[3006] in linux-net channel archive
IP Masquerading and TCP Half Close
daemon@ATHENA.MIT.EDU (NIIBE Yutaka)
Mon May 27 21:06:08 1996
Date: Sat, 25 May 1996 18:56:35 +0900
From: NIIBE Yutaka <gniibe@mri.co.jp>
To: net-patches@lxorguk.ukuu.org.uk, jjciarla@raiz.uncu.edu.ar
Cc: linux-net@vger.rutgers.edu
Hello Alan and Juan Jose Ciarlante,
I'm using the IP Masquerading feature and found a problem using it for
WWW. In the HTTP Protocol, a client sends a request and a server
sends back the data. In many case, the client sends 'FIN' and the
socket's state becomes "Half Close".
Current masquerading code doesn't work well for such a case. The
masquerading entry will be expired by the 'FIN' of client. It should
check both FIN.
Here is my proposal patch against 1.99.7:
Regards,
--
NIIBE Yutaka
Mitsubishi Research Institute, Inc.
==========================
--- linux/include/net/ip_masq.h~ Fri May 24 16:39:29 1996
+++ linux/include/net/ip_masq.h Sat May 25 18:04:09 1996
@@ -26,8 +26,9 @@
#define IP_MASQ_F_NO_DPORT 0x04 /* no dport set yet */
#define IP_MASQ_F_NO_DADDR 0x08 /* no daddr yet */
#define IP_MASQ_F_HASHED 0x10 /* hashed entry */
-#define IP_MASQ_F_SAW_FIN 0x20 /* tcp fin pkt seen */
-#define IP_MASQ_F_SAW_RST 0x40 /* tcp rst pkt seen */
+#define IP_MASQ_F_SAW_RST 0x20 /* tcp rst pkt seen */
+#define IP_MASQ_F_SAW_FIN_OUTGOING 0x40 /* tcp fin pkt seen (outgoing) */
+#define IP_MASQ_F_SAW_FIN_INCOMING 0x80 /* tcp fin pkt seen (incoming) */
#ifdef __KERNEL__
--- linux/net/ipv4/ip_masq.c~ Fri May 24 16:39:31 1996
+++ linux/net/ipv4/ip_masq.c Sat May 25 18:14:20 1996
@@ -542,10 +542,13 @@
timeout = 1;
ms->flags |= IP_MASQ_F_SAW_RST;
}
- else if (ms->flags & IP_MASQ_F_SAW_FIN || th->fin)
+ else if (th->fin)
{
- timeout = ip_masq_expire->tcp_fin_timeout;
- ms->flags |= IP_MASQ_F_SAW_FIN;
+ if (ms->flags & IP_MASQ_F_SAW_FIN_INCOMING)
+ timeout = ip_masq_expire->tcp_fin_timeout;
+ else
+ timeout = ip_masq_expire->tcp_timeout;
+ ms->flags |= IP_MASQ_F_SAW_FIN_OUTGOING;
}
else timeout = ip_masq_expire->tcp_timeout;
@@ -768,7 +771,15 @@
ms->flags |= IP_MASQ_F_SAW_RST;
ip_masq_set_expire(ms, 1);
}
-
+ else if (th->fin)
+ {
+ if (ms->flags & IP_MASQ_F_SAW_FIN_OUTGOING)
+ {
+ ip_masq_set_expire(ms, 0);
+ ip_masq_set_expire(ms, ip_masq_expire->tcp_fin_timeout);
+ }
+ ms->flags |= IP_MASQ_F_SAW_FIN_INCOMING;
+ }
}
ip_send_check(iph);
#ifdef DEBUG_CONFIG_IP_MASQUERADE
==========================
