From tim@robbins.dropbear.id.au  Wed Jan 16 17:14:12 2002
Return-Path: <tim@robbins.dropbear.id.au>
Received: from raven.robbins.dropbear.id.au (088.a.010.mel.iprimus.net.au [210.50.200.88])
	by hub.freebsd.org (Postfix) with ESMTP id C84CF37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 16 Jan 2002 17:14:07 -0800 (PST)
Received: (from tim@localhost)
	by raven.robbins.dropbear.id.au (8.11.6/8.11.6) id g0H17So50756;
	Thu, 17 Jan 2002 12:07:28 +1100 (EST)
	(envelope-from tim)
Message-Id: <200201170107.g0H17So50756@raven.robbins.dropbear.id.au>
Date: Thu, 17 Jan 2002 12:07:28 +1100 (EST)
From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Reply-To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: finger could check if T/TCP is disabled and imply -T
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         33971
>Category:       bin
>Synopsis:       finger could check if T/TCP is disabled and imply -T
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 16 17:20:01 PST 2002
>Closed-Date:    Thu Jan 17 03:27:17 PST 2002
>Last-Modified:  Thu Jan 17 09:20:04 PST 2002
>Originator:     Tim J. Robbins
>Release:        FreeBSD 4.5-RC i386
>Organization:
>Environment:
System: FreeBSD raven.robbins.dropbear.id.au 4.5-RC FreeBSD 4.5-RC #3: Sat Jan 12 17:11:56 EST 2002 tim@raven.robbins.dropbear.id.au:/usr/obj/usr/src/sys/RAVEN i386


	
>Description:
/usr/bin/finger supports T/TCP, and this support may be disabled with the
-T option. The way the T/TCP support is implemented in `finger' causes
strange error messages ("read: Connection refused") and makes it take
longer than usual to give these errors on what the source code terms
"broken hosts".
>How-To-Repeat:
	
>Fix:
Use net.inet.tcp.rfc1644 sysctl to determine whether T/TCP has been enabled.
Imply the -T option if it has.


--- net.c.old	Thu Jan 17 11:50:17 2002
+++ net.c	Thu Jan 17 11:57:23 2002
@@ -46,6 +46,7 @@
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/socket.h>
+#include <sys/sysctl.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
@@ -88,6 +89,8 @@
 	char *alist[1], *host;
 	struct iovec iov[3];
 	struct msghdr msg;
+	int ttcp;
+	size_t ttcp_len;
 
 	if (!(host = rindex(name, '@')))
 		return;
@@ -140,8 +143,16 @@
 	iov[msg.msg_iovlen].iov_base = "\r\n";
 	iov[msg.msg_iovlen++].iov_len = 2;
 
+	/* Determine whether we can use T/TCP (RFC 1644) */
+	ttcp_len = sizeof (ttcp);
+	if (sysctlbyname("net.inet.tcp.rfc1644", &ttcp, &ttcp_len, NULL, 0))
+		ttcp = 0;
+
 	/* -T disables T/TCP: compatibility option to finger broken hosts */
-	if (Tflag && connect(s, (struct sockaddr *)&sin, sizeof (sin))) {
+	if (Tflag)
+		ttcp = 0;
+
+	if (!ttcp && connect(s, (struct sockaddr *)&sin, sizeof (sin))) {
 		perror("finger: connect");
 		return;
 	}
>Release-Note:
>Audit-Trail:

From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: freebsd-gnats-submit@FreeBSD.ORG
Cc:  
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Thu, 17 Jan 2002 12:25:35 +1100

 Sorry, that should read "Imply the -T option if it has *not*".

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Wed, 16 Jan 2002 21:38:02 -0500 (EST)

 <<On Thu, 17 Jan 2002 12:07:28 +1100 (EST), "Tim J. Robbins" <tim@robbins.dropbear.id.au> said:
 
 > /usr/bin/finger supports T/TCP, and this support may be disabled with the
 > -T option. The way the T/TCP support is implemented in `finger' causes
 > strange error messages ("read: Connection refused") and makes it take
 > longer than usual to give these errors on what the source code terms
 > "broken hosts".
 
 Your suggestion is bogus.  As the manual page clearly indicates, the
 presence or absence of Transaction TCP support is not relevant to
 what the finger client does.  (In fact, even when T/TCP was supported
 by default, finger was not able to use it because the finger protocol
 requires that the server close the connection first.)
 
