Dodgy SYN/mysterious ACK

From: Peter Neal
Date: Wed May 28 2008 - 14:56:47 EST

Hi there,

I'm trying to debug a TCP problem and I've rather run out of ideas, I
was wondering if anyone might be able to help me...

The problem I'm seeing relates to re-use of port/IP address
combinations. I'm connecting from port 12345 to Linux/lighttpd on port
80. I do an HTTP/1.0 request, the server sends me some data, then a
FIN/ACK. I ACK that, then send my own FIN/ACK. The connection goes
away for me, and goes to TIME_WAIT on the server.

If I try to reuse the the IP/port combination, normally everything
works fine, as lighttpd appears to use SO_REUSEADDR.

Sometimes, however, things do not go so well - I send a SYN to
initiate a new connection, and Linux/lighttpd responds by re-sending
the final ACK - I think I'm doing something wrong with either the
teardown of the old socket, or the SYN of the new connection which is
causing Linux/lighttpd to think the SYN is somehow part of the old
connection, so it retransmits the ACK as a reminder that the old
conversation is over. I respond with a RST, back off for three
seconds, then try again and connect OK. I'm mystified by the
retransmitted ACK though - can anyone explain what I'm doing wrong?

A capture is attached, taken on the Linux/lighttpd server.



Attachment: mystery_ack.pcap
Description: Binary data