DragonFly-2.3.2.195.gefca2 master sys/netinet tcp_input.c tcp_timer.c tcp_var.h
Matthew Dillon
dillon at crater.dragonflybsd.org
Mon Jul 27 21:32:02 PDT 2009
commit efca2b8eccb027904b939aab35fde8c191acfc03
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Mon Jul 27 21:22:10 2009 -0700
TCP - Fix re-establishment issues if a client reboots
When the machine hosting the client side of a TCP connection
reboots without clearing the connection, the server side will
continue to believe that the connection is in an established
state. If the client attempts to reconnect using the same
port pair (after rebooting, typically), the sequence space checks
against DOS attacks on the server side will cause the SYN
packets to be dropped.
A dandy solution to this problem is to force a keep-alive within
half a second of receiving a SYN on an ESTABLISHED socket. The
server will revalidate the connection and, since the client is
actually alive, will get an immediately Reset. The the next
SYN attempt from the client will then succeed.
A SYN sent as part of a DOS attack has little effect other then
to cause the server to probe the established connection within
half a second of receiving the bogus SYN.
In particular, this fixes issues with TCP NFS connections. NFS
clients are often unable to umount the NFS mounts and the TCP
connection is left established through the reboot. Instead of
hanging on SYNs being simply dropped by the server, the server
now properly detects that the connection is in fact dead after
the first SYN and properly reestablishes it on the next one.
Summary of changes:
sys/netinet/tcp_input.c | 26 +++++++++++++++++++++-----
sys/netinet/tcp_timer.c | 4 ++--
sys/netinet/tcp_var.h | 1 +
3 files changed, 24 insertions(+), 7 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/efca2b8eccb027904b939aab35fde8c191acfc03
--
DragonFly BSD source repository
More information about the Commits
mailing list