diff options
author | fenner <fenner@FreeBSD.org> | 1998-03-20 00:43:29 +0000 |
---|---|---|
committer | fenner <fenner@FreeBSD.org> | 1998-03-20 00:43:29 +0000 |
commit | 132de55f7b39c84f348a792204831608c0f41cef (patch) | |
tree | fb8d1b474b60c738f95c52f715bdcb5516f20b9e /sys/netinet/tcp_input.c | |
parent | aa402e9a1a41ec34147c5fa984b24bd2d6202a58 (diff) | |
download | FreeBSD-src-132de55f7b39c84f348a792204831608c0f41cef.zip FreeBSD-src-132de55f7b39c84f348a792204831608c0f41cef.tar.gz |
Remove the check for SYN in SYN_RECEIVED state; it breaks simultaneous
connect. This check was added as part of the defense against the "land"
attack, to prevent attacks which guess the ISS from going into ESTABLISHED.
The "src == dst" check will still prevent the single-homed case of the
"land" attack, and guessing ISS's should be hard anyway.
Submitted by: David Borman <dab@bsdi.com>
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r-- | sys/netinet/tcp_input.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 24740ef..e9cb3c8 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $Id: tcp_input.c,v 1.69 1998/01/27 09:15:08 davidg Exp $ + * $Id: tcp_input.c,v 1.70 1998/02/26 05:25:28 dg Exp $ */ #include "opt_tcpdebug.h" @@ -736,19 +736,13 @@ findpcb: /* * If the state is SYN_RECEIVED: - * if seg contains SYN/ACK, send a RST. * if seg contains an ACK, but not for our SYN/ACK, send a RST. */ case TCPS_SYN_RECEIVED: - if (tiflags & TH_ACK) { - if (tiflags & TH_SYN) { - tcpstat.tcps_badsyn++; - goto dropwithreset; - } - if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || - SEQ_GT(ti->ti_ack, tp->snd_max)) + if ((tiflags & TH_ACK) && + (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + SEQ_GT(ti->ti_ack, tp->snd_max))) goto dropwithreset; - } break; /* |