Date: Wed, 3 Dec 1997 02:12:14 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Don Lewis <Don.Lewis@tsc.tdk.com>, freebsd-hackers@FreeBSD.ORG Cc: fenner@PARC.XEROX.COM, avalon@coombs.anu.edu.au, jas@flyingfox.com Subject: Re: fixes for "LAND" and various other TCP bugs Message-ID: <199712031012.CAA14035@salsa.gv.tsc.tdk.com> In-Reply-To: Don Lewis <Don.Lewis@tsc.tdk.com> "fixes for "LAND" and various other TCP bugs" (Dec 2, 12:17am)
next in thread | previous in thread | raw e-mail | index | archive | help
One minor correction below: On Dec 2, 12:17am, Don Lewis wrote: } Subject: fixes for "LAND" and various other TCP bugs } @@ -1660,9 +1722,26 @@ } /* } * Generate an ACK dropping incoming segment if it occupies } * sequence space, where the ACK reflects our state. } + * } + * We can now skip the test for the RST flag since all } + * paths to this code happen after packets containing } + * RST have been dropped. } + * } + * In the SYN-RECEIVED state, don't send an ACK unless the } + * segment we received passes the SYN-RECEIVED ACK test. } + * If it fails send a RST. This breaks the loop in the } + * "LAND" DoS attack, and also prevents an ACK storm } + * between two listening ports that have been sent forged } + * SYN segments, each with the source address of the other. } */ } - if (tiflags & TH_RST) } - goto drop; } + if (tp->t_state == TCPS_SYN_RECEIVED) { } + if ((tiflags & TH_ACK) == 0) } + goto drop; I think this should fall through and let the ACK be set if the ACK bit is off on incoming packet. We could be getting data outside our receive window that is accompanying the initial SYN, so we should resend our SYN-ACK. This will still break the ACK loop. } + else if (SEQ_GT(tp->snd_una, ti->ti_ack) || } + SEQ_GT(ti->ti_ack, tp->snd_max)) } + goto dropwithreset; } + /* else fall through */ } + } } #ifdef TCPDEBUG } if (so->so_options & SO_DEBUG) } tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0); --- Truck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712031012.CAA14035>