| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jan 2017 07:48:10 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Jason Baron <jbaron@...mai.com>
Cc: netdev@...r.kernel.org
Subject: Re: [RFC PATCH] tcp: accept RST for rcv_nxt - 1 after receiving a
FIN
On Thu, 2017-01-05 at 16:33 -0500, Jason Baron wrote:
>
> +/* Accept RST for rcv_nxt - 1 after a FIN.
> + * When tcp connections are abruptly terminated from Mac OSX (via ^C), a
> + * FIN is sent followed by a RST packet. The RST is sent with the same
> + * sequence number as the FIN, and thus according to RFC 5961 a challenge
> + * ACK should be sent. However, Mac OSX does not reply to the challenge ACK
> + * with a RST on the closed socket, hence accept this class of RSTs.
> + */
> +static bool tcp_reset_check(struct sock *sk, struct sk_buff *skb)
const struct sock *sk, const struct sk_buff *skb
> +{
> + struct tcp_sock *tp = tcp_sk(sk);
> +
> + return unlikely((TCP_SKB_CB(skb)->seq == (tp->rcv_nxt - 1)) &&
> + (TCP_SKB_CB(skb)->end_seq == (tp->rcv_nxt - 1)) &&
Why is the test on end_seq needed ?
> + (sk->sk_state == TCP_CLOSE_WAIT ||
> + sk->sk_state == TCP_LAST_ACK ||
> + sk->sk_state == TCP_CLOSING));
> +}
Testing many states can be done more efficiently :
(1 << sk->sk_state) & (TCPF_CLOSE_WAIT | TCPF_LAST_ACK |
TCPF_CLOSING)
Thanks
Powered by blists - more mailing lists