From owner-freebsd-bugs Wed Sep 11 17:50:04 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA18293 for bugs-outgoing; Wed, 11 Sep 1996 17:50:04 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA18285; Wed, 11 Sep 1996 17:50:02 -0700 (PDT) Resent-Date: Wed, 11 Sep 1996 17:50:02 -0700 (PDT) Resent-Message-Id: <199609120050.RAA18285@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, jmb Received: (from jmb@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA18124; Wed, 11 Sep 1996 17:47:13 -0700 (PDT) Message-Id: <199609120047.RAA18124@freefall.freebsd.org> Date: Wed, 11 Sep 1996 17:47:13 -0700 (PDT) From: "Jonathan M. Bresler" Reply-To: jmb To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/1600: SYN_RCVD bug fix Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1600 >Category: kern >Synopsis: prevent setting of t_timer[TCPT_KEEP] prematurely >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 11 17:50:01 PDT 1996 >Last-Modified: >Originator: Jonathan M. Bresler >Organization: Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/ PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB >Release: FreeBSD 2.2-CURRENT i386 >Environment: all BSD derived tcp/ip implementations >Description: receipt of two SYN's are sufficient to set the t_timer[TCPT_KEEP] to "keepidle". this should not occur unless the connection has been established via the 3-way handshake which requires an ACK >How-To-Repeat: create code to send SYN's to a port. use tcpdump to view the connection. the server will send keepalive packets back to the client for approximately 11 minutes until TCP_MAXRXTSHIFT is exceeded >Fix: apply this patch: Index: tcp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.46 diff -c -2 -r1.46 tcp_input.c *** tcp_input.c 1996/05/02 05:54:12 1.46 --- tcp_input.c 1996/09/12 00:32:50 *************** *** 451,455 **** */ tp->t_idle = 0; ! tp->t_timer[TCPT_KEEP] = tcp_keepidle; /* --- 451,456 ---- */ tp->t_idle = 0; ! if (TCPS_HAVEESTABLISHED(tp->t_state)) ! tp->t_timer[TCPT_KEEP] = tcp_keepidle; /* *************** *** 833,839 **** tp->t_flags &= ~TF_NEEDFIN; tiflags &= ~TH_SYN; ! } else tp->t_state = TCPS_ESTABLISHED; ! } else { /* --- 834,841 ---- tp->t_flags &= ~TF_NEEDFIN; tiflags &= ~TH_SYN; ! } else { tp->t_state = TCPS_ESTABLISHED; ! tp->t_timer[TCPT_KEEP] = tcp_keepidle; ! } } else { /* *************** *** 860,865 **** tp->t_state = TCPS_FIN_WAIT_1; tp->t_flags &= ~TF_NEEDFIN; ! } else tp->t_state = TCPS_ESTABLISHED; tp->t_flags |= TF_NEEDSYN; } else --- 862,869 ---- tp->t_state = TCPS_FIN_WAIT_1; tp->t_flags &= ~TF_NEEDFIN; ! } else { tp->t_state = TCPS_ESTABLISHED; + tp->t_timer[TCPT_KEEP] = tcp_keepidle; + } tp->t_flags |= TF_NEEDSYN; } else *************** *** 1184,1189 **** tp->t_state = TCPS_FIN_WAIT_1; tp->t_flags &= ~TF_NEEDFIN; ! } else tp->t_state = TCPS_ESTABLISHED; /* * If segment contains data or ACK, will call tcp_reass() --- 1188,1195 ---- tp->t_state = TCPS_FIN_WAIT_1; tp->t_flags &= ~TF_NEEDFIN; ! } else { tp->t_state = TCPS_ESTABLISHED; + tp->t_timer[TCPT_KEEP] = tcp_keepidle; + } /* * If segment contains data or ACK, will call tcp_reass() >Audit-Trail: >Unformatted: