Added Protection Against Wrapped Sequence numbers (PAWS)
git-svn-id: svn://kolibrios.org@2946 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
parent
9c91f40719
commit
688b249960
@ -251,6 +251,27 @@ TCP_input:
|
||||
pop [ebx + TCP_SOCKET.ts_ecr]
|
||||
or [ebx + TCP_SOCKET.temp_bits], TCP_BIT_TIMESTAMP
|
||||
|
||||
; Since we have a timestamp, lets do the paws test right away!
|
||||
|
||||
test [edx + TCP_header.Flags], TH_RST
|
||||
jnz .no_paws
|
||||
|
||||
mov eax, [ebx + TCP_SOCKET.ts_recent]
|
||||
test eax, eax
|
||||
jz .no_paws
|
||||
cmp eax, [ebx + TCP_SOCKET.ts_val]
|
||||
jge .no_paws
|
||||
|
||||
DEBUGF 1,"TCP_input: PAWS: detected an old segment\n"
|
||||
|
||||
mov eax, [esp+4+4] ; tcp_now
|
||||
sub eax, [ebx + TCP_SOCKET.ts_recent_age]
|
||||
cmp eax, TCP_PAWS_IDLE
|
||||
jle .dropafterack ; TODO: update stats
|
||||
|
||||
mov [ebx + TCP_SOCKET.ts_recent], 0 ; timestamp was invalid, fix it.
|
||||
.no_paws:
|
||||
|
||||
add esi, 10
|
||||
jmp .opt_loop
|
||||
|
||||
@ -442,24 +463,6 @@ TCP_input:
|
||||
|
||||
DEBUGF 1,"TCP_input: state is not listen or syn_sent\n"
|
||||
|
||||
;--------------------------------------------
|
||||
; Protection Against Wrapped Sequence Numbers
|
||||
|
||||
; First, check if timestamp is present
|
||||
|
||||
;;;; TODO 602
|
||||
|
||||
; Then, check if at least some bytes of data are within window
|
||||
|
||||
;;;; TODO
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
;----------------------------
|
||||
; trim any data not in window
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user