[Beepcore-java-users] BEEPcore broken w.r.t. TCP
Status: Beta
Brought to you by:
huston
Menu
▾
▴
[Beepcore-java-users] BEEPcore broken w.r.t. TCP
|
From: Mario J. <ma...@je...> - 2004-02-29 06:17:20
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Working these days on a research prototype with the lasted implementation of BEEP available from www.beepcore.org we discovered a serious flaw. Obviously the library does not issue TCP's CLOSE command after having received the CLOSING primitive which is received as a result of an TCP packet flagged with FIN. Actually, the ACK flagged message is sent back to the client by the server, but the required FIN message is missing. As a result of this the TCP connection of the server side remains in status CLOSE_WAITING almost forever until the process is killed or the machine is rebooted. This can be reproduced under various Linux versions including the latest kernel (i.e., 2.6.3) and even machines running Windows. Fortunately, Windows (XP) limits the number of processed in state CLOSE_WAITING to 15 per process and cleans the open connections without user interaction automatically if an additional one reaches the mentioned state. Concerning Unix/Linux versions (the problem of remaining CLOSE_WAITING connections is also reported for HP UX) this behavior of BEEPcore might introduce the possibility of attacking the machine running BEEP since the server will run out of free sockets after a while. Could you please re-check this since it hinders us from using BEEP in practice. Also feedback on this issue and even potential mistakes from our side is highly appreciated. Best, Mario - -- Prof. Mario Jeckle University of Applied Sciences Furtwangen Dept. Business Applications of Computer Science W3C Representative of DaimlerChrysler Research and Technology OMG Representative of DaimlerChrysler URL: http://www.jeckle.de MailTo:ma...@je... MailTo:je...@fh... My public key: http://www.jeckle.de/marioJeckle.pub [mail really from me _always_ has this signature and is signed digitally - -- mail without it is forged spam] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAQYMQ46tt20EwGqwRAkY7AKC87JxDWLTOJZFIEPU/DYY0jjjGOwCff29G lW8fiQ8bYCRDcAEez7Sf0CQ= =l6YW -----END PGP SIGNATURE----- |
