Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 01 Jun 1998 20:38:13 +0200
From:      "Juan L. Freniche" <jlfreniche@acm.org>
To:        FreeBSD NET <freebsd-net@FreeBSD.ORG>
Subject:   Questions again on T/TCP
Message-ID:  <3572F515.F85A651@acm.org>
References:  <3560B324.EE6EA57B@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
I sent sometime ago the following message to this list, but nobody
responded. Please, can anybody have a look and respond?

Message repeated:
 
This morning a FreeBSD security advise was corrected in the FreeBSD
announce mail list, regarding a hole in the T/TCP implementation.
It can be retrieve from
 
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/
 
The following modification to /usr/src/sys/netinet/tcp_input.c
was recommended:
 
@@ -680,7 +680,9 @@
             * - otherwise do a normal 3-way handshake.
             */
             if ((to.to_flag & TOF_CC) != 0) {
-                if (taop->tao_cc != 0 && CC_GT(to.to_cc,
taop->tao_cc)){
+                if (((tp->t_flags & TF_NOPUSH) != 0) &&
+                    taop->tao_cc != 0 && CC_GT(to.to_cc,
taop->tao_cc)){
+                       
                        taop->tao_cc = to.to_cc;
                        tp->t_state = TCPS_ESTABLISHED;


I don't understand completely the proposed solution:
 
Remember that the state is Listen and TF_NOPUSH was set (see the code
below
the label findpcb in tcp_input.c). A segment is received, it pass if SYN
present and other filters are OK. When reaching the TAO test, the
proposal expand the test with (tp->t_flags & TF_NOPUSH) != 0), which is
always true!
 
Can anybody tell me what I am missing?
 
Second question: in tcp_input.c, when the clone socket is created, the
clone
connection is moved to Listen and TF_NOPUSH is set. However, if you have
a look to the ttcp man page, it is recommended (SERVER SUPPORT, item
list 1) that TCP_NOPUSH be set for the master connection, but this flag
is already set for any clone! Even more, if you reset the flag for the
master connection, it will have no effect in their clones.

By the way, setting the flag for clone connections is not found in the
Stevens book, vol. 3.

--------------------------
E-Mail: jlfreniche@acm.org
--------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3572F515.F85A651>