freebsd kernel with SKQ
Go to file
Bill Fenner 764d8cef56 A more complete fix for the "land" attack, removing the "quick fix" from
rev 1.66.  This fix contains both belt and suspenders.

Belt: ignore packets where src == dst and srcport == dstport in TCPS_LISTEN.
 These packets can only legitimately occur when connecting a socket to itself,
 which doesn't go through TCPS_LISTEN (it goes CLOSED->SYN_SENT->SYN_RCVD->
 ESTABLISHED).  This prevents the "standard" "land" attack, although doesn't
 prevent the multi-homed variation.

Suspenders: send a RST in response to a SYN/ACK in SYN_RECEIVED state.
 The only packets we should get in SYN_RECEIVED are
 1. A retransmitted SYN, or
 2. An ack of our SYN/ACK.
 The "land" attack depends on us accepting our own SYN/ACK as an ACK;
 in SYN_RECEIVED state; this should prevent all "land" attacks.

We also move up the sequence number check for the ACK in SYN_RECEIVED.
 This neither helps nor hurts with respect to the "land" attack, but
 puts more of the validation checking in one spot.

PR:             kern/5103
1998-01-21 02:05:59 +00:00
bin Removed definition of _NEW_VFSCONF. The new vfsconf interface is now 1998-01-20 10:40:18 +00:00
contrib Removed redundant declarations. Keymap functions are declared in 1998-01-16 09:12:05 +00:00
crypto MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3). 1997-12-08 07:41:13 +00:00
etc Add an example for busy mail servers, commented out. 1998-01-18 22:28:06 +00:00
games Fixed long lines in install rule. Fixed other bogons while I was here: 1998-01-16 09:43:47 +00:00
gnu Fixed accesses to addresses between VM_MAXUSER_ADDRESS (normally 1998-01-19 15:27:56 +00:00
include Suggested by: bde 1998-01-20 09:09:24 +00:00
kerberos5 Fix a break in the includes where the build blows chunks if it is 1997-10-02 15:03:23 +00:00
kerberosIV Link this against -lcrypt. In the case where the user has no key available 1997-10-24 16:27:46 +00:00
lib Fixed #includes in the synopsis and in an example. <sys/socket.h> 1998-01-20 11:03:15 +00:00
libexec Merged just enough files from Lite2 in lfs_cleanerd to convert from 1998-01-20 14:41:53 +00:00
lkm Include <machine/pc/display.h>, not <i386/include/pc/display.h>. This is 1998-01-16 17:58:55 +00:00
release Add wfd style devices to detection list (we'll have to put them on the 1998-01-19 23:28:41 +00:00
sbin Converted to Lite2 mount interface - use vfc_typenum from the 1998-01-20 15:22:27 +00:00
secure Staticise a variable. 1997-10-08 07:02:48 +00:00
share FreeBSD's make knows about the MACHINE, but not the MACHINE_ARCH unless 1998-01-21 01:03:51 +00:00
sys A more complete fix for the "land" attack, removing the "quick fix" from 1998-01-21 02:05:59 +00:00
tools Don't install the tcl implementation headers. The tcl distribution 1998-01-17 15:52:32 +00:00
usr.bin Converted to Lite2 mount interface - don't use numeric filesystem 1998-01-20 13:52:32 +00:00
usr.sbin Quote filenames more agressively. 1998-01-21 00:12:56 +00:00
COPYRIGHT
Makefile Test for ${MACHINE} == "alpha" and include the bootstrap makefile instead 1998-01-11 04:51:02 +00:00
Makefile.alpha This makefile provides a bootstrap installation of FreeBSD on an installed 1998-01-11 04:46:02 +00:00
README Note that /etc is not installed by world target either. 1997-08-09 14:36:20 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on: $Id: README,v 1.10 1997/02/23 09:18:39 peter Exp $

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel and the contents of /etc.  Please see the top of the Makefile
in this directory for more information on the standard build targets
and compile-time flags.

Building a kernel with config(8) is a somewhat more involved process,
documentation for which can be found at:
   http://www.freebsd.org/handbook/kernelconfig.html
And in the config(8) man page.

The sample kernel configuration files reside in the sys/i386/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file LINT contains entries for all possible devices, not
just those commonly used, and is meant more as a general reference
than an actual kernel configuration file (a kernel built from it
wouldn't even run).


Source Roadmap:
---------------
bin		System/User commands.

contrib		Packages contributed by 3rd parties.

eBones		Kerberos package - NOT FOR EXPORT!

etc		Template files for /etc

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

lib		System libraries.

libexec		System daemons.

lkm		Loadable Kernel Modules.

release		Release building Makefile & associated tools.

sbin		System commands.

secure		DES and DES-related utilities - NOT FOR EXPORT!

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/handbook/synching.html