Linux系统抓包 关闭网卡巨帧特性

|

MTU

MTU 指的是 IP报文的大小, 一般MTU为1500

TCP模式下:
1500(MTU) = 1460(tcp payload) + 20(tcp head) + 20(ip head)

如果这个报文在MAC网卡上传输,还需打上 MAC头
1514 = 6(dst mac) + 6(src mac) +2(type) + MTU

现象描述

工作中需要将抓下来的报文回放测试,
但是回放软件不支持 巨帧类型报文, 提示: 报文数据太长.
以下是网卡抓包时, 确实可以看到存在IP报文 远大于常规MTU 1500

使用 tcpdump 显示 超过 1500 的报文

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
root@debian:~# tcpdump -i br0  greater 1500  -tnn
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 2226131961:2226147902, ack 3941396929, win 63783, length 15941
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 17391:26372, ack 1, win 63783, length 8981
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 26372:34809, ack 1, win 63783, length 8437
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 34878:40611, ack 245, win 63539, length 5733
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 40611:43112, ack 245, win 63539, length 2501
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 43234:51447, ack 314, win 63470, length 8213
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 51569:56662, ack 383, win 63401, length 5093
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 56800:62277, ack 452, win 63332, length 5477
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 62415:66948, ack 521, win 63263, length 4533
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 67086:71827, ack 590, win 63194, length 4741
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 71965:78434, ack 659, win 63125, length 6469
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 78572:83345, ack 728, win 63056, length 4773
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 83483:88288, ack 797, win 62987, length 4805
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 88426:93919, ack 866, win 62918, length 5493
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 94057:101102, ack 935, win 62849, length 7045
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 101224:107677, ack 1004, win 62780, length 6453
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 107799:114716, ack 1073, win 62711, length 6917
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 114838:119963, ack 1142, win 62642, length 5125
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 120085:125770, ack 1211, win 62573, length 5685
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 125908:132153, ack 1280, win 64000, length 6245
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 132291:137912, ack 1349, win 63931, length 5621
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 138050:143191, ack 1418, win 63862, length 5141
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 143366:152587, ack 1704, win 63576, length 9221
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 152725:158378, ack 2091, win 63189, length 5653
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 158516:163993, ack 2568, win 62712, length 5477
IP 192.168.88.102.3389 > 192.168.88.100.61281: Flags [P.], seq 164131:169416, ack 3061, win 63735, length 5285

或者使用 tshark 抓包测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@localhost ~]# tshark -i enp1s0f1 -Y "tcp.len>1400"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0f1'
  119 3.198907390 172.16.20.10 → 180.101.49.11 TLSv1.2 1683 Application Data
  178 3.412165770 180.101.49.131 → 172.16.20.10 TCP 1504 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  179 3.412182570 180.101.49.131 → 172.16.20.10 TCP 1514 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  182 3.412539489 180.101.49.131 → 172.16.20.10 TCP 2974 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  184 3.412737806 180.101.49.131 → 172.16.20.10 TCP 2605 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  187 3.421079780 180.101.49.131 → 172.16.20.10 TCP 2790 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  189 3.442317927 180.101.49.131 → 172.16.20.10 TCP 1503 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  190 3.442332083 180.101.49.131 → 172.16.20.10 TCP 1509 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  193 3.442477611 180.101.49.131 → 172.16.20.10 TCP 1743 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  195 3.442695469 180.101.49.131 → 172.16.20.10 TCP 1514 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  196 3.442869033 180.101.49.131 → 172.16.20.10 TCP 1497 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  198 3.442878294 180.101.49.131 → 172.16.20.10 TCP 1722 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  233 3.460282630 114.80.30.31 → 172.16.20.10 TCP 1590 HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]
  241 3.460855410 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=5361 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  244 3.461215873 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=9381 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  248 3.461523983 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=13401 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  250 3.461745210 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=16081 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  255 3.462245056 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=21441 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  258 3.462567240 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=25461 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  260 3.462805987 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=28141 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  264 3.463145102 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=32161 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]
  267 3.463452379 114.80.30.31 → 172.16.20.10 TCP 2734 80 → 2473 [ACK] Seq=36181 Ack=434 Win=71168 Len=2680 [TCP segment of a reassembled PDU]

查看网卡已打开的特性

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@localhost ~]# ethtool -k enp1s0f1| grep " on"
rx-checksumming: on
tx-checksumming: on
    tx-checksum-ip-generic: on
    tx-checksum-sctp: on
scatter-gather: on
    tx-scatter-gather: on
tcp-segmentation-offload: on
    tx-tcp-segmentation: on
    tx-tcp6-segmentation: on
generic-segmentation-offload: on
generic-receive-offload: on
rx-vlan-offload: on
tx-vlan-offload: on
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on [fixed]
tx-gre-segmentation: on
tx-ipip-segmentation: on
tx-sit-segmentation: on
tx-udp_tnl-segmentation: on
tx-gre-csum-segmentation: on
tx-udp_tnl-csum-segmentation: on
tx-gso-partial: on
[root@localhost ~]#

关闭 发送/接收 巨帧特性

1
2
3
4
5
6
7

[root@localhost ~]# ethtool -K  enp1s0f1 gro off
[root@localhost ~]# ethtool -K  enp1s0f1 gso off


[root@localhost ~]# ethtool -K  enp1s0f1 tso off
[root@localhost ~]# ethtool -K  enp1s0f1 lro off

