[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/48452: tcp_input() doesn't always verify tcp checksum
>Synopsis: tcp_input() doesn't always verify tcp checksum
>Arrival-Date: Mon Dec 16 17:35:00 +0000 2013
>Originator: Valery Ushakov
NetBSD felix 6.99.25 NetBSD 6.99.25 (FELIX) #8: Wed Nov 6 16:39:05 MSK 2013
A TCP SYN segment with invalid TCP checksum to a destination port that has no
listening PCB causes an RST to be generated. The checksum is not verified.
From a quick look it seems that it was broken in tcp_input.c revision 1.103
date: 2000-02-12 20:19:34 +0300; author: thorpej; state: Exp; lines: +92 -67\
In the tcp_input() path:
- Filter out multicast destinations explicitly for every incoming packet,
not just SYNs. Previously, non-SYN multicast destination would be
filtered out as a side effect of PCB lookup. Remove now redundant
similar checks in the dropwithreset case and in syn_cache_add().
- Defer the TCP checksum until we know that we want to process the
packet (i.e. have a non-CLOSED connection or a listen socket).
Use raw socket to send manually created TCP SYN datagram with bad checksum to a
port that has no listener. Observe that RST is sent in reply and "discarded
for bad checksum" tcp counter in netstat -s is not incremented.
Main Index |
Thread Index |