RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (2)

RFC 1337, "TIME-WAIT Assassination Hazards in TCP", May 1992

Source of RFC: Legacy

Errata ID: 6782
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Christophe Deleuze
Date Reported: 2021-12-11
Verifier Name: Martin Duke
Date Verified: 2022-01-28

Section 2.4 says:

    3.         ... <SEQ=400><ACK=101><CTL=SYN,ACK><W=800>  <-- SYN-RCVD

    4.  SYN-SENT    <-- <SEQ=300><ACK=123><CTL=ACK> ... (old duplicate)

    5.  SYN-SENT    --> <SEQ=123><CTL=RST>                   --> LISTEN

    6.  ESTABLISHED <-- <SEQ=400><ACK=101><CTL=SYN,ACK><W=900> ...

[...]

      The key to the failure in Figure 4 is that the RST segment 5 is
      acceptable to TCP B in SYN-RECEIVED state, because the sequence
      space of the earlier connection that produced this old duplicate
      overlaps the new connection space.  Thus, <SEQ=123> in segment #5
      falls within TCP B's receive window [101,900).

It should say:

    3.         ... <SEQ=400><ACK=101><CTL=SYN,ACK><W=800>  <-- SYN-RCVD

    4.  SYN-SENT    <-- <SEQ=300><ACK=123><CTL=ACK> ... (old duplicate)

    5.  SYN-SENT    --> <SEQ=123><CTL=RST>                   --> LISTEN

    6.  ESTABLISHED <-- <SEQ=400><ACK=101><CTL=SYN,ACK><W=800> ...

[...]

      The key to the failure in Figure 4 is that the RST segment 5 is
      acceptable to TCP B in SYN-RECEIVED state, because the sequence
      space of the earlier connection that produced this old duplicate
      overlaps the new connection space.  Thus, <SEQ=123> in segment #5
      falls within TCP B's receive window [101,901).


Notes:

I see two problems here.

First, line 6 is the arrival of segment sent at line 3, so it should have the same advertised window.

Second, in the following paragraph it is said that B's receive window is [101,900), which is consistent neither with line 3 (W=800) nor line 6 (W=900).

I guess (that's just a guess) the author meant W=800 in both lines 3 and 6, and made an off-by-one error in B receive's window. If it starts at 101 and has 800 for size, it is [101,901)

Errata ID: 7149
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Michael Tüxen
Date Reported: 2022-10-06
Verifier Name: RFC Editor
Date Verified: 2022-10-06

Section 2.2 says:

As a result, B sends segment 6, an ACK for sequence = 640, which
is 40 beyond any data sent by A.  Assume for the present that this
ACK arrives at A *after* A has sent segment 7a, the next full data
segment.  In that case, the ACK segment 8a acknowledges data that
has been sent, and the error goes undetected.  Another possible
continuation after segment 6 leads to hazard H3, shown below.

It should say:

As a result, B sends segment 6, an ACK for sequence = 640, which
is 40 beyond any data sent by A.  Assume for the present that this
ACK arrives at A *after* A has sent segment 7a, the next full data
segment.  In that case, the ACK segment 8a acknowledges data that
has been sent, and the error goes undetected.  Another possible
continuation after segment 6 leads to hazard H2, shown below.

Notes:

The forward reference in the last sentence should be H2, not H3.

Report New Errata



Advanced Search