Date: Sat, 22 Jan 2000 01:02:59 -0800 From: gdonl@tsc.tdk.com (Don Lewis) To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <200001220902.BAA16359@salsa.gv.tsc.tdk.com> In-Reply-To: Brett Glass <brett@lariat.org> "Re: stream.c worst-case kernel paths" (Jan 22, 12:29am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 22, 12:29am, Brett Glass wrote: } Subject: Re: stream.c worst-case kernel paths } At 11:32 PM 1/21/2000 , Don Lewis wrote: } } >Actually, I think TH_SYN+TH_RST should immediately go to "drop", } >do not pass GO, do not collect $200 ... } } You're right. Actually, shouldn't RST-<anything else> be tossed, } since you should never reply to a RST? While you never reply to a RST, reception of a RST can cause the state of a connection to change if the packet passes the appropriate sequence number validation tests. Both bare RST and RST+ACK packets are valid, see RFC 793. I'm pretty sure that RST+FIN and RST+SYN are not valid and should be dropped. The code should already handle all of this, though the checks are distributed throughout the code instead of being all in one place. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220902.BAA16359>