Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Feb 2001 23:58:35 -0500
From:      "Louis A. Mamakos" <louie@TransSys.COM>
To:        "Matthew Emmerton" <matt@gsicomp.on.ca>
Cc:        "Alexandr Kovalenko" <neve_ripe@yahoo.com>, freebsd-stable@FreeBSD.ORG
Subject:   Re: ipfw drop syn+fin 
Message-ID:  <200102230458.f1N4wZD72398@whizzo.transsys.com>
In-Reply-To: Your message of "Thu, 22 Feb 2001 11:03:06 EST." <004501c09ce8$f1cfd850$1200a8c0@gsicomp.on.ca> 
References:  <4346812337.20010222115242@yahoo.com> <004501c09ce8$f1cfd850$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
> >      # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN.
> This
> >      # prevents nmap et al. from identifying the TCP/IP stack, but breaks
> support
> >      # for RFC1644 extensions and is not recommended for web servers.
> >
> >      I'm wondering _why_ it is not recommended for web servers?
> 
> I may not be 100% on this, but I'll give it a shot.
> 
> One of the "features" of TCP is to bundle multiple commands in one
> transmission.
> 
> Say a web client has a few connections to a web server.  One of those
> connections is retriving an image (for example).  When it's finished, it
> will send a FIN to the server to close that connection.  However, at the
> same time, the web client wants to open a new connection to the same
> machine, which requires a SYN to be sent.  The smart TCP/IP stack on the web
> client will set both the SYN and FIN bits in one packet, which means "close
> this connection, and open a new one."

No, that's not what it means at all.

What a TCP segment with both a SYN and a FIN flag set means is that
you're opening a new connection, you have a small amount of data to
send (which fits into the same segment), and that you have no other data
to send.  This means that the remote TCP stack can return one ACK segment
for the FIN (which also acks the SYN and the data), rather than requiring
a seperate handshake to ACK the syn, some data, and the FIN if they
were all not to arrive at the same time.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102230458.f1N4wZD72398>