BUGs at tcp state transition?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dong_Wei <Dong_Wei@nj.cpsecure.com>
To: netfilter-devel@lists.netfilter.org
Subject: BUGs at tcp state transition?
Date: Tue, 18 Sep 2007 09:43:59 +0800	[thread overview]
Message-ID: <46EF2D5F.20702@nj.cpsecure.com> (raw)

Hi, all.
   When I tested 2.6.20.16, found something strange. The following is 
the test case:
1. Establish a connection between client and server [Client and Server 
in EST state]
2. Power down server [ client in EST state ]
3. CTL+C the client. client should invoke close() API, and send FIN. [ 
FW state]
4. client retransmit the FIN due to timeout [ Now, FW -> LAST_ACK ]
Here the bug happens. FW is a active close state, but LAST_ACK is a 
passive close state. The correct state is FW -> FW. The ip_conntrack TCP 
state is wrong!

Also I looked the kernel source. And found the bug.
ip_conntrack_proto_tcp.c at line 201

/*fin*/    { sIV, sIV, sFW, sFW, sLA, sLA, sLA, sTW, sCL, sIV },
/*
*      sNO -> sIV      Too late and no reason to do anything...
*      sSS -> sIV      Client migth not send FIN in this state:
*                      we enforce waiting for a SYN/ACK reply first.
*      sSR -> sFW      Close started.
*      sES -> sFW
*      sFW -> sLA      FIN seen in both directions, waiting for
*                      the last ACK.
*                      Migth be a retransmitted FIN as well... [ Wrong 
state!!!]

It's easy to check a FIN packet is a restransmitted packet or not, but 
we need check every TCP packet in tcp_packet() function, Its performance 
is too bad. I don't like this. Anyone can give a good solution?

Thanks in advance :)

BR. Wei Dong

next             reply	other threads:[~2007-09-18  1:43 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-09-18  1:43 Dong_Wei [this message]
2007-09-18  9:05 ` BUGs at tcp state transition? Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46EF2D5F.20702@nj.cpsecure.com \
    --to=dong_wei@nj.cpsecure.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.