diff options
| author | jlemon <jlemon@FreeBSD.org> | 2001-02-23 20:51:46 +0000 |
|---|---|---|
| committer | jlemon <jlemon@FreeBSD.org> | 2001-02-23 20:51:46 +0000 |
| commit | ee6eb4ed42527cfd88e069a9c3c80f5b69c3c78b (patch) | |
| tree | 88e64fd8f46363fd2568939b5f59389da2caaafe /sys/netinet/ip_icmp.c | |
| parent | c8eae3449f828bdb7b9e24aeb4af2ac04eed4881 (diff) | |
| download | FreeBSD-src-ee6eb4ed42527cfd88e069a9c3c80f5b69c3c78b.zip FreeBSD-src-ee6eb4ed42527cfd88e069a9c3c80f5b69c3c78b.tar.gz | |
Allow ICMP unreachables which map into PRC_UNREACH_ADMIN_PROHIB to
reset TCP connections which are in the SYN_SENT state, if the sequence
number in the echoed ICMP reply is correct. This behavior can be
controlled by the sysctl net.inet.tcp.icmp_may_rst.
Currently, only subtypes 2,3,10,11,12 are treated as such
(port, protocol and administrative unreachables).
Assocaiate an error code with these resets which is reported to the
user application: ENETRESET.
Disallow resetting TCP sessions which are not in a SYN_SENT state.
Reviewed by: jesper, -net
Diffstat (limited to 'sys/netinet/ip_icmp.c')
| -rw-r--r-- | sys/netinet/ip_icmp.c | 62 |
1 files changed, 15 insertions, 47 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 1ca4c30..5b9aa08 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -315,69 +315,37 @@ icmp_input(m, off, proto) case ICMP_UNREACH: switch (code) { case ICMP_UNREACH_NET: - code = PRC_UNREACH_HOST; - break; - case ICMP_UNREACH_HOST: - code = PRC_UNREACH_HOST; - break; - - case ICMP_UNREACH_PROTOCOL: - code = PRC_UNREACH_HOST; - break; - - case ICMP_UNREACH_PORT: - code = PRC_UNREACH_HOST; - break; - case ICMP_UNREACH_SRCFAIL: - code = PRC_UNREACH_HOST; + case ICMP_UNREACH_NET_UNKNOWN: + case ICMP_UNREACH_HOST_UNKNOWN: + case ICMP_UNREACH_ISOLATED: + case ICMP_UNREACH_TOSNET: + case ICMP_UNREACH_TOSHOST: + case ICMP_UNREACH_HOST_PRECEDENCE: + case ICMP_UNREACH_PRECEDENCE_CUTOFF: + code = PRC_UNREACH_NET; break; case ICMP_UNREACH_NEEDFRAG: code = PRC_MSGSIZE; break; - case ICMP_UNREACH_NET_UNKNOWN: - code = PRC_UNREACH_HOST; - break; - - case ICMP_UNREACH_NET_PROHIB: + /* + * RFC 1122, Sections 3.2.2.1 and 4.2.3.9. + * Treat subcodes 2,3 as immediate RST + */ + case ICMP_UNREACH_PROTOCOL: + case ICMP_UNREACH_PORT: code = PRC_UNREACH_ADMIN_PROHIB; break; - case ICMP_UNREACH_TOSNET: - code = PRC_UNREACH_HOST; - break; - - case ICMP_UNREACH_HOST_UNKNOWN: - code = PRC_UNREACH_HOST; - break; - - case ICMP_UNREACH_ISOLATED: - code = PRC_UNREACH_HOST; - break; - + case ICMP_UNREACH_NET_PROHIB: case ICMP_UNREACH_HOST_PROHIB: - code = PRC_UNREACH_ADMIN_PROHIB; - break; - - case ICMP_UNREACH_TOSHOST: - code = PRC_UNREACH_HOST; - break; - case ICMP_UNREACH_FILTER_PROHIB: code = PRC_UNREACH_ADMIN_PROHIB; break; - case ICMP_UNREACH_HOST_PRECEDENCE: - code = PRC_UNREACH_HOST; - break; - - case ICMP_UNREACH_PRECEDENCE_CUTOFF: - code = PRC_UNREACH_HOST; - break; - default: goto badcode; } |
