Jump to: navigation, search

TCP connection

906 bytes added, 07:04, 5 December 2016
no edit summary
per-connection iptables rules the "network-lock"/"network-unlock" [[action scripts]] are called so that the user
could isolate the whole netns from network. Typically this is done by downing the respective veth pair end.
== States ==
=== TCP_SYN_SENT ===
There is only one difference with TCP_ESTABLISHED, we have to restore a socket and disable the repair mode before calling <code>conenct()</code>. The kernel will send a one syn-sent packet with the same initial sequence number and sets the TCP_SYN_SENT state for the socket.
=== Half-closed sockets ===
A socket is half-closed when it sent or received a fin packet. These sockets are in one for these states: TCP_FIN_WAIT1, TCP_FIN_WAIT2, TCP_CLOSING, TCP_LAST_ACL, TCP_CLOSE_WAIT. To restore these states, we restore a socket into the TCP_ESTABLISHED state and then we call shutfown(SHUT_WR), if a socket has sent a fin packet and we send a fake fin packet, if a socket has received it before. For example, if we want to restore the TCP_FIN_WAIT1 state, we have to call shutfown(SHUT_WR) and we can send a fake ack to the fin packet to restore the TCP_FIN_WAIT2 state.
== See also ==

Navigation menu