syncookie_mac() ignores its 'tcp_seq irs' argument.
ClosedPublic
Actions

Authored by hiren on Jan 24 2015, 1:54 AM.

Details

Reviewers

gnn
adrian

Commits

rS277938: Make syncookie_mac() use 'tcp_seq irs' in computing hash.

Summary

Comment on top of the code says:
The MAC is computed over (faddr||laddr||fport||lport||irs||flags||secmod)

But syncookie_mac() doesn't use 'tcp_seq irs' in computing hash.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

hiren updated this revision to Diff 3377.Jan 24 2015, 1:54 AM

hiren retitled this revision from to syncookie_mac() ignores its 'tcp_seq irs' argument..

hiren updated this object.

hiren edited the test plan for this revision. (Show Details)

hiren added reviewers: gnn, adrian.

hiren added a subscriber: network.Jan 24 2015, 1:56 AM

How was this change tested?

In D1628#4, @gnn wrote:

How was this change tested?

Nothing specific. I am not too familiar with the code but my reading suggests that this patch should not break anything.

This patch is changing MAC value for syn cookie. Which in turn changes how we calculate hash in syncookie_generate() for iss (initial send sequence number) and compare it again when we get an ACK in syncookie_lookup().

It might be up for a debate that whether irs (initial receive sequence number) should be a part of MAC or not.

I am just trying to fix the discrepancy in comments and corresponding code.

Please correct me if needed.

gnn accepted this revision.Jan 28 2015, 5:08 AM

gnn edited edge metadata.

This revision is now accepted and ready to land.Jan 28 2015, 5:08 AM

I plan to commit this tomorrow.

Do it.

Closed by commit rS277938 (authored by @hiren).

Revision Contents
Changeset List

Path

Size

head/

sys/

netinet/

tcp_syncache.c

1 line

Diff 3545

View Options

head/sys/netinet/tcp_syncache.c

syncookie_mac() ignores its 'tcp_seq irs' argument.ClosedPublicActions