On Fri, Feb 23, 2001 at 03:49:52AM +0100, Jesper Skriver wrote:
>
> I still think we should react to the following as a minimum
> - type 3 code 0 net unreachable
> - type 3 code 1 host unreachable
RFC 1122, Section 4.2.3.9 says:
o Destination Unreachable -- codes 0, 1, 5
Since these Unreachable messages indicate soft error
conditions, TCP MUST NOT abort the connection, and it
SHOULD make the information available to the
application.
I think that these should be transients.
> Perhaps you could keep some of the comment ...
Hmm, yeah, I was probably a little too overzealous with the axe there
> > if (cmd == PRC_QUENCH)
> > notify = tcp_quench;
> > - else if ((icmp_unreach_like_rst == 1) && ((cmd == PRC_UNREACH_HOST) ||
> > - (cmd == PRC_UNREACH_ADMIN_PROHIB)) && (ip) &&
> > - ((IP_VHL_HL(ip->ip_vhl) << 2) == sizeof(struct ip))) {
>
> Sure we'll not try to read off the end of the recieved packet, when we
> remove the check for the header length.
>
> I put it there as a extra check against "attackers" sending us malformed
> ICMP messages with only part of the attached IP header, or even without
> it.
Yup, but if you exmaine icmp_input, which calls this code, it has
already verified that there are a full 8 bytes of the TCP packet
in existence; if this is not the case, icmp_input will drop the packet.
--
Jonathan
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
