From owner-freebsd-hackers  Wed Oct  1 04:49:17 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id EAA08212
          for hackers-outgoing; Wed, 1 Oct 1997 04:49:17 -0700 (PDT)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA08192;
          Wed, 1 Oct 1997 04:49:05 -0700 (PDT)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id EAA08698;
	Wed, 1 Oct 1997 04:51:35 -0700 (PDT)
Message-Id: <199710011151.EAA08698@implode.root.com>
To: Don Lewis <Don.Lewis@tsc.tdk.com>
cc: Richard Jones <richard@a42.deep-thought.org>, pst@freebsd.org,
        hackers@freebsd.org, bugs@freebsd.org
Subject: Re: FreeBSD TCP stack and RST processing [subj changed] 
In-reply-to: Your message of "Wed, 01 Oct 1997 04:19:03 PDT."
             <199710011119.EAA14305@salsa.gv.tsc.tdk.com> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Wed, 01 Oct 1997 04:51:35 -0700
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>This code appears to be correct, and agrees with what's in the book.
>
>However ... there is some code *earlier* in tcp_input() that looks like it
>botches this situation:
...
>It looks like we just drop the packet containing the RST!  The example code
>in the book does not execute this code in the SYN_RECEIVED state.  I don't
>know the history of this code, so I don't know why it was changed.
>
>copied to freebsd-bugs

   This appears to have been broken in rev 1.52:

----------------------------
revision 1.52
date: 1996/10/07 04:32:39;  author: pst;  state: Exp;  lines: +23 -13
Increase robustness of FreeBSD against high-rate connection attempt
denial of service attacks.

Reviewed by:    bde,wollman,olah
Inspired by:    vjs@sgi.com
----------------------------
...
***************
*** 753,758 ****
--- 758,765 ----
                }
  
        /*
+        * If the state is SYN_RECEIVED:
+        *      do just the ack and RST checks from SYN_SENT state.
         * If the state is SYN_SENT:
         *      if seg contains an ACK, but not for our SYN, drop the input.
         *      if seg contains a RST, then drop the connection.
***************
*** 764,769 ****
--- 771,777 ----
         *      arrange for segment to be acked (eventually)
         *      continue processing rest of data/controls, beginning with URG
         */
+       case TCPS_SYN_RECEIVED:
        case TCPS_SYN_SENT:
                if ((taop = tcp_gettaocache(inp)) == NULL) {
                        taop = &tao_noncached;
***************
*** 791,796 ****
--- 799,806 ----
                                tp = tcp_drop(tp, ECONNREFUSED);
                        goto drop;
                }
+               if (tp->t_state == TCPS_SYN_RECEIVED)
+                       break;
                if ((tiflags & TH_SYN) == 0)
                        goto drop;
                tp->snd_wnd = ti->ti_win;       /* initial send window */

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project