diff options
author | wollman <wollman@FreeBSD.org> | 1997-11-20 20:04:49 +0000 |
---|---|---|
committer | wollman <wollman@FreeBSD.org> | 1997-11-20 20:04:49 +0000 |
commit | 390341dca56b4b438dec1f970c9357e73ab66837 (patch) | |
tree | 6b00313519cbfbbe0837b6dac7fc566cd9ca4ed3 /sys/netinet/tcp_input.c | |
parent | 2ba2c6e5da88344da3a9ef259307688aacbee71e (diff) | |
download | FreeBSD-src-390341dca56b4b438dec1f970c9357e73ab66837.zip FreeBSD-src-390341dca56b4b438dec1f970c9357e73ab66837.tar.gz |
Add Matt Dillon's quick fix hack for the self-connect DoS.
PR: 5103
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r-- | sys/netinet/tcp_input.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 9785551..31fa80d 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_input.c 8.12 (Berkeley) 5/24/95 - * $Id: tcp_input.c,v 1.64 1997/10/28 15:58:52 bde Exp $ + * $Id: tcp_input.c,v 1.65 1997/11/07 08:53:21 phk Exp $ */ #include "opt_tcpdebug.h" @@ -317,6 +317,19 @@ tcp_input(m, iphlen) #endif /* TUBA_INCLUDE */ /* + * Reject attempted self-connects. XXX This actually masks + * a bug elsewhere, since self-connect should work. + * However, a urrently-active DoS attack in the Internet + * sends a phony self-connect request which causes an infinite + * loop. + */ + if (ti->ti_src.s_addr == ti->ti_dst.s_addr + && ti->ti_sport == ti->ti_dport) { + tcpstat.tcps_badsyn++; + goto drop; + } + + /* * Check that TCP offset makes sense, * pull out TCP options and adjust length. XXX */ |