We recently introduced a check for tcp sequence numbers when processing
ICMP messages, it has so far only been used for the ICMP messages that
trigger the session to be dropped, but it makes sense to have this check
for all ICMP messages which only act on a single session.
diff below, please review.
Index: tcp_subr.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.93
diff -u -r1.93 tcp_subr.c
--- tcp_subr.c 2001/02/23 21:07:06 1.93
+++ tcp_subr.c 2001/02/25 19:36:06
@@ -978,14 +978,12 @@
struct tcphdr *th;
void (*notify) __P((struct inpcb *, int)) = tcp_notify;
tcp_seq tcp_sequence = 0;
- int tcp_seq_check = 0;
if (cmd == PRC_QUENCH)
notify = tcp_quench;
- else if (icmp_may_rst && cmd == PRC_UNREACH_ADMIN_PROHIB && ip) {
- tcp_seq_check = 1;
+ else if (icmp_may_rst && cmd == PRC_UNREACH_ADMIN_PROHIB && ip)
notify = tcp_drop_syn_sent;
- } else if (cmd == PRC_MSGSIZE)
+ else if (cmd == PRC_MSGSIZE)
notify = tcp_mtudisc;
else if (PRC_IS_REDIRECT(cmd)) {
/*
@@ -1005,10 +1003,9 @@
if (ip) {
th = (struct tcphdr *)((caddr_t)ip
+ (IP_VHL_HL(ip->ip_vhl) << 2));
- if (tcp_seq_check == 1)
- tcp_sequence = ntohl(th->th_seq);
+ tcp_sequence = ntohl(th->th_seq);
in_pcbnotify(&tcb, sa, th->th_dport, ip->ip_src, th->th_sport,
- cmd, notify, tcp_sequence, tcp_seq_check);
+ cmd, notify, tcp_sequence, 1);
} else
in_pcbnotifyall(&tcb, sa, cmd, notify);
}
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work: Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
