/sys/net/ipv4/tcp_max_orphans"”h]”hŒ;sudo bash -c "echo 10 > /proc/sys/net/ipv4/tcp_max_orphans"”…””}”hjª$  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mÿhj‹$  h²hubhÌ)”}”(hŒ.Client code (create 64 connection to server)::”h]”hŒ-Client code (create 64 connection to server):”…””}”(hj¸$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj‹$  h²hubj8  )”}”(hX}  nstatuser@nstat-a:~$ cat client_orphan.py
import socket
import time

server = 'nstat-b' # server address
port = 9000

count = 64

connection_list = []

for i in range(64):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((server, port))
    connection_list.append(s)
    print("connection_count: %d" % len(connection_list))

while True:
    time.sleep(99999)”h]”hX}  nstatuser@nstat-a:~$ cat client_orphan.py
import socket
import time

server = 'nstat-b' # server address
port = 9000

count = 64

connection_list = []

for i in range(64):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((server, port))
    connection_list.append(s)
    print("connection_count: %d" % len(connection_list))

while True:
    time.sleep(99999)”…””}”hjÆ$  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mhj‹$  h²hubhÌ)”}”(hŒ0Server code (accept 64 connection from client)::”h]”hŒ/Server code (accept 64 connection from client):”…””}”(hjÔ$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj‹$  h²hubj8  )”}”(hX[  nstatuser@nstat-b:~$ cat server_orphan.py
import socket
import time

port = 9000
count = 64

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(count)
connection_list = []
while True:
    sock, addr = s.accept()
    connection_list.append((sock, addr))
    print("connection_count: %d" % len(connection_list))”h]”hX[  nstatuser@nstat-b:~$ cat server_orphan.py
import socket
import time

port = 9000
count = 64

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(count)
connection_list = []
while True:
    sock, addr = s.accept()
    connection_list.append((sock, addr))
    print("connection_count: %d" % len(connection_list))”…””}”hjâ$  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mhj‹$  h²hubhÌ)”}”(hŒ,Run the python scripts on server and client.”h]”hŒ,Run the python scripts on server and client.”…””}”(hjð$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M)hj‹$  h²hubhÌ)”}”(hŒOn server::”h]”hŒ
On server:”…””}”(hjþ$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M+hj‹$  h²hubj8  )”}”(hŒpython3 server_orphan.py”h]”hŒpython3 server_orphan.py”…””}”hj%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M-hj‹$  h²hubhÌ)”}”(hŒOn client::”h]”hŒ
On client:”…””}”(hj%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M/hj‹$  h²hubj8  )”}”(hŒpython3 client_orphan.py”h]”hŒpython3 client_orphan.py”…””}”hj(%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M1hj‹$  h²hubhÌ)”}”(hŒRun iptables on server::”h]”hŒRun iptables on server:”…””}”(hj6%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M3hj‹$  h²hubj8  )”}”(hŒEsudo iptables -A INPUT -i ens3 -p tcp --destination-port 9000 -j DROP”h]”hŒEsudo iptables -A INPUT -i ens3 -p tcp --destination-port 9000 -j DROP”…””}”hjD%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M5hj‹$  h²hubhÌ)”}”(hŒ-Type Ctrl-C on client, stop client_orphan.py.”h]”hŒ-Type Ctrl-C on client, stop client_orphan.py.”…””}”(hjR%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M7hj‹$  h²hubhÌ)”}”(hŒ(Check TcpExtTCPAbortOnMemory on client::”h]”hŒ'Check TcpExtTCPAbortOnMemory on client:”…””}”(hj`%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M9hj‹$  h²hubj8  )”}”(hŒanstatuser@nstat-a:~$ nstat | grep -i abort
TcpExtTCPAbortOnMemory          54                 0.0”h]”hŒanstatuser@nstat-a:~$ nstat | grep -i abort
TcpExtTCPAbortOnMemory          54                 0.0”…””}”hjn%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M;hj‹$  h²hubhÌ)”}”(hŒ'Check orphaned socket count on client::”h]”hŒ&Check orphaned socket count on client:”…””}”(hj|%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M>hj‹$  h²hubj8  )”}”(hXa  nstatuser@nstat-a:~$ ss -s
Total: 131 (kernel 0)
TCP:   14 (estab 1, closed 0, orphaned 10, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       1         0         1
UDP       1         1         0
TCP       14        13        1
INET      16        14        2
FRAG      0         0         0”h]”hXa  nstatuser@nstat-a:~$ ss -s
Total: 131 (kernel 0)
TCP:   14 (estab 1, closed 0, orphaned 10, synrecv 0, timewait 0/0), ports 0

Transport Total     IP        IPv6
*         0         -         -
RAW       1         0         1
UDP       1         1         0
TCP       14        13        1
INET      16        14        2
FRAG      0         0         0”…””}”hjŠ%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M@hj‹$  h²hubhÌ)”}”(hX§  The explanation of the test: after run server_orphan.py and
client_orphan.py, we set up 64 connections between server and
client. Run the iptables command, the server will drop all packets from
the client, type Ctrl-C on client_orphan.py, the system of the client
would try to close these connections, and before they are closed
gracefully, these connections became orphan sockets. As the iptables
of the server blocked packets from the client, the server won't receive fin
from the client, so all connection on clients would be stuck on FIN_WAIT_1
stage, so they will keep as orphan sockets until timeout. We have echo
10 to /proc/sys/net/ipv4/tcp_max_orphans, so the client system would
only keep 10 orphan sockets, for all other orphan sockets, the client
system sent RST for them and delete them. We have 64 connections, so
the 'ss -s' command shows the system has 10 orphan sockets, and the
value of TcpExtTCPAbortOnMemory was 54.”h]”hX­  The explanation of the test: after run server_orphan.py and
client_orphan.py, we set up 64 connections between server and
client. Run the iptables command, the server will drop all packets from
the client, type Ctrl-C on client_orphan.py, the system of the client
would try to close these connections, and before they are closed
gracefully, these connections became orphan sockets. As the iptables
of the server blocked packets from the client, the server wonâ€™t receive fin
from the client, so all connection on clients would be stuck on FIN_WAIT_1
stage, so they will keep as orphan sockets until timeout. We have echo
10 to /proc/sys/net/ipv4/tcp_max_orphans, so the client system would
only keep 10 orphan sockets, for all other orphan sockets, the client
system sent RST for them and delete them. We have 64 connections, so
the â€˜ss -sâ€™ command shows the system has 10 orphan sockets, and the
value of TcpExtTCPAbortOnMemory was 54.”…””}”(hj˜%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MLhj‹$  h²hubhÌ)”}”(hXš  An additional explanation about orphan socket count: You could find the
exactly orphan socket count by the 'ss -s' command, but when kernel
decide whither increases TcpExtTCPAbortOnMemory and sends RST, kernel
doesn't always check the exactly orphan socket count. For increasing
performance, kernel checks an approximate count firstly, if the
approximate count is more than tcp_max_orphans, kernel checks the
exact count again. So if the approximate count is less than
tcp_max_orphans, but exactly count is more than tcp_max_orphans, you
would find TcpExtTCPAbortOnMemory is not increased at all. If
tcp_max_orphans is large enough, it won't occur, but if you decrease
tcp_max_orphans to a small value like our test, you might find this
issue. So in our test, the client set up 64 connections although the
tcp_max_orphans is 10. If the client only set up 11 connections, we
can't find the change of TcpExtTCPAbortOnMemory.”h]”hX¤  An additional explanation about orphan socket count: You could find the
exactly orphan socket count by the â€˜ss -sâ€™ command, but when kernel
decide whither increases TcpExtTCPAbortOnMemory and sends RST, kernel
doesnâ€™t always check the exactly orphan socket count. For increasing
performance, kernel checks an approximate count firstly, if the
approximate count is more than tcp_max_orphans, kernel checks the
exact count again. So if the approximate count is less than
tcp_max_orphans, but exactly count is more than tcp_max_orphans, you
would find TcpExtTCPAbortOnMemory is not increased at all. If
tcp_max_orphans is large enough, it wonâ€™t occur, but if you decrease
tcp_max_orphans to a small value like our test, you might find this
issue. So in our test, the client set up 64 connections although the
tcp_max_orphans is 10. If the client only set up 11 connections, we
canâ€™t find the change of TcpExtTCPAbortOnMemory.”…””}”(hj¦%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M[hj‹$  h²hubhÌ)”}”(hX.  Continue the previous test, we wait for several minutes. Because of the
iptables on the server blocked the traffic, the server wouldn't receive
fin, and all the client's orphan sockets would timeout on the
FIN_WAIT_1 state finally. So we wait for a few minutes, we could find
10 timeout on the client::”h]”hX1  Continue the previous test, we wait for several minutes. Because of the
iptables on the server blocked the traffic, the server wouldnâ€™t receive
fin, and all the clientâ€™s orphan sockets would timeout on the
FIN_WAIT_1 state finally. So we wait for a few minutes, we could find
10 timeout on the client:”…””}”(hj´%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mjhj‹$  h²hubj8  )”}”(hŒanstatuser@nstat-a:~$ nstat | grep -i abort
TcpExtTCPAbortOnTimeout         10                 0.0”h]”hŒanstatuser@nstat-a:~$ nstat | grep -i abort
TcpExtTCPAbortOnTimeout         10                 0.0”…””}”hjÂ%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mphj‹$  h²hubeh}”(h]”Œ2tcpexttcpabortonmemory-and-tcpexttcpabortontimeout”ah ]”h"]”Œ2tcpexttcpabortonmemory and tcpexttcpabortontimeout”ah$]”h&]”uh1hµhj!  h²hh³hÊh´Múubh¶)”}”(hhh]”(h»)”}”(hŒTcpExtTCPAbortOnLinger”h]”hŒTcpExtTCPAbortOnLinger”…””}”(hjÛ%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjØ%  h²hh³hÊh´MtubhÌ)”}”(hŒThe server side code::”h]”hŒThe server side code:”…””}”(hjé%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MuhjØ%  h²hubj8  )”}”(hŒénstatuser@nstat-b:~$ cat server_linger.py
import socket
import time