 -GAWollman
 

From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Thu, 17 Jan 2002 14:21:43 +1100

 On Wed, Jan 16, 2002 at 09:38:02PM -0500, Garrett Wollman wrote:
 
 > Your suggestion is bogus.  As the manual page clearly indicates, the
 > presence or absence of Transaction TCP support is not relevant to
 > what the finger client does.  (In fact, even when T/TCP was supported
 > by default, finger was not able to use it because the finger protocol
 > requires that the server close the connection first.)
 
 Perhaps I misunderstood. Anyway, finger'ing a host that doesn't run
 fingerd takes longer to give an error than it should. Apparently
 T/TCP was an experiment that failed because it was insecure, and because
 nobody else showed much interest in it. It strikes me as stupid to
 inconvenience those not using T/TCP when they are in the majority.
 
 
 Tim

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Wed, 16 Jan 2002 23:52:27 -0500 (EST)

 <<On Thu, 17 Jan 2002 14:21:43 +1100, "Tim J. Robbins" <tim@robbins.dropbear.id.au> said:
 
 > Perhaps I misunderstood. Anyway, finger'ing a host that doesn't run
 > fingerd takes longer to give an error than it should. Apparently
 > T/TCP was an experiment that failed because it was insecure, and because
 > nobody else showed much interest in it. It strikes me as stupid to
 > inconvenience those not using T/TCP when they are in the majority.
 
 Evidently you did misunderstand, since as I stated in my original
 reply, finger does not use Transaction TCP.
 
 -GAWollman
 

From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Thu, 17 Jan 2002 16:45:56 +1100

 On Wed, Jan 16, 2002 at 11:52:27PM -0500, Garrett Wollman wrote:
 
 > Evidently you did misunderstand, since as I stated in my original
 > reply, finger does not use Transaction TCP.
 
 The kernel does T/TCP because finger does not connect() before it
 calls sendmsg() (unless, of course, the -T option is used).
 
 net.inet.tcp.rfc1644=0, finger tim@127.0.0.1:
 16:29:39.703826 localhost.4459 > localhost.finger: S [tcp sum ok] 3639801831:3639801831(0) win 65535 <mss 16344,nop,wscale 1,nop,nop,timestamp 20673461 0> (DF) (ttl 64, id 33391, len 60)
 0x0000   4500 003c 826f 4000 4006 ba4a 7f00 0001        E..<.o@.@..J....
 0x0010   7f00 0001 116b 004f d8f2 f7e7 0000 0000        .....k.O........
 0x0020   a002 ffff bb5b 0000 0204 3fd8 0103 0301        .....[....?.....
 0x0030   0101 080a 013b 73b5 0000 0000                  .....;s.....
 
 net.inet.tcp.rfc1644=1, finger tim@127.0.0.1:
 16:28:49.322276 localhost.4458 > localhost.finger: SP [tcp sum ok] 3668140434:3668140439(5) win 57344 <mss 16344,nop,wscale 1,nop,nop,timestamp 20668422 0,nop,nop,cc 7541> (DF) (ttl 64, id 17585, len 73)
 0x0000   4500 0049 44b1 4000 4006 f7fb 7f00 0001        E..ID.@.@.......
 0x0010   7f00 0001 116a 004f daa3 6192 0000 0000        .....j.O..a.....
 0x0020   c00a e000 4ea7 0000 0204 3fd8 0103 0301        ....N.....?.....
 0x0030   0101 080a 013b 6006 0000 0000 0101 0b06        .....;`.........
 0x0040   0000 1d75 7469 6d0d 0a                         ...utim..
 
 Note the CC option, PUSH flag, payload.
 
 I give up. I just thought it'd be nice if finger detected hosts that
 weren't listening on the finger port faster and a less confusing error msg.
 
