Re: Linux 2.2.16 through 2.2.18preX TCP hang bug triggered by rsync

From: kuznet@ms2.inr.ac.ru
Date: Sat Jan 27 2001 - 13:27:29 EST


Hello!

> Why is it a bug to accept the ACK from it? RFC793 page 69 says
>
> If the RCV.WND is zero, no segments will be acceptable, but
> special allowance should be made to accept valid ACKs, URGs and
> RSTs.

8) This obscure place is discussed for ages. The question is:
What is "valid"? Solaris folks apparently read that valid
are "all".

BSD interprets valid as "segment fits to window after truncation".

> Why shouldn't this be considered a valid ACK?

It may be considered as a valid ACK, provided all the pieces of TCP
do window updates right. If window update algorithm were sane,
it would not be a big problem from tcp viewpoint
(though it remains security hole)

Actually, the same effect (pathological window expansion)
happens in other cases. See tcp-impl, Subj: "Send window update algorithm ...".

> can point me to it. Why doesn't the probe use the correct sequence number
> instead of backing up one? Perhaps a workaround is for Linux to not send
> the zero probe with the deliberately incorrect sequence number.

Linux does things, which are recommended by RFC.
BSD style zero window probes are known to be wrong way.

However, I repeat, real problem is not here.

Problem is that Solaris has inconsistent window update
algorithm. It currupts its SND.WND (like all BSD), but
also fails to recover from this (unlike BSD).

Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Jan 31 2001 - 21:00:27 EST