port = 9000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(1)
sock, addr = s.accept()
while True:
    time.sleep(9999999)”h]”hŒénstatuser@nstat-b:~$ cat server_linger.py
import socket
import time

port = 9000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(1)
sock, addr = s.accept()
while True:
    time.sleep(9999999)”…””}”hj÷%  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MwhjØ%  h²hubhÌ)”}”(hŒThe client side code::”h]”hŒThe client side code:”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M„hjØ%  h²hubj8  )”}”(hXd  nstatuser@nstat-a:~$ cat client_linger.py
import socket
import struct

server = 'nstat-b' # server address
port = 9000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 10))
s.setsockopt(socket.SOL_TCP, socket.TCP_LINGER2, struct.pack('i', -1))
s.connect((server, port))
s.close()”h]”hXd  nstatuser@nstat-a:~$ cat client_linger.py
import socket
import struct

server = 'nstat-b' # server address
port = 9000

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 10))
s.setsockopt(socket.SOL_TCP, socket.TCP_LINGER2, struct.pack('i', -1))
s.connect((server, port))
s.close()”…””}”hj&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M†hjØ%  h²hubhÌ)”}”(hŒ Run server_linger.py on server::”h]”hŒRun server_linger.py on server:”…””}”(hj!&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M“hjØ%  h²hubj8  )”}”(hŒ-nstatuser@nstat-b:~$ python3 server_linger.py”h]”hŒ-nstatuser@nstat-b:~$ python3 server_linger.py”…””}”hj/&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M•hjØ%  h²hubhÌ)”}”(hŒ Run client_linger.py on client::”h]”hŒRun client_linger.py on client:”…””}”(hj=&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M—hjØ%  h²hubj8  )”}”(hŒ-nstatuser@nstat-a:~$ python3 client_linger.py”h]”hŒ-nstatuser@nstat-a:~$ python3 client_linger.py”…””}”hjK&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M™hjØ%  h²hubhÌ)”}”(hŒ7After run client_linger.py, check the output of nstat::”h]”hŒ6After run client_linger.py, check the output of nstat:”…””}”(hjY&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M›hjØ%  h²hubj8  )”}”(hŒanstatuser@nstat-a:~$ nstat | grep -i abort
TcpExtTCPAbortOnLinger          1                  0.0”h]”hŒanstatuser@nstat-a:~$ nstat | grep -i abort
TcpExtTCPAbortOnLinger          1                  0.0”…””}”hjg&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MhjØ%  h²hubeh}”(h]”Œtcpexttcpabortonlinger”ah ]”h"]”Œtcpexttcpabortonlinger”ah$]”h&]”uh1hµhj!  h²hh³hÊh´Mtubh¶)”}”(hhh]”(h»)”}”(hŒTcpExtTCPRcvCoalesce”h]”hŒTcpExtTCPRcvCoalesce”…””}”(hj€&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj}&  h²hh³hÊh´M¡ubhÌ)”}”(hŒZOn the server, we run a program which listen on TCP port 9000, but
doesn't read any data::”h]”hŒ[On the server, we run a program which listen on TCP port 9000, but
doesnâ€™t read any data:”…””}”(hjŽ&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¢hj}&  h²hubj8  )”}”(hŒ½import socket
import time
port = 9000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(1)
sock, addr = s.accept()
while True:
    time.sleep(9999999)”h]”hŒ½import socket
import time
port = 9000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', port))
s.listen(1)
sock, addr = s.accept()
while True:
    time.sleep(9999999)”…””}”hjœ&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M¥hj}&  h²hubhÌ)”}”(hŒ4Save the above code as server_coalesce.py, and run::”h]”hŒ3Save the above code as server_coalesce.py, and run:”…””}”(hjª&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¯hj}&  h²hubj8  )”}”(hŒpython3 server_coalesce.py”h]”hŒpython3 server_coalesce.py”…””}”hj¸&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M±hj}&  h²hubhÌ)”}”(hŒ6On the client, save below code as client_coalesce.py::”h]”hŒ5On the client, save below code as client_coalesce.py:”…””}”(hjÆ&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M³hj}&  h²hubj8  )”}”(hŒ|import socket
server = 'nstat-b'
port = 9000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((server, port))”h]”hŒ|import socket
server = 'nstat-b'
port = 9000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((server, port))”…””}”hjÔ&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mµhj}&  h²hubhÌ)”}”(hŒRun::”h]”hŒRun:”…””}”(hjâ&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M»hj}&  h²hubj8  )”}”(hŒ2nstatuser@nstat-a:~$ python3 -i client_coalesce.py”h]”hŒ2nstatuser@nstat-a:~$ python3 -i client_coalesce.py”…””}”hjð&  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M½hj}&  h²hubhÌ)”}”(hŒ>We use '-i' to come into the interactive mode, then a packet::”h]”hŒAWe use â€˜-iâ€™ to come into the interactive mode, then a packet:”…””}”(hjþ&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¿hj}&  h²hubj8  )”}”(hŒ>>> s.send(b'foo')
3”h]”hŒ>>> s.send(b'foo')
3”…””}”hj'  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MÁhj}&  h²hubhÌ)”}”(hŒSend a packet again::”h]”hŒSend a packet again:”…””}”(hj'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÄhj}&  h²hubj8  )”}”(hŒ>>> s.send(b'bar')
3”h]”hŒ>>> s.send(b'bar')
3”…””}”hj('  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MÆhj}&  h²hubhÌ)”}”(hŒOn the server, run nstat::”h]”hŒOn the server, run nstat:”…””}”(hj6'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÉhj}&  h²hubj8  )”}”(hX  ubuntu@nstat-b:~$ nstat
#kernel
IpInReceives                    2                  0.0
IpInDelivers                    2                  0.0
IpOutRequests                   2                  0.0
TcpInSegs                       2                  0.0
TcpOutSegs                      2                  0.0
TcpExtTCPRcvCoalesce            1                  0.0
IpExtInOctets                   110                0.0
IpExtOutOctets                  104                0.0
IpExtInNoECTPkts                2                  0.0”h]”hX  ubuntu@nstat-b:~$ nstat
#kernel
IpInReceives                    2                  0.0
IpInDelivers                    2                  0.0
IpOutRequests                   2                  0.0
TcpInSegs                       2                  0.0
TcpOutSegs                      2                  0.0
TcpExtTCPRcvCoalesce            1                  0.0
IpExtInOctets                   110                0.0
IpExtOutOctets                  104                0.0
