Bug 23986

Summary: Update of "react to ICMP unreachables" code
Product: Base System Reporter: jesper <jesper>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me CC: jesper
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description jesper 2000-12-31 20:30:04 UTC 
	Update of the code to react on ICMP unreachables.
PHK has previously committed this code, see kern/23086 & kern/23655

We now let ICMP unreachables kill TCP sessions regardless of state, and all
other unreachables (except "need to fragment, but DF bit set") will kill 
sessions in SYN-SENT state.

Broken down the changes are:

- remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotify
- add new PRC_UNREACH_ADMIN_PROHIB in sys/sys/protosw.h
- remove condition on TCP in src/sys/netinet/ip_icmp.c:icmp_input
- in src/sys/netinet/ip_icmp.c:icmp_input set code = PRC_UNREACH_ADMIN_PROHIB
  or PRC_UNREACH_HOST for all unreachables except ICMP_UNREACH_NEEDFRAG
- rename sysctl icmp_admin_prohib_like_rst to icmp_unreach_like_rst to reflect
  the fact that we also react on ICMP unreachables that are not administrative
  prohibited.
  Also update the comments to reflect this.
- in sys/netinet/tcp_subr.c:tcp_ctlinput add code to treat PRC_UNREACH_ADMIN_PROHIB
  and PRC_UNREACH_HOST different.

Fix: Apply this diff:
Comment 1 Garrett A. Wollman 2000-12-31 21:02:15 UTC 
<<On Sun, 31 Dec 2000 21:26:01 +0100 (CET), Jesper Skriver <jesper@skriver.dk> said:

> We now let ICMP unreachables kill TCP sessions regardless of state, and all

Cool!  Bringing back a famous bug from 4.2BSD!

-GAWollman
Comment 2 jesper 2001-01-01 13:46:16 UTC 
On Sun, Dec 31, 2000 at 04:02:15PM -0500, Garrett Wollman wrote:
> <<On Sun, 31 Dec 2000 21:26:01 +0100 (CET), Jesper Skriver <jesper@skriver.dk> said:
> 
> > We now let ICMP unreachables kill TCP sessions regardless of state, and all
> 
> Cool!  Bringing back a famous bug from 4.2BSD!

? If you read all what I wrote, it was only for ICMP administrative
unreachables, that is someone put a filter in the path denying the
traffic.

Other unreachables will only kill sessions in SYN-SENT state, that is
new sessions not setup yet.

The above was what was agree'd upon when it was discussed at -hackers
earlier.

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:    Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: Geek            @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
Comment 3 Poul-Henning Kamp freebsd_committer freebsd_triage 2001-02-18 09:44:12 UTC 
State Changed
From-To: open->closed

Commited closed.