On 6/9/19 16:56, iam@xxxxxxxxxxx wrote:
When I tested on INITIATOR side, transition between SYN_SENT -> ESTABLISHED was near RTT, but on RECEIVER side it was very low, as i showed before, but it should be the same as on INITIATOR side. Is that right?
I just want to understand where to look at, if it's not netfilter.. Maybe eBPF or Linux networking?
The TCP handshake looks like this:
initiator -> receiver SYN
receiver -> initiator SYN+ACK
initiator -> receiver ACK
When conntrack sees the SYN packet the state becomes SYN_SENT. When it
sees the SYN+ACK packet the state becomes ESTABLISHED.
When conntrack is running at the initiator, it sees the SYN packet, then
the packet goes over the internet, then the SYN+ACK packet comes back
over the internet, and there is a RTT between seeing one and the other.
When conntrack is running at the receiver, the SYN packet goes over the
internet, then conntrack sees it, then conntrack sees the SYN+ACK
packet, then the SYN+ACK packet goes back over the internet. The round
trip happens before and after conntrack sees the two packets instead of
between them, so there is no RTT there.
