From cf09195ba50c0a676cd8363f5564dc6722f8bdc8 Mon Sep 17 00:00:00 2001 From: Paul Saab Date: Sun, 10 Apr 2005 05:24:59 +0000 Subject: [PATCH] - Tighten up the Timestamp checks to prevent a spoofed segment from setting ts_recent to an arbitrary value, stopping further communication between the two hosts. - If the Echoed Timestamp is greater than the current time, fall back to the non RFC 1323 RTT calculation. Submitted by: Raja Mukerji (raja at moselle dot com) Reviewed by: Noritoshi Demizu, Mohan Srinivasan --- sys/netinet/tcp_input.c | 26 +++++++++++++++++++++++--- sys/netinet/tcp_reass.c | 26 +++++++++++++++++++++++--- sys/netinet/tcp_seq.h | 1 + 3 files changed, 47 insertions(+), 6 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 2ed59ce94acc..d89bc2b2bd9a 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1701,11 +1701,25 @@ tcp_input(m, off0) /* * If last ACK falls within this segment's sequence numbers, * record its timestamp. - * NOTE that the test is modified according to the latest - * proposal of the tcplw@cray.com list (Braden 1993/04/26). + * NOTE: + * 1) That the test incorporates suggestions from the latest + * proposal of the tcplw@cray.com list (Braden 1993/04/26). + * 2) That updating only on newer timestamps interferes with + * our earlier PAWS tests, so this check should be solely + * predicated on the sequence space of this segment. + * 3) That we modify the segment boundary check to be + * Last.ACK.Sent <= SEG.SEQ + SEG.Len + * instead of RFC1323's + * Last.ACK.Sent < SEG.SEQ + SEG.Len, + * This modified check allows us to overcome RFC1323's + * limitations as described in Stevens TCP/IP Illustrated + * Vol. 2 p.869. In such cases, we can still calculate the + * RTT correctly when RCV.NXT == Last.ACK.Sent. */ if ((to.to_flags & TOF_TS) != 0 && - SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { + SEQ_LEQ(th->th_seq, tp->last_ack_sent) && + SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen + + ((thflags & (TH_SYN|TH_FIN)) != 0))) { tp->ts_recent_age = ticks; tp->ts_recent = to.to_tsval; } @@ -2560,6 +2574,12 @@ tcp_dooptions(tp, to, cp, cnt, is_syn, th) bcopy((char *)cp + 6, (char *)&to->to_tsecr, sizeof(to->to_tsecr)); to->to_tsecr = ntohl(to->to_tsecr); + /* + * If echoed timestamp is later than the current time, + * fall back to non RFC1323 RTT calculation. + */ + if ((to->to_tsecr != 0) && TSTMP_GT(to->to_tsecr, ticks)) + to->to_tsecr = 0; break; #ifdef TCP_SIGNATURE /* diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 2ed59ce94acc..d89bc2b2bd9a 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -1701,11 +1701,25 @@ tcp_input(m, off0) /* * If last ACK falls within this segment's sequence numbers, * record its timestamp. - * NOTE that the test is modified according to the latest - * proposal of the tcplw@cray.com list (Braden 1993/04/26). + * NOTE: + * 1) That the test incorporates suggestions from the latest + * proposal of the tcplw@cray.com list (Braden 1993/04/26). + * 2) That updating only on newer timestamps interferes with + * our earlier PAWS tests, so this check should be solely + * predicated on the sequence space of this segment. + * 3) That we modify the segment boundary check to be + * Last.ACK.Sent <= SEG.SEQ + SEG.Len + * instead of RFC1323's + * Last.ACK.Sent < SEG.SEQ + SEG.Len, + * This modified check allows us to overcome RFC1323's + * limitations as described in Stevens TCP/IP Illustrated + * Vol. 2 p.869. In such cases, we can still calculate the + * RTT correctly when RCV.NXT == Last.ACK.Sent. */ if ((to.to_flags & TOF_TS) != 0 && - SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { + SEQ_LEQ(th->th_seq, tp->last_ack_sent) && + SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen + + ((thflags & (TH_SYN|TH_FIN)) != 0))) { tp->ts_recent_age = ticks; tp->ts_recent = to.to_tsval; } @@ -2560,6 +2574,12 @@ tcp_dooptions(tp, to, cp, cnt, is_syn, th) bcopy((char *)cp + 6, (char *)&to->to_tsecr, sizeof(to->to_tsecr)); to->to_tsecr = ntohl(to->to_tsecr); + /* + * If echoed timestamp is later than the current time, + * fall back to non RFC1323 RTT calculation. + */ + if ((to->to_tsecr != 0) && TSTMP_GT(to->to_tsecr, ticks)) + to->to_tsecr = 0; break; #ifdef TCP_SIGNATURE /* diff --git a/sys/netinet/tcp_seq.h b/sys/netinet/tcp_seq.h index dfc8f0ef3dfc..7f4620123b84 100644 --- a/sys/netinet/tcp_seq.h +++ b/sys/netinet/tcp_seq.h @@ -47,6 +47,7 @@ /* for modulo comparisons of timestamps */ #define TSTMP_LT(a,b) ((int)((a)-(b)) < 0) +#define TSTMP_GT(a,b) ((int)((a)-(b)) > 0) #define TSTMP_GEQ(a,b) ((int)((a)-(b)) >= 0) /*