IpExtInNoECTPkts                2                  0.0”…””}”hjD'  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MËhj}&  h²hubhÌ)”}”(hŒ÷The client sent two packets, server didn't read any data. When
the second packet arrived at server, the first packet was still in
the receiving queue. So the TCP layer merged the two packets, and we
could find the TcpExtTCPRcvCoalesce increased 1.”h]”hŒùThe client sent two packets, server didnâ€™t read any data. When
the second packet arrived at server, the first packet was still in
the receiving queue. So the TCP layer merged the two packets, and we
could find the TcpExtTCPRcvCoalesce increased 1.”…””}”(hjR'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M×hj}&  h²hubeh}”(h]”Œtcpexttcprcvcoalesce”ah ]”h"]”Œtcpexttcprcvcoalesce”ah$]”h&]”uh1hµhj!  h²hh³hÊh´M¡ubh¶)”}”(hhh]”(h»)”}”(hŒ+TcpExtListenOverflows and TcpExtListenDrops”h]”hŒ+TcpExtListenOverflows and TcpExtListenDrops”…””}”(hjk'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjh'  h²hh³hÊh´MÝubhÌ)”}”(hŒ4On server, run the nc command, listen on port 9000::”h]”hŒ3On server, run the nc command, listen on port 9000:”…””}”(hjy'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÞhjh'  h²hubj8  )”}”(hŒVnstatuser@nstat-b:~$ nc -lkv 0.0.0.0 9000
Listening on [0.0.0.0] (family 0, port 9000)”h]”hŒVnstatuser@nstat-b:~$ nc -lkv 0.0.0.0 9000
Listening on [0.0.0.0] (family 0, port 9000)”…””}”hj‡'  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Màhjh'  h²hubhÌ)”}”(hŒ5On client, run 3 nc commands in different terminals::”h]”hŒ4On client, run 3 nc commands in different terminals:”…””}”(hj•'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mãhjh'  h²hubj8  )”}”(hŒZnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!”h]”hŒZnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!”…””}”hj£'  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Måhjh'  h²hubhÌ)”}”(hX  The nc command only accepts 1 connection, and the accept queue length
is 1. On current linux implementation, set queue length to n means the
actual queue length is n+1. Now we create 3 connections, 1 is accepted
by nc, 2 in accepted queue, so the accept queue is full.”h]”hX  The nc command only accepts 1 connection, and the accept queue length
is 1. On current linux implementation, set queue length to n means the
actual queue length is n+1. Now we create 3 connections, 1 is accepted
by nc, 2 in accepted queue, so the accept queue is full.”…””}”(hj±'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mèhjh'  h²hubhÌ)”}”(hŒEBefore running the 4th nc, we clean the nstat history on the server::”h]”hŒDBefore running the 4th nc, we clean the nstat history on the server:”…””}”(hj¿'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Míhjh'  h²hubj8  )”}”(hŒnstatuser@nstat-b:~$ nstat -n”h]”hŒnstatuser@nstat-b:~$ nstat -n”…””}”hjÍ'  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mïhjh'  h²hubhÌ)”}”(hŒRun the 4th nc on the client::”h]”hŒRun the 4th nc on the client:”…””}”(hjÛ'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mñhjh'  h²hubj8  )”}”(hŒ'nstatuser@nstat-a:~$ nc -v nstat-b 9000”h]”hŒ'nstatuser@nstat-a:~$ nc -v nstat-b 9000”…””}”hjé'  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Móhjh'  h²hubhÌ)”}”(hX®  If the nc server is running on kernel 4.10 or higher version, you
won't see the "Connection to ... succeeded!" string, because kernel
will drop the SYN if the accept queue is full. If the nc client is running
on an old kernel, you would see that the connection is succeeded,
because kernel would complete the 3 way handshake and keep the socket
on half open queue. I did the test on kernel 4.15. Below is the nstat
on the server::”h]”hX³  If the nc server is running on kernel 4.10 or higher version, you
wonâ€™t see the â€œConnection to ... succeeded!â€ string, because kernel
will drop the SYN if the accept queue is full. If the nc client is running
on an old kernel, you would see that the connection is succeeded,
because kernel would complete the 3 way handshake and keep the socket
on half open queue. I did the test on kernel 4.15. Below is the nstat
on the server:”…””}”(hj÷'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mõhjh'  h²hubj8  )”}”(hX£  nstatuser@nstat-b:~$ nstat
#kernel
IpInReceives                    4                  0.0
IpInDelivers                    4                  0.0
TcpInSegs                       4                  0.0
TcpExtListenOverflows           4                  0.0
TcpExtListenDrops               4                  0.0
IpExtInOctets                   240                0.0
IpExtInNoECTPkts                4                  0.0”h]”hX£  nstatuser@nstat-b:~$ nstat
#kernel
IpInReceives                    4                  0.0
IpInDelivers                    4                  0.0
TcpInSegs                       4                  0.0
TcpExtListenOverflows           4                  0.0
TcpExtListenDrops               4                  0.0
IpExtInOctets                   240                0.0
IpExtInNoECTPkts                4                  0.0”…””}”hj(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mýhjh'  h²hubhÌ)”}”(hŒÿBoth TcpExtListenOverflows and TcpExtListenDrops were 4. If the time
between the 4th nc and the nstat was longer, the value of
TcpExtListenOverflows and TcpExtListenDrops would be larger, because
the SYN of the 4th nc was dropped, the client was retrying.”h]”hŒÿBoth TcpExtListenOverflows and TcpExtListenDrops were 4. If the time
between the 4th nc and the nstat was longer, the value of
TcpExtListenOverflows and TcpExtListenDrops would be larger, because
the SYN of the 4th nc was dropped, the client was retrying.”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjh'  h²hubeh}”(h]”Œ+tcpextlistenoverflows-and-tcpextlistendrops”ah ]”h"]”Œ+tcpextlistenoverflows and tcpextlistendrops”ah$]”h&]”uh1hµhj!  h²hh³hÊh´MÝubh¶)”}”(hhh]”(h»)”}”(hŒ1IpInAddrErrors, IpExtInNoRoutes and IpOutNoRoutes”h]”hŒ1IpInAddrErrors, IpExtInNoRoutes and IpOutNoRoutes”…””}”(hj,(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj)(  h²hh³hÊh´MubhÌ)”}”(hŒxserver A IP address: 192.168.122.250
server B IP address: 192.168.122.251
Prepare on server A, add a route to server B::”h]”hŒwserver A IP address: 192.168.122.250
server B IP address: 192.168.122.251
