From owner-freebsd-hackers  Wed Oct  1 18:38:20 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id SAA22230
          for hackers-outgoing; Wed, 1 Oct 1997 18:38:20 -0700 (PDT)
Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA22212;
          Wed, 1 Oct 1997 18:38:15 -0700 (PDT)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
          by gatekeeper.tsc.tdk.com (8.8.4/8.8.4) with ESMTP
	  id SAA08144; Wed, 1 Oct 1997 18:37:39 -0700 (PDT)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id SAA24062;
	Wed, 1 Oct 1997 18:37:37 -0700 (PDT)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id SAA16461;
	Wed, 1 Oct 1997 18:37:36 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199710020137.SAA16461@salsa.gv.tsc.tdk.com>
Date: Wed, 1 Oct 1997 18:37:36 -0700
In-Reply-To: Richard Jones <richard@a42.deep-thought.org>
       "Re: FreeBSD TCP stack and RST processing [subj changed]" (Oct  2, 11:09am)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Richard Jones <richard@a42.deep-thought.org>,
        Paul Traina <pst@juniper.net>
Subject: Re: FreeBSD TCP stack and RST processing [subj changed]
Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, dg@root.com,
        Don Lewis <Don.Lewis@tsc.tdk.com>, hackers@FreeBSD.ORG,
        bugs@FreeBSD.ORG
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Oct 2, 11:09am, Richard Jones wrote:
} Subject: Re: FreeBSD TCP stack and RST processing [subj changed]
} Paul Traina <pst@juniper.net> wrote:
} > I put it in there for a reason, Steven's III showed a case where you could
} > pummel the box with a barage of, I believe, syn ack's and basicly melt things.
} > Sorry my memory is so foggy on the issue now.  I'll go back and try to 
} > remember.

Steven's III?  I don't have that one, since I figured that I already knew
how NNTP worked.

} Hmm..but if you barrage the system with SYN ACK's when the system is in a 
} listen state, you shouldn't jump into SYN_RECEIVED should you?

Nope.  This case is handled earlier:

        case TCPS_LISTEN: {
                struct mbuf *am;
                register struct sockaddr_in *sin;
                
                if (tiflags & TH_RST)
                        goto drop;
                if (tiflags & TH_ACK)
                        goto dropwithreset;
                if ((tiflags & TH_SYN) == 0)
                        goto drop;


} The code
} which does the if (TH_RST) stuff is prolly ok...its the addition of the
} case SYN_RECEIVED up the top that does the trick.

As in goobers it up.

} Its ok to look for
} an ACK when in SYN_SENT on RST's coz thats what is expected, and if you
} get other than expected and drop then its no big deal unless you can force
} a remote freebsd system to send out (pure) SYN's to non-connected
} ports, unlikely.  I  only have the snippets posted to the list available, but 
} based on them I'd say remove the case SYN_RECEIVED that was added.

That's what I did in my local source tree.

} You might 
} get away with getting rid of the ACK flag check without losing anything, but 
} any side effects should be thought through.

Yeah, the case of what to do if you receive an ACK in the SYN_RECEIVED
case bothers me as well.

			---  Truck