[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4940) libldap doesn't wait for server's TLS close_notify

On Fri, 11 May 2007, Howard Chu wrote:
> That sounds like you're seeing a bug in the kernel's TCP stack then. A 
> TCP close sends a FIN to the other end and is required to wait for the 
> FIN to be ACK'd before the connection can be torn down. (Subject to 2MSL 
> timeout.) That is most certainly not our problem.

The FIN sent by the client *is* ACKed by the server.  The data sent by the 
client is reliably delivered.  The issue is the behavior when data is sent 
to a endpoint which has already called close().  The data can't be 
delivered to the application, so the kernel send back a RST to inform the 
other end of the data loss.  That issue---the data loss---is a direct 
result of the server sending a TLS close_notify and client not reading it 
before closing the socket.  Unless one of those changes, a RST must be 
generated to report the data loss to the sender.

All the UNIX versions that I have tried behave as described.  If this is a 
bug in TCP stacks, it is *very* well entrenched.

Philip Guenther