[e2e] TCP-SYN and delayed TCB allocation

Srikanth Kandula kandula at cs.uiuc.edu
Wed May 28 12:44:38 PDT 2003


In the Linux case:


> > > B) has it been modified that it is now done after the 1st ACK?
> > >
> > > if not, any reason why not B? we would so the same if we had a
> > > "NAT/Firewall" with delayed binding etc
> >
> > If B), where do you put the data that could have been sent in the SYN?
> > I'm not sure you can ACK the SYN without ACKing the data therein (though
> > you don't deliver it until receiving the ACK and transitioning to
> > ESTABLISHED)...
>
> also in case the SYN has no data, the above cant be done as one needs to
> store the SIP+SPORT+ACK number somewhere so that when the next ACK comes in,
> the server knows what transaction is for...

An open_request object is created for each incoming SYN.  This object
contains flow information, initial seq numbers and window information.
For each socket in listening state, a synq is maintained consisting of
these open_request objects, which are a few bytes each.

http://lxr.linux.no/source/include/net/tcp.h#L494

If the syn cookies option is set, however, the receiver uses a cookie of
received info as its initial sequence number, and no open_request is
maintained.

If the synq is full, the received syn is dropped.  Full sockets, sock
objects, are created only at the end of a handshake.




> whats confusing me is that the defination of TCB says it also contains
> pointers to the send and recv buffers
>
> so if the window size is provided  in the SYN, it means that a malloc() for
> the window sized send buffer is also already done?


TCB, or in this case a sock object, contains ONLY pointers to the buffers.
Each received or transmitted packet (header+data) is encapsulated in an
skbuff (socket buffer) object.  The receive and send buffers, then are
queues of these skbuff objects.  Window size management is performed by
keeping track of object sizes in each queue.

http://lxr.linux.no/source/include/net/sock.h#L489


Maintaining open_req objects ensures that matching incoming packets
(skbuff) to local sockets (sock) is unaffected during a DDoS.  keepalive
timers on the listening socket attempt to resend the SYN-ACK for each
open_req in the synq.  "Age" associated with each open_req is used to
override normal SYN-ACK timeout when the synq is nearly full.

http://lxr.linux.no/source/net/ipv4/tcp_timer.c#L462





More information about the end2end-interest mailing list