Some problems with the specification of the Military Standard Internet Protocol
RFC 963

Document Type RFC - Unknown (November 1985; No errata)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 963 (Unknown)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                 Deepinder P. Sidhu
Request for Comments: 963                          Iowa State University
                                                           November 1985



   The purpose of this RFC is to provide helpful information on the
   Military Standard Internet Protocol (MIL-STD-1777) so that one can
   obtain a reliable implementation of this protocol standard.
   Distribution of this note is unlimited.


   This paper points out several significant problems in the
   specification of the Military Standard Internet Protocol
   (MIL-STD-1777, dated August 1983 [MILS83a]).  These results are based
   on an initial investigation of this protocol standard.  The problems
   are: (1) a failure to reassemble fragmented messages completely; (2)
   a missing state transition; (3) errors in testing for reassembly
   completion; (4) errors in computing fragment sizes; (5) minor errors
   in message reassembly; (6) incorrectly computed length for certain
   datagrams.  This note also proposes solutions to these problems.

1.  Introduction

   In recent years, much progress has been made in creating an
   integrated set of tools for developing reliable communication
   protocols.  These tools provide assistance in the specification,
   verification, implementation and testing of protocols.  Several
   protocols have been analyzed and developed using such tools.
   Examples of automated verification and implementation of several real
   world protocols are discussed in [BLUT82] [BLUT83] [SIDD83] [SIDD84].

   We are currently working on the automatic implementation of the
   Military Standard Internet Protocol (IP).  This analysis will be
   based on the published specification [MILS83a] of IP dated 12 August

   While studying the MIL Standard IP specification, we have noticed
   numerous errors in the specification of this protocol.  One
   consequence of these errors is that the protocol will never deliver
   fragmented incoming datagrams; if this error is corrected, such
   datagrams will be missing some data and their lengths will be
   incorrectly reported.  In addition, outgoing datagrams that are
   divided into fragments will be missing some data.  The proof of these
   statements follows from the specification of IP [MILS83a] as
   discussed below.

Sidhu                                                           [Page 1]

RFC 963                                                    November 1985
Some Problems with MIL-STD IP

2.  Internet Protocol

   The Internet Protocol (IP) is a network layer protocol in the DoD
   protocol hierarchy which provides communication across interconnected
   packet-switched networks in an internetwork environment.  IP provides
   a pure datagram service with no mechanism for reliability, flow
   control, sequencing, etc.  Instead, these features are provided by a
   connection-oriented protocol, DoD Transmission Control Protocol (TCP)
   [MILS83b], which is implemented in the layer above IP.  TCP is
   designed to operate successfully over channels that are inherently
   unreliable, i.e., which can lose, damage, duplicate, and reorder

   Over the years, DARPA has supported specifications of several
   versions of IP; the last one appeared in [POSJ81].  A few years ago,
   the Defense Communications Agency decided to standardize IP for use
   in DoD networks.  For this purpose, the DCA supported formal
   specification of this protocol, following the design discussed in
   [POSJ81] and the technique and organization defined in [SDC82].  A
   detailed specification of this protocol, given in [MILS83a], has been
   adopted as the DoD standard for the Internet Protocol.

   The specification of IP state transitions is organized into decision
   tables; the decision functions and action procedures are specified in
   a subset of Ada[1], and may employ a set of machine-specific data
   structures.  Decision tables are supplied for the pairs <state name,
   interface event> as follows: <inactive, send from upper layer>,
   <inactive, receive from lower layer>, and <reassembling, receive from
   lower layer>.  To provide an error indication in the case that some
   fragments of a datagram are received but some are missing, a decision
   table is also supplied for the pair <reassembling, reassembly time
   limit elapsed>.  (The event names are English descriptions and not
   the names employed by [MILS83a].)

3.  Problems with MIL Standard IP

   One of the major functions of IP is the fragmentation of datagrams
   that cannot be transmitted over a subnetwork in one piece, and their
   subsequent reassembly.  The specification has several problems in
   this area.  One of the most significant is the failure to insert the
   last fragment of an incoming datagram; this would cause datagrams to
Show full document text