Date: Wed, 27 Dec 1995 20:53:49 +0100 From: Andras Olah <olah@cs.utwente.nl> To: current@freebsd.org Subject: Fwd: Re: another m_copydata crash Message-ID: <11849.820094029@curie.cs.utwente.nl>
next in thread | raw e-mail | index | archive | help
Hi guys, Here's a message I sent to Garrett a few days ago after my first attempt to find the bug. As far as I know, Garrett doesn't know it either what's causing this situation. I'm really sorry but I don't have too much time recently to work on it so I thought I share my results with you in the hope that someone else may find out what's happening here. It seems like that the MTU discovery hypothesis is excluded already (see earlier mail of DavidG). Andras ------- Forwarded Message From: Andras Olah <olah> To: "Garrett A. Wollman" <wollman@lcs.mit.edu> Subject: Re: another m_copydata crash Date: Fri, 22 Dec 1995 17:35:28 +0100 Garrett, During my first attempt to localize the bug, I found the immediate cause of the crash, but I'm still clueless how this situation can happen. It might have something to do with MTU discovery (although I couldn't see any suspicious changes for the first sight), so I'd appreciate your input. In both traces of Faried tp->snd_nxt == tp->snd_una - 1, which should never happen. snd_nxt >= snd_una must always hold during TCP's operation. Here's the relevant part of the tcpcb (this is in tcp_output()): t_state = ESTABLISHED t_flags = TF_ACKNOW|TF_REQ_SCALE|TF_RCVD_SCALE| TF_REQ_TSTMP|TF_RCVD_TSTMP|TF_RQ_CC|TF_RCVD_CC send side: snd_max = iss + 1 we have sent our SYN only snd_una = iss + 1 and it's acknowledged (we're in ESTABL state) snd_nxt = iss <-- that's weird!!! receive side: rcv_nxt = irs + 1 we've got only the SYN from our peer so far The rest of *tp seems to be normal. Note also that in both crashes tcp_output() is called from tcp_input() upon the reception of an out of order FIN segment: seq = irs + 10 we missed 9 bytes of data in between len = 0 ack = iss + 1 it acks our SYN flags = TH_ACK|TH_FIN peer wants to close I'd appreciate your ideas. Andras ------- End of Forwarded Message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11849.820094029>