 
 Tim

From: Ruslan Ermilov <ru@FreeBSD.org>
To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Cc: bug-followup@FreeBSD.org, Garrett Wollman <wollman@FreeBSD.org>
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Thu, 17 Jan 2002 11:44:00 +0200

 On Thu, Jan 17, 2002 at 12:07:28PM +1100, Tim J. Robbins wrote:
 > 
 > /usr/bin/finger supports T/TCP, and this support may be disabled with the
 > -T option. The way the T/TCP support is implemented in `finger' causes
 > strange error messages ("read: Connection refused") and makes it take
 > longer than usual to give these errors on what the source code terms
 > "broken hosts".
 > >How-To-Repeat:
 > 	
 > Use net.inet.tcp.rfc1644 sysctl to determine whether T/TCP has been enabled.
 > Imply the -T option if it has.
 > 
 Hmm, doesn't a connection degenerates into standard TCP connection
 when net.inet.tcp.rfc1644=0?
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age

From: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, Garrett Wollman <wollman@FreeBSD.org>
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Thu, 17 Jan 2002 22:16:36 +1100

 On Thu, Jan 17, 2002 at 11:44:00AM +0200, Ruslan Ermilov wrote:
 
 > Hmm, doesn't a connection degenerates into standard TCP connection
 > when net.inet.tcp.rfc1644=0?
 
 It does, as it should. I guess something else was misconfigured here,
 as I've just tested it on another machine. Apologies, you may close the PR.
 
 
 Tim
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Thu Jan 17 03:27:17 PST 2002 
State-Changed-Why:  
Originator confirms that PR was false -- if net.inet.tcp.rfc1644=0, 
finger(1) doesn't use T/TCP. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33971 

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: "Tim J. Robbins" <tim@robbins.dropbear.id.au>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/33971: finger could check if T/TCP is disabled and imply -T
Date: Thu, 17 Jan 2002 12:19:06 -0500 (EST)

 <<On Thu, 17 Jan 2002 16:45:56 +1100, "Tim J. Robbins" <tim@robbins.dropbear.id.au> said:
 
 > The kernel does T/TCP because finger does not connect() before it
 > calls sendmsg() (unless, of course, the -T option is used).
 
 No, that is not Transaction TCP; that's implicit open/close -- an API
 feature that is independent of the protocol.
 
 > 16:29:39.703826 localhost.4459 > localhost.finger: S [tcp sum ok] 3639801831:3639801831(0) win 65535 <mss 16344,nop,wscale 1,nop,nop,timestamp 20673461 0> (DF) (ttl 64, id 33391, len 60)
 
 No FIN flag, no CC{,.new,.echo} options, ergo no TCP accelerated open,
 thus no Transaction TCP.  In fact, it's not even sending data on that
 SYN (which is IMO a bug -- if there is data in the socket buffer,
 every opportunity allowed by flow control should be taken to send it).
 
 > net.inet.tcp.rfc1644=1, finger tim@127.0.0.1:
 > 16:28:49.322276 localhost.4458 > localhost.finger: SP [tcp sum ok] 3668140434:3668140439(5) win 57344 <mss 16344,nop,wscale 1,nop,nop,timestamp 20668422 0,nop,nop,cc 7541> (DF) (ttl 64, id 17585, len 73)
 
 Yes, when you turn on T/TCP support, the stack is capable of using it
 automatically -- that's the whole point of having such an option.
 
 > I give up. I just thought it'd be nice if finger detected hosts that
 > weren't listening on the finger port faster and a less confusing error msg.
 
 There must be something else wrong with your system or network.  I do
 not see any delays such as you note with either -current or -stable:
 
 wollman@mintaka(132)$ time finger -l foo@www.lcs.mit.edu
 [www.lcs.mit.edu]
 
 finger: read: Connection refused
         0.00 real         0.00 user         0.00 sys
 
 Your point about the error message is well-taken.  The -current
 version of finger(1) says:
 
 wollman@khavrinen(633)$ time finger -l foo@www.lcs.mit.edu
 [www.lcs.mit.edu]
 finger: reading from network: Connection refused
 
         0.03 real         0.00 user         0.02 sys
 
 ktrace demonstrates that it is in fact doing the implicit open:
 
  98990 finger   CALL  socket(0x2,0x1,0)
  98990 finger   RET   socket 4
 [...]
  98990 finger   CALL  sendmsg(0x4,0xbfbfedcc,0)
  98990 finger   GIO   fd 4 wrote 8 bytes
        "/W foo\r
        "
  98990 finger   RET   sendmsg 8
 [...]
  98990 finger   CALL  read(0x4,0x805b000,0x4074)
  98990 finger   RET   read -1 errno 61 Connection refused
 
 -GAWollman
 
>Unformatted:
