Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Mar 2001 16:50:53 +0000
From:      thinker <thinker@branda.to>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/25986: Socket would hang at LAST_ACK forever.
Message-ID:  <20010322165052.A46012@hell.branda.to>
In-Reply-To: <courier.3ABA2BFA.0000B3A7@hell.branda.to>; from  on Thu, Mar 22, 2001 at 04:44:42PM %2B0000
References:  <courier.3ABA2BFA.0000B3A7@hell.branda.to>
next in thread | previous in thread | raw e-mail | index | archive | help 


>Number:         25986
>Category:       kern
>Synopsis:       Socket would hang at LAST_ACK forever.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 22 00:50:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     thinker
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD hell.branda.to 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Wed Mar 7 20:41:54 GMT 2001 thinker@hell.branda.to:/usr/src/sys/compile/thk i386


	
>Description:
	When TCP socket goes to LAST_ACK state & remote host do not respone
ACK forever, socket would stay at LAST_ACK forever and never be removed.
It would be a bug expolit by DDoS attacker. Patch file to fix the problem
is following.
>How-To-Repeat:
	
>Fix:
--- sys/netinet/tcp_usrreq.c.orig	Thu Mar 22 14:59:45 2001
+++ sys/netinet/tcp_usrreq.c	Thu Mar 22 15:04:49 2001
@@ -1139,13 +1139,15 @@
 		tp->t_state = TCPS_LAST_ACK;
 		break;
 	}
-	if (tp && tp->t_state >= TCPS_FIN_WAIT_2) {
+	if (tp && tp->t_state >= TCPS_FIN_WAIT_2)
 		soisdisconnected(tp->t_inpcb->inp_socket);
-		/* To prevent the connection hanging in FIN_WAIT_2 forever. */
-		if (tp->t_state == TCPS_FIN_WAIT_2)
-			callout_reset(tp->tt_2msl, tcp_maxidle,
-				      tcp_timer_2msl, tp);
-	}
+	/*
+	 * To prevent the connection hanging in FIN_WAIT_2 &
+	 * TCPS_LAST_ACK forever.
+	 */
+	if (tp->t_state == TCPS_FIN_WAIT_2 || tp->t_state == TCPS_LAST_ACK)
+		callout_reset(tp->tt_2msl, tcp_maxidle,
+			      tcp_timer_2msl, tp);
 	return (tp);
 }
 

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010322165052.A46012>