TCP bug?

Chuck Swiger cswiger at
Fri Jun 19 19:32:58 UTC 2009


On Jun 19, 2009, at 10:44 AM, Harti Brandt wrote:
> When the TCP is in SYN-SENT state (the user has called connect())  
> and the peer answers with an almost-lamp test packet which has SYN,  
> FIN, ACK and data larger than the window, TCP ACKs a window full of  
> data, drops the rest, but processes the FIN - it goes into  
> CLOSE_WAIT. This looks wrong to me. When dropping the data that is  
> outside the window, it should also drop the FIN.

Clearly, you shouldn't process a FIN which happens outside of the  
current window: "For sequence number purposes, the SYN is considered  
to occur before the first actual data octet of the segment in which it  
occurs, while the FIN is considered to occur after the last actual  
data octet in a segment in which it occurs."

If the socket was in a synchronized state, RFC-793 pg 37 says:

"3.  If the connection is in a synchronized state (ESTABLISHED,
     any unacceptable segment (out of window sequence number or
     unacceptible acknowledgment number) must elicit only an empty
     acknowledgment segment containing the current send-sequence number
     and an acknowledgment indicating the next sequence number expected
     to be received, and the connection remains in the same state."

...if it's before the connection is fully setup, ie, in SYN-SENT state  
as you say, then the fact that the packet contains data which does not  
fit in the window suggests it should be handled by the rules for half- 
open connections:

   "As a general rule, reset (RST) must be sent whenever a segment  
   which apparently is not intended for the current connection.  A reset
   must not be sent if it is not clear that this is the case."

See figure 12-- I think you should be sending a RST back....


More information about the freebsd-net mailing list