CONNECTION MANAGEMENT FOR THE TRANSPORT LAYER - SERVICE SPECIFICATION AND PROTOCOL VERIFICATION

We specify a symmetric connection management service between two service access points, using a state transition system and safety and progress requirements. At each access point, the user can request connection establishment, request connection termination, and signal whether or not it is willing to accept connection requests from the remote user. The protocol can indicate connection establishment, connection termination, and rejection of a connection establishment request. The safety and progress requirements ensure that the data exchanged during a connection is uncorrupted by data from past connections. They also ensure that a connection establishment request is eventually followed by a connection establishment indication or a reject indication; the latter can happen only if the distant user was not willing to accept connections at some point after the connection establishment request was made. We then specify a protocol and verify that it offers the service, given communication channels between the access points that can lose, reorder, and duplicate messages, but which guarantee delivery of a message that is repeatedly sent. Our protocol achieves the service using 2-way and 3-way handshakes. Our protocol can be directly combined with any existing single-connection data transfer protocols to provide a transport layer protocol that offers both connection management and data transfer services. We compare our protocol and service to TCP and its intended service, and to ISO TP Class 4 and its intended service. Our service is equivalent to the intended service of TCP. We point out several behaviors of TCP where it does not offer its intended service. We also identify inadequacies with TCP's mechanisms for crash recovery and reuse of sequence numbers.