tech-net: Re: erroneous ack packet, ideas please?

Subject: Re: erroneous ack packet, ideas please?
To: Andrew Brown <codewarrior@daemon.org>
From: Stefan Grefen <grefen@hprc.tandem.com>
List: tech-net
Date: 07/11/1997 09:29:42

In message <199707101944.PAA10065@untraceable.net>  Andrew Brown wrote:
> > From: Kevin M. Lahey
> >
> >>i've been modifying the tcp stack to add tcp eagers listeners and i'm
> >>a little confused about something that i've started seeing.
> >
> >What are eager listeners?  It certainly sounds like a cool thing :-),
> >even if I have no idea what it is...
> 
> solaris 2.3 and 2.4 had something called tcp_eager_listeners which was
> (i believe) implemented as a system-wide setting to affect tcp
> connections.  what it did was cause the accept() call to return after
> receipt of the initial syn packet, not after the entire three-way
> handshake had completed.  i believe the idea was that one could more
> effectively screen connections by making the services appear not to be
> supported, rather than (ala tcp wrappers) first accepting the
> connection, and then dropping it.

Or bind the new socket to a specific local-address (which you
can't with the normal code if the listener is not bound).
This is handy if you use alias addresses and the network 'split' is
behind your default router.

> 
> i've got my box at home to the point where accept() returns after the
> first syn (via a setsockopt() on the "master" socket), subsequent syns
> are simply "absorbed", and i can then *choose* to keep the connection
> and finish the tcp handshake (via an ioctl() on the "slave" socket).
> after this, it behaves like a completely normal socket except for the
> extra ack packet that i don't understand.

Why ioctl() ?? Have a look at man accept(2). 
There is a way to accept/reject connections for ISO protocols, without 
special ioctls.
A program not expecting a socket in this state (inherting the socket from a
parent process) would just work (only may block longer on the initial read or 
write).
I've haven't checked how much of the needed code is generic socket code
and how much is in netiso.

Stefan 
--
Stefan Grefen                                Tandem Computers Europe Inc.
grefen@hprc.tandem.com                       High Performance Research Center
If a group of N persons implements a COBOL compiler, there will be N-1
passes.  Someone in the group has to be the manager.
                -- T. Cheatham