Prepare on server A, add a route to server B:”…””}”(hj:(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj)(  h²hubj8  )”}”(hŒ2$ sudo ip route add 8.8.8.8/32 via 192.168.122.251”h]”hŒ2$ sudo ip route add 8.8.8.8/32 via 192.168.122.251”…””}”hjH(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mhj)(  h²hubhÌ)”}”(hŒ@Prepare on server B, disable send_redirects for all interfaces::”h]”hŒ?Prepare on server B, disable send_redirects for all interfaces:”…””}”(hjV(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj)(  h²hubj8  )”}”(hŒÓ$ sudo sysctl -w net.ipv4.conf.all.send_redirects=0
$ sudo sysctl -w net.ipv4.conf.ens3.send_redirects=0
$ sudo sysctl -w net.ipv4.conf.lo.send_redirects=0
$ sudo sysctl -w net.ipv4.conf.default.send_redirects=0”h]”hŒÓ$ sudo sysctl -w net.ipv4.conf.all.send_redirects=0
$ sudo sysctl -w net.ipv4.conf.ens3.send_redirects=0
$ sudo sysctl -w net.ipv4.conf.lo.send_redirects=0
$ sudo sysctl -w net.ipv4.conf.default.send_redirects=0”…””}”hjd(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mhj)(  h²hubhÌ)”}”(hŒÝWe want to let sever A send a packet to 8.8.8.8, and route the packet
to server B. When server B receives such packet, it might send a ICMP
Redirect message to server A, set send_redirects to 0 will disable
this behavior.”•³v      h]”hŒÝWe want to let sever A send a packet to 8.8.8.8, and route the packet
to server B. When server B receives such packet, it might send a ICMP
Redirect message to server A, set send_redirects to 0 will disable
this behavior.”…””}”(hjr(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj)(  h²hubhÌ)”}”(hŒEFirst, generate InAddrErrors. On server B, we disable IP forwarding::”h]”hŒDFirst, generate InAddrErrors. On server B, we disable IP forwarding:”…””}”(hj€(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M hj)(  h²hubj8  )”}”(hŒ/$ sudo sysctl -w net.ipv4.conf.all.forwarding=0”h]”hŒ/$ sudo sysctl -w net.ipv4.conf.all.forwarding=0”…””}”hjŽ(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M"hj)(  h²hubhÌ)”}”(hŒ)On server A, we send packets to 8.8.8.8::”h]”hŒ(On server A, we send packets to 8.8.8.8:”…””}”(hjœ(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M$hj)(  h²hubj8  )”}”(hŒ$ nc -v 8.8.8.8 53”h]”hŒ$ nc -v 8.8.8.8 53”…””}”hjª(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M&hj)(  h²hubhÌ)”}”(hŒ+On server B, we check the output of nstat::”h]”hŒ*On server B, we check the output of nstat:”…””}”(hj¸(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M(hj)(  h²hubj8  )”}”(hŒë$ nstat
#kernel
IpInReceives                    3                  0.0
IpInAddrErrors                  3                  0.0
IpExtInOctets                   180                0.0
IpExtInNoECTPkts                3                  0.0”h]”hŒë$ nstat
#kernel
IpInReceives                    3                  0.0
IpInAddrErrors                  3                  0.0
IpExtInOctets                   180                0.0
IpExtInNoECTPkts                3                  0.0”…””}”hjÆ(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M*hj)(  h²hubhÌ)”}”(hX2  As we have let server A route 8.8.8.8 to server B, and we disabled IP
forwarding on server B, Server A sent packets to server B, then server B
dropped packets and increased IpInAddrErrors. As the nc command would
re-send the SYN packet if it didn't receive a SYN+ACK, we could find
multiple IpInAddrErrors.”h]”hX4  As we have let server A route 8.8.8.8 to server B, and we disabled IP
forwarding on server B, Server A sent packets to server B, then server B
dropped packets and increased IpInAddrErrors. As the nc command would
re-send the SYN packet if it didnâ€™t receive a SYN+ACK, we could find
multiple IpInAddrErrors.”…””}”(hjÔ(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M1hj)(  h²hubhÌ)”}”(hŒHSecond, generate IpExtInNoRoutes. On server B, we enable IP
forwarding::”h]”hŒGSecond, generate IpExtInNoRoutes. On server B, we enable IP
forwarding:”…””}”(hjâ(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M7hj)(  h²hubj8  )”}”(hŒ/$ sudo sysctl -w net.ipv4.conf.all.forwarding=1”h]”hŒ/$ sudo sysctl -w net.ipv4.conf.all.forwarding=1”…””}”hjð(  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M:hj)(  h²hubhÌ)”}”(hŒ@Check the route table of server B and remove the default route::”h]”hŒ?Check the route table of server B and remove the default route:”…””}”(hjþ(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M<hj)(  h²hubj8  )”}”(hŒÌ$ ip route show
default via 192.168.122.1 dev ens3 proto static
192.168.122.0/24 dev ens3 proto kernel scope link src 192.168.122.251
$ sudo ip route delete default via 192.168.122.1 dev ens3 proto static”h]”hŒÌ$ ip route show
default via 192.168.122.1 dev ens3 proto static
192.168.122.0/24 dev ens3 proto kernel scope link src 192.168.122.251
$ sudo ip route delete default via 192.168.122.1 dev ens3 proto static”…””}”hj)  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M>hj)(  h²hubhÌ)”}”(hŒ'On server A, we contact 8.8.8.8 again::”h]”hŒ&On server A, we contact 8.8.8.8 again:”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MChj)(  h²hubj8  )”}”(hŒV$ nc -v 8.8.8.8 53
nc: connect to 8.8.8.8 port 53 (tcp) failed: Network is unreachable”h]”hŒV$ nc -v 8.8.8.8 53
nc: connect to 8.8.8.8 port 53 (tcp) failed: Network is unreachable”…””}”hj()  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MEhj)(  h²hubhÌ)”}”(hŒOn server B, run nstat::”h]”hŒOn server B, run nstat:”…””}”(hj6)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MHhj)(  h²hubj8  )”}”(hXþ  $ nstat
#kernel
IpInReceives                    1                  0.0
IpOutRequests                   1                  0.0
IcmpOutMsgs                     1                  0.0
IcmpOutDestUnreachs             1                  0.0
IcmpMsgOutType3                 1                  0.0
IpExtInNoRoutes                 1                  0.0
IpExtInOctets                   60                 0.0
IpExtOutOctets                  88                 0.0
IpExtInNoECTPkts                1                  0.0”h]”hXþ  $ nstat
#kernel
IpInReceives                    1                  0.0
IpOutRequests                   1                  0.0
IcmpOutMsgs                     1                  0.0
IcmpOutDestUnreachs             1                  0.0
IcmpMsgOutType3                 1                  0.0
IpExtInNoRoutes                 1                  0.0
IpExtInOctets                   60                 0.0
