| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.) |
| From: | Thomas Graf <tgraf@xxxxxxx> |
| Date: | Sun, 12 Jun 2005 14:22:47 +0200 |
| Cc: | Willy Tarreau <willy@xxxxxxxxx>, davem@xxxxxxxxxxxxx, xschmi00@xxxxxxxxxxxxxxxxxx, alastair@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20050612120627.GA5858@xxxxxxxxxxxxxxxxxxx> |
| References: | <20050611074350.GD28759@xxxxxxxxxxxxxxxx> <E1DhBic-0005dp-00@xxxxxxxxxxxxxxxxxxxxxxxx> <20050611195144.GF28759@xxxxxxxxxxxxxxxx> <20050612081327.GA24384@xxxxxxxxxxxxxxxxxxx> <20050612083409.GA8220@xxxxxxxxxxxxxxxx> <20050612103020.GA25111@xxxxxxxxxxxxxxxxxxx> <20050612114039.GI28759@xxxxxxxxxxxxxxxx> <20050612120627.GA5858@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
* Herbert Xu <20050612120627.GA5858@xxxxxxxxxxxxxxxxxxx> 2005-06-12 22:06 > On Sun, Jun 12, 2005 at 01:40:39PM +0200, Willy Tarreau wrote: > > > > Sorry Herbert, but both RFC793 page 32 figure 9 and my Linux box disagree > > with this statement. Look: at line 5, A rejects the SYN-ACK because the > > ACK is wrong during the session setup. > > Look at the first check inside th->ack in tcp_rcv_synsent_state_process. Usually a continious flow of ACK+RST is used to prevent a connection from being established, it's more reliable because even if you hit the ISS+rcv_next window the connection attempt will still be reset. |
| Previous by Date: | Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu |
|---|---|
| Next by Date: | Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau |
| Previous by Thread: | Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu |
| Next by Thread: | Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |