rfc963.SOME PROBLEMS WITH THE SPECIFICATION OF THE

1、NetworkWorkingGroupDeepinderP.SidhuRequestforComments:963IowaStateUniversityNovember1985SOMEPROBLEMSWITHTHESPECIFICATIONOFTHEMILITARYSTANDARDINTERNETPROTOCOLSTATUSOFTHISMEMOThepurposeofthisRFCistoprovidehelpfulinformationontheMilitaryStandardInternetProtocol(MIL-STD-1777)sothatonecanobtainareliableimplementationofthisprotocolstandard.Distributionofthisnoteisunlimited.ABSTRACTThispaperpointsoutseveralsignificantproblemsinthespecificationoftheMilitaryStandardInternetProtocol(MIL-STD-1777,datedAug。

2、ust1983[MILS83a]).Theseresultsarebasedonaninitialinvestigationofthisprotocolstandard.Theproblemsare:(1)afailuretoreassemblefragmentedmessagescompletely;(2)amissingstatetransition;(3)errorsintestingforreassemblycompletion;(4)errorsincomputingfragmentsizes;(5)minorerrorsinmessagereassembly;(6)incorrectlycomputedlengthforcertaindatagrams.Thisnotealsoproposessolutionstotheseproblems.1.IntroductionInrecentyears,muchprogresshasbeenmadeincreatinganintegratedsetoftoolsfordevelopingreliablecommunicationp。

3、rotocols.Thesetoolsprovideassistanceinthespecification,verification,implementationandtestingofprotocols.Severalprotocolshavebeenanalyzedanddevelopedusingsuchtools.Examplesofautomatedverificationandimplementationofseveralrealworldprotocolsarediscussedin[BLUT82][BLUT83][SIDD83][SIDD84].WearecurrentlyworkingontheautomaticimplementationoftheMilitaryStandardInternetProtocol(IP).Thisanalysiswillbebasedonthepublishedspecification[MILS83a]ofIPdated12August1983.WhilestudyingtheMILStandardIPspecification,。

4、wehavenoticednumerouserrorsinthespecificationofthisprotocol.Oneconsequenceoftheseerrorsisthattheprotocolwillneverdeliverfragmentedincomingdatagrams;ifthiserroriscorrected,suchdatagramswillbemissingsomedataandtheirlengthswillbeincorrectlyreported.Inaddition,outgoingdatagramsthataredividedintofragmentswillbemissingsomedata.TheproofofthesestatementsfollowsfromthespecificationofIP[MILS83a]asdiscussedbelow.Sidhu[Page1]RFC963November1985SomeProblemswithMIL-STDIP2.InternetProtocolTheInternetProtocol(IP。

5、)isanetworklayerprotocolintheDoDprotocolhierarchywhichprovidescommunicationacrossinterconnectedpacket-switchednetworksinaninternetworkenvironment.IPprovidesapuredatagramservicewithnomechanismforreliability,flowcontrol,sequencing,etc.Instead,thesefeaturesareprovidedbyaconnection-orientedprotocol,DoDTransmissionControlProtocol(TCP)[MILS83b],whichisimplementedinthelayeraboveIP.TCPisdesignedtooperatesuccessfullyoverchannelsthatareinherentlyunreliable,i.e.,whichcanlose,damage,duplicate,andreorderpack。

6、ets.Overtheyears,DARPAhassupportedspecificationsofseveralversionsofIP;thelastoneappearedin[POSJ81].Afewyearsago,theDefenseCommunicationsAgencydecidedtostandardizeIPforuseinDoDnetworks.Forthispurpose,theDCAsupportedformalspecificationofthisprotocol,followingthedesigndiscussedin[POSJ81]andthetechniqueandorganizationdefinedin[SDC82].Adetailedspecificationofthisprotocol,givenin[MILS83a],hasbeenadoptedastheDoDstandardfortheInternetProtocol.ThespecificationofIPstatetransitionsisorganizedintodecisionta。

7、bles;thedecisionfunctionsandactionproceduresarespecifiedinasubsetofAda[1],andmayemployasetofmachine-specificdatastructures.Decisiontablesaresuppliedforthepairsstatename,interfaceeventasfollows:inactive,sendfromupperlayer,inactive,receivefromlowerlayer,andreassembling,receivefromlowerlayer.Toprovideanerrorindicationinthecasethatsomefragmentsofadatagramarereceivedbutsomearemissing,adecisiontableisalsosuppliedforthepairreassembling,reassemblytimelimitelapsed.(TheeventnamesareEnglishdescriptionsandn。

8、otthenamesemployedby[MILS83a].)3.ProblemswithMILStandardIPOneofthemajorfunctionsofIPisthefragmentationofdatagramsthatcannotbetransmittedoverasubnetworkinonepiece,andtheirsubsequentreassembly.Thespecificationhasseveralproblemsinthisarea.Oneofthemostsignificantisthefailuretoinsertthelastfragmentofanincomingdatagram;thiswouldcausedatagramstobedeliveredtotheupper-levelprotocol(ULP)withsomedatamissing.AnothererrorinthisareaisthatanincorrectvalueofthedatalengthforreassembleddatagramsispassedtotheULP,w。

9、ithunpredictableconsequences.Asthespecification[MILS83a]isnowwritten,theseerrorsareofSidhu[Page2]RFC963November1985SomeProblemswithMIL-STDIPlittleconsequence,sincethetestforreassemblycompletionwillalwaysfail,withtheresultthatreassembleddatagramswouldneverbedeliveredatall.Inaddition,amissingrowinoneofthedecisiontablescreatestheproblemthatnetworkcontrol(ICMP)messagesthatarriveinfragmentswillneverbeprocessed.Amongtheothererrorsarethepossibilitythatafewbyteswillbediscardedfromeachfragmenttransmitted。

10、andcertainstatementsthatwillcreaterun-timeexceptionsinsteadofperformingtheirintendedfunctions.Ageneralproblemwiththisspecificationisthattheprogramlanguageandactiontableportionsofthespecificationwereclearlynotcheckedbyanyautomaticsyntaxcheckingprocess.Variableandprocedurenamesareoccasionallymisspelled,andthesyntaxoftheactionstatementsisoftenincorrect.Wehaveenumeratedsomeoftheseproblemsbelowasasetofcautionarynotestoimplementors,butwedonotclaimtohavelistedthemall.Inparticular,syntaxerrorsa。