Mar 01

What’s Mean "TCP: Treason uncloaked! Peer..shrinks window..Repaired."

By jason Linux/Unix Oprating system No Comments »

Operation System Information:
www@goit#uname –r
2.6.18-164.el5xen

Warning Information
www@goit#dmesg |more

TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093017764:1093019216. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093033736:1093035188. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093061324:1093065680. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093088912:1093091816. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093627604:1093630508. Repaired.
TCP: Treason uncloaked! Peer 202.116.38.21:63915/80 shrinks window 2969207540:2969208920. Repaired.
TCP: Treason uncloaked! Peer 202.116.38.21:63915/80 shrinks window 2969448108:2969450868. Repaired.
TCP: Treason uncloaked! Peer 222.210.139.220:31508/80 shrinks window 4286929240:4286930700. Repaired.
TCP: Treason uncloaked! Peer 222.210.139.220:31508/80 shrinks window 4287067940:4287069400. Repaired.

About these information explain:

That comes from the kernel tcp code below.  Looks like the DLink has returned information yielding a
transmit window smaller than it previously did; specifically it returned a window of zero plus an ack
of up to byte 3957222360, thus indicating that it can accept nothing after that byte.  Previously it
had sent some ack+wnd values indicating that it would accept up to byte 3957222379.

The Linux side is now supposed to send a packet every now and then forever until the returned window
is nonzero.  It does.

However, the dlink is apparently not responding in a timely manner. Any response would either open the
window or update the rcv timestamp such that the thing will retransmit forever.  It may be responding
very slowly, or just not responding at all.

The kernel prints the message after it expected but did not see a response to the probe packet it sent
to check for a nonzero window. The kernel implements exponential backoff retransmissions until it hasn’t
seen any response in 2m, then it will bail and close the connection.  This is reasonable.  It’s unclear
from your report if the connections are failing outright or just sometimes having to retransmit a probe
against a peer that shrank the window.

Tagged with:
preload preload preload