[Bug 217637] One TCP connection accepted TWO times

Mon Mar 20 02:35:55 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217637

--- Comment #40 from Sepherosa Ziehau <sepherosa at gmail.com> ---
(In reply to Michael Tuexen from comment #33)

I think the code that transit the FIN-WAIT-1 to CLOSED is this:
        /*
         * If new data are received on a connection after the
         * user processes are gone, then RST the other end.
         */
        if ((so->so_state & SS_NOFDREF) &&
            tp->t_state > TCPS_CLOSE_WAIT && tlen) {
                KASSERT(ti_locked == TI_RLOCKED, ("%s: SS_NOFDEREF && "
                    "CLOSE_WAIT && tlen ti_locked %d", __func__, ti_locked));
                INP_INFO_RLOCK_ASSERT(&V_tcbinfo);

                if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
                        log(LOG_DEBUG, "%s; %s: %s: Received %d bytes of data "
                            "after socket was closed, "
                            "sending RST and removing tcpcb\n",
                            s, __func__, tcpstates[tp->t_state], tlen);
                        free(s, M_TCPLOG);
                }
                tp = tcp_close(tp);
                TCPSTAT_INC(tcps_rcvafterclose);
                rstreason = BANDLIM_UNLIMITED;
                goto dropwithreset;
        }

I don't completely understand the background for the ->CLOSED transition here.
RFC 793 on page 36 seems to say:

    If an incoming segment has a security level, or compartment, or
    precedence which does not exactly match the level, and compartment,
    and precedence requested for the connection,a reset is sent and
    connection goes to the CLOSED state.  The reset takes its sequence
    number from the ACK field of the incoming segment.

I don't think we actually implemented any security
level/compartment/precedence.  So do we really need to do the ->CLOSED
transition here?

Thanks,
sephe

-- 
You are receiving this mail because:
You are the assignee for the bug.