CODEWITHSUNDEEP
tcp
ryuu
ryuu

Reputation: 57

TCP TIME_WAIT Assassination

I just looked up the RFC1337 about TIME_WAIT Assassination and this is a portion of it.

Figure 1 shows an example of TIME-WAIT assassination. Segments 1-5
are copied exactly from Figure 13 of RFC-793, showing a normal close
handshake. Packets 5.1, 5.2, and 5.3 are an extension to this
sequence, illustrating TWA. Here 5.1 is any old segment that is
unacceptable to TCP A. It might be unacceptable because of its
sequence number or because of an old PAWS timestamp. In either case, TCP A sends an ACK segment 5.2 for its current SND.NXT and RCV.NXT.
Since it has no state for this connection, TCP B reflects this as RST segment 5.3, which assassinates the TIME-WAIT state at A!

**

    RFC 1337                 TCP TIME-WAIT Hazards                  May 1992
           TCP A                                                TCP B
       1.  ESTABLISHED                                          ESTABLISHED
           (Close)
       2.  FIN-WAIT-1  --> <SEQ=100><ACK=300><CTL=FIN,ACK>  --> CLOSE-WAIT
       3.  FIN-WAIT-2  <-- <SEQ=300><ACK=101><CTL=ACK>      <-- CLOSE-WAIT
                                                                (Close)
       4.  TIME-WAIT   <-- <SEQ=300><ACK=101><CTL=FIN,ACK>  <-- LAST-ACK
       5.  TIME-WAIT   --> <SEQ=101><ACK=301><CTL=ACK>      --> CLOSED
      - - - - - - - - - - - - - - - - - - - - - - - - - - - -
       5.1. TIME-WAIT   <--  <SEQ=255><ACK=33> ... old duplicate
       5.2  TIME-WAIT   --> <SEQ=101><ACK=301><CTL=ACK>    -->  ????
       5.3  CLOSED      <-- <SEQ=301><CTL=RST>             <--  ????
          (prematurely)

**

Now, what confuses me is, in TCP/IP Illustrated volume1, what it says is:

Any delayed segments that arrive for a connection while it is in the 2MSL wait are discarded.

So, why did the TCP A in RFC 1337's figure 1 ACK the old duplicate segment?

Upvotes: 0

Views: 2263

Answers (1)

user207421
user207421

Reputation: 310913

RFC 793 states in 'Reset generation':

  1. If the connection is in a synchronized state (ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT), any unacceptable segment (out of window sequence number or unacceptible acknowledgment number) must elicit only an empty acknowledgment segment containing the current send-sequence number and an acknowledgment indicating the next sequence number expected to be received, and the connection remains in the same state.

Upvotes: 2

Related Questions