From owner-freebsd-net@FreeBSD.ORG Mon Jan 3 20:14:43 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B66AD16A4CE for ; Mon, 3 Jan 2005 20:14:43 +0000 (GMT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76BF443D49 for ; Mon, 3 Jan 2005 20:14:43 +0000 (GMT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.13.1/8.13.1) with ESMTP id j03KEZdB002233; Mon, 3 Jan 2005 12:14:40 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200501032014.j03KEZdB002233@gw.catspoiler.org> Date: Mon, 3 Jan 2005 12:14:35 -0800 (PST) From: Don Lewis To: silby@silby.com In-Reply-To: <200501031855.j03Itnmh002076@gw.catspoiler.org> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: net@FreeBSD.org Subject: Re: Fixing "Slipping in the window" before 4.11-release X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jan 2005 20:14:43 -0000 On 3 Jan, Don Lewis wrote: > /* > * If a SYN is in the window, then this is an > * error and we send an RST and drop the connection. > */ > if (thflags & TH_SYN) { > if (tcp_insecure_syn == 0) > goto drop; > else { > tp = tcp_drop(tp, ECONNRESET); > rstreason = BANDLIM_UNLIMITED; > goto dropwithreset; > } Writing and posting while sleepy is not a good thing. The braces are unbalanced and the else after the goto drop isn't necessary, so just adding if (tcp_insecure_syn == 0) goto drop; in the obvious place would do the trick. This is probably the same section of code that would need to be modified to implement the behaviour recommended in the Internet Draft. A new version of the draft was release in November, but I haven't had a chance to look at it yet. It is at: . There was a presentation at an IETF meeting about the issues relating to the Cisco IPR claims: .