Attachment #11801 for bug #23086

View | Details | Raw Unified | Return to bug 23086
Collapse All | Expand All

Lines 328-333 Link Here

(-)sys/netinet/ip_icmp.c (+15 lines)
328		328
329	case ICMP_UNREACH_NET_UNKNOWN:	329	case ICMP_UNREACH_NET_UNKNOWN:
330	case ICMP_UNREACH_NET_PROHIB:	330	case ICMP_UNREACH_NET_PROHIB:
		331	if (icp->icmp_ip.ip_p == IPPROTO_TCP) {
		332	code = PRC_UNREACH_PORT;
		333	break;
		334	}
		335
331	case ICMP_UNREACH_TOSNET:	336	case ICMP_UNREACH_TOSNET:
332	code = PRC_UNREACH_NET;	337	code = PRC_UNREACH_NET;
333	break;	338	break;
Lines 335-345 Link Here
335	case ICMP_UNREACH_HOST_UNKNOWN:	340	case ICMP_UNREACH_HOST_UNKNOWN:
336	case ICMP_UNREACH_ISOLATED:	341	case ICMP_UNREACH_ISOLATED:
337	case ICMP_UNREACH_HOST_PROHIB:	342	case ICMP_UNREACH_HOST_PROHIB:
		343	if (icp->icmp_ip.ip_p == IPPROTO_TCP) {
		344	code = PRC_UNREACH_PORT;
		345	break;
		346	}
		347
338	case ICMP_UNREACH_TOSHOST:	348	case ICMP_UNREACH_TOSHOST:
339	code = PRC_UNREACH_HOST;	349	code = PRC_UNREACH_HOST;
340	break;	350	break;
341		351
342	case ICMP_UNREACH_FILTER_PROHIB:	352	case ICMP_UNREACH_FILTER_PROHIB:
		353	if (icp->icmp_ip.ip_p == IPPROTO_TCP) {
		354	code = PRC_UNREACH_PORT;
		355	break;
		356	}
		357
343	case ICMP_UNREACH_HOST_PRECEDENCE:	358	case ICMP_UNREACH_HOST_PRECEDENCE:
344	case ICMP_UNREACH_PRECEDENCE_CUTOFF:	359	case ICMP_UNREACH_PRECEDENCE_CUTOFF:
345	code = PRC_UNREACH_PORT;	360	code = PRC_UNREACH_PORT;

Lines 134-139 Link Here

(-)sys/netinet/tcp_subr.c (+25 lines)
134	SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD,	134	SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD,
135	&tcbinfo.ipi_count, 0, "Number of active PCBs");	135	&tcbinfo.ipi_count, 0, "Number of active PCBs");
136		136
		137	/*
		138	* Treat ICMP administratively prohibited like a TCP RST
		139	* as required by rfc1122 section 3.2.2.1
		140	*/
		141
		142	static int icmp_admin_prohib_like_rst = 0;
		143	SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_admin_prohib_like_rst, CTLFLAG_RW,
		144	&icmp_admin_prohib_like_rst, 0, "Treat ICMP administratively prohibited messages like TCP RST, rfc1122 section 3.2.2.1");
		145
137	static void tcp_cleartaocache __P((void));	146	static void tcp_cleartaocache __P((void));
138	static void tcp_notify __P((struct inpcb *, int));	147	static void tcp_notify __P((struct inpcb *, int));
139		148
Lines 961-966 Link Here
961		970
962	if (cmd == PRC_QUENCH)	971	if (cmd == PRC_QUENCH)
963	notify = tcp_quench;	972	notify = tcp_quench;
		973	else if ((icmp_admin_prohib_like_rst == 1) && (cmd == PRC_UNREACH_PORT) && (ip))
		974	notify = tcp_drop_syn_sent;
964	else if (cmd == PRC_MSGSIZE)	975	else if (cmd == PRC_MSGSIZE)
965	notify = tcp_mtudisc;	976	notify = tcp_mtudisc;
966	else if (!PRC_IS_REDIRECT(cmd) &&	977	else if (!PRC_IS_REDIRECT(cmd) &&
Lines 1071-1076 Link Here
1071		1082
1072	if (tp)	1083	if (tp)
1073	tp->snd_cwnd = tp->t_maxseg;	1084	tp->snd_cwnd = tp->t_maxseg;
		1085	}
		1086
		1087	/*
		1088	* When a ICMP unreachable is recieved, drop the
		1089	* TCP connection, but only if in SYN_SENT
		1090	*/
		1091	void
		1092	tcp_drop_syn_sent(inp, errno)
		1093	struct inpcb *inp;
		1094	int errno;
		1095	{
		1096	struct tcpcb *tp = intotcpcb(inp);
		1097	if((tp) && (tp->t_state == TCPS_SYN_SENT))
		1098	tcp_drop(tp, errno);
1074	}	1099	}
1075		1100
1076	/*	1101	/*

Lines 387-392 Link Here

(-)sys/netinet/tcp_var.h (+1 lines)
387	void tcp_input __P((struct mbuf *, int, int));	387	void tcp_input __P((struct mbuf *, int, int));
388	void tcp_mss __P((struct tcpcb *, int));	388	void tcp_mss __P((struct tcpcb *, int));
389	int tcp_mssopt __P((struct tcpcb *));	389	int tcp_mssopt __P((struct tcpcb *));
		390	void tcp_drop_syn_sent __P((struct inpcb *, int));
390	void tcp_mtudisc __P((struct inpcb *, int));	391	void tcp_mtudisc __P((struct inpcb *, int));
391	struct tcpcb *	392	struct tcpcb *
392	tcp_newtcpcb __P((struct inpcb *));	393	tcp_newtcpcb __P((struct inpcb *));

Return to bug 23086