Re: [nsp] TCP connections randomly reset

From: Robert E. Seastrom (rs@seastrom.com)
Date: Tue Aug 07 2001 - 09:57:38 EDT


Blaz Zupan <blaz@gold.amis.net> writes:

> Dmitri Kalintsev <dek@hades.uz> writes:
>
> > I don't want to appear offensive, but you need to read a bit more about
> > TCP/IP and how it works before implementing such drastic measures as
> > dropping all packets with RST bit raised. ;) You've just broken TCP
> > mechanism for closing down connections, no matter legitimate or not.
>
> I know exactly what I've done - but this does not seem to harm any
> connections. Admitadely, they probably take much longer to shut
> down, because they are not shut down nicely but with a timeout, but
> now my network is at least reachable. I have not noticed any side
> effects due to this access list. Do you want to suggest I take down
> this access list and just wait until all my customers leave? :(

TCP connections are normally shut down with a FIN/FIN-ACK sequence,
not a RST. This probably explains why you are not experiencing any
difficulties with your connections. :)

RSTs are used to clear connections that have become broken due to some
other issue or to indicate that the receiver has gotten a segment that
does not appear to be associated with the current connection.
Blocking RSTs may cause very slight excess TCB usage, but since no
response is expected to a RST, I believe a well-behaved TCP will ditch
its TCB immediately after sending the RST.

Refer to RFC793 for general TCP state machine diagrams and detailed
discussion of each of the control bits (URG, ACK, PSH, RST, SYN, FIN).

                                        ---Rob



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:48 EDT