Kernel code of reseting/ignoring tcp SYN packets
Robert Watson
rwatson at FreeBSD.org
Sat Aug 6 21:04:08 GMT 2005
On Sat, 6 Aug 2005, Minh Tran wrote:
> I was looking around for the files of Kernel code where SYN messages are
> sent, so we can simply inject some code to send back a reset messages or
> ignore the SYN requests. I was looking at the function ioctl() which
> takes fd of the tcp socket. As i track the function down, there is also
> another call to the dev_ioclt() function where all parameters are passed
> down. However, i was not sucessful with finding out the description of
> this dev_ioclt() function. I am having a bit of trouble in finding out
> the way of injecting code in the kernel to deal with SYN packets. I am
> thinking of using ipfw to either reset or drop SYN packets.
>
> Would anyone have some hints on the clean way of injecting some code to
> deal with SYN packets or could you give me some ideas on which files i
> should look at? I really appreciate that. I saw some promising files in
> src/sys/netinet but they are not all clear in my mind.
TCP packet input processing occurs in
src/sys/netinet/tcp_input.c:tcp_input(). This is a very large function,
so you will want to search for the following line, which precedes
responsible for the processing of SYN packets that will form new
connections:
if (so->so_options & SO_ACCEPTCONN) {
FreeBSD makes use of a combined syncache/syncookie mechanism, so you're
probably also interested in tcp_syncache.c.
Robert N M Watson
More information about the freebsd-hackers
mailing list