search for: tcp_input

Hi , I have posted DTrace script to snoop tcp traffic and also provided a wrapper script for it to filter out unwanted traffic. http://blogs.sun.com/roller/comments/raviswam/Weblog/tcp_snoop_using_dtrace Please let me know if you have any feedback/comments on this. Thanks Ravi

Any information on when (or if) the following timestamp vulnerability will be fixed for 4.X? Any information would be appreciated. http://www.kb.cert.org/vuls/id/637934 Thanks. Richard Coleman rcoleman@criticalmagic.com

....securityfocus.com/bid/13676/info/ which talks about a form of DOS vulnerability. I was curious as to the possibility of FreeBSD 5.x being affected, and if anyone was working on this or not. Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch : in /usr/src/sys/netinet *** tcp_input.c.original Thu May 19 11:52:30 2005 --- tcp_input.c Thu May 19 12:00:14 2005 *************** *** 976,984 **** --- 976,992 ---- * record the timestamp. * NOTE that the test is modified according to the latest * proposal of the tcplw@cray.com...

...Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/netinet/tcp_input.c 1.107.2.44 RELENG_4_11 src/UPDATING 1.73.2.91.2.12 src/sys/conf/newvers.sh 1.44.2.39.2.15 src/sys/netinet/tcp_input.c 1.107.2.41.4.3 RELENG_4_10 src/U...

...Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/netinet/tcp_input.c 1.107.2.44 RELENG_4_11 src/UPDATING 1.73.2.91.2.12 src/sys/conf/newvers.sh 1.44.2.39.2.15 src/sys/netinet/tcp_input.c 1.107.2.41.4.3 RELENG_4_10 src/U...

...Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_8 sys/netinet/tcp_input.c 1.411.2.22 sys/netinet6/in6.c 1.121.2.28 sys/netinet6/ip6_input.c 1.132.2.9 RELENG_8_3 src/UPDATING 1.632.2.26.2.5 src/sys/conf/n...

...uid = 0 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a panic() at panic+0x182 vm_page_unwire() at vm_page_unwire+0x84 sf_buf_mext() at sf_buf_mext+0x3c mb_free_ext() at mb_free_ext+0x99 sbdrop_internal() at sbdrop_internal+0x1e8 tcp_do_segment() at tcp_do_segment+0x1512 tcp_input() at tcp_input+0x7f7 ip_input() at ip_input+0xa8 ether_demux() at ether_demux+0x1b4 ether_input() at ether_input+0x1bb bge_intr() at bge_intr+0x3ca ithread_loop() at ithread_loop+0x180 fork_exit() at fork_exit+0x11f fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffffffea28f...

...Revision Path - ------------------------------------------------------------------------- RELENG_4 src/UPDATING 1.73.2.90 src/sys/conf/newvers.sh 1.44.2.33 src/sys/netinet/tcp_input.c 1.107.2.40 src/sys/netinet/tcp_subr.c 1.73.2.33 src/sys/netinet/tcp_var.h 1.56.2.15 RELENG_5_2 src/UPDATING 1.282.2.9 src/sys/conf/newve...

i''m using the following probe to calculate how many bytes are being written by tcp write calls, by process and total: fbt:ip:tcp_output:entry { this->tcpout_size = msgdsize(args[1]); @tcpout_size[execname] = sum(this->tcpout_size); @tcpout_size["TOTAL_TCP_OUT"] = sum(this->tcpout_size); } I run this probe for N seconds. I suppose that if i get the

...Revision Path - ------------------------------------------------------------------------- RELENG_4 src/UPDATING 1.73.2.90 src/sys/conf/newvers.sh 1.44.2.33 src/sys/netinet/tcp_input.c 1.107.2.40 src/sys/netinet/tcp_subr.c 1.73.2.33 src/sys/netinet/tcp_var.h 1.56.2.15 RELENG_5_2 src/UPDATING 1.282.2.9 src/sys/conf/newve...

...svdb-4030-exploit.zip), and this change does indeed defeat the attack. It took me a while to get the code working, they really munged up the libnet calls, but I guess that was the intent. Mike "Silby" Silbersack -------------- next part -------------- diff -u -r /usr/src/sys.old/netinet/tcp_input.c /usr/src/sys/netinet/tcp_input.c --- /usr/src/sys.old/netinet/tcp_input.c Thu Apr 22 01:15:15 2004 +++ /usr/src/sys/netinet/tcp_input.c Fri Apr 23 22:13:18 2004 @@ -1570,6 +1570,10 @@ goto close; case TCPS_ESTABLISHED: + if (tp->last_ack_sent != th->th_seq) { + tcpstat.tcp...

