Subject: kern/5909: Bug in SYN cache code
To: None <gnats-bugs@gnats.netbsd.org>
From: None <tsarna@endicor.com>
List: netbsd-bugs
Date: 08/04/1998 15:34:35
>Number: 5909
>Category: kern
>Synopsis: Bug in SYN cache code
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Aug 4 13:35:00 1998
>Last-Modified:
>Originator: Ty Sarna
>Organization:
Endicor Technologies, Inc., San Antonio, Texas
>Release: 1.3.2
>Environment:
Host B:
System: NetBSD fezzik.endicor.com 1.3.2 NetBSD 1.3.2 (FEZZIK) #3: Wed Jul 15 12:53:35 CDT 1998 tsarna@fezzik.endicor.com:/usr/src/sys/arch/i386/compile/FEZZIK i386
Host A:
AmigaOS 3.1, InterWorks IS225 TCP/IP stack
>Description:
SMTP connections from A to B would sometimes hang. This
happened 3 or 4 times in ~2 months period.
We happened to catch this as it happened today, and observed
that netstat on A shows a connection in ESTABLISH state, while
netstat on B shows no connection at all.
It also shows:
325 SYN cache entries added
0 hash collisions
303 completed
0 aborted (no space to build PCB)
19 timed out
0 dropped due to overflow
0 dropped due to bucket overflow
0 dropped due to RST
3 dropped due to ICMP unreachable
>How-To-Repeat:
From Charles Hannum on ICB:
Okay; I think this is a bug in the `SYN cache' code.
Consider this case:
* Host A sends a SYN.
* Host A retransmits the SYN.
* Host B gets the first SYN and sends a SYN-ACK.
* Host B gets the second SYN and sends a SYN-ACK.
* One of the SYN-ACK bounces with an
ICMP unreachable, causing the `SYN cache' entry to be
removed with no notification.
* Host A receives the other SYN-ACK, sends an ACK, and goes to
ESTABLISHED state.
>Fix:
Unknown.
>Audit-Trail:
>Unformatted: