From owner-freebsd-hackers Wed Oct 1 18:10:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA20846 for hackers-outgoing; Wed, 1 Oct 1997 18:10:19 -0700 (PDT) Received: from usr04.primenet.com (tlambert@usr04.primenet.com [206.165.6.204]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA20840 for ; Wed, 1 Oct 1997 18:10:15 -0700 (PDT) Received: (from tlambert@localhost) by usr04.primenet.com (8.8.5/8.8.5) id SAA01345; Wed, 1 Oct 1997 18:10:03 -0700 (MST) From: Terry Lambert Message-Id: <199710020110.SAA01345@usr04.primenet.com> Subject: Re: FreeBSD TCP stack SUX big juicy ones. To: richard@a42.deep-thought.org (Richard Jones) Date: Thu, 2 Oct 1997 01:10:03 +0000 (GMT) Cc: hackers@FreeBSD.ORG In-Reply-To: from "Richard Jones" at Oct 1, 97 10:56:17 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > "TCP connection initiation problem?" > > was not technical enough for the hackers@freebsd.org list and got lost > amongst techno-gems such as "Our *NIX is better than their *NIX" and > "The number of the beast is vi vi vi". No; actually it's in muy inbox taking up otherwise useful space with the tag "get to this when you have time". Mostly, after 55 lines in an xterm, you had still not come to the point. I resolved to dig it out when I has more time to parse the damn thing. This more recent posting is much more to the point, so I will answer it now, despite the unproductive bashing you've engaged in. > Could someone explain what lies behind the packet exchange shown below. > 204.216.27.18 is FreeBSD's smtp port and port 8000 is a non-existent port > on aaa.bbb.ccc.ddd (i.e. the initial packet from aaa.bbb.ccc.ddd to > freebsd.org is forged). > > 20:42:56.116714 aaa.bbb.ccc.ddd.8000 > 204.216.27.18.25: S 667:667(0) win 4096 > (ttl 200, id 666) A valid request. Many places have moved their starting user port much higher afte X started in at 6000. If you look at /etc/services, user ports should probably start above 47557 now. > 20:42:56.686714 204.216.27.18.25 > aaa.bbb.ccc.ddd.8000: S > 856239105:856239105(0) ack 668 win 16384 (DF) (ttl 53, id 16513) "Hello", says the FreeBSD box, "I can take a window thiiiiiiiiis big". > 20:42:56.686714 aaa.bbb.ccc.ddd.8000 > 204.216.27.18.25: R 668:668(0) win 0 > (ttl 255, id 5507) "Well", says the caller on line 8000, "I can take a window of 0". > Now at this point SunOS, Linux and NetBSD all take no for an answer, This is not "no for an answer", this is "gee, I don't know how to write a TCP stack; hit me again!". > but FreeBSD just won't quit. It takes FreeBSD another 1min15secs to decide > its SYN's are not wanted (i.e the connection establishment timers kicks in). "Not wanted"? You can't "not want a SYN". If you "not want a SYN" then you "not want a connection". If you are truly honest about "not want a connection", why'd you ask for the thing in the first place? > It should be noted that the initial packet can have its source > faked and the packet exchange will occur between the FreeBSD host and > the unsuspecting other. Only is someone stupid has enabled source routing. I really don't know how you can set a window of 0 and then complain about getting SYN's. Garrett would be a better person to ask, but you might have made his kill file already. 8-|. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.