All geek questions in one place

More TCP and POSIX sockets. Listen to () and accept () semantics

Situation: the server calls listen () (but not accept ()!). The client sends a SYN to the server. The server receives the SYN and then sends the SYN / ACK back to the client. However, the client now freezes / dies, so it never sends the ACK back to the server. The connection is in the SYN_SENT state.

Now another client sends a SYN, returns a SYN / ACK from the server, and sends the ACK back. This connection is now in the ESTABLISHED state.

Now the server finally calls accept (). What's happening? Does accept () block the first, erroneous connection, until some timeout occurs? Does it check the queue for any ESTABLISHED connections and return them first?

+3
source share
3 answers

Well, what you describe here is a typical synchronous thread attack ( http://en.wikipedia.org/wiki/SYN_flood ) when executed more than once.

When searching at: http://lkml.indiana.edu/hypermail/linux/kernel/0307.0/1258.html there are two separate queues, one syn queue and one installed queue. Apparently, the first connection will remain in the syn queue (since it is in the SYN_RCVD state), the second connection will be in the established queue, where accept () will come from. Netstat should show the first in SYN_RCVD state.

: . , , SYN_SENT, ( ) SYN_RCVD.

+5

, ( SYN_RCVD) . SYN cookie, SYN + ACK . ACK-, , . SYN, ; , SYN, , .

, SCTP 4- , , SYN, cookie , , , cookie ( TCP 32 ).

, , accept() , TCP.

+2

, listen(), accept() . accept man: "accept - ". . , ...

If you are writing a network application, then everything that bothers you is more than enough. If you have a working application, but you are trying to find out the problems, use a good network debugging tool, tools to check the status of your OS, etc. DO NOT try to put this in your applications.

If you are trying to write a debugging tool, then you will not be able to accomplish what you want using TCP / IP calls at the application level. You will need to reset at least one level.

0
source

Source: https://habr.com/ru/post/1706277/

More articles:


All Articles