From owner-freebsd-bugs Mon Feb 4 14: 0:17 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1A99F37B42F for ; Mon, 4 Feb 2002 14:00:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g14M02H01060; Mon, 4 Feb 2002 14:00:02 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9E8F237B41D for ; Mon, 4 Feb 2002 13:58:51 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g14LwpU00886; Mon, 4 Feb 2002 13:58:51 -0800 (PST) (envelope-from nobody) Message-Id: <200202042158.g14LwpU00886@freefall.freebsd.org> Date: Mon, 4 Feb 2002 13:58:51 -0800 (PST) From: Joseph Ishac To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/34619: TCP - FINs with different sequence numbers Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 34619 >Category: kern >Synopsis: TCP - FINs with different sequence numbers >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 04 14:00:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: Joseph Ishac >Release: >Organization: NASA Glenn Research Center >Environment: >Description: Problem (below) discovered on OpenBSD. The problem code exists in the current (1.39.2.14) version of src/sys/netinet/tcp_output.c. However, the problem has not been verified on a FreeBSD box. OpenBSD fix by Niels Provos. After loosing a packet in the final window of data, the resulting retransmission carries the FIN bit erroneously (it is not the final packet and carries a different sequence number). See: OpenBSD PR number 2368 (http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2368) for sample output. >How-To-Repeat: >Fix: OpenBSD solution from Niels Provos Index: tcp_output.c =================================================================== --- tcp_output.c 14 Jan 2002 19:58:18 -0000 1.46 +++ tcp_output.c 2 Feb 2002 01:01:37 -0000 len = tp->t_maxseg; sendalot = 1; } - if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc)) + if (off + len < so->so_snd.sb_cc) flags &= ~TH_FIN; win = sbspace(&so->so_rcv); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message