Fix for 2 bugs related to TCP Signatures :

- If the peer sends the Signature option in the SYN, use of Timestamps and Window Scaling were disabled (even if the peer supports them). - The sender must not disable signatures if the option is absent in the received SYN. (See comment in syncache_add()). Found, Submitted by: Noritoshi Demizu <demizu at dd dot ij4u dot or dot jp>. Reviewed by: Mohan Srinivasan <mohans at yahoo-inc dot com>.
svn path=/head/; revision=145369
2024-12-21 11:13:30 +00:00 · 2005-04-21 20:09:09 +00:00 · 2005-04-21 20:09:09 +00:00 · a3047bc036 · 2020-12-20 02:59:44 +00:00
commit a3047bc036
parent de57160389
1 changed files with 10 additions and 7 deletions
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@ -977,14 +977,17 @@ syncache_add(inc, to, th, sop, m)
 		sc->sc_flags = SCF_NOOPT;
 #ifdef TCP_SIGNATURE
 	/*
-	 * If listening socket requested TCP digests, and received SYN
-	 * contains the option, flag this in the syncache so that
-	 * syncache_respond() will do the right thing with the SYN+ACK.
-	 * XXX Currently we always record the option by default and will
-	 * attempt to use it in syncache_respond().
+	 * If listening socket requested TCP digests, flag this in the 
+	 * syncache so that syncache_respond() will do the right thing 
+	 * with the SYN+ACK.
+	 *
+	 * RFC 2395, Section 2.0, says
+	 * "Unlike other TCP extensions (e.g., the Window Scale option
+	 * [RFC1323]), the absence of the option in the SYN,ACK segment must not
+	 * cause the sender to disable its sending of signatures".
 	 */
-	if (to->to_flags & TOF_SIGNATURE)
-		sc->sc_flags = SCF_SIGNATURE;
+	if (tp->t_flags & TF_SIGNATURE)
+		sc->sc_flags |= SCF_SIGNATURE;
 #endif

 	if (to->to_flags & TOF_SACK)