Created an attachment (id=566) [details]
Revised version of source. Works for me. However, it's based on 3.5 stable, not
dev.

I found the following bugs in stable version 3.5 of internet-stack/tcp-socket-
impl.cc. Symptoms are crashing with a memory fault and/or getting stuck in a
loop when the simulation ends.

1. TcpSocketImpl::PersistTimeout() uses m_pendingData without verifying that
it's not 0. It's clear that the lines up to and including SendPacket() should
be guarded with a test, as in:

     if (!m_pendingData) {
         Ptr<p> = m_pendingData->...; ...;
         m_tcp->SendPacket (...);
     }

But I'm not sure about last few lines, where it reschedules the event.
Should those be invoked if m_pendingData is 0?

2. Sometimes the socket is deleted when there is a pending m_rextEvent. As a
result, the scheduler calls the handler function on the freed space, with the
usual nasty result.

I think the solution is to cancel the event in TcpSocketImpl::ProcessEvent(),
when it detects that the socket is closed:

    if (m_state == CLOSED && saveState != CLOSED && m_endPoint != 0) {
       .....
       m_rextEvent.Cancel ();  // ADD
    }

3. Under heavy load, the m_persistEvent event isn't always canceled before the
socket is deleted. I don't know where it's supposed to be canceled, but one
solution is to cancel it in the d'tor. And for safety, it would be nice to
assert that the other events are no longer active.

Eg, add the following to TcpSocketImpl::~TcpSocketImpl():

  NS_ASSERT (m_retxEvent.IsExpired ());
  NS_ASSERT (m_lastAckEvent.IsExpired ());
  NS_ASSERT (m_delAckEvent.IsExpired ());
  m_persistEvent.Cancel ();

1 & 3 are also a problem in version 3.4.

I've attached a modified version that works for me. It's based on stable
version 3.5.