...n panic (fmt=0xc090c16a "sbdrop") at /usr/src/sys/kern/kern_shutdown.c:555 #3 0xc06d266c in sbdrop_locked (sb=0xc20aca84, len=1) at /usr/src/sys/kern/uipc_socket2.c:1157 #4 0xc06d3d93 in sbdrop (sb=0xc20aca84, len=0) at /usr/src/sys/kern/uipc_socket2.c:1208 #5 0xc0748a7d in tcp_input (m=0xc1c09100, off0=-1039845124) at /usr/src/sys/netinet/tcp_input.c:1201 #6 0xc0740147 in ip_input (m=0xc1c09100) at /usr/src/sys/netinet/ip_input.c:778 #7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8) at /usr/src/sys/net/netisr.c:236 #8 0xc07174be in swi_net (dummy=0x0) at /usr...

...Revision > Path > - ------------------------------------------------------------------------ - > RELENG_4 > src/UPDATING 1.73.2.90 > src/sys/conf/newvers.sh 1.44.2.33 > src/sys/netinet/tcp_input.c 1.107.2.40 > src/sys/netinet/tcp_subr.c 1.73.2.33 > src/sys/netinet/tcp_var.h 1.56.2.15 > RELENG_5_2 > src/UPDATING 1.282.2.9...

Hello I'm a bit confused about the "tcp time stamp validation bug" mentioned in the http://www.kb.cert.org/vuls/id/637934 advisory. FreeBSD has fixed this issue in -current (2005-04-10) and in RELENG_5 (2005-04-19). Is this also already fixed in 5.4? The CVS ID for tcp_input.c does not look like this. But I'm not sure. Regards, Thomas

I''m running 2.6.7 + (julian''s multi-path patch) + IMQ (imq2+beta6) and I got the following on my console while doing some stress testing: KERNEL: assertion (tp->retrans_out == 0) failed at net/ipv4/tcp_input.c (1827) I don''t know what I would do to try to reproduce this condition; it only appeared once. tcp_input.c sounds deep enough to scare me off from looking ... So, I wonder if this error has any significance to anyone listening on the list, and what, if anything, I should do about it....

On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some reason, so 5.4 shipped with > it. > > My guess is that he didn't notify you guys either. > > I stumbled upon this through a Heise News article at > http://www.heise.de/newsticke...

...ine 00:32trace Tracing pid 12 tid 100001 td 0xffffff007b959be0 propagate_priority() at propagate_priority+0x66 turnstile_wait() at turnstile_wait+0x20f _mtx_lock_sleep() at _mtx_lock_sleep+0x89 sf_buf_mext() at sf_buf_mext+0xa3 mb_free_ext() at mb_free_ext+0x64 sbdrop_locked() at sbdrop_locked+0xb8 tcp_input() at tcp_input+0x255e ip_input() at ip_input+0x100 netisr_processqueue() at netisr_processqueue+0x78 swi_net() at swi_net+0x14d ithread_loop() at ithread_loop+0x162 fork_exit() at fork_exit+0x86 fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffffffb18ecd00, rbp = 0 --- db&g...

...length -= opsize; 430 } 431 } doing 'break' at line 412 we forget to decrement 'length'. Also, there is a question: why 'break' and not just 'return'? Comment for tcp_options() says that it is a "Simplified tcp_parse_options routine from tcp_input.c", but tcp_parse_options() does 'return' in case of "partial options". -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.

...in_pcb.c in_pcb.h in_rmx.c in_var.h > ip_fastfwd.c ip_fw.h ip_fw2.c ip_icmp.c > ip_input.c ip_mroute.c ip_mroute.h > ip_options.c ip_output.c ip_var.h > raw_ip.c sctp_os_bsd.h tcp_input.c > tcp_subr.c tcp_syncache.c > sys/netinet6 in6.c in6_ifattach.c in6_rmx.c nd6_rtr.c > sys/netipx ipx_proto.c > sys/nfs4client nfs4_vfsops.c > sys/nfsclient bootp_subr.c nfs_vfsops.c > sys/sys...

Hello everybody, setting up a netboot server for a really huge network I decided to go with what will be syslinux 4.10 to get support for http transfers. The setup works on my notebook, booting another notebook directly connected. However it fails with a more complex setup: A virtual machine on the second notebook bridged to the ethernet device does not boot, systems from other networks with a