Tuma Wang wrote:
> I have some questions regarding some TCP concepts.
I think you'll get a better response if you send general TCP
questions to, say the IETF TCPM mailing list ([EMAIL PROTECTED]).
The networking-discuss mailing list is mainly for OpenSolaris
networking related issues.
> According to Richard Stevens, when the active-close end of a TCP
> connection sends FIN and receives the corresponding ACK from the other
> end, the connection is "half closed". In this state, the active-close
> end cannot send but can receive date from its peer.
>
> Question 1: it sounds the "half closed" state is the same as the
> WAIT_FIN_2 state?
If you look at the TCP state diagram, it surely is that. But
it is usually used to describe the behavior of an application.
For example, an application can use this as a signal to its
peer that it is done with sending.
> Question 2: when the passive-close end receives the FIN, how does it
> know whether the other end wants to stay in the half closed state (in
> this case, it should send data) or to do a full close (in this case,
> it should send FIN)?
It does not need to know that. The TCP close sequence is done
independently on both ends. Receiving a FIN just means that
the peer is done with sending. The application may still want
to send more. TCP will do the close sequence when the app tells
it to (say by calling close() on the socket).
> Seems half-close is achieved by using the shutdown() function, so in
> other words, both close() and shutdown() cause FIN to be sent, but
> what's the difference between them so that close() causes the peer to
> send FIN also, while shutdown() caused the peer to delay the FIN?
There is nothing in close() which forces the other end to start
the TCP close sequence. And shutdown() also does not cause the
peer to delay sending the FIN. The peer's close sequence is
controlled by the peer's application.
> According to Richard, "A TCP connection is said to be half-open if one
> end has closed or aborted the connection without the knowledge of the
> other end."
>
> Question 3: what's meaning of "without the knowledge of the other
> end"? Does it mean "don't know the status of the other end", or "the
> other end doesn't know that I've closed/aborted the connection"?
For example, if there is a transient network outage such that
the initial FIN and all subsequent retransmissions of it are
lost. So TCP connection is killed on one end. The other end
does not know about this and it will still keep the TCP connection
alive (half-"open").
> Question 4: seems the term "half open" is also used in the context of
> the SYN flood DoS attack, to describe the state of "SYN sent and
> SYN-ACK received, but the last ACK not sent". Clearly the "half open"
> here is not same as the one we talked above. Is it a valid usage of
> this term?
I believe it is referring to the passive open side, which receives
the SYN and sends back a SYN-ACK. To this side, it does not
know that the other side is non-existing, similar to the above
case. So it will keep the TCP connection alive (half-"open").
--
K. Poon.
[EMAIL PROTECTED]
_______________________________________________
networking-discuss mailing list
[email protected]
