Re: [BEHAVE] NAT64: clarification on RST handling in V6 FIN RCV state
Wesley Eddy <wes@mti-systems.com> Sat, 10 March 2012 05:14 UTC
Return-Path: <wes@mti-systems.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA28611E8076 for <behave@ietfa.amsl.com>; Fri, 9 Mar 2012 21:14:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVMYakwxhGhD for <behave@ietfa.amsl.com>; Fri, 9 Mar 2012 21:14:31 -0800 (PST)
Received: from omr6.networksolutionsemail.com (omr6.networksolutionsemail.com [205.178.146.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4E65911E8073 for <behave@ietf.org>; Fri, 9 Mar 2012 21:14:31 -0800 (PST)
Received: from cm-omr2 (mail.networksolutionsemail.com [205.178.146.50]) by omr6.networksolutionsemail.com (8.13.6/8.13.6) with ESMTP id q2A5EUqX030464 for <behave@ietf.org>; Sat, 10 Mar 2012 00:14:30 -0500
Authentication-Results: cm-omr2 smtp.user=wes@mti-systems.com; auth=pass (PLAIN)
X-Authenticated-UID: wes@mti-systems.com
Received: from [69.81.143.202] ([69.81.143.202:10692] helo=[192.168.1.106]) by cm-omr2 (envelope-from <wes@mti-systems.com>) (ecelerity 2.2.2.41 r(31179/31189)) with ESMTPA id 9F/A7-09323-633EA5F4; Sat, 10 Mar 2012 00:14:30 -0500
Message-ID: <4F5AE2D9.1060100@mti-systems.com>
Date: Sat, 10 Mar 2012 00:12:57 -0500
From: Wesley Eddy <wes@mti-systems.com>
Organization: MTI Systems
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Fred Baker <fred@cisco.com>
References: <EF5EF2B13ED09B4F871D9A0DBCA463C21C2CC1F6@TK5EX14MBXC298.redmond.corp.microsoft.com> <4F585585.9000706@it.uc3m.es> <A89221DA-7F68-4EB2-AA7E-17DA3732937C@cisco.com> <4F599E5C.5090500@mti-systems.com> <F4CB9073-4671-496B-BBAB-048FFB14387D@cisco.com>
In-Reply-To: <F4CB9073-4671-496B-BBAB-048FFB14387D@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Murari Sridharan <muraris@microsoft.com>, "behave@ietf.org" <behave@ietf.org>, Dmitry Anipko <Dmitry.Anipko@microsoft.com>
Subject: Re: [BEHAVE] NAT64: clarification on RST handling in V6 FIN RCV state
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Mar 2012 05:14:32 -0000
On 3/9/2012 1:44 AM, Fred Baker wrote: > > On Mar 9, 2012, at 3:08 PM, Wesley Eddy wrote: > >> On 3/8/2012 5:47 AM, Fred Baker wrote: >>> I didn't find a FIN (F without Ack) in any of the examples. >> >> Since FIN is set on packets coming from a synchronized state, >> I'm not sure why you would expect to find a bare one without >> ACK set as well? > > You missed it. The sequence is FIN, FIN-ACK, ACK. > > http://tools.ietf.org/html/rfc793, and look at the transitions > SYN RCVD -> FIN-WAIT-1 > ESTAB -> FIN-WAIT-1 > ESTAB -> CLOSE WAIT > > What's there is FIN-ACK, RST. No FIN. I could understand FIN, FIN-ACK, RST (the guy sends FIN and closes the socket instantly), whether or not I agree with it. No FIN - I'm trying to figure out why there was a FIN-ACK. > When you say "FIN-ACK", I think you're confusing a packet having those two bits set with a packet that ACKs the FIN psuedobyte. All FINs should have the ACK bit set; a bare FIN would be bogus. Just looking at one of the trace files you sent ("10.71.5.180.60357.txt"), the beginning of the connection closure process begins at the line with the timestamp of 06:35:47.021523, which I assume is a TLS closure alert. That's followed by the TCP FIN at subsecond 021552. I'm not sure why you say there is no FIN. Of course the ACK bit is set ... the connection is in a synchronized state and it has to be set for the segment to be accepted. At this point, I think your machine tosses the connection state. When mail.ietf.org sends back its own TLS closure alert and TCP FIN, logged at subseconds 088808 and 088813. Those generate RSTs, since you've already released the connection. Before the server sees those, it also ACKs your TLS closure alert (subsecond 139113) and then it gives you the FIN's ACK (subsecond 140386), both of which also generate RSTs. So, I'm not sure what you find unusual here. It looks fairly normal to me. -- Wes Eddy MTI Systems
- [BEHAVE] NAT64: clarification on RST handling in … Dmitry Anipko
- Re: [BEHAVE] NAT64: clarification on RST handling… Dmitry Anipko
- Re: [BEHAVE] NAT64: clarification on RST handling… marcelo bagnulo braun
- Re: [BEHAVE] NAT64: clarification on RST handling… marcelo bagnulo braun
- Re: [BEHAVE] NAT64: clarification on RST handling… Murari Sridharan
- Re: [BEHAVE] NAT64: clarification on RST handling… Murari Sridharan
- Re: [BEHAVE] NAT64: clarification on RST handling… Fred Baker
- Re: [BEHAVE] NAT64: clarification on RST handling… Wesley Eddy
- Re: [BEHAVE] NAT64: clarification on RST handling… Fred Baker
- Re: [BEHAVE] NAT64: clarification on RST handling… Wesley Eddy
- Re: [BEHAVE] NAT64: clarification on RST handling… Fred Baker