From owner-freebsd-net  Sun Jul 15 13:11:54 2001
Delivered-To: freebsd-net@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-181.dsl.lsan03.pacbell.net [64.165.226.181])
	by hub.freebsd.org (Postfix) with ESMTP id E14A537B401
	for <net@freebsd.org>; Sun, 15 Jul 2001 13:11:50 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 66B2A66DF6; Sun, 15 Jul 2001 13:11:49 -0700 (PDT)
Date: Sun, 15 Jul 2001 13:11:48 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Jonathan Lemon <jlemon@flugsvamp.com>
Cc: gjohnson@srrc.ars.usda.gov, net@freebsd.org, provos@OpenBSD.org
Subject: TCP ISN algorithm breaks TIME_WAIT (Re: select fails to return incoming connect on FreeBSD-4.3)
Message-ID: <20010715131148.A10745@xor.obsecurity.org>
References: <local.mail.freebsd-net/20010611131207.A39225@node7.cluster.srrc.usda.gov> <200106111937.f5BJb9o99898@prism.flugsvamp.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200106111937.f5BJb9o99898@prism.flugsvamp.com>; from jlemon@flugsvamp.com on Mon, Jun 11, 2001 at 02:37:10PM -0500
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 11, 2001 at 02:37:10PM -0500, Jonathan Lemon wrote:
> In article <local.mail.freebsd-net/20010611131207.A39225@node7.cluster.sr=
rc.usda.gov> you write:
> >First off, I hope this is the right list.
> >
> >Could someone take a look at PR misc/27880?
>=20
> This was broken by the initial sequence number patch to TCP.
>=20
> When the server closes the socket, it puts the entry into the=20
> TIME_WAIT state.  When a new SYN is received from the client while
> the socket is in this state, the new connection is only accepted
> if the new sequence number is > than the old one.
>=20
> Unfortunately, with a randomized seqence #, the new connection ISN
> may be less than the old sequence used, and the SYN will be ignored.
>=20
> I've copied this over to kris, who (IIRC) brought in the new sequence
> numbering.

Sorry I've been ignoring this; I'm still getting caught up from my
vacation.  Niels, how has OpenBSD handled this?

Kris

--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7UfkDWry0BWjoQKURAndRAJ9TNWKGlAulHyU0TwLYGMWjdXNquACfa75B
CG2rN09GXm31z+TU3JBwzv0=
=8RZE
-----END PGP SIGNATURE-----

--tThc/1wpZn/ma/RB--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message