On 2014-7-28, at 16:28, Watson Ladd <[email protected]> wrote: > Back up a sec. If I get a RST and ignore it, then the connection times out as > there is no ACK. Am I missing something here?
Nope, that's what will happen. But it can take a long time. If an RST arrives, the app can recover more quickly than to wait for a timeout, so that's great *if* the RST is valid. If it's spoofed, it's the old RST attack. With IPv6 and privacy addressing - if I understand things correctly - a peer would not be able to send valid RSTs after a reboot without keeping state about which address it used before the reboot, which in general it can't (loss of battery, etc.) So in this case, having TCPINC validate RSTs doesn't change things, because a rebooted endpoint won't be able to generate valid RSTs anyway. Lars
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
