http://blog.tianya.cn/blogger/post_show.asp?BlogID=227219&PostID=16646525&idWriter=0&Key=0
tcpdump丢包分析
作者:waitquiet 提交日期:2009-3-3 18:29:00 | 分类: | 访问量:213
通过tcpdump抓包时,结束后tcpdump会给出如下统计信息:
1552 packets captured
1586 packets received by filter
34 packets dropped by kernel
其中“captured”的计数指的是应用层捕获到的数据,“received by filter”和“dropped by kernel”的计数由内核维护,应用层通过getsockopt来获取。收到一个包,“received by filter”会加1,如果sock的接收buffer被填满时,则把这个数据包丢弃,将“dropped by kernel”加1。
if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= (unsigned)sk->sk_rcvbuf){
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_drops++;
spin_unlock(&sk->sk_receive_queue.lock);
}
通过调节/proc/sys/net/core/rmem_default和/proc/sys/net/core/rmem_max能够改变sk_rcvbuf的大小。
正常“captured”加上“dropped by kernel”应该等于“received by filter”的大小,有的时候出现不等的情况应该是还有一些数据包在sk_rcvbuf中,还没有被应用层收到的原因。
No comments:
Post a Comment