[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Just happened to see this one.
Note: a randomized ISN is better in terms of security, but may result in
connection establishment failures (see the RFC6528).
TL;DR; BSD have an optiomization where a new incarnation of a
previous connection is created if the four-tuple (src addr, dst addr,
src port, dst port) is the same as that of the previous incarnation, but
the ISN of the new incarnation is larger than the last SEQ seen in the
previous incarnation for that direction of the connection.
IOW "if the same four tuple is employed for the new connection, the
connection will nevertheless succeed if the ISN of the new connection is
larger than the SEQ of the previous connection2.
(who happens to be a co-author of RFC6528 :-) )
On 8/3/21 18:00, Jason Thorpe wrote:
RFC6528 is standards-track:
...so why this change instead?
On Mar 8, 2021, at 10:17 AM, Christos Zoulas <christos%netbsd.org@localhost> wrote:
Module Name: src
Committed By: christos
Date: Mon Mar 8 18:17:27 UTC 2021
src/sys/netinet: tcp_input.c tcp_subr.c tcp_usrreq.c tcp_var.h
Remove the unused "addin" argument (it was always 0) and go back using
a random iss by default (instead of rfc1948)
To generate a diff of this commit:
cvs rdiff -u -r1.427 -r1.428 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.286 -r1.287 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.228 -r1.229 src/sys/netinet/tcp_usrreq.c
cvs rdiff -u -r1.194 -r1.195 src/sys/netinet/tcp_var.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
Main Index |
Thread Index |