Re: [tcpm] draft-eggert-tcpm-historicize-00

Joe Touch <> Sat, 26 June 2010 19:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0BC653A67E7 for <>; Sat, 26 Jun 2010 12:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.079
X-Spam-Status: No, score=-2.079 tagged_above=-999 required=5 tests=[AWL=0.520, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rw3JhJBbZrkg for <>; Sat, 26 Jun 2010 12:06:39 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id F0FB43A6767 for <>; Sat, 26 Jun 2010 12:06:38 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id o5QJ58kA029909 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 26 Jun 2010 12:05:19 -0700 (PDT)
Message-ID: <>
Date: Sat, 26 Jun 2010 12:05:08 -0700
From: Joe Touch <>
User-Agent: Thunderbird (Windows/20100228)
MIME-Version: 1.0
References: <><><><> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enigB5BA7B3AA1731D326D3C7A2E"
X-MailScanner-ID: o5QJ58kA029909
X-ISI-4-69-MailScanner: Found to be clean
Subject: Re: [tcpm] draft-eggert-tcpm-historicize-00
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 26 Jun 2010 19:06:40 -0000 wrote:
>>From the abstract of Stone's SIGCOMM paper:
> Traces of Internet packets from the past two years show that between 1 packet
> in 1,100 and 1 packet in 32,000 fails the TCP checksum, even on links where
> link-level CRCs should catch all but 1 in 4 billion errors.
> [..] Much of our time has been spent negotiating access to data.
> s/*can*/*was observed to over two years in the wild*.

See Section 4.3.

End hosts that compute bad TCP checksums, or alter packets after the checksums
are validated aren't fixed by adding another checksum they can incorrectly

The only errors that appear to be happening due to paths were due to a faulty
router. Those errors were single bit errors, likely in memory of the router (as
per their observation, Sec 4.3.4). I.e., the authors believe the router was
accepting a valid CRC in, modifying the packet, and transmitting one with a
(different) valid CRC out. The end receiver thus saw a packet with a valid CRC
but would have seen an invalid TCP checksum.

Their methodology captured packets at the link layer, (Sec 3.1):

"For each complete packet, the software calculates
the checksum and if the checksum fails, the entire packet
is saved."

Later they note how they find out of the segment was faulty due to a
retransmission without the fault:

"If the IP datagram contains a TCP segment, the capture
program records what bytes were in the segment (on the as-
sumption that the sequence numbers are correct!) and then
looks for valid retransmissions of those bytes."

The do not seek, nor did they find in the wild, a single packet where the CRC
was valid and the TCP checksum was valid, but the packet had changed in
contents. That could have been attempted (perhaps with greater computational
power), but was not.