[e2e] TCP Option Negotiation

Alex C. Snoeren snoeren at lcs.mit.edu
Thu May 17 07:11:04 PDT 2001

Someone recently pointed out a possible correctness issue with TCP
option negotiation to me, and I was wondering if anybody here had an
explanation.  My understanding is that TCP stacks, upon receiving an
option they do not understand or expect, should ignore it.  This creates
a loophole, however, in options like window scaling negotiation and SACK
permitted, whereby the communicating hosts can come to differing
opinions of the state of the option.

In the admittedly improbable case that a host sends a TCP SYN requesting
say, window scaling, and then crashes, a new host may immediately
receive the old host's address, and issue its own SYN to the same
destination from the same port number.  Suppose that SYN is lost in the
network.  The new host may happen to receive the SYN ACK from the
original SYN.  Assuming, again, that the stars are aligned and the
sequence numbers match, the new host would accept it, and consider the
connection established.  This is correct behavior.  Except for the

The new host may not understand window scaling, and just ignore the
option.  Now the communicating hosts have different opinions of what the
window sizes are.  Clearly the reliable byte stream semantic is
maintained, but the transmission is likely to be highly inefficient,
overrunning receive windows on a frequent basis.  A similar issue arises
with SACK negotiation, although the affect is even more harmless.

Is there a correctness argument I'm missing, or is this just considered
too improbable a case to be concerned with?

- Alex

NMS / PDOS Groups
MIT Laboratory for Computer Science
545 Technology Square, NE43-512, Cambridge, Massachusetts 02139

More information about the end2end-interest mailing list