Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Jun 1997 15:01:18 +0200 (SAT)
From:      John Hay <jhay@zibbi.mikom.csir.co.za>
To:        adam@homeport.org (Adam Shostack)
Cc:        security@FreeBSD.ORG
Subject:   Re: TCP RST Handling in 2.2 (fwd)
Message-ID:  <199706031301.PAA09997@zibbi.mikom.csir.co.za>
In-Reply-To: <199706031204.IAA21853@homeport.org> from Adam Shostack at "Jun 3, 97 08:04:54 am"

next in thread | previous in thread | raw e-mail | index | archive | help
> Thats a bug in trumpet, which should be fixed there.  Is there an RFC
> which details this mod you're suggesting?  I'd hate to see my OpenBSD
> boxes react even more negatively to freebsd.  Arbitrary extra rst
> packets arriving worry me.

I agree that it is a bug in trumpet, but I still don't think another
machine should be able to just kill my connections like it is now.

> 
> (Right now, they refuse to talk NFS to a freebsd server with virtual
> interfaces, since the kernel doesn't send packets back with the right
> IP address.  OpenBSD assumes that a spoof is taking place.)
> 
> Adam
> 
> PS To Darren: This is the change I was refering to, not fixing the
> bug you were pointing out.
> 
> John Hay wrote:
> 
> | > | Certainly.  It might also be worth implementing the three-way RST
> | > | handshake which has been proposed by some to fill some theoretical
> | > | gaps in TCP's handling of resets which could (very rarely) result in
> | > | innocent connections getting reset.
> | > 
> | > 	I'd strongly recommend against implementing a non standard
> | > TCP mod as anything but an option for those who want to play with it.
> | > Please don't put it in the base code.
> | > 
> | 
> | But if we can get something better than we have now, I would feel a lot
> | better. Last week we had the case here where tcp connections between
> | machines would just die at random with a "connection reset by peer"
> | message. It turned out that there was an old Windows 3.1 box with
> | Trumpet Winsock v1.0b which send Reset messages "at random" for connections
> | that had nothing to do with it, execept that it was on the same piece
> | of ethernet coax.
> | 

John
-- 
John Hay -- John.Hay@mikom.csir.co.za



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706031301.PAA09997>