Initial value of TCP Sequence number

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
KoSa_1909416
Level 5
Level 5
Distributor - Marubun (Japan)
250 sign-ins 25 replies posted First solution authored

Hi All,
I want to randomize the initial value of TCP Sequence number.

[Background]
Currently, the TCP initial sequence number (ISN) always starts from "0" when starting TCP connection  immediately after reseting the wifi-module .
In order to connect to  the Server that supports "Defending Against Sequence Number Attacks",
I want to randomize the initial value of TCP Sequence number.

Software environment:
        - WICED 6.2.1
        - LwIP

Hardware environment:
        - murata type-1LD wifi-module

[Question]
Which part of the source code should I change ?

-----------------------------
I checked the following, but regarding the TCP sequence number,
it doesn't seem to be processed in particular.

/43xxx_Wi-Fi/WICED/network/LwIP/WICED/tcpip.c

Best Regards,
       Sakagami

0 Likes
1 Solution

Dear Sakagami san,

LwIP contrib git already provides a similar example. You can try to port that in WICED SDK and reuse it.

If you migrate to addons\tcp_isn\, you will be able to find an implementation which uses MD5 to compute a hash of the input buffer, which contains both the four-tuple of the new TCP connection (local and remote IP address and port), as well as a 16-byte secret to make the results unpredictable to external parties.

Documentation: https://www.nongnu.org/lwip/2_0_x/group__lwip__opts__hooks.html#ga078d203053911cf3af178392700386a4

contrib git can be found from lwip website:lwip/lwip-contrib.git - lwIP Contrib - Contributed code for Lightweight TCP/IP stack

The tcp_isn.c contains further instructions to add the necessary changes in LwIP stack. Since, we have not tested this, you would need to take care of the WICED side of integration part. Let us know if you run into any issue. Meanwhile, I would also try to find some alternate way to do this.

Regards,
Raktim

View solution in original post

0 Likes
6 Replies
RaktimR_11
Moderator
Moderator
Moderator
500 replies posted 250 replies posted 100 replies posted

Are you referring to RFC 6528?

0 Likes
KoSa_1909416
Level 5
Level 5
Distributor - Marubun (Japan)
250 sign-ins 25 replies posted First solution authored

Dear RaktimR san,

Thank you for reply.

I am testing a TCP connection with a server.

The connection is unstable. I think that one of the causes is Server behavior with RFC 6528 protection.

First of all, I hope to implement initial value ( It is 3-way handshake SYN paket Sequence number) randomization

and check the effect.

Could you tell me that which part of the source code should be changed ?

Best Regards,

       Sakagami

0 Likes

Dear Sakagami san,

LwIP contrib git already provides a similar example. You can try to port that in WICED SDK and reuse it.

If you migrate to addons\tcp_isn\, you will be able to find an implementation which uses MD5 to compute a hash of the input buffer, which contains both the four-tuple of the new TCP connection (local and remote IP address and port), as well as a 16-byte secret to make the results unpredictable to external parties.

Documentation: https://www.nongnu.org/lwip/2_0_x/group__lwip__opts__hooks.html#ga078d203053911cf3af178392700386a4

contrib git can be found from lwip website:lwip/lwip-contrib.git - lwIP Contrib - Contributed code for Lightweight TCP/IP stack

The tcp_isn.c contains further instructions to add the necessary changes in LwIP stack. Since, we have not tested this, you would need to take care of the WICED side of integration part. Let us know if you run into any issue. Meanwhile, I would also try to find some alternate way to do this.

Regards,
Raktim

0 Likes
KoSa_1909416
Level 5
Level 5
Distributor - Marubun (Japan)
250 sign-ins 25 replies posted First solution authored

Dear Raktim san,

Thank you for your information and advice.

We will try them.

Best Regards,

       Sakagami

0 Likes
lock attach
Attachments are accessible only for community members.

Dear Sakagami san,

I will try to elaborate more on this, so that you can try the changes easily on your setup.

  1. Migrate to 43xxx_Wi-Fi/WICED/network/LwIP/WWD/FreeRTOS/arch/cc.h. Add the following code chunk

#ifdef TCP_ISN

struct ip_addr;

u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port, const struct ip_addr *remote_ip, u16_t remote_port);

#endif                                                                

     Also, in the same file you would need to uncomment u16_t, u32_t typedefs since we are using them now.

2.  Go to 43xxx_Wi-Fi/WICED/network/LwIP/WWD/FreeRTOS/lwipopts.h. Add the following code chunk.

#define TCP_ISN

#ifdef TCP_ISN

#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn

#endif

3. Copy the tcp_isn.c, tcp_isn.h file from the contrib directory to 43xxx_Wi-Fi/WICED/network/LwIP/ver2.0.3/src/core and compile them by adding

ver$(VERSION)/src/core/tcp_isn.c

in the last line of 43xxx_Wi-Fi/WICED/network/LwIP/LwIP.mk

4. Modify the tcp_isn code to use the mbedTLS md5 library. Attached is an example which needs to be replaced in 43xxx_Wi-Fi/WICED/network/LwIP/ver2.0.3/src/core

I am not sure if I missed anything but this should help your effort a little. If you run into some compilation error, you might need to tweak a thing or two on our own. Kindly check this with your server and let me know if it works.

Regards,

Raktim

0 Likes
KoSa_1909416
Level 5
Level 5
Distributor - Marubun (Japan)
250 sign-ins 25 replies posted First solution authored

Dear Raktim san,
Thank you for your supports.

I could randomize the initial value of TCP Sequence number.
We will check the stability of the connection with the server.

Best Regards,
Sakagami