Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!columbia!rutgers!ll-xn!mit-eddie!genrad!decvax!ucbvax!MONET!karels From: karels@MONET (Mike Karels) Newsgroups: net.bugs.4bsd Subject: 4.3BSD network bug (#1, tcp_output) Message-ID: <8610230014.AA04440@monet.Berkeley.EDU> Date: Wed, 22-Oct-86 20:14:54 EDT Article-I.D.: monet.8610230014.AA04440 Posted: Wed Oct 22 20:14:54 1986 Date-Received: Thu, 23-Oct-86 07:18:52 EDT Sender: daemon@ucbvax.BERKELEY.EDU Organization: University of California at Berkeley Lines: 47 Index: sys/netinet/tcp_output.c 4.3BSD FIX This is the first of a set of three bug reports with fixes for the network in 4.3BSD. All 4.3 sites should install the modifications described in these reports. The bug described in this report is the most serious, as it can cause unnoticed loss of data. Description: The final change in the send code in TCP in 4.3 was made incorrectly. In tcp_output (/sys/netinet/tcp_output.c), the output packet flags are chosen before the packet length is adjusted to reflect the maximum segment size. Under some cirsumstances, this results in sending a FIN with a packet which is not the last data packet. This is most often noticed when the connection implements a one-way transfer of data and the sender closes while the data is still draining. Fix: Move the lines in tcp_output that look up the flags to be sent to a location after the final length adjustment, as follows: *** /nbsd/sys/netinet/tcp_output.c Thu Jun 5 00:31:36 1986 --- tcp_output.c Wed Aug 20 09:31:34 1986 *************** *** 5,7 **** * ! * @(#)tcp_output.c 7.1 (Berkeley) 6/5/86 */ --- 5,7 ---- * ! * @(#)tcp_output.c 7.2 (Berkeley) 8/20/86 */ *************** *** 82,85 **** flags = tcp_outflags[tp->t_state]; - if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc)) - flags &= ~TH_FIN; --- 82,83 ---- *************** *** 118,119 **** --- 116,119 ---- } + if (SEQ_LT(tp->snd_nxt + len, tp->snd_una + so->so_snd.sb_cc)) + flags &= ~TH_FIN; win = sbspace(&so->so_rcv);