Subject: NetBSD master CVS tree commits
To: None <source-changes@NetBSD.ORG>
From: None <source@NetBSD.ORG>
List: source-changes
Date: 07/06/1997 07:10:02
thorpej
Sun Jul  6 00:04:36 PDT 1997
Update of /cvsroot/src/sys/netinet
In directory netbsd1:/var/slash-tmp/cvs-serv2671

Modified Files:
	tcp_input.c 
Log Message:
Fix an old and obscure TCP bug, brought to my attention by Bill Fenner,
fixed in FreeBSD by John Polstra:

Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR (FreeBSD's kern/3998).
   
   Under certain circumstances involving the persist state, it is
   possible for the receive side's tp->rcv_nxt to advance beyond its
   tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
   negative.  However, in the code affected by this fix, that difference
   was interpreted as an unsigned number by max().  Since it was
   negative, it was taken as a huge unsigned number.  The effect was
   to cause the receiver to believe that its receive window had negative
   size, thereby rejecting all received segments including ACKs.  As
   the test case shows, this led to fruitless retransmissions and
   eventually to a dropped connection.  Even connections using the
   loopback interface could be dropped.  The fix substitutes the signed
   imax() for the unsigned max() function.

Bill informs me that his research indicates this bug appeared in Reno.


thorpej
Sun Jul  6 00:07:02 PDT 1997
Update of /cvsroot/src/sys/netinet
In directory netbsd1:/var/slash-tmp/cvs-serv2918

Modified Files:
      Tag: SYN_cache_branch
	tcp_input.c 
Log Message:
Update from trunk.