On Sun, Feb 18, 2007 at 02:37:56PM +0100, Axel Rau wrote: > The OS is Darwin 8.8 / Mac OS X 10.4.8, a 4.4BSD descendant and > the relevant source may be in netinet/tcp_output.c, found here > http://www.opensource.apple.com/darwinsource/10.4.8.ppc/xnu-792.12.6
I suspect the RST is triggered by a call to tcp_drop() in tcp_subr.c, which calls tcp_output(). Either that call is using the wrong snd_nxt vs. snd_max, or the second-to-last call (the one that produced the FIN+PSH with payload) did not properly update snd_nxt or snd_max. The code is close to *BSD, and sufficiently complex that it's hard to debug solely reading the source, i.e. you'd want to insert some debug printfs(), rebuild the kernel, reboot into that kernel, reproduce the problem, look at the output, and repeat this cycle until things get clearer. You probably need someone with that infrastructure, and then help them reproduce the problem though Mail.app. The userland process (Mail.app) might be triggering the problem by doing a unique sequence of system calls (order and timing of last write(), close(), shutdown(), etc.), but I suspect the kernel ought to produce a valid RST in any case, hence the bug is in the kernel. Changes in the userland process could bypass triggering it, I guess. > If you agree, I would like to add your diagnosis to my open bug > report and > cross-post the mail on the Darwin Developers list, before filing a new > bug against Darwin. Sure, no problem ;) Daniel
