Re: TCP RST handling in 6.0

• Previous message: Mathieu CHATEAU: "Re: TCP RST handling in 6.0"
• In reply to: Lars Eggert: "TCP RST handling in 6.0"
• Next in thread: Marc Olzheim: "Re: TCP RST handling in 6.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 8 Nov 2005 12:24:25 -0800
To: Lars Eggert <lars.eggert@netlab.nec.de>

On Tue, Nov 08, 2005 at 11:02:25AM -0800, Lars Eggert wrote:
> Hi,
>
> I came across the following in the release notes of 6.0 recently:
>
> "The RST handling of the FreeBSD TCP stack has been improved to make
> reset attacks as difficult as possible while maintaining
> compatibility with the widest range of TCP stacks. (...) Note that
> this behavior technically violates the RFC 793 specification; the
> conventional (but less secure) behavior can be restored by setting a
> new sysctl net.inet.tcp.insecure_rst to 1. [MERGED]"
>
> This means that the default, unconfigured FreeBSD TCP implementation
> is no longer RFC-conformant, which has always been one of its
> advantages over competing systems. Although I agree that the
> modification can be useful in some specific setups, making it the
> default at this time appears hasty. The IETF's tcpm working group is
> evaluating mechanisms for RST processing, and one will likely move to
> standards track in the future.

Anyone claiming a "fully RFC-conformant TCP implementation" is almost
certainly full of it. Striving for standards conformance even when the
standards are wrong or inadequate is not particularly useful IMO. Where
possible we should provide knobs to switch between the behaviors, but
given the rate at which standards are updated, I don't believe waiting
for final approval to flip a switch is viable.

-- Brooks
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Mathieu CHATEAU: "Re: TCP RST handling in 6.0"
• In reply to: Lars Eggert: "TCP RST handling in 6.0"
• Next in thread: Marc Olzheim: "Re: TCP RST handling in 6.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: TCP RST handling in 6.0 ... LE> "The RST handling of the FreeBSD TCP stack has been improved to make ... LE> this behavior technically violates the RFC 793 specification; ... (freebsd-net) TCP RST handling in 6.0 ... "The RST handling of the FreeBSD TCP stack has been improved to make ... this behavior technically violates the RFC 793 specification; ... (freebsd-net)