freebsd-skq/sys
Mike Silbersack 80dd2a81fb Tighten up reset handling in order to make reset attacks as difficult as
possible while maintaining compatibility with the widest range of TCP stacks.

The algorithm is as follows:

---
For connections in the ESTABLISHED state, only resets with
sequence numbers exactly matching last_ack_sent will cause a reset,
all other segments will be silently dropped.

For connections in all other states, a reset anywhere in the window
will cause the connection to be reset.  All other segments will be
silently dropped.
---

The necessity of accepting all in-window resets was discovered
by jayanth and jlemon, both of whom have seen TCP stacks that
will respond to FIN-ACK packets with resets not meeting the
strict last_ack_sent check.

Idea by:        Darren Reed
Reviewed by:    truckman, jlemon, others(?)
2004-04-26 02:56:31 +00:00
..
alpha Hide FLT_EVAL_METHOD and DECIMAL_DIG in pre-C99 compilation 2004-04-25 02:36:29 +00:00
amd64 Hide FLT_EVAL_METHOD and DECIMAL_DIG in pre-C99 compilation 2004-04-25 02:36:29 +00:00
arm Remove advertising clause from University of California Regent's license, 2004-04-05 21:29:41 +00:00
boot Use a more compact syntax for passing the "binary" options to 'ld'. 2004-04-25 20:36:44 +00:00
cam The opt_da.h file doesn't exist anymore since the DA_OLD_QUIRKS option 2004-04-19 13:38:10 +00:00
coda Device megapatch 5/6: 2004-02-21 21:32:15 +00:00
compat Fix build for non-COMPAT_FREEBSD4 configurations. Make the FreeBSD 4 2004-04-24 04:31:59 +00:00
conf Connect ng_sppp to the build process. 2004-04-24 22:03:02 +00:00
contrib Remove warnings from vendor files. This takes some files off the vendor 2004-04-14 18:12:29 +00:00
crypto Fix a reentrancy issue in md5_calc(). 2004-01-27 18:57:21 +00:00
ddb Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
dev Fix two typos from PR: 65694 2004-04-26 02:11:38 +00:00
fs Do not drop Giant around the poll method yet, we're not ready for it. 2004-04-12 21:52:52 +00:00
geom - Don't check if 'gp' is non-NULL, it always is and GEOM wants to 2004-04-20 17:07:55 +00:00
gnu Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
i4b Convert callers to the new bus_alloc_resource_any(9) API. 2004-03-17 17:50:55 +00:00
i386 Hide FLT_EVAL_METHOD and DECIMAL_DIG in pre-C99 compilation 2004-04-25 02:36:29 +00:00
ia64 Hide FLT_EVAL_METHOD and DECIMAL_DIG in pre-C99 compilation 2004-04-25 02:36:29 +00:00
isa Fixed breakage of the formatting operation in rev.1.266. The wrong 2004-04-25 04:33:56 +00:00
isofs/cd9660 Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
kern The paper "Hashed Timers and Hierarchical Wheels: Data Structures for the 2004-04-25 04:10:17 +00:00
libkern Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
modules Add ng_sppp(4) to the modules build process. 2004-04-25 08:56:46 +00:00
net This commit does two things: 2004-04-25 09:24:52 +00:00
net80211 Resolve the issue of whether frames have FCS or not. Frame data does not 2004-04-05 22:13:21 +00:00
netatalk This commit does two things: 2004-04-25 09:24:52 +00:00
netatm These are changes to allow to use the Intel C/C++ compiler (lang/icc) 2004-03-12 21:45:33 +00:00
netgraph Make sure RFCOMM multiplexor channel does not hang in DISCONNECTING 2004-04-23 20:21:17 +00:00
netinet Tighten up reset handling in order to make reset attacks as difficult as 2004-04-26 02:56:31 +00:00
netinet6 This commit does two things: 2004-04-25 09:24:52 +00:00
netipsec Fix a debugging printf snafu. 2004-04-20 14:53:35 +00:00
netipx Rename dup_sockaddr() to sodupsockaddr() for consistency with other 2004-03-01 03:14:23 +00:00
netkey
netnatm Rename dup_sockaddr() to sodupsockaddr() for consistency with other 2004-03-01 03:14:23 +00:00
netncp Make the process_exit eventhandler run without Giant. Add Giant hooks 2004-03-14 02:06:28 +00:00
netsmb Rename dup_sockaddr() to sodupsockaddr() for consistency with other 2004-03-01 03:14:23 +00:00
nfs Remove advertising clause from University of California Regent's 2004-04-07 05:00:01 +00:00
nfs4client Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
nfsclient Let the NFS client notice a file's size changing as a modification. 2004-04-14 23:23:55 +00:00
nfsserver Don't send the available space as is in the FSSTAT call. Under 2004-04-12 13:02:21 +00:00
opencrypto kthread_exit() no longer requires Giant, so don't force callers to acquire 2004-03-05 22:42:17 +00:00
pc98 Merged from sys/isa/fd.c revision 1.270. 2004-04-25 12:43:44 +00:00
pccard Convert callers to the new bus_alloc_resource_any(9) API. 2004-03-17 17:50:55 +00:00
pci Push down the responsibility for zeroing a physical page from the 2004-04-24 20:53:55 +00:00
posix4 The sem_timedwait() and ksem_timedwait() functions both 2004-02-03 22:27:03 +00:00
powerpc Hide FLT_EVAL_METHOD and DECIMAL_DIG in pre-C99 compilation 2004-04-25 02:36:29 +00:00
rpc Remove advertising clause from University of California Regent's 2004-04-07 05:00:01 +00:00
security Define BPFD_LOCK_ASSERT() to assert the BPF descriptor lock. 2004-02-29 15:33:56 +00:00
sparc64 Hide FLT_EVAL_METHOD and DECIMAL_DIG in pre-C99 compilation 2004-04-25 02:36:29 +00:00
sys Fixed some style bugs (useless forward declarations of structs and 2004-04-24 06:44:33 +00:00
tools Correct $FreeBSD$ style. 2004-04-16 05:22:11 +00:00
ufs Record where half the bits in this file came from (from ufs_readwrite.c). 2004-04-07 11:21:18 +00:00
vm Zero the physical page only if it is invalid and not prezeroed. 2004-04-25 07:58:59 +00:00
Makefile