测试

看看tcp payload length 大于 1400 的报文, 都是什么样子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@localhost ~]# tshark -i enp1s0f1 -Y "tcp.len>1400"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0f1'
   49 1.456940493 172.16.20.10 → 106.120.159.161 TCP 1506 [TCP segment of a reassembled PDU]
  146 4.519927427  106.11.93.6 → 172.16.20.10 TLSv1.2 1506 Server Hello
  147 4.519943744  106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2570 [ACK] Seq=1453 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
  152 4.521441858  106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2570 [ACK] Seq=4097 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
  154 4.521458718  106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2570 [ACK] Seq=5549 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
  157 4.521637687 101.226.27.254 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
  159 4.521746280 101.226.27.254 → 172.16.20.10 TCP 1514 443 → 2572 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
  162 4.522106998  106.11.93.6 → 172.16.20.10 TLSv1.2 1506 Server Hello
  163 4.522178194  106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2569 [ACK] Seq=1453 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
  166 4.523680812 101.226.28.253 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
  167 4.523698000 101.226.28.253 → 172.16.20.10 TCP 1514 443 → 2571 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
  186 4.544912740  106.11.93.6 → 172.16.20.10 TLSv1.2 1483 Application Data
  187 4.544928509  106.11.93.6 → 172.16.20.10 TLSv1.2 1483 Application Data
  191 4.556149369  106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2569 [ACK] Seq=4097 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
  193 4.556165237  106.11.93.6 → 172.16.20.10 TCP 1506 443 → 2569 [ACK] Seq=5549 Ack=518 Win=7300 Len=1452 [TCP segment of a reassembled PDU]
  234 4.646723475 172.16.20.10 → 106.120.159.126 TCP 1506 [TCP segment of a reassembled PDU]
  263 4.814387661 106.11.251.20 → 172.16.20.10 TLSv1.2 1514 Server Hello
  264 4.814530548 106.11.251.20 → 172.16.20.10 TLSv1.2 1514 Certificate [TCP segment of a reassembled PDU]
  273 4.830729616 106.11.251.77 → 172.16.20.10 TLSv1.2 1514 Server Hello
  274 4.830746576 106.11.251.77 → 172.16.20.10 TLSv1.2 1514 Certificate [TCP segment of a reassembled PDU]
  307 4.895171325 101.227.24.251 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
  308 4.895187558 101.227.24.251 → 172.16.20.10 TCP 1514 443 → 2577 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
  325 4.915576028 101.226.28.235 → 172.16.20.10 TLSv1.2 1514 Server Hello
  326 4.915592376 101.226.28.235 → 172.16.20.10 TCP 1514 443 → 2576 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
  355 4.997003363 140.205.164.1 → 172.16.20.10 TLSv1.2 1514 Server Hello

测过了, 再也找不到 TCP payload 大于 1460的报文了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@localhost ~]# tshark -i enp1s0f1 -Y "tcp.len>1459"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0f1'
 1829 2.387136083 172.16.20.10 → 119.23.47.229 TCP 1514 2465 → 55555 [ACK] Seq=124 Ack=1 Win=1021 Len=1460
 2008 4.897161322 101.226.27.254 → 172.16.20.10 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data
 2009 4.897295980 101.226.27.254 → 172.16.20.10 TCP 1514 443 → 2707 [ACK] Seq=1461 Ack=518 Win=30720 Len=1460 [TCP segment of a reassembled PDU]
 2095 5.526232716 101.226.26.234 → 172.16.20.10 TCP 1514 [TCP segment of a reassembled PDU]
 2096 5.526311910 101.226.26.234 → 172.16.20.10 TCP 1514 443 → 2580 [ACK] Seq=2604 Ack=316 Win=78 Len=1460 [TCP segment of a reassembled PDU]
 2098 5.526490650 101.226.26.234 → 172.16.20.10 TCP 1514 443 → 2580 [ACK] Seq=4064 Ack=316 Win=78 Len=1460 [TCP segment of a reassembled PDU]
 2202 6.281927919 119.23.47.229 → 172.16.20.10 TCP 1514 [TCP segment of a reassembled PDU]
 2204 6.281943558 119.23.47.229 → 172.16.20.10 TCP 1514 [TCP Spurious Retransmission] 443 → 2626 [ACK] Seq=1461 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2205 6.281949702 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=2921 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2206 6.282108494 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=4381 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2208 6.282267489 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=5841 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2209 6.282450410 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=7301 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2210 6.282452552 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=8761 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2212 6.282660888 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=10221 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2214 6.282834254 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=11681 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2215 6.282836694 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=13141 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]
 2222 6.313670514 119.23.47.229 → 172.16.20.10 TCP 1514 443 → 2626 [ACK] Seq=14601 Ack=126 Win=245 Len=1460 [TCP segment of a reassembled PDU]

更多参考

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

-k --show-features --show-offload
      Queries the specified network device for the state of protocol offload and other features.


-K --features --offload
      Changes the offload parameters and other features of the  speci‐
      fied  network  device.  The following feature names are built-in
      and others may be defined by the kernel.

   rx on|off
          Specifies whether RX checksumming should be enabled.

   tx on|off
          Specifies whether TX checksumming should be enabled.

   sg on|off
          Specifies whether scatter-gather should be enabled.

   tso on|off
          Specifies whether TCP segmentation  offload  should  be  en‐
          abled.

   ufo on|off
          Specifies  whether  UDP  fragmentation offload should be en‐
          abled

   gso on|off
          Specifies whether generic segmentation offload should be en‐
          abled

   gro on|off
          Specifies whether generic receive offload should be enabled

   lro on|off
          Specifies whether large receive offload should be enabled

   rxvlan on|off
          Specifies whether RX VLAN acceleration should be enabled

   txvlan on|off
          Specifies whether TX VLAN acceleration should be enabled

   ntuple on|off
          Specifies  whether  Rx  ntuple filters and actions should be
          enabled

   rxhash on|off
          Specifies whether receive hashing offload should be enabled