6 Replies Latest reply on May 28, 2020 5:55 PM by KoSa_1909416

    Initial value of TCP Sequence number

    KoSa_1909416

      Hi All,
      I want to randomize the initial value of TCP Sequence number.

       

      [Background]
      Currently, the TCP initial sequence number (ISN) always starts from "0" when starting TCP connection  immediately after reseting the wifi-module .
      In order to connect to  the Server that supports "Defending Against Sequence Number Attacks",
      I want to randomize the initial value of TCP Sequence number.

       

      Software environment:
              - WICED 6.2.1
              - LwIP

      Hardware environment:
              - murata type-1LD wifi-module

       

      [Question]
      Which part of the source code should I change ?

       

      -----------------------------
      I checked the following, but regarding the TCP sequence number,
      it doesn't seem to be processed in particular.

      /43xxx_Wi-Fi/WICED/network/LwIP/WICED/tcpip.c

       

      Best Regards,
             Sakagami

        • 1. Re: Initial value of TCP Sequence number
          RaktimR_11

          Are you referring to RFC 6528?

          • 2. Re: Initial value of TCP Sequence number
            KoSa_1909416

            Dear RaktimR san,

            Thank you for reply.

             

            I am testing a TCP connection with a server.

            The connection is unstable. I think that one of the causes is Server behavior with RFC 6528 protection.

            First of all, I hope to implement initial value ( It is 3-way handshake SYN paket Sequence number) randomization

            and check the effect.

             

            Could you tell me that which part of the source code should be changed ?

             

            Best Regards,

                   Sakagami

            • 3. Re: Initial value of TCP Sequence number
              RaktimR_11

              Dear Sakagami san,

               

              LwIP contrib git already provides a similar example. You can try to port that in WICED SDK and reuse it.

               

              If you migrate to addons\tcp_isn\, you will be able to find an implementation which uses MD5 to compute a hash of the input buffer, which contains both the four-tuple of the new TCP connection (local and remote IP address and port), as well as a 16-byte secret to make the results unpredictable to external parties.

               

              Documentation: https://www.nongnu.org/lwip/2_0_x/group__lwip__opts__hooks.html#ga078d203053911cf3af178392700386a4

              contrib git can be found from lwip website:lwip/lwip-contrib.git - lwIP Contrib - Contributed code for Lightweight TCP/IP stack

               

              The tcp_isn.c contains further instructions to add the necessary changes in LwIP stack. Since, we have not tested this, you would need to take care of the WICED side of integration part. Let us know if you run into any issue. Meanwhile, I would also try to find some alternate way to do this.

               

              Regards,
              Raktim

              • 4. Re: Initial value of TCP Sequence number
                KoSa_1909416

                Dear Raktim san,

                Thank you for your information and advice.

                 

                We will try them.

                 

                Best Regards,

                       Sakagami

                • 5. Re: Initial value of TCP Sequence number
                  RaktimR_11

                  Dear Sakagami san,

                   

                  I will try to elaborate more on this, so that you can try the changes easily on your setup.

                   

                  1. Migrate to 43xxx_Wi-Fi/WICED/network/LwIP/WWD/FreeRTOS/arch/cc.h. Add the following code chunk
                  #ifdef TCP_ISN
                  struct ip_addr;
                  u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port, const struct ip_addr *remote_ip, u16_t remote_port);
                  #endif                                                                 
                  

                       Also, in the same file you would need to uncomment u16_t, u32_t typedefs since we are using them now.

                   

                  2.  Go to 43xxx_Wi-Fi/WICED/network/LwIP/WWD/FreeRTOS/lwipopts.h. Add the following code chunk.

                  #define TCP_ISN
                  #ifdef TCP_ISN
                  #define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn
                  #endif
                  

                   

                  3. Copy the tcp_isn.c, tcp_isn.h file from the contrib directory to 43xxx_Wi-Fi/WICED/network/LwIP/ver2.0.3/src/core and compile them by adding

                  ver$(VERSION)/src/core/tcp_isn.c
                  

                  in the last line of 43xxx_Wi-Fi/WICED/network/LwIP/LwIP.mk

                   

                  4. Modify the tcp_isn code to use the mbedTLS md5 library. Attached is an example which needs to be replaced in 43xxx_Wi-Fi/WICED/network/LwIP/ver2.0.3/src/core

                   

                  I am not sure if I missed anything but this should help your effort a little. If you run into some compilation error, you might need to tweak a thing or two on our own. Kindly check this with your server and let me know if it works.

                   

                  Regards,

                  Raktim

                  • 6. Re: Initial value of TCP Sequence number
                    KoSa_1909416

                    Dear Raktim san,
                    Thank you for your supports.

                     

                    I could randomize the initial value of TCP Sequence number.
                    We will check the stability of the connection with the server.

                     

                    Best Regards,
                    Sakagami