[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] TCP FIN problem.
From: |
David Woodhouse |
Subject: |
[lwip-devel] TCP FIN problem. |
Date: |
Fri, 03 Oct 2008 13:30:53 +0100 |
When I have the default 'outgoing connections only' firewall enabled on
Fedora, and I telnet into the simhost and then type 'quit', the
connection doesn't seem to get closed.
13:23:35.479365 IP 192.168.0.1.32800 > 192.168.0.2.telnet: S
47217249:47217249(0) win 5840 <mss 1460,sackOK,timestamp 55345005 0,nop,wscale
7>
13:23:35.479563 IP 192.168.0.2.telnet > 192.168.0.1.32800: S 7194:7194(0) ack
47217250 win 8096 <mss 1024>
13:23:35.479617 IP 192.168.0.1.32800 > 192.168.0.2.telnet: . ack 1 win 5840
13:23:35.480067 IP 192.168.0.1.32800 > 192.168.0.2.telnet: P 1:28(27) ack 1 win
5840
13:23:35.480267 IP 192.168.0.2.telnet > 192.168.0.1.32800: . ack 28 win 8096
13:23:35.480373 IP 192.168.0.2.telnet > 192.168.0.1.32800: P 1:152(151) ack 28
win 8096
13:23:35.480395 IP 192.168.0.1.32800 > 192.168.0.2.telnet: . ack 152 win 6432
13:23:35.480704 IP 192.168.0.2.telnet > 192.168.0.1.32800: P 152:154(2) ack 28
win 8096
13:23:35.480729 IP 192.168.0.1.32800 > 192.168.0.2.telnet: . ack 154 win 6432
13:23:36.922745 IP 192.168.0.1.32800 > 192.168.0.2.telnet: P 28:34(6) ack 154
win 6432
13:23:36.922880 IP 192.168.0.2.telnet > 192.168.0.1.32800: . ack 34 win 8096
13:23:36.922945 IP 192.168.0.2.telnet > 192.168.0.1.32800: F 154:154(0) ack
4247750047 win 0
13:23:36.922963 IP 192.168.0.1 > 192.168.0.2: ICMP host 192.168.0.1 unreachable
- admin prohibited, length 48
13:23:38.116454 IP 192.168.0.2.telnet > 192.168.0.1.32800: F 154:154(0) ack
4247750047 win 0
13:23:38.116510 IP 192.168.0.1 > 192.168.0.2: ICMP host 192.168.0.1 unreachable
- admin prohibited, length 48
13:23:41.118039 IP 192.168.0.2.telnet > 192.168.0.1.32800: F 154:154(0) ack
4247750047 win 0
13:23:41.118110 IP 192.168.0.1 > 192.168.0.2: ICMP host 192.168.0.1 unreachable
- admin prohibited, length 48
Presumably the FIN is being rejected because the sequence number is nonsense?
'ack 4247750047'?
If I disable the firewall, I _do_ get the 'Connection closed by foreign
host' response and the telnet client exits as I expect. It looks like
this -- the FIN packet from the simhost is still bogus, but at least the
client end does respond by closing the connection. Which is perhaps why
nobody usually cares?
13:25:32.543868 IP 192.168.0.1.32815 > 192.168.0.2.telnet: S
1888430429:1888430429(0) win 5840 <mss 1460,sackOK,timestamp 55462069
0,nop,wscale 7>
13:25:32.544057 IP 192.168.0.2.telnet > 192.168.0.1.32815: S 9423:9423(0) ack
1888430430 win 8096 <mss 1024>
13:25:32.544096 IP 192.168.0.1.32815 > 192.168.0.2.telnet: . ack 1 win 5840
13:25:32.544513 IP 192.168.0.1.32815 > 192.168.0.2.telnet: P 1:28(27) ack 1 win
5840
13:25:32.544703 IP 192.168.0.2.telnet > 192.168.0.1.32815: . ack 28 win 8096
13:25:32.544823 IP 192.168.0.2.telnet > 192.168.0.1.32815: P 1:152(151) ack 28
win 8096
13:25:32.544845 IP 192.168.0.1.32815 > 192.168.0.2.telnet: . ack 152 win 6432
13:25:32.544993 IP 192.168.0.2.telnet > 192.168.0.1.32815: P 152:154(2) ack 28
win 8096
13:25:32.545011 IP 192.168.0.1.32815 > 192.168.0.2.telnet: . ack 154 win 6432
13:25:35.764009 IP 192.168.0.1.32815 > 192.168.0.2.telnet: P 28:34(6) ack 154
win 6432
13:25:35.764277 IP 192.168.0.2.telnet > 192.168.0.1.32815: . ack 34 win 8096
13:25:35.764472 IP 192.168.0.2.telnet > 192.168.0.1.32815: F 154:154(0) ack
2406536867 win 0
13:25:35.764630 IP 192.168.0.1.32815 > 192.168.0.2.telnet: F 34:34(0) ack 155
win 6432
13:25:35.764698 IP 192.168.0.2.telnet > 192.168.0.1.32815: . ack 2406536867 win 0
13:25:35.965344 IP 192.168.0.1.32815 > 192.168.0.2.telnet: F 34:34(0) ack 155
win 6432
13:25:35.965457 IP 192.168.0.2.telnet > 192.168.0.1.32815: . ack 35 win 0
--
David Woodhouse Open Source Technology Centre
address@hidden Intel Corporation
- [lwip-devel] TCP FIN problem.,
David Woodhouse <=