Date: Mon, 7 Sep 2009 19:46:39 GMT From: Andre Oppermann <andre@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 168297 for review Message-ID: <200909071946.n87JkdSg008377@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=168297 Change 168297 by andre@andre_t61 on 2009/09/07 19:46:36 In TCPS_SYN_SENT case initialize tiwin variable to shifted window and require the window to be at least one mss. A smaller window is bogus. Affected files ... .. //depot/projects/tcp_new/netinet/tcp_input.c#16 edit Differences ... ==== //depot/projects/tcp_new/netinet/tcp_input.c#16 (text+ko) ==== @@ -1039,6 +1039,7 @@ if ((tp->t_flags & TF_WINSCALE) && (to.to_flags & TOF_SCALE)) { tp->snd_scale = to.to_wscale; + tiwin = th->th_win << tp->snd_scale; } else if (tp->t_flags & TF_WINSCALE) { /* No window scaling. */ tp->t_flags &= ~TF_WINSCALE; @@ -1059,6 +1060,20 @@ } /* + * Require the window to allow for at least one segment + * to be sent. Everything else is bogus and an invitation + * for persistence attacks. + */ + if (th->th_win < tp->snd_mss) { + tcplog("Window too small, " + "connection aborted"); + tp->t_softerror = ENETRESET; /* XXXAO: Correct error? */ + tp = tcp_close(tp); + rstreason = BANDLIM_UNLIMITED; + goto dropwithreset; + } + + /* * Do timestamps on this connection? * RFC1323bis: section 3.2, first and last sentence */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909071946.n87JkdSg008377>