From wollman@khavrinen.lcs.mit.edu  Thu Dec 15 11:17:50 1994
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.26.0.162]) by freefall.cdrom.com (8.6.8/8.6.6) with ESMTP id LAA00154 for <FreeBSD-gnats-submit@freefall.cdrom.com>; Thu, 15 Dec 1994 11:17:49 -0800
Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.6.9/8.6.6) id NAA00251; Thu, 15 Dec 1994 13:34:06 -0500
Message-Id: <199412151834.NAA00251@khavrinen.lcs.mit.edu>
Date: Thu, 15 Dec 1994 13:34:06 -0500
From: "Garrett A. Wollman" <wollman@khavrinen.lcs.mit.edu>
Reply-To: wollman@khavrinen.lcs.mit.edu
To: FreeBSD-gnats-submit@freefall.cdrom.com
Subject: `rpcinfo -p 224.0.0.1' panics the machine
X-Send-Pr-Version: 3.2

>Number:         59
>Category:       kern
>Synopsis:       Attempting to open a multicast TCP connection loses.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    core (FreeBSD core team)
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 15 12:20:01 1994
>Closed-Date:    Thu Dec 15 12:40:47 PST 1994
>Last-Modified:
>Originator:     Garrett A. Wollman
>Release:        FreeBSD 2.0.1-Development i386
>Organization:
MIT Laboratory for Computer Science
>Environment:

	-current as of a couple of days ago

>Description:

	The particular example demonstrated a problematic interaction
	between old versions of the Ultrix multicast code, and
	FreeBSD's TCP.  In particular, FreeBSD would not reject
	attempts to connect() to a multicast address (as done by the
	RPC library in this example), and would happily send a
	multicast SYN segment to the world at large.  The old Ultrix
	hosts would then accept this ``connection'' severally, and all
	send back SYN-ACK segments.  This blizzard of SYN-ACK segments
	would not get dropped (as required) because in_pcblookup()
	would find the PCB for the ``connection'', and hand every one
	of the SYN-ACKs up for processing.  Here is a packet trace
	exhibiting the problem:  (sorry for the long lines)

19:58:59.852428 khavrinen 1:0:5e:0:0:1 ip 74: khavrinen.lcs.mit.edu.748 > ALL-SYSTEMS.MCAST.NET.sunrpc: S 24256001:24256001(0) win 16384 <mss 512,nop,wscale 0,nop,nop,opt-8:00006e6f03a0f02e> [ttl 1]
19:58:59.852753 delft khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: . ack 15680002 win 4096
19:58:59.853621 ginger khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 4224000:4224000(0) ack 24256002 win 16384 <mss 1460>
19:58:59.853681 tabasco khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 2108160000:2108160000(0) ack 24256002 win 16384 <mss 1460>
19:58:59.855291 pepper khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: R 2186807296:2186807296(0) ack 1 win 0
19:58:59.856077 pm-blinken khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 3933141505:3933141505(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856176 pm-winken khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 234811393:234811393(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856256 fermion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1879232000:1879232000(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856329 pm-nod khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 2369531393:2369531393(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856398 kaon khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 41408000:41408000(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856466 aldebaran khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1749440000:1749440000(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856528 pion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 449792000:449792000(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856649 lion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 742976000:742976000(0) ack 24256002 win 4096 <mss 1024>
19:58:59.856789 thyme khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: R 3551991296:3551991296(0) ack 1 win 0
19:58:59.858010 caraway khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1276928000:1276928000(0) ack 24256002 win 16384 <mss 1460>
19:59:05.416206 lion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 742976000:742976000(0) ack 24256002 win 4096 <mss 1024>
19:59:05.469704 ginger khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 4224000:4224000(0) ack 24256002 win 16384 <mss 1460>
19:59:05.491154 pion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 449792000:449792000(0) ack 24256002 win 4096 <mss 1024>
19:59:05.538226 aldebaran khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1749440000:1749440000(0) ack 24256002 win 4096 <mss 1024>
19:59:05.543304 fermion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1879232000:1879232000(0) ack 24256002 win 4096 <mss 1024>
19:59:05.602242 caraway khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1276928000:1276928000(0) ack 24256002 win 16384 <mss 1460>
19:59:05.668508 tabasco khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 2108160000:2108160000(0) ack 24256002 win 16384 <mss 1460>
19:59:05.678341 pm-blinken khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 3933141505:3933141505(0) ack 24256002 win 4096 <mss 1024>
19:59:05.723381 pm-nod khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 2369531393:2369531393(0) ack 24256002 win 4096 <mss 1024>
19:59:05.820759 pm-winken khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 234811393:234811393(0) ack 24256002 win 4096 <mss 1024>
19:59:05.839182 kaon khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 41408000:41408000(0) ack 24256002 win 4096 <mss 1024>
19:59:17.416546 lion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 742976000:742976000(0) ack 24256002 win 4096 <mss 1024>
19:59:17.469605 ginger khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 4224000:4224000(0) ack 24256002 win 16384 <mss 1460>
19:59:17.491343 pion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 449792000:449792000(0) ack 24256002 win 4096 <mss 1024>
19:59:17.538465 aldebaran khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1749440000:1749440000(0) ack 24256002 win 4096 <mss 1024>
19:59:17.543647 fermion khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1879232000:1879232000(0) ack 24256002 win 4096 <mss 1024>
19:59:17.602129 caraway khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 1276928000:1276928000(0) ack 24256002 win 16384 <mss 1460>
19:59:17.668355 tabasco khavrinen ip 60: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 2108160000:2108160000(0) ack 24256002 win 16384 <mss 1460>
19:59:17.678606 pm-blinken khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 3933141505:3933141505(0) ack 24256002 win 4096 <mss 1024>
19:59:17.723652 pm-nod khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 2369531393:2369531393(0) ack 24256002 win 4096 <mss 1024>
19:59:17.820571 pm-winken khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 234811393:234811393(0) ack 24256002 win 4096 <mss 1024>
19:59:17.839615 kaon khavrinen ip 64: ALL-SYSTEMS.MCAST.NET.sunrpc > khavrinen.lcs.mit.edu.748: S 41408000:41408000(0) ack 24256002 win 4096 <mss 1024>

>How-To-Repeat:

	$ rpcinfo -p 224.0.0.1

>Fix:
	
	I disallowed bind() and connect() operations to multicast
	addresses on TCP sockets in the 92/12/15 12:39:35 revision of
	netinet/tcp_usrreq.c.  The error return is EAFNOSUPPORT, which
	makes as much sense as any.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: wollman 
State-Changed-When: Thu Dec 15 12:40:47 PST 1994 
State-Changed-Why:  
Made it impossible to recreate the bug. 
>Unformatted:



