diff options
| author | dg <dg@FreeBSD.org> | 1997-10-02 02:10:40 +0000 |
|---|---|---|
| committer | dg <dg@FreeBSD.org> | 1997-10-02 02:10:40 +0000 |
| commit | 295181cc8307ff02164a63307e4927fbc24dbff7 (patch) | |
| tree | 2e539e7e040aa262a1d830b8f024f5f880bac1ff | |
| parent | 9c3f07d908b79c89ca1b8511e7501a63d9040616 (diff) | |
| download | FreeBSD-src-295181cc8307ff02164a63307e4927fbc24dbff7.zip FreeBSD-src-295181cc8307ff02164a63307e4927fbc24dbff7.tar.gz | |
Killed the SYN_RECEIVED addition from rev 1.52. It results in legitimate
RST's being ignored, keeping a connection around until it times out, and
thus has the opposite effect of what was intended (which is to make the
system more robust to DoS attacks).
| -rw-r--r-- | sys/netinet/tcp_input.c | 7 | ||||
| -rw-r--r-- | sys/netinet/tcp_reass.c | 7 |
2 files changed, 2 insertions, 12 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index fc4afec..073c1a6 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $Id: tcp_input.c,v 1.61 1997/09/16 18:36:05 joerg Exp $ + * $Id: tcp_input.c,v 1.62 1997/09/30 16:38:09 fenner Exp $ */ #include "opt_tcpdebug.h" @@ -752,8 +752,6 @@ findpcb: } /* - * If the state is SYN_RECEIVED: - * do just the ack and RST checks from SYN_SENT state. * If the state is SYN_SENT: * if seg contains an ACK, but not for our SYN, drop the input. * if seg contains a RST, then drop the connection. @@ -765,7 +763,6 @@ findpcb: * arrange for segment to be acked (eventually) * continue processing rest of data/controls, beginning with URG */ - case TCPS_SYN_RECEIVED: case TCPS_SYN_SENT: if ((taop = tcp_gettaocache(inp)) == NULL) { taop = &tao_noncached; @@ -793,8 +790,6 @@ findpcb: tp = tcp_drop(tp, ECONNREFUSED); goto drop; } - if (tp->t_state == TCPS_SYN_RECEIVED) - break; if ((tiflags & TH_SYN) == 0) goto drop; tp->snd_wnd = ti->ti_win; /* initial send window */ diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index fc4afec..073c1a6 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $Id: tcp_input.c,v 1.61 1997/09/16 18:36:05 joerg Exp $ + * $Id: tcp_input.c,v 1.62 1997/09/30 16:38:09 fenner Exp $ */ #include "opt_tcpdebug.h" @@ -752,8 +752,6 @@ findpcb: } /* - * If the state is SYN_RECEIVED: - * do just the ack and RST checks from SYN_SENT state. * If the state is SYN_SENT: * if seg contains an ACK, but not for our SYN, drop the input. * if seg contains a RST, then drop the connection. @@ -765,7 +763,6 @@ findpcb: * arrange for segment to be acked (eventually) * continue processing rest of data/controls, beginning with URG */ - case TCPS_SYN_RECEIVED: case TCPS_SYN_SENT: if ((taop = tcp_gettaocache(inp)) == NULL) { taop = &tao_noncached; @@ -793,8 +790,6 @@ findpcb: tp = tcp_drop(tp, ECONNREFUSED); goto drop; } - if (tp->t_state == TCPS_SYN_RECEIVED) - break; if ((tiflags & TH_SYN) == 0) goto drop; tp->snd_wnd = ti->ti_win; /* initial send window */ |
