Fix for 2 bugs related to TCP Signatures :
- If the peer sends the Signature option in the SYN, use of Timestamps and Window Scaling were disabled (even if the peer supports them). - The sender must not disable signatures if the option is absent in the received SYN. (See comment in syncache_add()). Found, Submitted by: Noritoshi Demizu <demizu at dd dot ij4u dot or dot jp>. Reviewed by: Mohan Srinivasan <mohans at yahoo-inc dot com>.
This commit is contained in:
parent
de57160389
commit
a3047bc036
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=145369
@ -977,14 +977,17 @@ syncache_add(inc, to, th, sop, m)
|
|||||||
sc->sc_flags = SCF_NOOPT;
|
sc->sc_flags = SCF_NOOPT;
|
||||||
#ifdef TCP_SIGNATURE
|
#ifdef TCP_SIGNATURE
|
||||||
/*
|
/*
|
||||||
* If listening socket requested TCP digests, and received SYN
|
* If listening socket requested TCP digests, flag this in the
|
||||||
* contains the option, flag this in the syncache so that
|
* syncache so that syncache_respond() will do the right thing
|
||||||
* syncache_respond() will do the right thing with the SYN+ACK.
|
* with the SYN+ACK.
|
||||||
* XXX Currently we always record the option by default and will
|
*
|
||||||
* attempt to use it in syncache_respond().
|
* RFC 2395, Section 2.0, says
|
||||||
|
* "Unlike other TCP extensions (e.g., the Window Scale option
|
||||||
|
* [RFC1323]), the absence of the option in the SYN,ACK segment must not
|
||||||
|
* cause the sender to disable its sending of signatures".
|
||||||
*/
|
*/
|
||||||
if (to->to_flags & TOF_SIGNATURE)
|
if (tp->t_flags & TF_SIGNATURE)
|
||||||
sc->sc_flags = SCF_SIGNATURE;
|
sc->sc_flags |= SCF_SIGNATURE;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (to->to_flags & TOF_SACK)
|
if (to->to_flags & TOF_SACK)
|
||||||
|
Loading…
Reference in New Issue
Block a user