d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/netinet
History
Mike Silbersack 80dd2a81fb Tighten up reset handling in order to make reset attacks as difficult as 
possible while maintaining compatibility with the widest range of TCP stacks.

The algorithm is as follows:

---
For connections in the ESTABLISHED state, only resets with
sequence numbers exactly matching last_ack_sent will cause a reset,
all other segments will be silently dropped.

For connections in all other states, a reset anywhere in the window
will cause the connection to be reset.  All other segments will be
silently dropped.
---

The necessity of accepting all in-window resets was discovered
by jayanth and jlemon, both of whom have seen TCP stacks that
will respond to FIN-ACK packets with resets not meeting the
strict last_ack_sent check.

Idea by:        Darren Reed
Reviewed by:    truckman, jlemon, others(?)
2004-04-26 02:56:31 +00:00
..
libalias
Unbreak natd.
2004-04-02 17:57:57 +00:00
accf_data.c
Remove so*_locked(), which were backed out by mistake.
2002-06-18 07:42:02 +00:00
accf_http.c
Remove so*_locked(), which were backed out by mistake.
2002-06-18 07:42:02 +00:00
icmp6.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
icmp_var.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
if_atm.c
replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF
2003-11-08 23:36:32 +00:00
if_atm.h
if_ether.c
Another small set of changes to reduce diffs with the new arp code.
2004-04-25 15:00:17 +00:00
if_ether.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
igmp_var.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
igmp.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
igmp.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in_cksum.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in_gif.c
In an effort to simplify the routing code, try to deprecate rtalloc()
2004-04-14 01:13:14 +00:00
in_gif.h
- fix typo in comment.
2003-10-07 17:46:18 +00:00
in_pcb.c
Wrap two long lines in the previous commit.
2004-04-23 23:29:49 +00:00
in_pcb.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in_proto.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in_rmx.c
Introduce tcp_hostcache and remove the tcp specific metrics from
2003-11-20 20:07:39 +00:00
in_systm.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in_var.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
in.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip6.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip_divert.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip_divert.h
Re-remove MT_TAGs. The problems with dummynet have been fixed now.
2004-02-25 19:55:29 +00:00
ip_dummynet.c
Add some missing DUMMYNET_UNLOCK() in config_pipe().
2004-03-03 01:33:22 +00:00
ip_dummynet.h
Re-remove MT_TAGs. The problems with dummynet have been fixed now.
2004-02-25 19:55:29 +00:00
ip_ecn.c
add ECN support in layer-3.
2003-10-29 15:07:04 +00:00
ip_ecn.h
add ECN support in layer-3.
2003-10-29 15:07:04 +00:00
ip_encap.c
Lock down IP-layer encapsulation library:
2004-03-10 02:48:50 +00:00
ip_encap.h
ip_fastfwd.c
Re-remove MT_TAGs. The problems with dummynet have been fixed now.
2004-02-25 19:55:29 +00:00
ip_fw2.c
Add the option versrcreach to verify that a valid route to the
2004-04-23 14:28:38 +00:00
ip_fw.h
Add the option versrcreach to verify that a valid route to the
2004-04-23 14:28:38 +00:00
ip_gre.c
Lock down global variables in if_gre:
2004-03-22 16:04:43 +00:00
ip_gre.h
de-__P().
2002-10-16 22:27:27 +00:00
ip_icmp.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip_icmp.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip_id.c
Tweak existing header and other build infrastructure to be able to build
2004-02-26 03:53:54 +00:00
ip_input.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip_mroute.c
To comply with the spec, do not copy the TOS from the outer IP
2004-03-08 07:47:27 +00:00
ip_mroute.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip_output.c
In an effort to simplify the routing code, try to deprecate rtalloc()
2004-04-14 01:13:14 +00:00
ip_var.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ip.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
ipprotosw.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
pim_var.h
New PIM header files.
2003-08-07 18:17:43 +00:00
pim.h
Include <sys/types.h> for autoconf/automake detection.
2004-03-08 07:45:32 +00:00
raw_ip.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_debug.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_debug.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_fsm.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_hostcache.c
Fix a potential race when purging expired hostcache entries.
2004-04-23 13:54:28 +00:00
tcp_input.c
Tighten up reset handling in order to make reset attacks as difficult as
2004-04-26 02:56:31 +00:00
tcp_output.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_reass.c
Tighten up reset handling in order to make reset attacks as difficult as
2004-04-26 02:56:31 +00:00
tcp_seq.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_subr.c
Enhance our RFC1948 implementation to perform better in some pathlogical
2004-04-20 06:33:39 +00:00
tcp_syncache.c
Reduce 'td' argument to 'cred' (struct ucred) argument in those functions:
2004-03-27 21:05:46 +00:00
tcp_timer.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_timer.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_timewait.c
Enhance our RFC1948 implementation to perform better in some pathlogical
2004-04-20 06:33:39 +00:00
tcp_usrreq.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcp_var.h
Tighten up reset handling in order to make reset attacks as difficult as
2004-04-26 02:56:31 +00:00
tcp.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
tcpip.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
udp_usrreq.c
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
udp_var.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00
udp.h
Remove advertising clause from University of California Regent's
2004-04-07 20:46:16 +00:00