IpExtOutOctets                  88                 0.0
IpExtInNoECTPkts                1                  0.0”…””}”hjD)  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MJhj)(  h²hubhÌ)”}”(hXA  We enabled IP forwarding on server B, when server B received a packet
which destination IP address is 8.8.8.8, server B will try to forward
this packet. We have deleted the default route, there was no route for
8.8.8.8, so server B increase IpExtInNoRoutes and sent the "ICMP
Destination Unreachable" message to server A.”h]”hXE  We enabled IP forwarding on server B, when server B received a packet
which destination IP address is 8.8.8.8, server B will try to forward
this packet. We have deleted the default route, there was no route for
8.8.8.8, so server B increase IpExtInNoRoutes and sent the â€œICMP
Destination Unreachableâ€ message to server A.”…””}”(hjR)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MVhj)(  h²hubhÌ)”}”(hŒ=Third, generate IpOutNoRoutes. Run ping command on server B::”h]”hŒ<Third, generate IpOutNoRoutes. Run ping command on server B:”…””}”(hj`)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M\hj)(  h²hubj8  )”}”(hŒ3$ ping -c 1 8.8.8.8
connect: Network is unreachable”h]”hŒ3$ ping -c 1 8.8.8.8
connect: Network is unreachable”…””}”hjn)  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M^hj)(  h²hubhÌ)”}”(hŒRun nstat on server B::”h]”hŒRun nstat on server B:”…””}”(hj|)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mahj)(  h²hubj8  )”}”(hŒF$ nstat
#kernel
IpOutNoRoutes                   1                  0.0”h]”hŒF$ nstat
#kernel
IpOutNoRoutes                   1                  0.0”…””}”hjŠ)  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mchj)(  h²hubhÌ)”}”(hŒŽWe have deleted the default route on server B. Server B couldn't find
a route for the 8.8.8.8 IP address, so server B increased
IpOutNoRoutes.”h]”hŒWe have deleted the default route on server B. Server B couldnâ€™t find
a route for the 8.8.8.8 IP address, so server B increased
IpOutNoRoutes.”…””}”(hj˜)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mghj)(  h²hubeh}”(h]”Œ0ipinaddrerrors-ipextinnoroutes-and-ipoutnoroutes”ah ]”h"]”Œ1ipinaddrerrors, ipextinnoroutes and ipoutnoroutes”ah$]”h&]”uh1hµhj!  h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒTcpExtTCPACKSkippedSynRecv”h]”hŒTcpExtTCPACKSkippedSynRecv”…””}”(hj±)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj®)  h²hh³hÊh´MlubhÌ)”}”(hX·  In this test, we send 3 same SYN packets from client to server. The
first SYN will let server create a socket, set it to Syn-Recv status,
and reply a SYN/ACK. The second SYN will let server reply the SYN/ACK
again, and record the reply time (the duplicate ACK reply time). The
third SYN will let server check the previous duplicate ACK reply time,
and decide to skip the duplicate ACK, then increase the
TcpExtTCPACKSkippedSynRecv counter.”h]”hX·  In this test, we send 3 same SYN packets from client to server. The
first SYN will let server create a socket, set it to Syn-Recv status,
and reply a SYN/ACK. The second SYN will let server reply the SYN/ACK
again, and record the reply time (the duplicate ACK reply time). The
third SYN will let server check the previous duplicate ACK reply time,
and decide to skip the duplicate ACK, then increase the
TcpExtTCPACKSkippedSynRecv counter.”…””}”(hj¿)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mmhj®)  h²hubhÌ)”}”(hŒ%Run tcpdump to capture a SYN packet::”h]”hŒ$Run tcpdump to capture a SYN packet:”…””}”(hjÍ)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Muhj®)  h²hubj8  )”}”(hŒ”nstatuser@nstat-a:~$ sudo tcpdump -c 1 -w /tmp/syn.pcap port 9000
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes”h]”hŒ”nstatuser@nstat-a:~$ sudo tcpdump -c 1 -w /tmp/syn.pcap port 9000
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes”…””}”hjÛ)  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mwhj®)  h²hubhÌ)”}”(hŒ'Open another terminal, run nc command::”h]”hŒ&Open another terminal, run nc command:”…””}”(hjé)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mzhj®)  h²hubj8  )”}”(hŒ$nstatuser@nstat-a:~$ nc nstat-b 9000”h]”hŒ$nstatuser@nstat-a:~$ nc nstat-b 9000”…””}”hj÷)  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M|hj®)  h²hubhÌ)”}”(hXA  As the nstat-b didn't listen on port 9000, it should reply a RST, and
the nc command exited immediately. It was enough for the tcpdump
command to capture a SYN packet. A linux server might use hardware
offload for the TCP checksum, so the checksum in the /tmp/syn.pcap
might be not correct. We call tcprewrite to fix it::”h]”hXB  As the nstat-b didnâ€™t listen on port 9000, it should reply a RST, and
the nc command exited immediately. It was enough for the tcpdump
command to capture a SYN packet. A linux server might use hardware
offload for the TCP checksum, so the checksum in the /tmp/syn.pcap
might be not correct. We call tcprewrite to fix it:”…””}”(hj*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M~hj®)  h²hubj8  )”}”(hŒ`nstatuser@nstat-a:~$ tcprewrite --infile=/tmp/syn.pcap --outfile=/tmp/syn_fixcsum.pcap --fixcsum”h]”hŒ`nstatuser@nstat-a:~$ tcprewrite --infile=/tmp/syn.pcap --outfile=/tmp/syn_fixcsum.pcap --fixcsum”…””}”hj*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M„hj®)  h²hubhÌ)”}”(hŒ.On nstat-b, we run nc to listen on port 9000::”h]”hŒ-On nstat-b, we run nc to listen on port 9000:”…””}”(hj!*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M†hj®)  h²hubj8  )”}”(hŒNnstatuser@nstat-b:~$ nc -lkv 9000
Listening on [0.0.0.0] (family 0, port 9000)”h]”hŒNnstatuser@nstat-b:~$ nc -lkv 9000
Listening on [0.0.0.0] (family 0, port 9000)”…””}”hj/*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mˆhj®)  h²hubhÌ)”}”(hŒXOn nstat-a, we blocked the packet from port 9000, or nstat-a would send
RST to nstat-b::”h]”hŒWOn nstat-a, we blocked the packet from port 9000, or nstat-a would send
