Reputation: 24895
Why will a TCP Server send a FIN immediately after accepting a connection?
From the ethreal packet capture, I see the following behaviour which appears quite strange to me:
Client --> Server [SYN]
Server --> Client [SYN, ACK]
Client --> Server [ACK]
Server --> Client [FIN, ACK]
Client --> Server [ACK]
Client --> Server [TCP Segment of a reassembled PDU] (I don't know what this means)
Server --> Client [RST]
Any ideas as to why this could be happening?
Also, the Server Port is 6000. Could that cause any problem?
My other doubts:
- Why is there a FIN, ACK? Shouldn't it be only FIN? What is the meaning of the ACK in that message?
- Shouldn't there be a FIN from Client also?
EDIT: After some more analysis, I found if the number of file descriptors have exceeded the limit then a FIN is sent by the Server. But, in this case it doesn't appear that the file descriptors have exceeded the limit. For what other scenarios can this happen?
Upvotes: 8
Views: 26618
Answers (6)
Reputation: 151
I think the FIN was sent by calling close() instead of shutdown().
The connection is in backlog queue; after accept(), the server decides to terminate it for whatever reason(e.g. TCP wrapper ACL or out of file descriptors). In this case, a close() decreases file descriptor(FD)'s link count by 1 to 0, so FD for this connection is fully destroyed. Afterwards the client sends data to a non-existing socket from server's point of view, server has to respond a RST.
If it was a shutdown(), server can still revive data sent by client and have to wait for FIN from client to close the connection gracefully. No RST is sent back.
Upvotes: 2
Reputation: 24895
Upon deep analysis, the following was found to be the reason of the problem:
When a Client tries TCP connect, even if the server is not currently calling accept, the connection will pass. This will happen if server has called 'listen' function and it will keep accepting the connections till backlog limit is reached.
But, if the application process exceeds the limit of max file descriptors it can use, then when server calls accept, then it realizes that there are no file descriptors available to be allocated for the socket and fails the accept call and the TCP connection sending a FIN to other side.
I just though of posting this finding here. I am still leaving the accepted answer as that of Habbie's.
Thanks to all those who answered this question.
Upvotes: 19
Reputation: 2817
Could be TCP wrappers. If the server process was built with libwrap support, it will accept the connection, check /etc/hosts.allow and /etc/hosts.deny, and then immediately close the connection if denied by policy.
It's easy to see if the server is using libwrap:
> ldd /usr/sbin/sshd | grep libwrap
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f1562d44000)
Upvotes: 1
Reputation: 215193
I'm guessing the connection is being accepted by inetd or a similar daemon, which then attempts to fork and exec another program to handle the connection, and that either the fork is failing (due to resource exhaustion) or the exec is failing (due to nonexistent file, permissions error, etc.).
Upvotes: 3
Reputation: 2230
FIN usually means the other side called shutdown(..) on the socket.
Upvotes: 6
Reputation: 12923
Seems like the server calls shutdown very shortly after accepting the connection.
Upvotes: 0
Related Questions
- TCP: Server sends [RST, ACK] immediately after receiving [SYN] from Client
- How common is it to receive packets from a TCP connection AFTER initiating termination w/ a FIN packet?
- Can 'connect' call on socket return successfully without server calling 'accept'?
- TCP Connection: What happens if client does not ACK server FIN
- TCP: What happens when client connects, sends data and disconnects before accept
- tcp read() immediately after accept()
- Are FIN packets guaranteed to arrive?
- Does a socket receive stream get closed when it receives a FIN packet?
- client connect() succeeds before the server accept(), how does the client know that server accept() is successful?
- FIN omitted, FIN-ACK sent