Date: Wed, 21 Apr 2004 16:31:14 -0700 (PDT) From: Don Lewis <truckman@FreeBSD.org> To: silby@silby.com, jayanth@yahoo-inc.com Cc: avalon@caligula.anu.edu.au Subject: Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd) Message-ID: <200404212331.i3LNVE7E047907@gw.catspoiler.org> In-Reply-To: <20040421184539.H18583@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Apr, Mike Silbersack wrote: > > On Wed, 21 Apr 2004, Don Lewis wrote: > >> > 1. Accept all RSTs meeting the criteria you just listed above. >> >> At this step, it would be better if we used the window size that was >> advertised it the last packet sent, since that is what the sequence >> number of the RST packet will be calculated from, while the window size >> could have increased if data was consumed from the receive queue between >> the time we sent the last packet and when we received the RST. >> >> It doesn't look like we keep the necessary data for this. Probably the >> easiest thing to do would be to calculate the expected sequence number >> in tcp_output() and stash it in the pcb. > > Do you have access to a system that exhibits the "RST at end of window" > syndrome so that you could code up and test out this part of the patch? Nope. The only report of this that I saw was from jayanth. Judging by the tcpdump timestamps, it looks like whatever this wierd piece of hardware was, it was nearby.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404212331.i3LNVE7E047907>