mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-22 11:17:19 +00:00
Fix for 2 bugs related to TCP Signatures :
- If the peer sends the Signature option in the SYN, use of Timestamps and Window Scaling were disabled (even if the peer supports them). - The sender must not disable signatures if the option is absent in the received SYN. (See comment in syncache_add()). Found, Submitted by: Noritoshi Demizu <demizu at dd dot ij4u dot or dot jp>. Reviewed by: Mohan Srinivasan <mohans at yahoo-inc dot com>.
This commit is contained in:
parent
de57160389
commit
a3047bc036
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=145369
@ -977,14 +977,17 @@ syncache_add(inc, to, th, sop, m)
|
||||
sc->sc_flags = SCF_NOOPT;
|
||||
#ifdef TCP_SIGNATURE
|
||||
/*
|
||||
* If listening socket requested TCP digests, and received SYN
|
||||
* contains the option, flag this in the syncache so that
|
||||
* syncache_respond() will do the right thing with the SYN+ACK.
|
||||
* XXX Currently we always record the option by default and will
|
||||
* attempt to use it in syncache_respond().
|
||||
* If listening socket requested TCP digests, flag this in the
|
||||
* syncache so that syncache_respond() will do the right thing
|
||||
* with the SYN+ACK.
|
||||
*
|
||||
* RFC 2395, Section 2.0, says
|
||||
* "Unlike other TCP extensions (e.g., the Window Scale option
|
||||
* [RFC1323]), the absence of the option in the SYN,ACK segment must not
|
||||
* cause the sender to disable its sending of signatures".
|
||||
*/
|
||||
if (to->to_flags & TOF_SIGNATURE)
|
||||
sc->sc_flags = SCF_SIGNATURE;
|
||||
if (tp->t_flags & TF_SIGNATURE)
|
||||
sc->sc_flags |= SCF_SIGNATURE;
|
||||
#endif
|
||||
|
||||
if (to->to_flags & TOF_SACK)
|
||||
|
Loading…
Reference in New Issue
Block a user