forked from KolibriOS/kolibrios
Added Protection Against Wrapped Sequence numbers (PAWS)
git-svn-id: svn://kolibrios.org@2946 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
parent
9c91f40719
commit
688b249960
@ -251,6 +251,27 @@ TCP_input:
|
|||||||
pop [ebx + TCP_SOCKET.ts_ecr]
|
pop [ebx + TCP_SOCKET.ts_ecr]
|
||||||
or [ebx + TCP_SOCKET.temp_bits], TCP_BIT_TIMESTAMP
|
or [ebx + TCP_SOCKET.temp_bits], TCP_BIT_TIMESTAMP
|
||||||
|
|
||||||
|
; Since we have a timestamp, lets do the paws test right away!
|
||||||
|
|
||||||
|
test [edx + TCP_header.Flags], TH_RST
|
||||||
|
jnz .no_paws
|
||||||
|
|
||||||
|
mov eax, [ebx + TCP_SOCKET.ts_recent]
|
||||||
|
test eax, eax
|
||||||
|
jz .no_paws
|
||||||
|
cmp eax, [ebx + TCP_SOCKET.ts_val]
|
||||||
|
jge .no_paws
|
||||||
|
|
||||||
|
DEBUGF 1,"TCP_input: PAWS: detected an old segment\n"
|
||||||
|
|
||||||
|
mov eax, [esp+4+4] ; tcp_now
|
||||||
|
sub eax, [ebx + TCP_SOCKET.ts_recent_age]
|
||||||
|
cmp eax, TCP_PAWS_IDLE
|
||||||
|
jle .dropafterack ; TODO: update stats
|
||||||
|
|
||||||
|
mov [ebx + TCP_SOCKET.ts_recent], 0 ; timestamp was invalid, fix it.
|
||||||
|
.no_paws:
|
||||||
|
|
||||||
add esi, 10
|
add esi, 10
|
||||||
jmp .opt_loop
|
jmp .opt_loop
|
||||||
|
|
||||||
@ -442,24 +463,6 @@ TCP_input:
|
|||||||
|
|
||||||
DEBUGF 1,"TCP_input: state is not listen or syn_sent\n"
|
DEBUGF 1,"TCP_input: state is not listen or syn_sent\n"
|
||||||
|
|
||||||
;--------------------------------------------
|
|
||||||
; Protection Against Wrapped Sequence Numbers
|
|
||||||
|
|
||||||
; First, check if timestamp is present
|
|
||||||
|
|
||||||
;;;; TODO 602
|
|
||||||
|
|
||||||
; Then, check if at least some bytes of data are within window
|
|
||||||
|
|
||||||
;;;; TODO
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
;----------------------------
|
;----------------------------
|
||||||
; trim any data not in window
|
; trim any data not in window
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user