Linux dmesg中關于TCP: Treason uncloaked!資訊

在debian Linux伺服器的日志中，dmesg出現類似的資訊：

TCP: Treason uncloaked! Peer 202.106.38.7:57824/80 shrinks window 3573023813:3573023814. Repaired.

TCP: Treason uncloaked! Peer 202.99.99.211:3760/80 shrinks window 1828242657:1828242673. Repaired.

TCP: Treason uncloaked! Peer 210.76.114.42:2544/80 shrinks window 504374393:504375853. Repaired.

..........

查了資料，求助了google：

That comes from the kernel tcp code below.   Looks like the DLink has returned information yielding a transmit window smaller than it previously did; specifically it returned a window of zero plus an ack of up to byte 3957222360, thus indicating that it can accept nothing after that byte.   Previously it had sent ome ack+wnd values indicating that it would accept up to byte 3957222379.

The Linux side is now supposed to send a packet every now and then forever until the returned window is nonzero.   It does.

However, the dlink is apparently not responding in a timely manner. Any response would either open the window or update the rcv timestamp such that the thing will retransmit forever.   It may be responding very slowly, or just not responding at all.

The kernel prints the message after it expected but did not see a response to the probe packet it sent to check for a nonzero window. The kernel implements exponential backoff retransmissions until it hasn't seen any response in 2m, then it will bail and close the connection.   This is reasonable.   It's unclear from your report if the connections are failing outright or just sometimes having to retransmit a probe against a peer that shrank the window.

結論：

The remote host decided to shrink the TCP window size without negotiating such with your Linux box. The message is of the informational level, meaning Linux doesn't like what it is seeing but will cope with it and carry on.

意思是：在遠端client和伺服器通信的過程中，由于client沒有和伺服器協商，就減少了 TCP window的長度，也就是包的大小變小了，是以有這類的提示資訊，此時伺服器依然處理該類請求，但是處理的速度會比之前較差。

出現這種情況的時候，最好看看你的伺服器流量監控情況，看看是否有流量異常，如果帶寬被占滿，有可能被電信或者聯通進行了帶寬限制，最好的方法是花費銀子買帶寬，或者看看你的web伺服器有沒有可優化的地方，例如gzip是否開啟，響應時間是合适等等，這些手段比被電信限制你的龜速通路的體驗好一些，是沒錢人的垂死掙紮的手段，不是最終的方法。

此類問題，增加帶寬或許是最好的方式。