| msg124187 - (view) |
Author: (sean216) |
Date: 2010-12-17 07:40 |
| when use socket.close to close the telnet connection, in normal usage the tcp disconnect will be (socket.close send the TCP FIN) TCP A TCP B 1. ESTABLISHED ESTABLISHED 2. (Close) FIN-WAIT-1 --> <SEQ=100><ACK=300><CTL=FIN,ACK> --> CLOSE-WAIT 3. FIN-WAIT-2 <-- <SEQ=300><ACK=101><CTL=ACK> <-- CLOSE-WAIT 4. (Close) TIME-WAIT <-- <SEQ=300><ACK=101><CTL=FIN,ACK> <-- LAST-ACK 5. TIME-WAIT --> <SEQ=101><ACK=301><CTL=ACK> --> CLOSED 6. (2 MSL) CLOSED but sometimes socket.close will send TCP RST to disconnect the telnet and with wrong sequence number. This kind of RST will be considering as Network RST attack, and this packet will be dropped, the telnet connection will still established and cannot be closed. Seems python socket.close has some issues. def close(self): self._sock = _closedsocket() dummy = self._sock._dummy for method in _delegate_methods: setattr(self, method, dummy) close.__doc__ = _realsocket.close.__doc__ |
|
|
| msg124188 - (view) |
Author: (sean216) |
Date: 2010-12-17 07:44 |
| def close(self): self._sock = _closedsocket() dummy = self._sock._dummy for method in _delegate_methods: setattr(self, method, dummy) close.__doc__ = _realsocket.close.__doc__ socket.close function use Python25\DLLs\_socket.pyd, how to get _socket.pyd sorce code? |
|
|
| msg124193 - (view) |
Author: Charles-François Natali (neologix) *  |
Date: 2010-12-17 09:07 |
| > but sometimes socket.close will send TCP RST to disconnect the telnet and with wrong sequence number This is called a a "half-duplex" TCP close sequence. Your application is probably closing the socket while there are still data in the receive socket buffer (i.e. unread), so the TCP/IP stack sends a RST to inform the remote end that data has been lost. See RFC 1122 section 4.2.2.13. Note that in your sample capture, I don't see any invalid sequence/ack number. Your application should probably not close the connection at this time. > This kind of RST will be considering as Network RST attack, and this packet will be dropped, the telnet connection will still established and cannot be closed. There you firewell is broken. Sending a RST in this context is perfectly valid. As far as I know, this issue is due to your application and firewall settings, and not to Python. Furthermore, Python just calls the underlying close(2) syscall, so even if there were an issue, it's an OS one, nothing Python could do about it. |
|
|
| msg124199 - (view) |
Author: R. David Murray (r.david.murray) * |
Date: 2010-12-17 12:58 |
| The source used to create _socket.pyd is in Modules/socketmodule.c in the source code tarball available from the python web site. As neologix says, it is a thin wrapper around the OS level socket library. |
|
|
| msg124424 - (view) |
Author: (sean216) |
Date: 2010-12-21 09:51 |
| > Note that in your sample capture, I don't see any invalid sequence/ack number. please check telnet_unnormal RST.pcap in No. 1600-1602,the 1602 RST meseage is the invalid sequence/ack number 172. |
|
|
| msg124434 - (view) |
Author: R. David Murray (r.david.murray) * |
Date: 2010-12-21 16:47 |
| Regardless, Python doesn't generate the tcp/ip sequence numbers, the OS socket library does, so this is not a bug in Python. If you follow the code link I posted you will see that, other than Python internal bookkeeping, the only thing socket.close does is to call the platform socket close method. |
|
|