From owner-freebsd-security Sat Jan 22 7:53: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id E2A7E14F7B for ; Sat, 22 Jan 2000 07:52:59 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id IAA04850; Sat, 22 Jan 2000 08:52:42 -0700 (MST) Message-Id: <4.2.2.20000122083929.01a5aa90@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sat, 22 Jan 2000 08:52:38 -0700 To: Don Lewis , Vladimir Dubrovin , Tim Yardley From: Brett Glass Subject: Re: Re[2]: explanation and code for stream.c issues Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200001221058.CAA16745@salsa.gv.tsc.tdk.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:58 AM 1/22/2000 , Don Lewis wrote: >} By the way - published stream.c doesn't use ACK bit at all. >} packet.tcp.th_flags = 0; > >There was a correction published that changed this to set the ACK bit. True. But y'know, he does have a point. Shouldn't tcp_input() drop or reject anything with certain combinations of flags really early on? About 15 years ago (has it been that long?) I wrote part of a TCP/IP stack for a class at Stanford. The first statement in the routine which was the equivalent of tcp_input() checksummed the packet. The second one was a "case" (this was Pascal) that broke out cases for every combination of the TCP option flags. (The compiler implemented case statements as jump tables, so this was fast.) Do you think it's worth doing that here, both for clarity and for speed? It would probably help to catch all the issues involving option flags, and it would be more efficient than the current structure (which does lots of tests one at a time and is harder to follow). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message