RST to nstat-b:”…””}”(hj=*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M‹hj®)  h²hubj8  )”}”(hŒGnstatuser@nstat-a:~$ sudo iptables -A INPUT -p tcp --sport 9000 -j DROP”h]”hŒGnstatuser@nstat-a:~$ sudo iptables -A INPUT -p tcp --sport 9000 -j DROP”…””}”hjK*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MŽhj®)  h²hubhÌ)”}”(hŒ"Send 3 SYN repeatedly to nstat-b::”h]”hŒ!Send 3 SYN repeatedly to nstat-b:”…””}”(hjY*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj®)  h²hubj8  )”}”(hŒ[nstatuser@nstat-a:~$ for i in {1..3}; do sudo tcpreplay -i ens3 /tmp/syn_fixcsum.pcap; done”h]”hŒ[nstatuser@nstat-a:~$ for i in {1..3}; do sudo tcpreplay -i ens3 /tmp/syn_fixcsum.pcap; done”…””}”hjg*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M’hj®)  h²hubhÌ)”}”(hŒCheck snmp counter on nstat-b::”h]”hŒCheck snmp counter on nstat-b:”…””}”(hju*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M”hj®)  h²hubj8  )”}”(hŒ`nstatuser@nstat-b:~$ nstat | grep -i skip
TcpExtTCPACKSkippedSynRecv      1                  0.0”h]”hŒ`nstatuser@nstat-b:~$ nstat | grep -i skip
TcpExtTCPACKSkippedSynRecv      1                  0.0”…””}”hjƒ*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M–hj®)  h²hubhÌ)”}”(hŒ0As we expected, TcpExtTCPACKSkippedSynRecv is 1.”h]”hŒ0As we expected, TcpExtTCPACKSkippedSynRecv is 1.”…””}”(hj‘*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M™hj®)  h²hubeh}”(h]”Œtcpexttcpackskippedsynrecv”ah ]”h"]”Œtcpexttcpackskippedsynrecv”ah$]”h&]”uh1hµhj!  h²hh³hÊh´Mlubh¶)”}”(hhh]”(h»)”}”(hŒTcpExtTCPACKSkippedPAWS”h]”hŒTcpExtTCPACKSkippedPAWS”…””}”(hjª*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj§*  h²hh³hÊh´MœubhÌ)”}”(hŒ*To trigger PAWS, we could send an old SYN.”h]”hŒ*To trigger PAWS, we could send an old SYN.”…””}”(hj¸*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj§*  h²hubhÌ)”}”(hŒ(On nstat-b, let nc listen on port 9000::”h]”hŒ'On nstat-b, let nc listen on port 9000:”…””}”(hjÆ*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MŸhj§*  h²hubj8  )”}”(hŒNnstatuser@nstat-b:~$ nc -lkv 9000
Listening on [0.0.0.0] (family 0, port 9000)”h]”hŒNnstatuser@nstat-b:~$ nc -lkv 9000
Listening on [0.0.0.0] (family 0, port 9000)”…””}”hjÔ*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M¡hj§*  h²hubhÌ)”}”(hŒ*On nstat-a, run tcpdump to capture a SYN::”h]”hŒ)On nstat-a, run tcpdump to capture a SYN:”…””}”(hjâ*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¤hj§*  h²hubj8  )”}”(hŒ™nstatuser@nstat-a:~$ sudo tcpdump -w /tmp/paws_pre.pcap -c 1 port 9000
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes”h]”hŒ™nstatuser@nstat-a:~$ sudo tcpdump -w /tmp/paws_pre.pcap -c 1 port 9000
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes”…””}”hjð*  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M¦hj§*  h²hubhÌ)”}”(hŒ3On nstat-a, run nc as a client to connect nstat-b::”h]”hŒ2On nstat-a, run nc as a client to connect nstat-b:”…””}”(hjþ*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M©hj§*  h²hubj8  )”}”(hŒZnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!”h]”hŒZnstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!”…””}”hj+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M«hj§*  h²hubhÌ)”}”(hŒKNow the tcpdump has captured the SYN and exit. We should fix the
checksum::”h]”hŒJNow the tcpdump has captured the SYN and exit. We should fix the
checksum:”…””}”(hj+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M®hj§*  h²hubj8  )”}”(hŒ^nstatuser@nstat-a:~$ tcprewrite --infile /tmp/paws_pre.pcap --outfile /tmp/paws.pcap --fixcsum”h]”hŒ^nstatuser@nstat-a:~$ tcprewrite --infile /tmp/paws_pre.pcap --outfile /tmp/paws.pcap --fixcsum”…””}”hj(+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M±hj§*  h²hubhÌ)”}”(hŒSend the SYN packet twice::”h]”hŒSend the SYN packet twice:”…””}”(hj6+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M³hj§*  h²hubj8  )”}”(hŒTnstatuser@nstat-a:~$ for i in {1..2}; do sudo tcpreplay -i ens3 /tmp/paws.pcap; done”h]”hŒTnstatuser@nstat-a:~$ for i in {1..2}; do sudo tcpreplay -i ens3 /tmp/paws.pcap; done”…””}”hjD+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mµhj§*  h²hubhÌ)”}”(hŒ$On nstat-b, check the snmp counter::”h]”hŒ#On nstat-b, check the snmp counter:”…””}”(hjR+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M·hj§*  h²hubj8  )”}”(hŒ`nstatuser@nstat-b:~$ nstat | grep -i skip
TcpExtTCPACKSkippedPAWS         1                  0.0”h]”hŒ`nstatuser@nstat-b:~$ nstat | grep -i skip
TcpExtTCPACKSkippedPAWS         1                  0.0”…””}”hj`+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´M¹hj§*  h²hubhÌ)”}”(hŒ¿We sent two SYN via tcpreplay, both of them would let PAWS check
failed, the nstat-b replied an ACK for the first SYN, skipped the ACK
for the second SYN, and updated TcpExtTCPACKSkippedPAWS.”h]”hŒ¿We sent two SYN via tcpreplay, both of them would let PAWS check
failed, the nstat-b replied an ACK for the first SYN, skipped the ACK
for the second SYN, and updated TcpExtTCPACKSkippedPAWS.”…””}”(hjn+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M¼hj§*  h²hubeh}”(h]”Œtcpexttcpackskippedpaws”ah ]”h"]”Œtcpexttcpackskippedpaws”ah$]”h&]”uh1hµhj!  h²hh³hÊh´Mœubh¶)”}”(hhh]”(h»)”}”(hŒTcpExtTCPACKSkippedSeq”h]”hŒTcpExtTCPACKSkippedSeq”…””}”(hj‡+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj„+  h²hh³hÊh´MÁubhÌ)”}”(hX÷  To trigger TcpExtTCPACKSkippedSeq, we send packets which have valid
timestamp (to pass PAWS check) but the sequence number is out of
window. The linux TCP stack would avoid to skip if the packet has
data, so we need a pure ACK packet. To generate such a packet, we
could create two sockets: one on port 9000, another on port 9001. Then
we capture an ACK on port 9001, change the source/destination port
numbers to match the port 9000 socket. Then we could trigger
TcpExtTCPACKSkippedSeq via this packet.”h]”hX÷  To trigger TcpExtTCPACKSkippedSeq, we send packets which have valid
timestamp (to pass PAWS check) but the sequence number is out of
window. The linux TCP stack would avoid to skip if the packet has
data, so we need a pure ACK packet. To generate such a packet, we
could create two sockets: one on port 9000, another on port 9001. Then
we capture an ACK on port 9001, change the source/destination port
numbers to match the port 9000 socket. Then we could trigger
TcpExtTCPACKSkippedSeq via this packet.”…””}”(hj•+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÂhj„+  h²hubhÌ)”}”(hŒ_On nstat-b, open two terminals, run two nc commands to listen on both
port 9000 and port 9001::”h]”hŒ^On nstat-b, open two terminals, run two nc commands to listen on both
port 9000 and port 9001:”…””}”(hj£+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MËhj„+  h²hubj8  )”}”(hŒžnstatuser@nstat-b:~$ nc -lkv 9000
Listening on [0.0.0.0] (family 0, port 9000)

