Re: 2.4/2.6 local TCP connect oddity

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Willy Tarreau <w@1wt.eu>
To: Tal Kelrich <tal@musicgenome.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.4/2.6 local TCP connect oddity
Date: Sun, 21 Oct 2007 19:29:02 +0200	[thread overview]
Message-ID: <20071021172901.GV10199@1wt.eu> (raw)
In-Reply-To: <20071021175337.605e843e@shodan.orpak.com>

Hi,

On Sun, Oct 21, 2007 at 05:53:37PM +0200, Tal Kelrich wrote:
> Hi,
> 
> I've run into a problem where a process trying to connect to a local
> port within the local port range eventually ends up connected to itself,
> with source port = dest port.
> 
> similar behavior can be gotten by running netcat as follows:
> nc -p 1025 localhost 1025
> 
> I'm not really sure if that's a bug, but the original case was at least
> unexpected.

It is not a bug, it is caused by the "simultaneous connect" feature of
TCP. Although rarely used, in TCP you can connect two clients together.
They just have to exchange their SYN, SYN/ACK then ACK and bingo, they're
connected. In fact, you found the easiest way to achieve it, by using the
same port. To demonstrate the feature, I'm used to either temporarily
block SYNs with iptables, or by unplugging the cable between two machines.

I personally dislike this feature as it can be exploited to prevent any
client from connecting to the outside by flooding it with SYN packets to
its guessed source port. Anyway, most stateful firewalls don't let this
pass through.

> Regards,
> 	Tal Kelrich

Regards,
Willy

next prev parent reply	other threads:[~2007-10-21 17:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-10-21 15:53 2.4/2.6 local TCP connect oddity Tal Kelrich
2007-10-21 17:29 ` Willy Tarreau [this message]
2007-10-21 20:53   ` Tal Kelrich
2007-10-22  3:21     ` Willy Tarreau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071021172901.GV10199@1wt.eu \
    --to=w@1wt.eu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tal@musicgenome.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox