summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpattonme <pattonme@cvs.openbsd.org>1999-06-11 19:46:40 +0000
committerpattonme <pattonme@cvs.openbsd.org>1999-06-11 19:46:40 +0000
commit8f069142a8bb6e01c14dd0e540db2a7b207c4bc6 (patch)
tree7b445c3f19831e96f72793ed57e06552313a7856
parente5a9b6a07d1fe774ee3fe08ea5af55d5c8998387 (diff)
removed TCPCOOKIE support.
-rw-r--r--sys/netinet/tcp_input.c152
1 files changed, 1 insertions, 151 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 15b0a09daa4..84d98320c0a 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.35 1999/05/24 17:46:40 provos Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.36 1999/06/11 19:46:39 pattonme Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -110,121 +110,6 @@ extern u_long sb_max;
#define TSTMP_LT(a,b) ((int)((a)-(b)) < 0)
#define TSTMP_GEQ(a,b) ((int)((a)-(b)) >= 0)
-#ifdef TCPCOOKIE
-/*
- * Code originally by Matt Blaze and John Ioannidis. This code implements
- * a cookie-like extension for TCP. Adapted to OpenBSD by Angelos D.
- * Keromytis.
- */
-
-#ifndef TCK_NFRIENDS
-#define TCK_NFRIENDS 16
-#endif /* TCK_NFRIENDS */
-
-static struct in_addr tck_friends[TCK_NFRIENDS];
-static int tck_nfriends = 0;
-static int tck_initialized = 0;
-
-#define TCK_PORT 333 /* Unused port! */
-
-static int
-tck_isafriend(struct in_addr f)
-{
- register int i;
-
- for (i = tck_nfriends - 1; i >= 0; i--)
- if (tck_friends[i].s_addr == f.s_addr)
- return 1;
-
- return 0;
-}
-
-static void
-tck_delat(int n)
-{
- int i;
-
- if ((n >= tck_nfriends) || (tck_nfriends == 0))
- return;
-
- for (i = n + 1; i < tck_nfriends ; i++)
- tck_friends[i - 1] = tck_friends[i];
-
- tck_nfriends--;
-}
-
-static void
-tck_addfriend(struct in_addr f)
-{
-#ifdef DEBUG_TCPCOOKIE
- printf("tck_addfriend: 0x%08x\n", ntohl(f.s_addr));
-#endif /* DEBUG_TCPCOOKIE */
-
- if (tck_isafriend(f))
- return;
-
- if (tck_nfriends == TCK_NFRIENDS)
- tck_delat(0);
-
- tck_friends[tck_nfriends++] = f;
-}
-
-/*
- * static void
- * tck_delfriend(struct in_addr f)
- * {
- * int i;
- *
- * for (i = tck_nfriends - 1; i >= 0; i--)
- * if (tck_friends[i].s_addr == f.s_addr)
- * goto found1;
- *
- * return;
- *
- * found1:
- * tck_delat(i);
- * }
-*/
-
-static u_int32_t
-tck_makecookie(f)
- struct in_addr f;
-{
- static MD5_CTX ctx;
- u_int8_t buf[16];
- MD5_CTX ctx2;
-
- if (tck_initialized == 0) { /* This only happens once per reboot */
- tck_initialized = 1;
-
- get_random_bytes((void *) buf, 16);
- MD5Init(&ctx);
- MD5Update(&ctx, buf, 16);
- }
- ctx2 = ctx;
- MD5Update(&ctx2, (void *) &f, sizeof(f));
- MD5Final(buf, &ctx2); /* This may not be necessary */
- return ((buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]);
-}
-
-static int
-tck_chkcookie(ti)
- struct tcpiphdr *ti;
-{
-#ifdef DEBUG_TCPCOOKIE
- printf("tck_chkcookie: src = 0x%08x, cookie = 0x%08x, seq = 0x%08x, ack = 0x%08x\n", ntohl(ti->ti_src.s_addr), tck_makecookie(ti->ti_src), ti->ti_seq, ti->ti_ack);
-#endif /* DEBUG_TCPCOOKIE */
-
- if (tck_makecookie(ti->ti_src) == ti->ti_seq) {
- /* seq in host order */
- tck_addfriend(ti->ti_src);
- return 1;
- }
- return 0;
-}
-
-#endif /* TCPCOOKIE */
-
/*
* Insert segment ti into reassembly queue of tcp with
* control block tp. Return TH_FIN if reassembly now includes
@@ -602,22 +487,6 @@ tcp_input(m, va_alist)
NTOHS(th->th_win);
NTOHS(th->th_urp);
-#ifdef TCPCOOKIE
- /*
- * If this looks like a cookie response, check it.
- * If it is, the check routine also adds the source
- * of the packet to the friends list.
- */
-
-#ifdef INET6
- if (!is_ipv6 && (tiflags & TH_RST) && (ntohs(th->th_dport) == TCK_PORT))
-#else /* INET6 */
- if ((tiflags & TH_RST) && (ntohs(ti->ti_dport) == TCK_PORT))
-#endif /* INET6 */
- if (tck_chkcookie(ti))
- goto drop; /* RST is no longer needed */
-#endif /* TCPCOOKIE */
-
/*
* Locate pcb for segment.
*/
@@ -1005,25 +874,6 @@ findpcb:
#endif /* INET6 */
}
-#ifdef TCPCOOKIE
- /*
- * If source address is on friends list, proceed, otherwise
- * try to obtain a cookie and drop the frame.
- */
-
- if (!tck_isafriend(ti->ti_src)) {
- u_int32_t acookie;
-
- acookie = tck_makecookie(ti->ti_src);
- ti->ti_dport = htons(TCK_PORT);
- tcp_respond(tp, ti, m, acookie, acookie, TH_ACK);
- /* destroy temporarily created socket */
- if (dropsocket)
- (void) soabort(so);
- return;
- }
-#endif /* TCPCOOKIE */
-
/*
* RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
* in_broadcast() should never return true on a received