nstatuser@nstat-b:~$ nc -lkv 9001
Listening on [0.0.0.0] (family 0, port 9001)”h]”hŒžnstatuser@nstat-b:~$ nc -lkv 9000
Listening on [0.0.0.0] (family 0, port 9000)

nstatuser@nstat-b:~$ nc -lkv 9001
Listening on [0.0.0.0] (family 0, port 9001)”…””}”hj±+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MÎhj„+  h²hubhÌ)”}”(hŒ On nstat-a, run two nc clients::”h]”hŒOn nstat-a, run two nc clients:”…””}”(hj¿+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÔhj„+  h²hubj8  )”}”(hŒ¶nstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!

nstatuser@nstat-a:~$ nc -v nstat-b 9001
Connection to nstat-b 9001 port [tcp/*] succeeded!”h]”hŒ¶nstatuser@nstat-a:~$ nc -v nstat-b 9000
Connection to nstat-b 9000 port [tcp/*] succeeded!

nstatuser@nstat-a:~$ nc -v nstat-b 9001
Connection to nstat-b 9001 port [tcp/*] succeeded!”…””}”hjÍ+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MÖhj„+  h²hubhÌ)”}”(hŒ+On nstat-a, run tcpdump to capture an ACK::”h]”hŒ*On nstat-a, run tcpdump to capture an ACK:”…””}”(hjÛ+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MÜhj„+  h²hubj8  )”}”(hŒœnstatuser@nstat-a:~$ sudo tcpdump -w /tmp/seq_pre.pcap -c 1 dst port 9001
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes”h]”hŒœnstatuser@nstat-a:~$ sudo tcpdump -w /tmp/seq_pre.pcap -c 1 dst port 9001
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes”…””}”hjé+  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´MÞhj„+  h²hubhÌ)”}”(hŒ`On nstat-b, send a packet via the port 9001 socket. E.g. we sent a
string 'foo' in our example::”h]”hŒcOn nstat-b, send a packet via the port 9001 socket. E.g. we sent a
string â€˜fooâ€™ in our example:”…””}”(hj÷+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Máhj„+  h²hubj8  )”}”(hŒznstatuser@nstat-b:~$ nc -lkv 9001
Listening on [0.0.0.0] (family 0, port 9001)
Connection from nstat-a 42132 received!
foo”h]”hŒznstatuser@nstat-b:~$ nc -lkv 9001
Listening on [0.0.0.0] (family 0, port 9001)
Connection from nstat-a 42132 received!
foo”…””}”hj,  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mähj„+  h²hubhÌ)”}”(hŒuOn nstat-a, the tcpdump should have captured the ACK. We should check
the source port numbers of the two nc clients::”h]”hŒtOn nstat-a, the tcpdump should have captured the ACK. We should check
the source port numbers of the two nc clients:”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Méhj„+  h²hubj8  )”}”(hX0  nstatuser@nstat-a:~$ ss -ta '( dport = :9000 || dport = :9001 )' | tee
State  Recv-Q   Send-Q         Local Address:Port           Peer Address:Port
ESTAB  0        0            192.168.122.250:50208       192.168.122.251:9000
ESTAB  0        0            192.168.122.250:42132       192.168.122.251:9001”h]”hX0  nstatuser@nstat-a:~$ ss -ta '( dport = :9000 || dport = :9001 )' | tee
State  Recv-Q   Send-Q         Local Address:Port           Peer Address:Port
ESTAB  0        0            192.168.122.250:50208       192.168.122.251:9000
ESTAB  0        0            192.168.122.250:42132       192.168.122.251:9001”…””}”hj!,  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mìhj„+  h²hubhÌ)”}”(hŒPRun tcprewrite, change port 9001 to port 9000, change port 42132 to
port 50208::”h]”hŒORun tcprewrite, change port 9001 to port 9000, change port 42132 to
port 50208:”…””}”(hj/,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mñhj„+  h²hubj8  )”}”(hŒxnstatuser@nstat-a:~$ tcprewrite --infile /tmp/seq_pre.pcap --outfile /tmp/seq.pcap -r 9001:9000 -r 42132:50208 --fixcsum”h]”hŒxnstatuser@nstat-a:~$ tcprewrite --infile /tmp/seq_pre.pcap --outfile /tmp/seq.pcap -r 9001:9000 -r 42132:50208 --fixcsum”…””}”hj=,  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Môhj„+  h²hubhÌ)”}”(hŒANow the /tmp/seq.pcap is the packet we need. Send it to nstat-b::”h]”hŒ@Now the /tmp/seq.pcap is the packet we need. Send it to nstat-b:”…””}”(hjK,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Möhj„+  h²hubj8  )”}”(hŒSnstatuser@nstat-a:~$ for i in {1..2}; do sudo tcpreplay -i ens3 /tmp/seq.pcap; done”h]”hŒSnstatuser@nstat-a:~$ for i in {1..2}; do sudo tcpreplay -i ens3 /tmp/seq.pcap; done”…””}”hjY,  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Møhj„+  h²hubhÌ)”}”(hŒ)Check TcpExtTCPACKSkippedSeq on nstat-b::”h]”hŒ(Check TcpExtTCPACKSkippedSeq on nstat-b:”…””}”(hjg,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Múhj„+  h²hubj8  )”}”(hŒ`nstatuser@nstat-b:~$ nstat | grep -i skip
TcpExtTCPACKSkippedSeq          1                  0.0”h]”hŒ`nstatuser@nstat-b:~$ nstat | grep -i skip
