TCP Connection Management (4)

Reset Segments

A segment hav-ing this bit set to ' on ' is called a "reset segment" or simply a "reset."

In general, a reset was sent by TCP whenever a segment arrives that does not appear to be correct for the Referenc Ed connection.

(We use the term referenced connection to mean the connection specified by the 4-tuple in the TCP and IP headers of the reset.)

Resets ordinarily result in a fast teardown of a TCP connection.

Connection Request to nonexistent Port

A common case for generating a reset segment was when a connection request arrives and no process was listening on The destination port.

We saw this previously when we encountered the "connection refuseD" error messages. These is Com-mon with TCP.

In the case of UDP, we saw in Chapter ten that an ICMP Destination unreachablE (Port unreachable) message is generated when the a datagram arrives for a destination port, is not in use.

TCP uses a reset segment instead.

An example of ' trivial to generate-we use the Telnet client and specify a port number, that's not on use O n the destination.

This destination can just as well is the local computer.

The values we need to examine in Listing 13-5 is the Sequence number field and ACK Number field in the Reset (second< /c0>) segment.

Because The ACK bit field is not on the arriving SYN segment,

The sequence number of the reset is set to 0 and the ACK number are set to the incoming ISN plus The number of data bytes in the segment.

Although there is no data in the arriving segment, the SYN bit logically occupies 1 byte of sequence num ber space;

Therefore, in this example the ACK number in the reset segment are set to the ISN, plus the data length (0), plus 1 for the SYN bit.

For a reset segment to being accepted by a TCP, the ACK bit field must is set and the ACK number F Ield must is within the valid WindoW (see Chapter 12).

This helps to prevent a simple attack on which anyone able to generate a reset matching the appropriate Connection (4-tuple) could disrupt a connection [RFC5961].

Aborting a Connection

But it's also possible to abort a connection by sending a reset instead the a FIN at any time.

This was sometimes called an abortive release (instead of orderly release of FIN).

Aborting a connection provides and features to the application:

(1) Any queued data (the receiver side) are thrown away and a reset segment is sent immediately, and

(2) The receiver of the reset can tell, the other end does an abort instead of a normal close.

The sockets API provides this capability by using the 'linger on Close ' socket option (So_linger) with a 0 linger value.

Essentially this means "Linger for no time in making sure data gets to the other side and then abort."

In the following example, we show what happens when a remote command that generates a large amount of output is C1>canceled by the User:

linux% SSH Linux Cat/usr/share/dict/words

When the interrupt character is hits, the connection is aborted.

The reset segment contains a sequence NumbeR and acknowledgment number.

Also Notice that the reset segment elicits no response from the other end-it are not acknowledged at all.

The receiver of the reset aborts the connection and advises the application that the connection was RESET.

This often results in the error indication "Connection reset by Peer" or a similar message.

Half-open Connections

A TCP Connection is said to being half-open if one end has closed or aborted the con-nection without the knowledge of the other end.

This can happen anytime one of the peers crashes.

As long as there is no attempt to transfer data across a half-open connection and the end that's still up does not Detect the other end has crashed.

Another common cause of a half-open connection was when one host was pow-ered off instead of shut down properly.

This happens, if example, when PCs is being used to run remote login clients and is switched off at the end of the day.

If There is no data transfer going on when the power is cut, the server would never know that the client Disappe Ared

(It would still think the connection is in the established State).

When the user comes under the next morning, powers on the PC, and starts a new session, a new occurrence of the Serv Er is started on the server host.

This can leads to many half-open TCP connections on the server host.

(In Chapter, we'll see a-a-one-to-one end of a-TCP connection to discover , that's the other end have disappeared u Sing

TCP ' s keepalive option.)

Todo

time-wait assassination (TWA)

If, however, (when in time_wait state) it receives certain segments from the connection during this period, or more SPE Cifically an RST segment,

It can become desynchronized. This is called time-wait assassination (TWA) [RFC1337].

In the example shown-13-10, the server has a completed its role of the connection and cleared any state.

The client remains in the time_wait state. When the FIN exchange completes, the client's next sequence number is K and the server's is L.

The late-arriving segment is sent from the server to the client using sequence number L-100 and containing ACK number K -200.

When the cli-ent receives this segment, it determines that both the sequence number and ACK values is "old."

When receiving such-segments, TCP responds by sending a ACK with the most current sequence number and ACK values

(K and L, respec-tively). (Pleaseconsider the "Why?")

However, when the server receives this segment, it had no information whatsoever about the connection and THEREFO Re replies with an RST segment.

This was no problem for the server and it causes the client to prematurely transition from time_wait to CLOSED.

Most of the systems avoid this problem by simply not reacting to reset segmentswhile in the TIME_WAIT state.

TCP Connection Management (4)