Finish 4.4-Lite-2 merge: randomize TCP initial sequence numbers

to make ISS-guessing spoofing attacks harder.
This commit is contained in:
wollman 1995-10-03 16:54:17 +00:00
parent 6620dab5e1
commit 3fc43db861
6 changed files with 62 additions and 35 deletions

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -30,8 +30,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* From: @(#)tcp_input.c 8.5 (Berkeley) 4/10/94
* $Id: tcp_input.c,v 1.27 1995/07/10 15:39:13 wollman Exp $
* @(#)tcp_input.c 8.12 (Berkeley) 5/24/95
* $Id: tcp_input.c,v 1.28 1995/07/31 10:24:22 olah Exp $
*/
#ifndef TUBA_INCLUDE
@ -45,6 +45,8 @@
#include <sys/errno.h>
#include <sys/queue.h>
#include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */
#include <net/if.h>
#include <net/route.h>
@ -243,7 +245,7 @@ tcp_input(m, iphlen)
{
register struct tcpiphdr *ti;
register struct inpcb *inp;
caddr_t optp = NULL;
u_char *optp = NULL;
int optlen = 0;
int len, tlen, off;
register struct tcpcb *tp = 0;
@ -315,7 +317,7 @@ tcp_input(m, iphlen)
ti = mtod(m, struct tcpiphdr *);
}
optlen = off - sizeof (struct tcphdr);
optp = mtod(m, caddr_t) + sizeof (struct tcpiphdr);
optp = mtod(m, u_char *) + sizeof (struct tcpiphdr);
/*
* Do quick retrieval of timestamp options ("options
* prediction?"). If timestamp is the only option and it's
@ -650,7 +652,7 @@ findpcb:
tp->iss = iss;
else
tp->iss = tcp_iss;
tcp_iss += TCP_ISSINCR/2;
tcp_iss += TCP_ISSINCR/4;
tp->irs = ti->ti_seq;
tcp_sendseqinit(tp);
tcp_rcvseqinit(tp);

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -30,8 +30,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* From: @(#)tcp_input.c 8.5 (Berkeley) 4/10/94
* $Id: tcp_input.c,v 1.27 1995/07/10 15:39:13 wollman Exp $
* @(#)tcp_input.c 8.12 (Berkeley) 5/24/95
* $Id: tcp_input.c,v 1.28 1995/07/31 10:24:22 olah Exp $
*/
#ifndef TUBA_INCLUDE
@ -45,6 +45,8 @@
#include <sys/errno.h>
#include <sys/queue.h>
#include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */
#include <net/if.h>
#include <net/route.h>
@ -243,7 +245,7 @@ tcp_input(m, iphlen)
{
register struct tcpiphdr *ti;
register struct inpcb *inp;
caddr_t optp = NULL;
u_char *optp = NULL;
int optlen = 0;
int len, tlen, off;
register struct tcpcb *tp = 0;
@ -315,7 +317,7 @@ tcp_input(m, iphlen)
ti = mtod(m, struct tcpiphdr *);
}
optlen = off - sizeof (struct tcphdr);
optp = mtod(m, caddr_t) + sizeof (struct tcpiphdr);
optp = mtod(m, u_char *) + sizeof (struct tcpiphdr);
/*
* Do quick retrieval of timestamp options ("options
* prediction?"). If timestamp is the only option and it's
@ -650,7 +652,7 @@ findpcb:
tp->iss = iss;
else
tp->iss = tcp_iss;
tcp_iss += TCP_ISSINCR/2;
tcp_iss += TCP_ISSINCR/4;
tp->irs = ti->ti_seq;
tcp_sendseqinit(tp);
tcp_rcvseqinit(tp);

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1982, 1986, 1993
* Copyright (c) 1982, 1986, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -30,8 +30,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)tcp_seq.h 8.1 (Berkeley) 6/10/93
* $Id: tcp_seq.h,v 1.4 1995/02/08 20:18:46 wollman Exp $
* @(#)tcp_seq.h 8.3 (Berkeley) 6/21/95
* $Id: tcp_seq.h,v 1.5 1995/02/14 02:35:17 wollman Exp $
*/
#ifndef _NETINET_TCP_SEQ_H_
@ -75,13 +75,28 @@
(tp)->snd_una = (tp)->snd_nxt = (tp)->snd_max = (tp)->snd_up = \
(tp)->iss
#define TCP_ISSINCR (125*1024) /* increment for tcp_iss each second */
#define TCP_PAWS_IDLE (24 * 24 * 60 * 60 * PR_SLOWHZ)
/* timestamp wrap-around time */
#ifdef KERNEL
extern tcp_seq tcp_iss; /* tcp initial send seq # */
extern tcp_cc tcp_ccgen; /* global connection count */
/*
* Increment for tcp_iss each second.
* This is designed to increment at the standard 250 KB/s,
* but with a random component averaging 128 KB.
* We also increment tcp_iss by a quarter of this amount
* each time we use the value for a new connection.
* If defined, the tcp_random18() macro should produce a
* number in the range [0-0x3ffff] that is hard to predict.
*/
#ifndef tcp_random18
#define tcp_random18() ((random() >> 14) & 0x3ffff)
#endif
#endif
#define TCP_ISSINCR (122*1024 + tcp_random18())
extern tcp_seq tcp_iss; /* tcp initial send seq # */
#else
#define TCP_ISSINCR (250*1024) /* increment for tcp_iss each second */
#endif /* KERNEL */
#endif /* _NETINET_TCP_SEQ_H_ */

