[e2e] TCP Option Negotiation
Bob Braden
braden at ISI.EDU
Thu May 17 08:43:23 PDT 2001
*>
*> Someone recently pointed out a possible correctness issue with TCP
*> option negotiation to me, and I was wondering if anybody here had an
*> explanation. My understanding is that TCP stacks, upon receiving an
*> option they do not understand or expect, should ignore it. This creates
*> a loophole, however, in options like window scaling negotiation and SACK
*> permitted, whereby the communicating hosts can come to differing
*> opinions of the state of the option.
*>
*> In the admittedly improbable case that a host sends a TCP SYN requesting
*> say, window scaling, and then crashes, a new host may immediately
*> receive the old host's address, and issue its own SYN to the same
*> destination from the same port number. Suppose that SYN is lost in the
*> network. The new host may happen to receive the SYN ACK from the
*> original SYN. Assuming, again, that the stars are aligned and the
*> sequence numbers match, the new host would accept it, and consider the
*> connection established. This is correct behavior. Except for the
*> options.
*>
*> The new host may not understand window scaling, and just ignore the
*> option. Now the communicating hosts have different opinions of what the
*> window sizes are. Clearly the reliable byte stream semantic is
*> maintained, but the transmission is likely to be highly inefficient,
*> overrunning receive windows on a frequent basis. A similar issue arises
*> with SACK negotiation, although the affect is even more harmless.
*>
*> Is there a correctness argument I'm missing, or is this just considered
*> too improbable a case to be concerned with?
*>
*> - Alex
Alex,
This seems to be another manifestation of the standard problem of old
duplicate packet. Your scenario is a violation of TCP's "quiet time"
requirement upon host crash and restart (it's the same host if it has
the same IP address). Quiet time is a vital part of TCP's machinery to
protect against old duplicates.
Bob Braden
*>
*> --
*> NMS / PDOS Groups
*> MIT Laboratory for Computer Science
*> 545 Technology Square, NE43-512, Cambridge, Massachusetts 02139
*> http://nms.lcs.mit.edu/~snoeren
*>
More information about the end2end-interest
mailing list