On Tue, Jul 29, 2008 at 10:34:51PM +0200, Jozsef Kadlecsik wrote: > > > For example, TIME_WAIT is a state that only makes sense if > > you look at a given direction. The other direction may well > > still be ESTABLISHED. As it is netfilter will lower the timeout > > when only a single direction has been shut down, thus causing > > the connection to be prematurely killed. > > Hm, I might be completely outdated: how come that in one direction the > state is TIME_WAIT and the other's ESTABLISHED? If one side is in the > TIME_WAIT state, the other one cannot be in the ESTABLISHED state - at > least according to RFC793, RFC1122. What do I miss here? OK that was a stupid example. All I'm trying say is that the state transition as it stands is bogus. Here is why: If you see receive a FIN in one direction but no ack in the other, you go from sES to sFW. If that isn't acked and a FIN retransmit occurs you go from sFW to sLA. Now if the other direction is still transmitting and you get an ACK in the direction being shut down, it goes from sLA to sTW. However, in reality the side that's still transmitting may still be in ESTABLISHED because it never received those FINs. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
