1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-22 11:17:19 +00:00

Fix for 2 bugs related to TCP Signatures :

- If the peer sends the Signature option in the SYN, use of Timestamps
  and Window Scaling were disabled (even if the peer supports them).
- The sender must not disable signatures if the option is absent in
  the received SYN. (See comment in syncache_add()).

Found, Submitted by:	Noritoshi Demizu <demizu at dd dot ij4u dot or dot jp>.
Reviewed by:		Mohan Srinivasan <mohans at yahoo-inc dot com>.
This commit is contained in:
Paul Saab 2005-04-21 20:09:09 +00:00
parent de57160389
commit a3047bc036
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=145369

View File

@ -977,14 +977,17 @@ syncache_add(inc, to, th, sop, m)
sc->sc_flags = SCF_NOOPT;
#ifdef TCP_SIGNATURE
/*
* If listening socket requested TCP digests, and received SYN
* contains the option, flag this in the syncache so that
* syncache_respond() will do the right thing with the SYN+ACK.
* XXX Currently we always record the option by default and will
* attempt to use it in syncache_respond().
* If listening socket requested TCP digests, flag this in the
* syncache so that syncache_respond() will do the right thing
* with the SYN+ACK.
*
* RFC 2395, Section 2.0, says
* "Unlike other TCP extensions (e.g., the Window Scale option
* [RFC1323]), the absence of the option in the SYN,ACK segment must not
* cause the sender to disable its sending of signatures".
*/
if (to->to_flags & TOF_SIGNATURE)
sc->sc_flags = SCF_SIGNATURE;
if (tp->t_flags & TF_SIGNATURE)
sc->sc_flags |= SCF_SIGNATURE;
#endif
if (to->to_flags & TOF_SACK)