Date: Tue, 02 Jun 1998 04:42:15 +0800 From: Peter Wemm <peter@netplex.com.au> To: "Juan L. Freniche" <jlfreniche@acm.org> Cc: FreeBSD NET <freebsd-net@FreeBSD.ORG> Subject: Re: Questions again on T/TCP Message-ID: <199806012042.EAA11209@spinner.netplex.com.au> In-Reply-To: Your message of "Mon, 01 Jun 1998 20:38:13 %2B0200." <3572F515.F85A651@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Juan L. Freniche" wrote: > I sent sometime ago the following message to this list, but nobody > responded. Please, can anybody have a look and respond? > > Message repeated: > > This morning a FreeBSD security advise was corrected in the FreeBSD > announce mail list, regarding a hole in the T/TCP implementation. > It can be retrieve from > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/ > > The following modification to /usr/src/sys/netinet/tcp_input.c > was recommended: > > @@ -680,7 +680,9 @@ > * - otherwise do a normal 3-way handshake. > */ > if ((to.to_flag & TOF_CC) != 0) { > - if (taop->tao_cc != 0 && CC_GT(to.to_cc, > taop->tao_cc)){ > + if (((tp->t_flags & TF_NOPUSH) != 0) && > + taop->tao_cc != 0 && CC_GT(to.to_cc, > taop->tao_cc)){ > + > taop->tao_cc = to.to_cc; > tp->t_state = TCPS_ESTABLISHED; > > > I don't understand completely the proposed solution: > > Remember that the state is Listen and TF_NOPUSH was set (see the code > below > the label findpcb in tcp_input.c). A segment is received, it pass if SYN > present and other filters are OK. When reaching the TAO test, the > proposal expand the test with (tp->t_flags & TF_NOPUSH) != 0), which is > always true! TF_NOPUSH is *copied* from the listening socket. It's only present if the listener has explicitly enabled it. tp->t_flags |= tp0->t_flags & (TF_NOPUSH|TF_NOOPT); ie: only copy the TF_NOPUSH and TF_NOOPT flags from the listener to the clone. If they are not set on the master/listener, the clone does not get them. > Can anybody tell me what I am missing? > > Second question: in tcp_input.c, when the clone socket is created, the > clone > connection is moved to Listen and TF_NOPUSH is set. However, if you have > a look to the ttcp man page, it is recommended (SERVER SUPPORT, item > list 1) that TCP_NOPUSH be set for the master connection, but this flag > is already set for any clone! Even more, if you reset the flag for the > master connection, it will have no effect in their clones. See the above, setting TCP_NOPUSH via setsockopt() is what turns on the TF_ NOPUSH on the listener. The names are similar but the two are seperate things. > By the way, setting the flag for clone connections is not found in the > Stevens book, vol. 3. > > -------------------------- > E-Mail: jlfreniche@acm.org > -------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > Cheers, -Peter -- Peter Wemm <peter@netplex.com.au> Netplex Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806012042.EAA11209>