>Number:         5909
>Category:       kern
>Synopsis:       Bug in SYN cache code
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug  4 13:35:00 1998
>Last-Modified:
>Originator:     Ty Sarna
>Organization:
	Endicor Technologies, Inc., San Antonio, Texas
>Release:        1.3.2
>Environment:

Host B:

System: NetBSD fezzik.endicor.com 1.3.2 NetBSD 1.3.2 (FEZZIK) #3: Wed Jul 15 12:53:35 CDT 1998 tsarna@fezzik.endicor.com:/usr/src/sys/arch/i386/compile/FEZZIK i386

Host A:

AmigaOS 3.1, InterWorks IS225 TCP/IP stack

>Description:
	SMTP connections from A to B would sometimes hang. This
	happened 3 or 4 times in ~2 months period.

	We happened to catch this as it happened today, and observed
	that netstat on A shows a connection in ESTABLISH state, while
	netstat on B shows no connection at all.

	It also shows:

        325 SYN cache entries added
                0 hash collisions
                303 completed
                0 aborted (no space to build PCB)
                19 timed out
                0 dropped due to overflow
                0 dropped due to bucket overflow
                0 dropped due to RST
                3 dropped due to ICMP unreachable

>How-To-Repeat:
	From Charles Hannum on ICB:

	Okay; I think this is a bug in the `SYN cache' code.
	Consider this case:
	 * Host A sends a SYN.
	 * Host A retransmits the SYN.
	 * Host B gets the first SYN and sends a SYN-ACK.
	 * Host B gets the second SYN and sends a SYN-ACK.
	 * One of the SYN-ACK bounces with an
	   ICMP unreachable, causing the `SYN cache' entry to be
	   removed with no notification.
	 * Host A receives the other SYN-ACK, sends an ACK, and goes to
	   ESTABLISHED state.
>Fix:
	Unknown.
>Audit-Trail:
>Unformatted: