mailing list archives
Update: Subtle data corruption of TCP streams
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Fri, 24 Mar 2000 10:38:36 -0500
Apparently, once instance of this data corruption problem is caused
by an unnamed bandwidth management system. It runs as a bridge,
and does not show up in traceroute etc. output. We were able to
estimate its location (at 5 ms round-trip time from one endpoint)
by analyzing packet arrival times.
Until now, this TCP data corruption problem has been observed only
when one of the connection endpoints runs a recent LINUX version.
Sightings have been reported by sites in Germany and in France.
Only recent LINUX versions request the use of timestamp options
that cause the tell-tale patterns of "01 01 08 0a" in TCP packets,
and that end up being regurgitated as ^A^A^H^J data.
I have updated the analysis at ftp://ftp.porcupine.org/pub/debugging/
This note is about a subtle data corruption problem with TCP data
streams that may bite people as more and more (LINUX) systems are
sending network traffic with TCP-level options turned on.
Last week, several Postfix users reported mail delivery failures
because sequences of control characters (for example, ^A^A^H) were
being inserted into their SMTP connections, resulting in SMTP
protocol errors and non-delivery of email.
These data corruption problems are not host specific: they are
observed with both Linux and BSD/OS systems, and with mail sent to
and/or received from systems running Postfix, Sendmail and qmail.
Over the weekend of March 18, 2000, a few people left tcpdump
running on their machines, in order to record some of these corrupted
SMTP sessions. This note is based on an analysis of that data.
- Update: Subtle data corruption of TCP streams Wietse Venema (Mar 24)