異常測試之Socket網絡異常

時間 2019-11-08

原文原文鏈接

本文由做者張雨受權網易雲社區發佈。html

前言

不知道你們在測試的過程當中有沒有發現關於異常測試這樣一個特色：不管是分散在功能測試中的異經常使用例仍是規模相對較大的專項異常測試中，異常測試的用例佔比雖然不大可是對於挖掘問題卻扮演着十分重要的角色。java

隨着項目組微服務化的演變進程，服務間經過http接口訪問的場景也愈來愈多，本文站在測試的角度，對與socket的網絡異常測試場景進行了一下整理和模擬方法的實踐，拋磚引玉，歡迎你們提出更多更好的方法。linux

常見Socket網絡異常類型

異常	Exception類型	緣由	場景
connect timed out	java.net.SocketTimeoutException	Socket TCP創建鏈接時三次握手超時，若是創建鏈接的時間超過了設置的Socket鏈接的超時時間觸發TimeoutException異常	網絡延遲、網絡斷開、網卡異常、服務端性能、客戶端異常等等
Read timed out	java.net.SocketTimeoutException	若是輸入緩衝隊列RecvQ中沒有數據，read操做會一直阻塞而掛起線程，直到有新的數據到來而且已經超過了設置的讀超時時間時觸發	客戶端或者服務端進程崩潰、對方機器忽然重啓、網絡斷開等
Connection refused	java.net.ConnectException	訪問服務端IP不通或者端口服務沒有啓用	網絡異常、服務down掉等
Connection reset or connection reset by peer	java.net.SocketException	客戶端或者服務端其中一方退出，但退出時並未關閉該鏈接，另外一方仍然在從鏈接中讀數據則拋出該異常（發送的第一個數據包引起該異常Connect reset by peer	服務端併發鏈接數達到負載主動斷開鏈接；客戶端關閉但服務端仍讀寫數據

網絡異常場景構造實驗

經過上面對於異常場景原理的瞭解，咱們經過一些linux網絡小工具結合tcp的鏈接創建流程依次製造異常，從而更好的瞭解上面這些異常~tomcat

服務端： tomcat server 8080
客戶端： curl
工具： iptables 、tcpkill
國際慣例，tcp三次握手非高清大圖安全

1. connect timed out

客戶端經過iptables 構造異常bash

這裏統一從出口進行流量的限制，你們也能夠本身試下從入口方向作限制。服務器

iptables -A OUTPUT -p tcp --syn --dport 8080 -j DROP複製代碼

客戶端訪問服務端網絡

root@asdfd-10796:~# curl http://115.238.125.169:8080 -v* About to connect() to 115.238.125.169 port 8080 (#0)* Trying 115.238.125.169...



* Connection timed out* couldn't connect to host * Closing connection #0 curl: (7) couldn't connect to host複製代碼

客戶端查看socket狀態：SYN_SENT併發

root@asdfd-10796:~# netstat -antp | grep 8080tcp 0 1 115.238.125.172:59038 115.238.125.169:8080 SYN_SENT 3692/curl複製代碼

2. Read timed out

客戶端經過iptables 構造異常curl

iptables -A OUTPUT -p tcp -m state --state ESTABLISHED  --dport 8080 -j DROP複製代碼

客戶端訪問服務端

root@asdfd-10796:~# curl http://115.238.125.169:8080 -v* About to connect() to 115.238.125.169 port 8080 (#0)* Trying 115.238.125.169...* connected* Connected to 115.238.125.169 (115.238.125.169) port 8080 (#0)> GET / HTTP/1.1> User-Agent: curl/7.26.0> Host: 115.238.125.169:8080> Accept: */*>
* additional stuff not fine transfer.c:1037: 0 0* additional stuff not fine transfer.c:1037: 0 0* additional stuff not fine transfer.c:1037: 0 0

......................* Recv failure: Connection timed out* Closing connection #0
curl: (56) Recv failure: Connection timed out複製代碼

客戶端查看socket狀態：ESTABLISHED

root@asdfd-10796:~# netstat -antp | grep 8080tcp 0 84 115.238.125.172:58986 115.238.125.169:8080 ESTABLISHED 3671/curl複製代碼

客戶端抓包狀況

當tcp鏈接完成syn-》syn ack後進入ESTABLISHED狀態，而因爲iptables的配置致使服務端以後返回的tcp報文被drop掉，服務端屢次重傳後無ack返回，返回read time out

3. Connection refused

客戶端經過iptables 構造異常

iptables -A OUTPUT -p tcp  --dport 8080 -j REJECT複製代碼

客戶端訪問服務端

root@asdfd-10796:~# curl http://115.238.125.169:8080 -v* About to connect() to 115.238.125.169 port 8080 (#0)* Trying 115.238.125.169...
* Connection refused
* couldn't connect to host * Closing connection #0 curl: (7) couldn't connect to host複製代碼

客戶端查看socket狀態：FIN_WAIT1

root@asdfd-10796:~# netstat -antp | grep 8080tcp 0 85 115.238.125.172:58986 115.238.125.169:8080 FIN_WAIT1 -複製代碼

服務端抓包狀況

因爲iptables的配置，客戶端主動reject掉服務端返回的syn ack

4. Connection reset by peer or connection reset

服務端經過tcpkill命令構造異常

tcpkill是一個網絡分析工具集dsniff中的一個小工具，可用來輕量級斷開網絡鏈接

tcpkill -i eth2 port 8080複製代碼

客戶端訪問服務端

testroot@asdfd-10796:~# curl http://115.238.125.169:8080/test2 -v* About to connect() to 115.238.125.169 port 8080 (#0)* Trying 115.238.125.169...* connected* Connected to 115.238.125.169 (115.238.125.169) port 8080 (#0)> GET /test2 HTTP/1.1> User-Agent: curl/7.26.0> Host: 115.238.125.169:8080> Accept: */*>
* additional stuff not fine transfer.c:1037: 0 0* Recv failure: Connection reset by peer* Closing connection #0
curl: (56) Recv failure: Connection reset by peer複製代碼

服務端查看tcpkill日誌

root@asdfd-10649:~# tcpkill -i eth2 port 8080tcpkill: listening on eth2 [port 8080]115.238.125.172:60030 > 115.238.125.169:8080: R 3022358001:3022358001(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022358230:3022358230(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022358688:3022358688(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022358001:3022358001(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022358230:3022358230(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022358688:3022358688(0) win 0115.238.125.169:8080 > 115.238.125.172:60030: R 1694916106:1694916106(0) win 0115.238.125.169:8080 > 115.238.125.172:60030: R 1694916333:1694916333(0) win 0115.238.125.169:8080 > 115.238.125.172:60030: R 1694916787:1694916787(0) win 0115.238.125.169:8080 > 115.238.125.172:60030: R 1694916106:1694916106(0) win 0115.238.125.169:8080 > 115.238.125.172:60030: R 1694916333:1694916333(0) win 0115.238.125.169:8080 > 115.238.125.172:60030: R 1694916787:1694916787(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022360124:3022360124(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022360386:3022360386(0) win 0115.238.125.172:60030 > 115.238.125.169:8080: R 3022360910:3022360910(0) win 0複製代碼