From owner-freebsd-hackers@FreeBSD.ORG  Sat Aug  6 21:04:08 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D2F0A16A420
	for <freebsd-hackers@freebsd.org>; Sat,  6 Aug 2005 21:04:08 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [204.156.12.53])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D81143D46
	for <freebsd-hackers@freebsd.org>; Sat,  6 Aug 2005 21:04:08 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by cyrus.watson.org (Postfix) with ESMTP id A2D0146B81;
	Sat,  6 Aug 2005 17:04:07 -0400 (EDT)
Date: Sat, 6 Aug 2005 22:06:58 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Minh Tran <mtran@groupwise.swin.edu.au>
In-Reply-To: <s2f52ee3.024@groupwise.swin.edu.au>
Message-ID: <20050806220421.A11054@fledge.watson.org>
References: <s2f52ee3.024@groupwise.swin.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-hackers@freebsd.org
Subject: Re: Kernel code of reseting/ignoring tcp SYN packets
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2005 21:04:08 -0000


On Sat, 6 Aug 2005, Minh Tran wrote:

> I was looking around for the files of Kernel code where SYN messages are 
> sent, so we can simply inject some code to send back a reset messages or 
> ignore the SYN requests. I was looking at the function ioctl() which 
> takes fd of the tcp socket. As i track the function down, there is also 
> another call to the dev_ioclt() function where all parameters are passed 
> down. However, i was not sucessful with finding out the description of 
> this dev_ioclt() function. I am having a bit of trouble in finding out 
> the way of injecting code in the kernel to deal with SYN packets. I am 
> thinking of using ipfw to either reset or drop SYN packets.
>
> Would anyone have some hints on the clean way of injecting some code to 
> deal with SYN packets or could you give me some ideas on which files i 
> should look at? I really appreciate that. I saw some promising files in 
> src/sys/netinet but they are not all clear in my mind.

TCP packet input processing occurs in 
src/sys/netinet/tcp_input.c:tcp_input().  This is a very large function, 
so you will want to search for the following line, which precedes 
responsible for the processing of SYN packets that will form new 
connections:

         if (so->so_options & SO_ACCEPTCONN) {

FreeBSD makes use of a combined syncache/syncookie mechanism, so you're 
probably also interested in tcp_syncache.c.

Robert N M Watson