1

In my networking course, I studied that there are 11 tcp states, They are as follows:

  1. Closed
  2. Listen
  3. Syn_Sent
  4. Syn_Rcvd
  5. Established
  6. Fin_Wait_1
  7. Fin_Wait_2
  8. Closing
  9. Time_Wait
  10. Last_Ack
  11. Close_Wait

I don't know exactly how many of these states are actually implemented in Linux Kernel Network Architecture.

I want to write a program using system calls which can capture all these states which are implemented in Linux Kernel.

Actually i want to use socket programming and system calls for just capturing these states like :

whenever I do netstat -taupen | grep tcp , I want to see all these connection's states in the State column for the same tcp connection at different times.

Somebody give me some idea on how to program such a code.

pradeepchhetri
  • 2,899
  • 6
  • 28
  • 50

3 Answers3

2

They are all implemented but you can only observe these with socket API calls:

  1. Closed
  2. Listen
  3. Syn_Sent (non-blocking only)
  4. Established
  5. Fin_Wait_1 (implicit)
  6. Fin_Wait_2 (only by trying to read and getting EOF)
  7. Closing (non-blocking only)
  8. Last ACK (only by trying to reuse port)
Joshua
  • 40,822
  • 8
  • 72
  • 132
2

First of all, you'll need to implement both the the client and server sides of the connection and you'll probably need to run them from an external script so that they can be passed proper parameters and / or killed at the needed times to demonstrate the various states in a way viewable from netstat. The best reference for the details of doing something like this would be Steven's Unix Network Programming. If you browser through the book and the source code ( which can be downloaded here ) you'll see examples of ways to intentionally cause various TCP connection states in an observable manner. One thing you'll want to look at is the code for non-blocking connects and also look up SO_REUSEADDR, SO_LINGER, time-wait assassination. There's no substitute for reading Steven's when it comes to a subject like this.

Community
  • 1
  • 1
Robert S. Barnes
  • 39,711
  • 30
  • 131
  • 179
1

If you're not happy Inferring the state from external observation (packet tracing), then you'll have to instrument the kernel code: add some log statements in the transition code, recompile the kernel ..

/usr/src/linux-source-2.6.32/net/ipv4# head -n 250 tcp.c | grep -n "^[^a-zA-Z0-9]*TCP_" | sed "s|^.*(TCP_[A-Z0-9_]).|\1|" | while read S ; do echo -e "\n $S :" ; grep -l $S ./* | tr '\n' ' '; done ; echo

TCP_SYN_SENT : ./af_inet.c ./tcp.c ./tcp_input.c ./tcp_ipv4.c ./tcp_output.c

TCP_SYN_RECV : ./inet_connection_sock.c ./inet_diag.c ./tcp.c ./tcp_input.c ./tcp_ipv4.c ./tcp_minisocks.c

TCP_ESTABLISHED : ./datagram.c ./raw.c ./tcp.c ./tcp_input.c ./tcp_ipv4.c ./udp.c

TCP_FIN_WAIT1 : ./tcp.c ./tcp_input.c

TCP_FIN_WAIT2 : ./tcp.c ./tcp_input.c ./tcp_minisocks.c ./tcp_timer.c

TCP_CLOSING : ./tcp.c ./tcp_input.c

TCP_TIME_WAIT : ./inet_diag.c ./inet_timewait_sock.c ./tcp.c ./tcp_input.c ./tcp_ipv4.c ./tcp_minisocks.c

TCP_CLOSE_WAIT : ./tcp.c ./tcp_input.c

TCP_LAST_ACK : ./tcp.c ./tcp_input.c

TCP_CLOSE : ./af_inet.c ./inet_connection_sock.c ./inet_hashtables.c ./raw.c ./tcp.c ./tcp_cong.c ./tcp_input.c ./tcp_ipv4.c ./tcp_output.c ./tcp_timer.c ./udp.c

jm0
  • 11
  • 1