Date: Tue, 3 Jun 1997 08:38:23 +1000 (EST) From: Darren Reed <darrenr@cyber.com.au> To: security@freebsd.org Subject: Re: TCP RST Handling in 2.2 (fwd) Message-ID: <199706022238.IAA29632@plum.cyber.com.au>
next in thread | raw e-mail | index | archive | help
Bakul Shah forwarded to me the relevant part of the RFC. I think there is
some missing code.
[...]
> Reset Processing
>
> All reset (RST) segments are validated by checking their SEQ-fields.
> A reset is valid if its sequence number is in the window. In the case
> of a RST received in response to an initial SYN any sequence number is
> acceptable if the ACK field acknowledges the SYN.
>
> The receiver of a RST first validates it, then changes state. If the
> receiver was in the LISTEN state, it ignores it. If the receiver was
> in SYN-RECEIVED state and had previously been in the LISTEN state,
> then the receiver returns to the LISTEN state, otherwise the receiver
> aborts the connection and goes to the CLOSED state. If the receiver
> was in any other state, it aborts the connection and advises the user
> and goes to the CLOSED state.
[...]
Currently, not even the SEQ number is verified (for an RST packet) - i.e.
that the ACK does acknowledge the SYN.
I think there is room for improvement in the code. Comments ?
Darren
p.s. I've brought this up because of people's experience with IP Filter
which currently won't allow any TCP packets through if they are
outside either window (when "keep state" is used). A case has been
presented where the RST being sent back has a 0 ACK field by a
non-zero SEQ field.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706022238.IAA29632>