Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect

To:	Willy Tarreau <willy@xxxxxxxxx>
Subject:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.)
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Sun, 12 Jun 2005 23:33:49 +1000
Cc:	davem@xxxxxxxxxxxxx, xschmi00@xxxxxxxxxxxxxxxxxx, alastair@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20050612131323.GA10188@gondor.apana.org.au>
References:	<20050611074350.GD28759@alpha.home.local> <E1DhBic-0005dp-00@gondolin.me.apana.org.au> <20050611195144.GF28759@alpha.home.local> <20050612081327.GA24384@gondor.apana.org.au> <20050612083409.GA8220@alpha.home.local> <20050612103020.GA25111@gondor.apana.org.au> <20050612114039.GI28759@alpha.home.local> <20050612120627.GA5858@gondor.apana.org.au> <20050612123253.GK28759@alpha.home.local> <20050612131323.GA10188@gondor.apana.org.au>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.9i

On Sun, Jun 12, 2005 at 11:13:23PM +1000, herbert wrote:
> On Sun, Jun 12, 2005 at 02:32:53PM +0200, Willy Tarreau wrote:
> >
> > but it's not the case (although the naming is not clear). So if the remote
> > end was the one which sent the SYN-ACK, it will clear its session. If it has
> > been spoofed, it will ignore the RST because in turn, the SEQ will not be
> > within its window.
> 
> This is what should happen:

Sorry, you're right.  The SEQ check should catch this.

However, a few lines down in that same function there is a th->rst
check which will kill the connection just as effectively.

My point is that there are many ways to kill TCP connections in ways
similar to what you proposed initially so it isn't that special.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), (continued) Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Thomas Graf Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu <= Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Message not available Message not available Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Thomas Graf Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Denis Vlasenko

Previous by Date:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Next by Date:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Previous by Thread:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu
Next by Thread:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Indexes:	[Date] [Thread] [Top] [All Lists]