Added Protection Against Wrapped Sequence numbers (PAWS)

git-svn-id: svn://kolibrios.org@2946 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
hidnplayr 2012-08-28 09:29:57 +00:00
parent 9c91f40719
commit 688b249960

View File

@ -251,6 +251,27 @@ TCP_input:
pop [ebx + TCP_SOCKET.ts_ecr]
or [ebx + TCP_SOCKET.temp_bits], TCP_BIT_TIMESTAMP
; Since we have a timestamp, lets do the paws test right away!
test [edx + TCP_header.Flags], TH_RST
jnz .no_paws
mov eax, [ebx + TCP_SOCKET.ts_recent]
test eax, eax
jz .no_paws
cmp eax, [ebx + TCP_SOCKET.ts_val]
jge .no_paws
DEBUGF 1,"TCP_input: PAWS: detected an old segment\n"
mov eax, [esp+4+4] ; tcp_now
sub eax, [ebx + TCP_SOCKET.ts_recent_age]
cmp eax, TCP_PAWS_IDLE
jle .dropafterack ; TODO: update stats
mov [ebx + TCP_SOCKET.ts_recent], 0 ; timestamp was invalid, fix it.
.no_paws:
add esi, 10
jmp .opt_loop
@ -442,24 +463,6 @@ TCP_input:
DEBUGF 1,"TCP_input: state is not listen or syn_sent\n"
;--------------------------------------------
; Protection Against Wrapped Sequence Numbers
; First, check if timestamp is present
;;;; TODO 602
; Then, check if at least some bytes of data are within window
;;;; TODO
;----------------------------
; trim any data not in window