TcpExtTCPACKSkippedSeq          1                  0.0”…””}”hju,  sbah}”(h]”h ]”h"]”h$]”h&]”jG  jH  uh1j7  h³hÊh´Mühj„+  h²hubeh}”(h]”Œtcpexttcpackskippedseq”ah ]”h"]”Œtcpexttcpackskippedseq”ah$]”h&]”uh1hµhj!  h²hh³hÊh´MÁubeh}”(h]”Œexamples”ah ]”h"]”Œexamples”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mubeh}”(h]”Œsnmp-counter”ah ]”h"]”Œsnmp counter”ah$]”h&]”uh1hµhhh²hh³hÊh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÊuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hºNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j¾,  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÊŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œrfc1213 ipinreceives”]”j+  aŒrfc1213 ipindelivers”]”jŠ  aŒrfc1213 ipoutrequests”]”jä  aŒ explicit congestion notification”]”jm  aŒrfc1213 ipinhdrerrors”]”jË  aŒrfc1213 ipinaddrerrors”]”j  aŒrfc1213 ipinunknownprotos”]”jš  aŒrfc1213 ipindiscards”]”j  aŒrfc1213 ipoutdiscards”]”ji  aŒrfc1213 ipoutnoroutes”]”j¹  aŒrfc1213 icmpinmsgs”]”j"  aŒrfc1213 icmpoutmsgs”]”j7  aŒrfc1213 icmpindestunreachs”]”j²  aŒrfc1213 icmpintimeexcds”]”jÑ  aŒrfc1213 icmpinparmprobs”]”jð  aŒrfc1213 icmpinsrcquenchs”]”j  aŒrfc1213 icmpinredirects”]”j.  aŒrfc1213 icmpinechos”]”jM  aŒrfc1213 icmpinechoreps”]”jl  aŒrfc1213 icmpintimestamps”]”j‹  aŒrfc1213 icmpintimestampreps”]”jª  aŒrfc1213 icmpinaddrmasks”]”jÉ  aŒrfc1213 icmpinaddrmaskreps”]”jè  aŒrfc1213 icmpoutdestunreachs”]”j  aŒrfc1213 icmpouttimeexcds”]”j&  aŒrfc1213 icmpoutparmprobs”]”jE  aŒrfc1213 icmpoutsrcquenchs”]”jd  aŒrfc1213 icmpoutredirects”]”jƒ  aŒrfc1213 icmpoutechos”]”j¢  aŒrfc1213 icmpoutechoreps”]”jÁ  aŒrfc1213 icmpouttimestamps”]”jà  aŒrfc1213 icmpouttimestampreps”]”jÿ  aŒrfc1213 icmpoutaddrmasks”]”j  aŒrfc1213 icmpoutaddrmaskreps”]”j=  aŒicmp parameters”]”j™	  aŒrfc1213 icmpinerrors”]”j&
  aŒrfc1213 icmpouterrors”]”j;
  aŒrfc1213 tcpinsegs”]”j\  aŒrfc1213 tcpoutsegs”]”j¶  aŒrfc1213 tcpactiveopens”]”j  aŒrfc1213 tcppassiveopens”]”jj  aŒrfc1213 tcpestabresets”]”jB  aŒrfc1213 tcpattemptfails”]”j’  aŒrfc1213 tcpoutrsts”]”jâ  aŒf-rto”]”j¿  aŒsocket man page”]”jÉ  aŒtcp man page”]”jd  aŒrfc2525 2.17 section”]”j4  aŒhybrid slow start paper”]”j|  aŒrfc2018”]”j€  aŒrfc6582”]”j•  aŒrfc2883”]”jÜ  aŒtimestamp wiki”]”j¿  aŒrfc of paws”]”jÔ  aŒsysctl document”]”j†  aŒrfc 5961 section 3.2”]”jÁ  aŒrfc 5961 section 4.2”]”jÖ  aŒrfc 5961 section 5.2”]”(jë  j   eŒdelayed ack wiki”]”j  aŒ	tlp paper”]”jÖ  aŒtcp fast open wiki”]”j|  aŒsyn cookies wiki”]”jì  auŒrefids”}”Œnameids”}”(j˜,  j•,  jå  jâ  jO  jL  jª  j§  j  j  j‘  jŽ  jï  jì  j?  j<  j¾  j»  j=  j:  j  jŠ  jÝ  jÚ  j  j  jW  jT  jc  j`  jc  j`  jo  jl  j{  jx  j‡  j„  j“  j  jŸ  jœ  j«  j¨  j·  j´  jÃ  jÀ  jÏ  jÌ  jÛ  jØ  jç  jä  jó  jð  jÿ  jü  j	  j	  j	  j	  j#	  j 	  j/	  j,	  j;	  j8	  jG	  jD	  jS	  jP	  j_	  j\	  j½	  jº	  j[
  jX
  jg
  jd
  j  j  j  j  j|  jy  jÖ  jÓ  j0  j-  jŠ  j‡  jë  jè  jf  jc  j¶  j³  j  j  jã  jà  jŒ  j‰  j`  j]  jí  jê  jˆ  j…  jX  jU  jd  ja  j   j  jÀ  j½  jÖ  jÓ  jâ  jß  jÄ  jÁ  j   jý  jI  jF  jý  jú  j£  j   jj  jg  jø  jõ  j  j  jC  j@  jª  j§  j#  j   j/  j,  j;  j8  jé  jæ  jº  j·  j%  j"  j`  j]  jú  j÷  jÐ  jÍ  j   j  j¥  j¢  j  j  j*   j'   j!  j
!  j,  j,  jñ!  jî!  j¤"  j¡"  jÿ#  jü#  jˆ$  j…$  jÕ%  jÒ%  jz&  jw&  je'  jb'  j&(  j#(  j«)  j¨)  j¤*  j¡*  j+  j~+  jˆ,  j…,  uŒ	nametypes”}”(j˜,  ‰jå  ‰jO  ˆjª  ˆj  ˆj‘  ˆjï  ˆj?  ˆj¾  ˆj=  ˆj  ˆjÝ  ˆj  ‰jW  ˆjc  ˆjc  ˆjo  ˆj{  ˆj‡  ˆj“  ˆjŸ  ˆj«  ˆj·  ˆjÃ  ˆjÏ  ˆjÛ  ˆjç  ˆjó  ˆjÿ  ˆj	  ˆj	  ˆj#	  ˆj/	  ˆj;	  ˆjG	  ˆjS	  ˆj_	  ˆj½	  ˆj[
  ˆjg
  ˆj  ‰j  ‰j|  ˆjÖ  ˆj0  ˆjŠ  ˆjë  ‰jf  ˆj¶  ˆj  ˆjã  ˆjŒ  ‰j`  ‰jí  ˆjˆ  ˆjX  ˆjd  ‰j   ˆjÀ  ‰jÖ  ˆjâ  ˆjÄ  ‰j   ˆjI  ‰jý  ‰j£  ‰jj  ‰jø  ˆj  ˆjC  ‰jª  ˆj#  ˆj/  ˆj;  ˆjé  ‰jº  ‰j%  ˆj`  ‰jú  ˆjÐ  ‰j   ˆj¥  ‰j  ˆj*   ‰j!  ‰j,  ‰jñ!  ‰j¤"  ‰jÿ#  ‰jˆ$  ‰jÕ%  ‰jz&  ‰je'  ‰j&(  ‰j«)  ‰j¤*  ‰j+  ‰jˆ,  ‰uh}”(j•,  h·jâ  hÛjL  jF  j§  j¡  j  jû  jŽ  jˆ  jì  jæ  j<  j6  j»  jµ  j:  j4  jŠ  j„  jÚ  jÔ  j  jè  jT  jN  j`  jZ  j`  jZ  jl  jf  jx  jr  j„  j~  j  jŠ  jœ  j–  j¨  j¢  j´  j®  jÀ  jº  jÌ  jÆ  jØ  jÒ  jä  jÞ  jð  jê  jü  jö  j	  j	  j	  j	  j 	  j	  j,	  j&	  j8	  j2	  jD	  j>	  jP	  jJ	  j\	  jV	  jº	  j´	  jX
  jR
  jd
  j^
  j  jx
  j  j"  jy  js  jÓ  jÍ  j-  j'  j‡  j  jè  j  jc  j]  j³  j­  j  jý  jà  jÚ  j‰  jî  j]  j  jê  jä  j…  j  jU  jO  ja  jc  j  j—  j½  jg  jÓ  jÍ  jß  jÙ  jÁ  jÃ  jý  j÷  jF  jÇ  jú  jL  j   j   jg  j¦  jõ  jï  j  jû  j@  jm  j§  j¡  j   j  j,  j&  j8  j2  jæ  jF  j·  jì  j"  j  j]  j½  j÷  jñ  jÍ  jc  j  j—  j¢  jÓ  j  j  j'   j¨  j
!  j-   j,  j!  jî!  j!!  j¡"  jô!  jü#  j§"  j…$  j$  jÒ%  j‹$  jw&  jØ%  jb'  j}&  j#(  jh'  j¨)  j)(  j¡*  j®)  j~+  j§*  j…,  j„+  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”hŒsystem_message”“”)”}”(hhh]”hÌ)”}”(hŒ:Enumerated list start value not ordinal-1: "2" (ordinal 2)”h]”hŒ>Enumerated list start value not ordinal-1: â€œ2â€ (ordinal 2)”…””}”(hj¡-  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËhjž-  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”ŒINFO”Œsource”hÊŒline”Kuh1jœ-  hj  h²hh³hÊh´MúubaŒtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.