From owner-freebsd-bugs  Fri Nov 21 02:03:24 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA28519
          for bugs-outgoing; Fri, 21 Nov 1997 02:03:24 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA28505;
          Fri, 21 Nov 1997 02:03:05 -0800 (PST)
          (envelope-from guido@gvr.org)
Received: (from guido@localhost)
	by gvr.gvr.org (8.8.6/8.8.5) id LAA23097;
	Fri, 21 Nov 1997 11:02:58 +0100 (MET)
From: Guido van Rooij <guido@gvr.org>
Message-Id: <199711211002.LAA23097@gvr.gvr.org>
Subject: Re: kern/5103
In-Reply-To: <199711210551.AAA03044@bual.research.att.com> from John Ioannidis at "Nov 21, 97 00:51:19 am"
To: ji@research.att.com
Date: Fri, 21 Nov 1997 11:02:58 +0100 (MET)
Cc: jkh@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG, security-officer@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

John Ioannidis wrote:
> This is an old bug, BTW; it's the simultaneous-open bug. Look in
> Stevens (TCP/IP Illustrated) Volume 1, chapter 18. I thought it had
> been fixed for 4.4BSD; BSDI 2.0 didn't have the problem. How did it
> re-emerge?
> 

I am not sure it is the same. What happens here is that the TCP stack
gets a SYN in the TCPS_LISTEN state and sends back a SYN-ACK. and
goes to SYN_RCVD. In the simultaneous open, a SYN is sent and
pone goes to SYN_SENT and receives a SYN in that state.

Garrett told me that when you send this packet from the host you are 
receiving it from, it does no harm. This would more or less support my
idea that it is something different.

-Guido