[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-devel] [bug #25467] Listen backlog is not reset on timeout in
From: |
Piero 74 |
Subject: |
Re: [lwip-devel] [bug #25467] Listen backlog is not reset on timeout in SYN_RCVD |
Date: |
Fri, 6 Feb 2009 08:05:27 +0100 |
GOOD NEWS!! i send my code with my lwip-based application, with
simon's patch (corrected by me) to my company product test group (they
found code stuck using 2 hacking attaccks): they reported me that now
both bugs are fixed!!
bye
Piero
2009/2/3, piero <address@hidden>:
>
> Follow-up Comment #2, bug #25467 (project lwip):
>
> Hi tested the patch. There was some errors in compilation.
>
> I changed the code (i think in a correct way):
>
> ...
> LWIP_DEBUGF(TCP_DEBUG, ("tcp_pcb_purgen"));
>
> // piero
> // patch from Simon in lwip forum
> #if TCP_LISTEN_BACKLOG
> if (pcb->state == SYN_RCVD) {
> /* Need to find the corresponding listen_pcb and decrease its
> accepts_pending */
> struct tcp_pcb_listen *lpcb;
> LWIP_ASSERT("tcp_pcb_purge: pcb->state == SYN_RCVD but tcp_listen_pcbs
> is NULL",
> (tcp_listen_pcbs.listen_pcbs != NULL) );
> for (lpcb = tcp_listen_pcbs.listen_pcbs; lpcb != NULL; lpcb =
> lpcb->next) {
> if ( (lpcb->local_port == pcb->local_port) &&
> (ip_addr_isany(&(lpcb->local_ip)) ||
> ip_addr_cmp( &(pcb->local_ip), &(lpcb->local_ip) ) )) {
> /* port and address of the listen pcb match the timed-out pcb */
> LWIP_ASSERT("tcp_pcb_purge: listen pcb does not have accepts
> pending",
> lpcb->accepts_pending > 0);
> lpcb->accepts_pending--;
> break;
> }
> }
> }
> #endif /* TCP_LISTEN_BACKLOG */
> //
>
> if (pcb->refused_data != NULL) {
> ....
>
>
> I did some tests using NMAP... it seems to work!
> If i understood how Simon patch the lwip code, i suppose there is no impact
> in other functionality... anyway, i did some test on my application, to
> check
> normal behaviour.
>
> Now, when SYN/RST is received (NMAP does this for scanning ports) OR only a
> SYN packet is received, the accepts_pending is purged
> (in the first case when RST is received... i checked with debugger, in the
> second case, when a timeout for SYN_RCVD is elapsed (20000ms) in
> slow_timer...
> i don't have a tool to test this specific situation, i'm finding it...)
>
> I will post here future news about thsi bug and Simon's patch.
>
> Piero
>
> _______________________________________________________
>
> Reply to this item at:
>
> <http://savannah.nongnu.org/bugs/?25467>
>
> _______________________________________________
> Messaggio inviato con/da Savannah
> http://savannah.nongnu.org/
>
>
>
> _______________________________________________
> lwip-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/lwip-devel
>