diff options
-rw-r--r-- | sys/netinet/tcp_input.c | 152 |
1 files changed, 1 insertions, 151 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 15b0a09daa4..84d98320c0a 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.35 1999/05/24 17:46:40 provos Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.36 1999/06/11 19:46:39 pattonme Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -110,121 +110,6 @@ extern u_long sb_max; #define TSTMP_LT(a,b) ((int)((a)-(b)) < 0) #define TSTMP_GEQ(a,b) ((int)((a)-(b)) >= 0) -#ifdef TCPCOOKIE -/* - * Code originally by Matt Blaze and John Ioannidis. This code implements - * a cookie-like extension for TCP. Adapted to OpenBSD by Angelos D. - * Keromytis. - */ - -#ifndef TCK_NFRIENDS -#define TCK_NFRIENDS 16 -#endif /* TCK_NFRIENDS */ - -static struct in_addr tck_friends[TCK_NFRIENDS]; -static int tck_nfriends = 0; -static int tck_initialized = 0; - -#define TCK_PORT 333 /* Unused port! */ - -static int -tck_isafriend(struct in_addr f) -{ - register int i; - - for (i = tck_nfriends - 1; i >= 0; i--) - if (tck_friends[i].s_addr == f.s_addr) - return 1; - - return 0; -} - -static void -tck_delat(int n) -{ - int i; - - if ((n >= tck_nfriends) || (tck_nfriends == 0)) - return; - - for (i = n + 1; i < tck_nfriends ; i++) - tck_friends[i - 1] = tck_friends[i]; - - tck_nfriends--; -} - -static void -tck_addfriend(struct in_addr f) -{ -#ifdef DEBUG_TCPCOOKIE - printf("tck_addfriend: 0x%08x\n", ntohl(f.s_addr)); -#endif /* DEBUG_TCPCOOKIE */ - - if (tck_isafriend(f)) - return; - - if (tck_nfriends == TCK_NFRIENDS) - tck_delat(0); - - tck_friends[tck_nfriends++] = f; -} - -/* - * static void - * tck_delfriend(struct in_addr f) - * { - * int i; - * - * for (i = tck_nfriends - 1; i >= 0; i--) - * if (tck_friends[i].s_addr == f.s_addr) - * goto found1; - * - * return; - * - * found1: - * tck_delat(i); - * } -*/ - -static u_int32_t -tck_makecookie(f) - struct in_addr f; -{ - static MD5_CTX ctx; - u_int8_t buf[16]; - MD5_CTX ctx2; - - if (tck_initialized == 0) { /* This only happens once per reboot */ - tck_initialized = 1; - - get_random_bytes((void *) buf, 16); - MD5Init(&ctx); - MD5Update(&ctx, buf, 16); - } - ctx2 = ctx; - MD5Update(&ctx2, (void *) &f, sizeof(f)); - MD5Final(buf, &ctx2); /* This may not be necessary */ - return ((buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]); -} - -static int -tck_chkcookie(ti) - struct tcpiphdr *ti; -{ -#ifdef DEBUG_TCPCOOKIE - printf("tck_chkcookie: src = 0x%08x, cookie = 0x%08x, seq = 0x%08x, ack = 0x%08x\n", ntohl(ti->ti_src.s_addr), tck_makecookie(ti->ti_src), ti->ti_seq, ti->ti_ack); -#endif /* DEBUG_TCPCOOKIE */ - - if (tck_makecookie(ti->ti_src) == ti->ti_seq) { - /* seq in host order */ - tck_addfriend(ti->ti_src); - return 1; - } - return 0; -} - -#endif /* TCPCOOKIE */ - /* * Insert segment ti into reassembly queue of tcp with * control block tp. Return TH_FIN if reassembly now includes @@ -602,22 +487,6 @@ tcp_input(m, va_alist) NTOHS(th->th_win); NTOHS(th->th_urp); -#ifdef TCPCOOKIE - /* - * If this looks like a cookie response, check it. - * If it is, the check routine also adds the source - * of the packet to the friends list. - */ - -#ifdef INET6 - if (!is_ipv6 && (tiflags & TH_RST) && (ntohs(th->th_dport) == TCK_PORT)) -#else /* INET6 */ - if ((tiflags & TH_RST) && (ntohs(ti->ti_dport) == TCK_PORT)) -#endif /* INET6 */ - if (tck_chkcookie(ti)) - goto drop; /* RST is no longer needed */ -#endif /* TCPCOOKIE */ - /* * Locate pcb for segment. */ @@ -1005,25 +874,6 @@ findpcb: #endif /* INET6 */ } -#ifdef TCPCOOKIE - /* - * If source address is on friends list, proceed, otherwise - * try to obtain a cookie and drop the frame. - */ - - if (!tck_isafriend(ti->ti_src)) { - u_int32_t acookie; - - acookie = tck_makecookie(ti->ti_src); - ti->ti_dport = htons(TCK_PORT); - tcp_respond(tp, ti, m, acookie, acookie, TH_ACK); - /* destroy temporarily created socket */ - if (dropsocket) - (void) soabort(so); - return; - } -#endif /* TCPCOOKIE */ - /* * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN * in_broadcast() should never return true on a received |