With the hacking I have been doing, looking at initial TCP sequence
numbers, I ran across the following:
/*
* Tcp initialization
*/
void
tcp_init()
{
int hashsize;
tcp_iss = random(); /* wrong, but better than a constant */
If you look at RFC793:
To avoid confusion we must prevent segments from one incarnation of a
connection from being used while the same sequence numbers may still
be present in the network from an earlier incarnation. We want to
assure this, even if a TCP crashes and loses all knowledge of the
***********
sequence numbers it has been using. When new connections are created,
an initial sequence number (ISN) generator is employed which selects a
new 32 bit ISN. The generator is bound to a (possibly fictitious) 32
bit clock whose low order bit is incremented roughly every 4
microseconds. Thus, the ISN cycles approximately every 4.55 hours.
Since we assume that segments will stay in the network no more than
the Maximum Segment Lifetime (MSL) and that the MSL is less than 4.55
hours we can reasonably assume that ISN's will be unique.
This tells us, that we need to assure that things happen as required,
even when TCP crashes (or the system reboots).
Thus, it looks like we should rather start off the tcp_iss based
on the system clock, plus a random increment. This way, we fullfil
the goals of sequence numbers being unpredictable, and we also ensure
that we carry on with a monotonically increasing series of initial
sequence numbers. (Using microtime() and dividing by 4 should give
a reasonable approximation to work with.)
I will look at a change to this shortly.
Geoff.
--
Geoff Rehmet, The Internet Solution - Infrastructure
tel: +27-11-283-5462, fax: +27-11-283-5401 mobile: +27-83-292-5800
email: geo...@is.co.za
URL: http://www.is.co.za
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
