From owner-freebsd-net Sun Feb 25 14: 1:11 2001 Delivered-To: freebsd-net@freebsd.org Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9]) by hub.freebsd.org (Postfix) with ESMTP id B3F1F37B401; Sun, 25 Feb 2001 14:01:08 -0800 (PST) (envelope-from jlemon@flugsvamp.com) Received: (from jlemon@localhost) by prism.flugsvamp.com (8.11.0/8.11.0) id f1PM07e81495; Sun, 25 Feb 2001 16:00:07 -0600 (CST) (envelope-from jlemon) Date: Sun, 25 Feb 2001 16:00:07 -0600 (CST) From: Jonathan Lemon Message-Id: <200102252200.f1PM07e81495@prism.flugsvamp.com> To: jesper@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: Check tcp sequence number for all ICMP messages X-Newsgroups: local.mail.freebsd-net In-Reply-To: Organization: Cc: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In article you write: >We recently introduced a check for tcp sequence numbers when processing >ICMP messages, it has so far only been used for the ICMP messages that >trigger the session to be dropped, but it makes sense to have this check >for all ICMP messages which only act on a single session. I was just looking at this today (as well as the hash lookup you mentioned in your other message). The big problem with both is that the TCP sequence check should not be in in_pcb.c; it should be in the tcp/udp specific files. Also, I'm not sure whether all ICMP replies (source quench, mtu) have sequence numbers within the tcp window. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message