TIME-WAIT Assassination Hazards in TCP (RFC1337)
Original Publication Date: 1992-May-01
Included in the Prior Art Database: 2019-Feb-11
Internet Society Requests For Comment (RFCs)
This note describes some theoretically-possible failure modes for TCP connections and discusses possible remedies. In particular, one very simple fix is identified. This memo provides information for the Internet community. It does not specify an Internet standard.
Network Working Group R. Braden Request for Comments: 1337 ISI May 1992
TIME-WAIT Assassination Hazards in TCP
Status of This Memo
This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited.
This note describes some theoretically-possible failure modes for TCP connections and discusses possible remedies. In particular, one very simple fix is identified.
Experiments to validate the recently-proposed TCP extensions [RFC- 1323] have led to the discovery of a new class of TCP failures, which have been dubbed the "TIME-WAIT Assassination hazards". This note describes these hazards, gives examples, and discusses possible prevention measures.
The failures in question all result from old duplicate segments. In brief, the TCP mechanisms to protect against old duplicate segments are [RFC-793]:
(1) The 3-way handshake rejects old duplicate initial <SYN> segments, avoiding the hazard of replaying a connection.
(2) Sequence numbers are used to reject old duplicate data and ACK segments from the current incarnation of a given connection (defined by a particular host and port pair). Sequence numbers are also used to reject old duplicate <SYN,ACK> segments.
For very high-speed connections, Jacobson’s PAWS ("Protect Against Wrapped Sequences") mechanism [RFC-1323] effectively extends the sequence numbers so wrap-around will not introduce a hazard within the same incarnation.
(3) There are two mechanisms to avoid hazards due to old duplicate segments from an earlier instance of the same connection; see the Appendix to [RFC-1185] for details.
Braden [Page 1]
RFC 1337 TCP TIME-WAIT Hazards May 1992
For "short and slow" connections [RFC-1185], the clock-driven ISN (initial sequence number) selection prevents the overlap of the sequence spaces of the old and new incarnations [RFC-793]. (The algorithm used by Berkeley BSD TCP for stepping ISN complicates the analysis slightly but does not change the conclusions.)
(4) TIME-WAIT state removes the hazard of old duplicates for "fast" or "long" connections, in which clock-driven ISN selection is unable to prevent overlap of the old and new sequence spaces. The TIME-WAIT delay allows all old duplicate segments time enough to die in the Internet before the connection is reopened.
(5) After a system crash, the Quiet Time at system startup allows old duplicates to disappear before any connections are opened.
Our new observation is that (4) is unreliable: TIME-WAIT state can be prematurely terminated ("assassinated") by an old duplicate data or ACK segment from the current or an earlier incarnation of the same connection. We refer to this as "TIME-WAIT Assassination" (TWA).
Figure 1 shows an example of TIME-WAIT assassination. Segments 1-5 are copied exactly from Figure 13 of RFC-793, showing a normal close handshake. Packets 5.1, 5.2, and 5.3 are an extension to this sequence, illustrating TWA. Here 5.1 is *any* old seg...