Subject: TCP sequence number fix. (?)
To: None <current-users@NetBSD.ORG>
From: Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au>
List: current-users
Date: 05/12/1995 01:17:38
Whilst on the way to bed, the TCP sequence number bug came back to haunt me.

Does the below look like an appropriate patch ?

I find it rather curious that although tcp_iss is being incremented in
several places in the TCP code that the #ifdef for TCP_COMPAT_42 is only
in one place, converting -ve to 0.  I think that tcp_input.c:783 is a
bit suspect too (for TCP_COMPAT_42) but I don't know too much about the
4.2BSD TCP sequence handling.

It (hopefully) is obvious how the patch works to defeat guessing.

If someone finds it worthwhile, they might want to fix it up a bit and
send-pr it.

cheers,
darren

*** tcp_input.c.orig	Fri May 12 00:25:04 1995
--- tcp_input.c	Fri May 12 01:08:26 1995
***************
*** 589,596 ****
  		if (iss)
  			tp->iss = iss;
  		else
! 			tp->iss = tcp_iss;
! 		tcp_iss += TCP_ISSINCR/2;
  		tp->irs = ti->ti_seq;
  		tcp_sendseqinit(tp);
  		tcp_rcvseqinit(tp);
--- 589,595 ----
  		if (iss)
  			tp->iss = iss;
  		else
! 			TCPISS(tp->iss);
  		tp->irs = ti->ti_seq;
  		tcp_sendseqinit(tp);
  		tcp_rcvseqinit(tp);
*** tcp_seq.h.orig	Fri May 12 00:50:46 1995
--- tcp_seq.h	Fri May 12 01:07:08 1995
***************
*** 61,64 ****
--- 61,81 ----
  
  #ifdef _KERNEL
  tcp_seq	tcp_iss;		/* tcp initial send seq # */
+ # ifdef	TCP_COMPAT_42
+ #  define	TCPISS(x)	{ struct timeval atv; \
+ 					microtime(&atv); \
+ 					(x) = tcp_iss + atv.tv_usec >> 4; \
+ 					if ((x) < 0) \
+ 						(x) = 0; \
+ 					tcp_iss += TCP_ISSINCR/2; \
+ 					if (tcp_iss < 0) \
+ 						tcp_iss = TCP_ISSINCR/2; \
+ 				}
+ # else
+ #  define	TCPISS(x)	{ struct timeval atv; \
+ 					microtime(&atv); \
+ 					(x) = tcp_iss + atv.tv_usec >> 4; \
+ 					tcp_iss += TCP_ISSINCR/2; \
+ 				}
+ # endif
  #endif
*** tcp_usrreq.c.orig	Fri May 12 00:48:34 1995
--- tcp_usrreq.c	Fri May 12 01:08:58 1995
***************
*** 198,204 ****
  		tcpstat.tcps_connattempt++;
  		tp->t_state = TCPS_SYN_SENT;
  		tp->t_timer[TCPT_KEEP] = TCPTV_KEEP_INIT;
! 		tp->iss = tcp_iss; tcp_iss += TCP_ISSINCR/2;
  		tcp_sendseqinit(tp);
  		error = tcp_output(tp);
  		break;
--- 198,204 ----
  		tcpstat.tcps_connattempt++;
  		tp->t_state = TCPS_SYN_SENT;
  		tp->t_timer[TCPT_KEEP] = TCPTV_KEEP_INIT;
! 		TCPISS(tp->iss);
  		tcp_sendseqinit(tp);
  		error = tcp_output(tp);
  		break;