1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-16 15:11:52 +00:00
Mirror of the FreeBSD src repository https://git.FreeBSD.org/src.git .
Go to file
Mike Silbersack 80dd2a81fb Tighten up reset handling in order to make reset attacks as difficult as
possible while maintaining compatibility with the widest range of TCP stacks.

The algorithm is as follows:

---
For connections in the ESTABLISHED state, only resets with
sequence numbers exactly matching last_ack_sent will cause a reset,
all other segments will be silently dropped.

For connections in all other states, a reset anywhere in the window
will cause the connection to be reset.  All other segments will be
silently dropped.
---

The necessity of accepting all in-window resets was discovered
by jayanth and jlemon, both of whom have seen TCP stacks that
will respond to FIN-ACK packets with resets not meeting the
strict last_ack_sent check.

Idea by:        Darren Reed
Reviewed by:    truckman, jlemon, others(?)
2004-04-26 02:56:31 +00:00
bin Fix some style issues in rev 1.58. 2004-04-22 17:05:08 +00:00
contrib FreeBSD-if .4 manpages for pf/pflog/pfsync. 2004-04-18 13:59:12 +00:00
crypto Regenerate. 2004-04-20 09:49:37 +00:00
etc Add an Israel Hebrew locale: he_IL.UTF-8. 2004-04-21 15:28:23 +00:00
games Add a Dijkstra comment on programming languages. 2004-04-21 22:39:46 +00:00
gnu What is CVS doing to me?? 2004-04-21 15:43:26 +00:00
include Make isblank() visible in the C99 namespace. 2004-04-21 13:25:55 +00:00
kerberos5 Update version strings for Heimdal: 0.6 -> 0.6.1 2004-04-13 16:41:00 +00:00
lib Rewrite split_lines() to operate safely 2004-04-25 19:56:50 +00:00
libexec Cast the terminating NULL to char * in the execl() call. 2004-04-04 20:53:23 +00:00
release New release note: 2004-04-24 17:30:32 +00:00
rescue Remove dangling raidctl reference 2004-03-16 13:42:23 +00:00
sbin Add the option versrcreach to verify that a valid route to the 2004-04-23 14:28:38 +00:00
secure Turn MAKE_IDEA into a true "bool" type variable, as documented in 2004-04-19 11:35:15 +00:00
share - Update description of watchdogd_enable to reflect current reality. 2004-04-25 17:13:22 +00:00
sys Tighten up reset handling in order to make reset attacks as difficult as 2004-04-26 02:56:31 +00:00
tools Script for downloading and printing in hex, the offical vendor ID's from 2004-04-18 05:37:34 +00:00
usr.bin Fix username/groupname cache so it returns a name that 2004-04-23 16:33:51 +00:00
usr.sbin mdoc(7) janitor: 2004-04-25 14:13:48 +00:00
COPYRIGHT Update the COPYRIGHT file to include FreeBSD's compilation copyright 2003-12-31 22:35:22 +00:00
installworld_newk Commit the first set of files for changing time_t on freebsd/sparc64 2004-03-03 19:36:20 +00:00
installworld_oldk Commit the first set of files for changing time_t on freebsd/sparc64 2004-03-03 19:36:20 +00:00
MAINTAINERS Adding Tony Ackerman (tackerman) as the maintainer for the em(4) Intel Gigabit Ethernet driver. 2004-04-19 17:47:45 +00:00
Makefile Add a kernel-toolchain target which only builds the bits required to build 2004-04-13 13:42:01 +00:00
Makefile.inc1 Move the SNMP MIBs and tree definitions from /usr/share/bsnmp to 2004-04-14 16:06:19 +00:00
README
UPDATING Recompile of ipfw(8) is required because of new ipfw option (versrcreach). 2004-04-23 14:33:30 +00:00
UPDATING.64BTT Add a tip for people who are using database-related ports on a sparc64 2004-03-17 01:59:47 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The
``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html