Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 01 Oct 1997 04:51:35 -0700
From:      David Greenman <dg@root.com>
To:        Don Lewis <Don.Lewis@tsc.tdk.com>
Cc:        Richard Jones <richard@a42.deep-thought.org>, pst@freebsd.org, hackers@freebsd.org, bugs@freebsd.org
Subject:   Re: FreeBSD TCP stack and RST processing [subj changed] 
Message-ID:  <199710011151.EAA08698@implode.root.com>
In-Reply-To: Your message of "Wed, 01 Oct 1997 04:19:03 PDT." <199710011119.EAA14305@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>This code appears to be correct, and agrees with what's in the book.
>
>However ... there is some code *earlier* in tcp_input() that looks like it
>botches this situation:
...
>It looks like we just drop the packet containing the RST!  The example code
>in the book does not execute this code in the SYN_RECEIVED state.  I don't
>know the history of this code, so I don't know why it was changed.
>
>copied to freebsd-bugs

   This appears to have been broken in rev 1.52:

----------------------------
revision 1.52
date: 1996/10/07 04:32:39;  author: pst;  state: Exp;  lines: +23 -13
Increase robustness of FreeBSD against high-rate connection attempt
denial of service attacks.

Reviewed by:    bde,wollman,olah
Inspired by:    vjs@sgi.com
----------------------------
...
***************
*** 753,758 ****
--- 758,765 ----
                }
  
        /*
+        * If the state is SYN_RECEIVED:
+        *      do just the ack and RST checks from SYN_SENT state.
         * If the state is SYN_SENT:
         *      if seg contains an ACK, but not for our SYN, drop the input.
         *      if seg contains a RST, then drop the connection.
***************
*** 764,769 ****
--- 771,777 ----
         *      arrange for segment to be acked (eventually)
         *      continue processing rest of data/controls, beginning with URG
         */
+       case TCPS_SYN_RECEIVED:
        case TCPS_SYN_SENT:
                if ((taop = tcp_gettaocache(inp)) == NULL) {
                        taop = &tao_noncached;
***************
*** 791,796 ****
--- 799,806 ----
                                tp = tcp_drop(tp, ECONNREFUSED);
                        goto drop;
                }
+               if (tp->t_state == TCPS_SYN_RECEIVED)
+                       break;
                if ((tiflags & TH_SYN) == 0)
                        goto drop;
                tp->snd_wnd = ti->ti_win;       /* initial send window */

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710011151.EAA08698>