Re: FreeBSD's RST validation

[fetch () MUFFIN ARCADIA SPB RU (Andrey Alekseyev)]

Hello,

> On Sun, 30 Aug 1998, Tristan Horn wrote:
>
> > In my limited testing (oddly enough, not many people would consent to
> > DoS), Solaris, OSF/1, Linux and Windows 98 appear to conform to RFC 793
> > in this regard.  I have not yet been able to check NetBSD, OpenBSD,
> > BSDI, etc.

I've made a small patch for my tcp_input.c against this and
though it could be useful for someone else if it's quite
correct (is it in this form RFC793 compliant and doesn't it
break something?).
System is FreeBSD 2.2.6-RELEASE and the patch is for original
tcp_input.c (without ttcp patch applied, ref.FreeBSD-SA-98:03.ttcp)

P.S. Thanks Aleph1 that original post didn't get thru (my stupid habit
to make things in a hurry always does harm)


--- tcp_input.c Mon Aug 31 19:20:45 1998
+++ tcp_input.c.orig    Mon Aug 31 14:59:23 1998
@@ -807,9 +807,7 @@
                                goto dropwithreset;
                }
                if (tiflags & TH_RST) {
-                       if ((tiflags & TH_ACK) &&
-                           SEQ_GT(ti->ti_ack, tp->snd_una) &&
-                           SEQ_LEQ(ti->ti_ack, tp->snd_max))
+                       if (tiflags & TH_ACK)
                                tp = tcp_drop(tp, ECONNREFUSED);
                        goto drop;
                }
@@ -1137,11 +1135,7 @@
         *    CLOSING, LAST_ACK, TIME_WAIT STATES
         *      Close the tcb.
         */
-       if (tiflags&TH_RST) {
-       if ((tp->rcv_nxt > ti->ti_seq) ||
-           (tp->rcv_nxt + tp->rcv_wnd) <= ti->ti_seq)
-           goto drop;
-       switch (tp->t_state) {
+       if (tiflags&TH_RST) switch (tp->t_state) {

        case TCPS_SYN_RECEIVED:
                so->so_error = ECONNREFUSED;
@@ -1163,7 +1157,6 @@
        case TCPS_TIME_WAIT:
                tp = tcp_close(tp);
                goto drop;
-       }
        }

        /*


--
.fetch