New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Strange behavior when I logout() with IMAP4_SSL #49815
Comments
While researching some strange logs from out firewall and narrowing it To reproduce: Start a network-sniffer like wireshark on the loopback-interface In python, connect to it and send some data:
>>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>> s.connect(("127.0.0.1", 12345))
>>> s.send("Hallo\n");
6 The other shell now looks like: Type in anything and press <Enter> to send. Then quit the nc with C-c. Then:
>>> s.close() What I see here is the following: If I understand correctly, it sends RST, because not everything from the And now to imaplib.IMAP4_SSL. The behavior here seems to me even more If I invoke .logout(), the server sends his "BYE" message and after that Why does .logout() not send a FIN? Why does it not read the complete Thank you! |
Just FYI, this issue is in python2.6, too. Only, that in 2.6 the GC does not collect the objects immediately, so And I checked, I can not read anymore data out of the socket. Is this a bug in the ssl-implemantation? |
Do you still witness the issue? (it's not obvious it's a Python problem at all; details of the TCP implementation are obviously handled by the OS, and Python only uses the standard C socket API -- recv(), send() and friends) |
The TCP-issues from my post are all resolved. I now know how TCP works; the behaviour of python seems to be correct. About the imap-behaviour:
me@harga ~$ python
Python 2.5.5 (r255:77872, Apr 21 2010, 08:40:04)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import imaplib
>>> c = imaplib.IMAP4_SSL("post.in.tum.de")
>>> c.login("toelke", "XXX")
('OK', ['LOGIN Ok.'])
>>> c.logout()
('BYE', ['Courier-IMAP server shutting down'])
>>> <C-d>
me@harga ~$ At the time of the logout() the server closes his connection and sends a FIN-packet. If python is closed, it sends not a FIN-Packet but a RST-paket. The "problem" I have with this is, that the Linux-Packetfilter-Firewall does not expect this RST-Packet either and in out configuration logs this as a connection in the wrong state which is generally a security-problem. Our workaround for the last year has been iptables -A OUTPUT -p tcp --tcp-flags ACK,RST ACK,RST -d 131.159.22.43 -j DROP Thanks for the help! |
1 similar comment
The TCP-issues from my post are all resolved. I now know how TCP works; the behaviour of python seems to be correct. About the imap-behaviour:
me@harga ~$ python
Python 2.5.5 (r255:77872, Apr 21 2010, 08:40:04)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import imaplib
>>> c = imaplib.IMAP4_SSL("post.in.tum.de")
>>> c.login("toelke", "XXX")
('OK', ['LOGIN Ok.'])
>>> c.logout()
('BYE', ['Courier-IMAP server shutting down'])
>>> <C-d>
me@harga ~$ At the time of the logout() the server closes his connection and sends a FIN-packet. If python is closed, it sends not a FIN-Packet but a RST-paket. The "problem" I have with this is, that the Linux-Packetfilter-Firewall does not expect this RST-Packet either and in out configuration logs this as a connection in the wrong state which is generally a security-problem. Our workaround for the last year has been iptables -A OUTPUT -p tcp --tcp-flags ACK,RST ACK,RST -d 131.159.22.43 -j DROP Thanks for the help! |
FWIW on my cisco firewalls the logs contain a lot of 'deny, no connection' messages for RST packets, probably coming from similar scenarios. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: