Re: strange Mac OSX RST behavior

[Rick Jones]

On 07/01/2016 08:10 AM, Jason Baron wrote:
> I'm wondering if anybody else has run into this...
>
> On Mac OSX 10.11.5 (latest version), we have found that when tcp
> connections are abruptly terminated (via ^C), a FIN is sent followed
> by an RST packet.

That just seems, well, silly.  If the client application wants to use 
abortive close (sigh..) it should do so, there shouldn't be this 
little-bit-pregnant, correct close initiation (FIN) followed by a RST.

> The RST is sent with the same sequence number as the
> FIN, and thus dropped since the stack only accepts RST packets matching
> rcv_nxt (RFC 5961). This could also be resolved if Mac OSX replied with
> an RST on the closed socket, but it appears that it does not.
>
> The workaround here is then to reset the connection, if the RST is
> is equal to rcv_nxt - 1, if we have already received a FIN.
>
> The RST attack surface is limited b/c we only accept the RST after we've
> accepted a FIN and have not previously sent a FIN and received back the
> corresponding ACK. In other words RST is only accepted in the tcp
> states: TCP_CLOSE_WAIT, TCP_LAST_ACK, and TCP_CLOSING.
>
> I'm interested if anybody else has run into this issue. Its problematic
> since it takes up server resources for sockets sitting in TCP_CLOSE_WAIT.

Isn't the server application expected to act on the read return of zero 
(which is supposed to be) triggered by the receipt of the FIN segment?

rick jones

> We are also in the process of contacting Apple to see what can be done
> here...workaround patch is below.