Re: [Tsvwg] TCP Question: Reuse of TCB's in time-wait state:
Joe Touch <touch@ISI.EDU> Thu, 25 October 2001 16:34 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23190 for <tsvwg-archive@odin.ietf.org>; Thu, 25 Oct 2001 12:34:48 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA13033 for tsvwg-archive@odin.ietf.org; Thu, 25 Oct 2001 12:34:54 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA12086; Thu, 25 Oct 2001 12:10:39 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA12057 for <tsvwg@optimus.ietf.org>; Thu, 25 Oct 2001 12:10:37 -0400 (EDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA22583 for <tsvwg@ietf.org>; Thu, 25 Oct 2001 12:10:31 -0400 (EDT)
Received: from isi.edu (sci.isi.edu [128.9.160.93]) by boreas.isi.edu (8.11.6/8.11.2) with ESMTP id f9PGAXO06725; Thu, 25 Oct 2001 09:10:33 -0700 (PDT)
Message-ID: <3BD83978.6000800@isi.edu>
Date: Thu, 25 Oct 2001 09:10:32 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1
X-Accept-Language: en-us
MIME-Version: 1.0
To: sanjay kaniyar <skaniyar@hotmail.com>
CC: tsvwg@ietf.org
Subject: Re: [Tsvwg] TCP Question: Reuse of TCB's in time-wait state:
References: <F138uk1wkm27xM9ZoxX000137e6@hotmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: tsvwg-admin@ietf.org
Errors-To: tsvwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Transport Area Working Group <tsvwg.ietf.org>
X-BeenThere: tsvwg@ietf.org
Content-Transfer-Encoding: 7bit
sanjay kaniyar wrote: > 2. Here is how the reuse works today (for passive open): > > - When a connection goes to time-wait, along with the invariants of the > connection, the rcv_next and snd_next are stored. A timer is started for > 2 MSL. > > - When a SYN arrives with ISN = i, if "i > rcv_next", the TCB is moved > back to SYN-RCVD and ISN = snd_next + 128K is sent back. > > - There are 3 (remote) ways in which this can actually break. (a) The > client sending the active SYN should generate ISNs which wrap around > within 2 MSL. RFC793 etc suggests a wrap around time of 4.55 hours, so > this should not be a problem as long it is followed reasonably. (b) If > the same connection is reused at a rate of 2^32/(128K*2*MSL) (or smaller > than this, with fast data transfer). This can easily be protected with a > counter, if it is perceived to be an issue but I very much doubt it > would be in practice. (c) A connection proceeds at a rate with transfer > rate in Bytes > (2^32/2*MSL), in which case time-stamps should be used. > This can be used to not reuse the tw-tcb, if the issue referenced in (1) > is found to be commonplace. > > - Note that this clearly protects against old duplicates in both > directions. The appendix of RFC1185 does not seem to take the sequence > number check (i > rcv_next) into account when it analyzes the failure > cases. Perhaps you can clarify this. RFC 1185 explicitly mentions the following; isn't FIN+1 the same think as rcv_next? . Old duplicates in one direction can be avoided by . choosing the ISN to be the next unused sequence number from the . preceding connection (i.e., FIN+1); this is essentially an . application of the scheme of Garlick, Rom, and Postel, using the . connection block in TIME-WAIT state as the connection record. Then goes on to state: . However, the connection is still vulnerable to old duplicates in the . other direction. It seems like your ISNreverse = snd_next + 128K is intended to avoid this problem, however, the entire sequence space could have been in flight (and then some). It seems like you'd have to ensure that both ends of the connection have ISNs _AND_ timestamps which are valid for restarting. Restoring a TIME_WAIT state can, at best, ensure this only for the side that kept the TIME_WAIT. Joe _______________________________________________ tsvwg mailing list tsvwg@ietf.org http://www1.ietf.org/mailman/listinfo/tsvwg
- [Tsvwg] TCP Question: Reuse of TCB's in time-wait… sanjay kaniyar
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Allison Mankin
- RE: [Tsvwg] TCP Question: Reuse of TCB's in time-… Lars Eggert
- RE: [Tsvwg] TCP Question: Reuse of TCB's in time-… sanjay kaniyar
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Joe Touch
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… sanjay kaniyar
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Brian F. G. Bidulock
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Joe Touch
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… sanjay kaniyar
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… sanjay kaniyar
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Joe Touch
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Kevin Lahey
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Joe Touch
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… sanjay kaniyar
- Re: [Tsvwg] TCP Question: Reuse of TCB's in time-… Joe Touch