Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Apr 2004 07:58:57 -0700
From:      jayanth <jayanth@yahoo-inc.com>
To:        Don Lewis <truckman@FreeBSD.org>
Cc:        jayanth@yahoo-inc.com
Subject:   Re: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability (fwd)
Message-ID:  <20040422145857.GA75539@yahoo-inc.com>
In-Reply-To: <200404212331.i3LNVE7E047907@gw.catspoiler.org>
References:  <20040421184539.H18583@odysseus.silby.com> <200404212331.i3LNVE7E047907@gw.catspoiler.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Don Lewis (truckman@FreeBSD.org) wrote:
> On 21 Apr, Mike Silbersack wrote:
> > 
> > On Wed, 21 Apr 2004, Don Lewis wrote:
> > 
> >> > 1.  Accept all RSTs meeting the criteria you just listed above.
> >>
> >> At this step, it would be better if we used the window size that was
> >> advertised it the last packet sent, since that is what the sequence
> >> number of the RST packet will be calculated from, while the window size
> >> could have increased if data was consumed from the receive queue between
> >> the time we sent the last packet and when we received the RST.
> >>
> >> It doesn't look like we keep the necessary data for this.  Probably the
> >> easiest thing to do would be to calculate the expected sequence number
> >> in tcp_output() and stash it in the pcb.
> > 
> > Do you have access to a system that exhibits the "RST at end of window"
> > syndrome so that you could code up and test out this part of the patch?
> 
> Nope.  The only report of this that I saw was from jayanth.  Judging by
> the tcpdump timestamps, it looks like whatever this wierd piece of
> hardware was, it was nearby.
> 
if i remember right this was done to handle the Alteons which 
generate a RST segment that would fall within the window size but not the 
next expected sequence no.
So they would do something crazy like rcv_nxt + rcv_win as the sequence no, 
for the RST segment rather than rcv_nxt + 1. 
This was part of the RFC though.

If it is a problem we can always revert it back.

jayanth

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040422145857.GA75539>