diff options
| author | fenner <fenner@FreeBSD.org> | 1998-03-20 00:43:29 +0000 |
|---|---|---|
| committer | fenner <fenner@FreeBSD.org> | 1998-03-20 00:43:29 +0000 |
| commit | 132de55f7b39c84f348a792204831608c0f41cef (patch) | |
| tree | fb8d1b474b60c738f95c52f715bdcb5516f20b9e | |
| parent | aa402e9a1a41ec34147c5fa984b24bd2d6202a58 (diff) | |
| download | FreeBSD-src-132de55f7b39c84f348a792204831608c0f41cef.zip FreeBSD-src-132de55f7b39c84f348a792204831608c0f41cef.tar.gz | |
Remove the check for SYN in SYN_RECEIVED state; it breaks simultaneous
connect. This check was added as part of the defense against the "land"
attack, to prevent attacks which guess the ISS from going into ESTABLISHED.
The "src == dst" check will still prevent the single-homed case of the
"land" attack, and guessing ISS's should be hard anyway.
Submitted by: David Borman <dab@bsdi.com>
| -rw-r--r-- | sys/netinet/tcp_input.c | 14 | ||||
| -rw-r--r-- | sys/netinet/tcp_reass.c | 14 |
2 files changed, 8 insertions, 20 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 24740ef..e9cb3c8 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $Id: tcp_input.c,v 1.69 1998/01/27 09:15:08 davidg Exp $ + * $Id: tcp_input.c,v 1.70 1998/02/26 05:25:28 dg Exp $ */ #include "opt_tcpdebug.h" @@ -736,19 +736,13 @@ findpcb: /* * If the state is SYN_RECEIVED: - * if seg contains SYN/ACK, send a RST. * if seg contains an ACK, but not for our SYN/ACK, send a RST. */ case TCPS_SYN_RECEIVED: - if (tiflags & TH_ACK) { - if (tiflags & TH_SYN) { - tcpstat.tcps_badsyn++; - goto dropwithreset; - } - if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || - SEQ_GT(ti->ti_ack, tp->snd_max)) + if ((tiflags & TH_ACK) && + (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + SEQ_GT(ti->ti_ack, tp->snd_max))) goto dropwithreset; - } break; /* diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 24740ef..e9cb3c8 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $Id: tcp_input.c,v 1.69 1998/01/27 09:15:08 davidg Exp $ + * $Id: tcp_input.c,v 1.70 1998/02/26 05:25:28 dg Exp $ */ #include "opt_tcpdebug.h" @@ -736,19 +736,13 @@ findpcb: /* * If the state is SYN_RECEIVED: - * if seg contains SYN/ACK, send a RST. * if seg contains an ACK, but not for our SYN/ACK, send a RST. */ case TCPS_SYN_RECEIVED: - if (tiflags & TH_ACK) { - if (tiflags & TH_SYN) { - tcpstat.tcps_badsyn++; - goto dropwithreset; - } - if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || - SEQ_GT(ti->ti_ack, tp->snd_max)) + if ((tiflags & TH_ACK) && + (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + SEQ_GT(ti->ti_ack, tp->snd_max))) goto dropwithreset; - } break; /* |
