FreeBSD Bugzilla – Attachment 11801 Details for
Bug 23086
implement rfc1122 3.2.2.1, react to ICMP administratively prohibited
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.77 KB, created by
jesper
on 2000-11-24 22:30:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
jesper
Created:
2000-11-24 22:30:01 UTC
Size:
2.77 KB
patch
obsolete
>diff -ru sys/netinet.old/ip_icmp.c sys/netinet/ip_icmp.c >--- sys/netinet.old/ip_icmp.c Thu Nov 2 10:46:23 2000 >+++ sys/netinet/ip_icmp.c Mon Nov 20 22:33:43 2000 >@@ -328,6 +328,11 @@ > > case ICMP_UNREACH_NET_UNKNOWN: > case ICMP_UNREACH_NET_PROHIB: >+ if (icp->icmp_ip.ip_p == IPPROTO_TCP) { >+ code = PRC_UNREACH_PORT; >+ break; >+ } >+ > case ICMP_UNREACH_TOSNET: > code = PRC_UNREACH_NET; > break; >@@ -335,11 +340,21 @@ > case ICMP_UNREACH_HOST_UNKNOWN: > case ICMP_UNREACH_ISOLATED: > case ICMP_UNREACH_HOST_PROHIB: >+ if (icp->icmp_ip.ip_p == IPPROTO_TCP) { >+ code = PRC_UNREACH_PORT; >+ break; >+ } >+ > case ICMP_UNREACH_TOSHOST: > code = PRC_UNREACH_HOST; > break; > > case ICMP_UNREACH_FILTER_PROHIB: >+ if (icp->icmp_ip.ip_p == IPPROTO_TCP) { >+ code = PRC_UNREACH_PORT; >+ break; >+ } >+ > case ICMP_UNREACH_HOST_PRECEDENCE: > case ICMP_UNREACH_PRECEDENCE_CUTOFF: > code = PRC_UNREACH_PORT; >diff -ru sys/netinet.old/tcp_subr.c sys/netinet/tcp_subr.c >--- sys/netinet.old/tcp_subr.c Fri Oct 27 13:45:41 2000 >+++ sys/netinet/tcp_subr.c Tue Nov 21 21:16:27 2000 >@@ -134,6 +134,15 @@ > SYSCTL_INT(_net_inet_tcp, OID_AUTO, pcbcount, CTLFLAG_RD, > &tcbinfo.ipi_count, 0, "Number of active PCBs"); > >+/* >+ * Treat ICMP administratively prohibited like a TCP RST >+ * as required by rfc1122 section 3.2.2.1 >+ */ >+ >+static int icmp_admin_prohib_like_rst = 0; >+SYSCTL_INT(_net_inet_tcp, OID_AUTO, icmp_admin_prohib_like_rst, CTLFLAG_RW, >+ &icmp_admin_prohib_like_rst, 0, "Treat ICMP administratively prohibited messages like TCP RST, rfc1122 section 3.2.2.1"); >+ > static void tcp_cleartaocache __P((void)); > static void tcp_notify __P((struct inpcb *, int)); > >@@ -961,6 +970,8 @@ > > if (cmd == PRC_QUENCH) > notify = tcp_quench; >+ else if ((icmp_admin_prohib_like_rst == 1) && (cmd == PRC_UNREACH_PORT) && (ip)) >+ notify = tcp_drop_syn_sent; > else if (cmd == PRC_MSGSIZE) > notify = tcp_mtudisc; > else if (!PRC_IS_REDIRECT(cmd) && >@@ -1071,6 +1082,20 @@ > > if (tp) > tp->snd_cwnd = tp->t_maxseg; >+} >+ >+/* >+ * When a ICMP unreachable is recieved, drop the >+ * TCP connection, but only if in SYN_SENT >+ */ >+void >+tcp_drop_syn_sent(inp, errno) >+ struct inpcb *inp; >+ int errno; >+{ >+ struct tcpcb *tp = intotcpcb(inp); >+ if((tp) && (tp->t_state == TCPS_SYN_SENT)) >+ tcp_drop(tp, errno); > } > > /* >diff -ru sys/netinet.old/tcp_var.h sys/netinet/tcp_var.h >--- sys/netinet.old/tcp_var.h Sat Jul 22 01:26:37 2000 >+++ sys/netinet/tcp_var.h Sun Nov 19 21:17:55 2000 >@@ -387,6 +387,7 @@ > void tcp_input __P((struct mbuf *, int, int)); > void tcp_mss __P((struct tcpcb *, int)); > int tcp_mssopt __P((struct tcpcb *)); >+void tcp_drop_syn_sent __P((struct inpcb *, int)); > void tcp_mtudisc __P((struct inpcb *, int)); > struct tcpcb * > tcp_newtcpcb __P((struct inpcb *));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11801">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 23086
: 11801