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1982, 1986, 1988, 1990, 1993
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -30,8 +30,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)tcp_subr.c 8.1 (Berkeley) 6/10/93
* $Id: tcp_subr.c,v 1.15 1995/09/20 21:00:59 wollman Exp $
* @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
* $Id: tcp_subr.c,v 1.16 1995/09/22 17:43:37 wollman Exp $
*/
#include <sys/param.h>
@ -87,7 +87,7 @@ void
tcp_init()
{
tcp_iss = 1; /* wrong */
tcp_iss = random(); /* wrong, but better than a constant */
tcp_ccgen = 1;
tcp_cleartaocache();
LIST_INIT(&tcb);

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1982, 1986, 1988, 1990, 1993
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -30,8 +30,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)tcp_timer.c 8.1 (Berkeley) 6/10/93
* $Id: tcp_timer.c,v 1.7 1995/05/30 08:09:59 rgrimes Exp $
* @(#)tcp_timer.c 8.2 (Berkeley) 5/24/95
* $Id: tcp_timer.c,v 1.8 1995/07/29 18:48:43 davidg Exp $
*/
#ifndef TUBA_INCLUDE
@ -45,6 +45,8 @@
#include <sys/errno.h>
#include <sys/queue.h>
#include <machine/cpu.h> /* before tcp_seq.h, for tcp_random18() */
#include <net/if.h>
#include <net/route.h>
@ -62,10 +64,14 @@
int tcp_keepidle = TCPTV_KEEP_IDLE;
int tcp_keepintvl = TCPTV_KEEPINTVL;
int tcp_keepcnt = TCPTV_KEEPCNT; /* max idle probes */
int tcp_maxpersistidle = TCPTV_KEEP_IDLE; /* max idle time in persist */
int tcp_maxidle;
int tcp_maxpersistidle = TCPTV_KEEP_IDLE;
int tcp_totbackoff = 511;
#else /* TUBA_INCLUDE */
extern int tcp_maxpersistidle;
#endif /* TUBA_INCLUDE */
/*
* Fast timeout routine for processing delayed acks
*/
@ -105,7 +111,7 @@ tcp_slowtimo()
s = splnet();
tcp_maxidle = TCPTV_KEEPCNT * tcp_keepintvl;
tcp_maxidle = tcp_keepcnt * tcp_keepintvl;
ip = tcb.lh_first;
if (ip == NULL) {
@ -118,7 +124,7 @@ tcp_slowtimo()
for (; ip != NULL; ip = ipnxt) {
ipnxt = ip->inp_list.le_next;
tp = intotcpcb(ip);
if (tp == 0)
if (tp == 0 || tp->t_state == TCPS_LISTEN)
continue;
for (i = 0; i < TCPT_NTIMERS; i++) {
if (tp->t_timer[i] && --tp->t_timer[i] == 0) {
@ -138,7 +144,7 @@ tpgone:
tcp_iss += TCP_ISSINCR/PR_SLOWHZ; /* increment iss */
#ifdef TCP_COMPAT_42
if ((int)tcp_iss < 0)
tcp_iss = 0; /* XXX */
tcp_iss = TCP_ISSINCR; /* XXX */
#endif
tcp_now++; /* for timestamps */
splx(s);
@ -161,6 +167,8 @@ tcp_canceltimers(tp)
int tcp_backoff[TCP_MAXRXTSHIFT + 1] =
{ 1, 2, 4, 8, 16, 32, 64, 64, 64, 64, 64, 64, 64 };
int tcp_totbackoff = 511; /* sum of tcp_backoff[] */
/*
* TCP timer processing.
*/

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1982, 1986, 1988, 1990, 1993
* Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -30,8 +30,8 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)tcp_subr.c 8.1 (Berkeley) 6/10/93
* $Id: tcp_subr.c,v 1.15 1995/09/20 21:00:59 wollman Exp $
* @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95
* $Id: tcp_subr.c,v 1.16 1995/09/22 17:43:37 wollman Exp $
*/
#include <sys/param.h>
@ -87,7 +87,7 @@ void
tcp_init()
{
tcp_iss = 1; /* wrong */
tcp_iss = random(); /* wrong, but better than a constant */
tcp_ccgen = 1;
tcp_cleartaocache();
LIST_INIT(&tcb);