NetBSD Problem Report #48452
From www@NetBSD.org Mon Dec 16 17:33:35 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 880D7A61B7
for <gnats-bugs@gnats.NetBSD.org>; Mon, 16 Dec 2013 17:33:35 +0000 (UTC)
Message-Id: <20131216173333.AFA4CA645E@mollari.NetBSD.org>
Date: Mon, 16 Dec 2013 17:33:33 +0000 (UTC)
From: uwe@NetBSD.org
Reply-To: uwe@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: tcp_input() doesn't always verify tcp checksum
X-Send-Pr-Version: www-1.0
>Number: 48452
>Category: kern
>Synopsis: tcp_input() doesn't always verify tcp checksum
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Dec 16 17:35:00 +0000 2013
>Closed-Date: Mon Mar 05 16:21:15 +0000 2018
>Last-Modified: Mon Mar 05 16:21:15 +0000 2018
>Originator: Valery Ushakov
>Release: current
>Organization:
>Environment:
NetBSD felix 6.99.25 NetBSD 6.99.25 (FELIX) #8: Wed Nov 6 16:39:05 MSK 2013 uwe@spotty:/home/uwe/work/netbsd/cvs/src/sys/arch/landisk/compile/FELIX landisk
>Description:
A TCP SYN segment with invalid TCP checksum to a destination port that
has no listening PCB causes an RST to be generated. The checksum is
not verified. From a quick look it seems that it was broken in
tcp_input.c revision 1.103
date: 2000-02-12 20:19:34 +0300; author: thorpej; state: Exp; lines: +92 -67\
;
In the tcp_input() path:
- Filter out multicast destinations explicitly for every incoming packet,
not just SYNs. Previously, non-SYN multicast destination would be
filtered out as a side effect of PCB lookup. Remove now redundant
similar checks in the dropwithreset case and in syn_cache_add().
- Defer the TCP checksum until we know that we want to process the
packet (i.e. have a non-CLOSED connection or a listen socket).
>How-To-Repeat:
Use raw socket to send manually created TCP SYN datagram with bad
checksum to a port that has no listener. Observe that RST is sent in
reply and "discarded for bad checksum" tcp counter in netstat -s is
not incremented.
>Fix:
>Release-Note:
>Audit-Trail:
From: "Mihai Chelaru" <kefren@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48452 CVS commit: src/sys/netinet
Date: Fri, 15 May 2015 18:03:45 +0000
Module Name: src
Committed By: kefren
Date: Fri May 15 18:03:45 UTC 2015
Modified Files:
src/sys/netinet: tcp_input.c
Log Message:
Don't try to do PCB lookup for bad checksummed segments
Fixes PR/43510 and PR/48452
To generate a diff of this commit:
cvs rdiff -u -r1.339 -r1.340 src/sys/netinet/tcp_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Mon, 05 Mar 2018 16:21:15 +0000
State-Changed-Why:
fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home