From owner-freebsd-bugs  Thu Mar 22  1:10:13 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5321737B71F
	for <freebsd-bugs@hub.freebsd.org>; Thu, 22 Mar 2001 01:10:02 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f2M9A2321153;
	Thu, 22 Mar 2001 01:10:02 -0800 (PST)
	(envelope-from gnats)
Date: Thu, 22 Mar 2001 01:10:02 -0800 (PST)
Message-Id: <200103220910.f2M9A2321153@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: David Xu <bsddiy@21cn.com>
Subject: Re: kern/25986: Socket would hang at LAST_ACK forever.
Reply-To: David Xu <bsddiy@21cn.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/25986; it has been noted by GNATS.

From: David Xu <bsddiy@21cn.com>
To: thinker <thinker@branda.to>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/25986: Socket would hang at LAST_ACK forever.
Date: Thu, 22 Mar 2001 17:15:37 +0800

 Hello thinker,
 
 Friday, March 23, 2001, 12:50:53 AM, you wrote:
 
 
 >>Number:         25986
 >>Category:       kern
 >>Synopsis:       Socket would hang at LAST_ACK forever.
 >>Confidential:   no
 >>Severity:       serious
 >>Priority:       high
 >>Responsible:    freebsd-bugs
 >>State:          open
 >>Quarter:        
 >>Keywords:       
 >>Date-Required:
 >>Class:          change-request
 >>Submitter-Id:   current-users
 >>Arrival-Date:   Thu Mar 22 00:50:00 PST 2001
 >>Closed-Date:
 >>Last-Modified:
 >>Originator:     thinker
 >>Release:        FreeBSD 5.0-CURRENT i386
 >>Organization:
 >>Environment:
 t> System: FreeBSD hell.branda.to 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Wed Mar 7 20:41:54 GMT 2001 thinker@hell.branda.to:/usr/src/sys/compile/thk i386
 
 
         
 >>Description:
 t>         When TCP socket goes to LAST_ACK state & remote host do not respone
 t> ACK forever, socket would stay at LAST_ACK forever and never be removed.
 t> It would be a bug expolit by DDoS attacker. Patch file to fix the problem
 t> is following.
 >>How-To-Repeat:
         
 >>Fix:
 t> --- sys/netinet/tcp_usrreq.c.orig       Thu Mar 22 14:59:45 2001
 t> +++ sys/netinet/tcp_usrreq.c    Thu Mar 22 15:04:49 2001
 t> @@ -1139,13 +1139,15 @@
 t>                 tp->t_state = TCPS_LAST_ACK;
 t>                 break;
 t>         }
 t> -       if (tp && tp->t_state >= TCPS_FIN_WAIT_2) {
 t> +       if (tp && tp->t_state >= TCPS_FIN_WAIT_2)
 t>                 soisdisconnected(tp->t_inpcb->inp_socket);
 t> -               /* To prevent the connection hanging in FIN_WAIT_2 forever. */
 t> -               if (tp->t_state == TCPS_FIN_WAIT_2)
 t> -                       callout_reset(tp->tt_2msl, tcp_maxidle,
 t> -                                     tcp_timer_2msl, tp);
 t> -       }
 t> +       /*
 t> +        * To prevent the connection hanging in FIN_WAIT_2 &
 t> +        * TCPS_LAST_ACK forever.
 t> +        */
 +       if (tp->>t_state == TCPS_FIN_WAIT_2 || tp->t_state == TCPS_LAST_ACK)
 t> +               callout_reset(tp->tt_2msl, tcp_maxidle,
 t> +                             tcp_timer_2msl, tp);
 t>         return (tp);
 t>  }
  
 Thank you!
 it's a long standing bug, but seems no one want to fix it, don't know why!
 
 -- 
 Best regards,
 David Xu
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message