diff options
author | andre <andre@FreeBSD.org> | 2007-03-21 18:25:28 +0000 |
---|---|---|
committer | andre <andre@FreeBSD.org> | 2007-03-21 18:25:28 +0000 |
commit | 878e882d886a3a35db4943b997201c50c392f095 (patch) | |
tree | 94a5b428054054898dc8d5b82c6f8c9fc75bc04f /sys/netinet/tcp_input.c | |
parent | 279a028838100f62c22c53cd1abde9ced5d5faed (diff) | |
download | FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.zip FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.tar.gz |
Make TCP_DROP_SYNFIN a standard part of TCP. Disabled by default it
doesn't impede normal operation negatively and is only a few lines of
code. It's close relatives blackhole and log_in_vain aren't options
either.
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r-- | sys/netinet/tcp_input.c | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index b944272..91f7308 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -36,7 +36,6 @@ #include "opt_ipsec.h" #include "opt_mac.h" #include "opt_tcpdebug.h" -#include "opt_tcp_input.h" #include "opt_tcp_sack.h" #include <sys/param.h> @@ -118,11 +117,9 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, delayed_ack, CTLFLAG_RW, &tcp_delack_enabled, 0, "Delay ACK to try and piggyback it onto a data packet"); -#ifdef TCP_DROP_SYNFIN static int drop_synfin = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop_synfin, CTLFLAG_RW, &drop_synfin, 0, "Drop TCP packets with SYN+FIN set"); -#endif static int tcp_do_rfc3042 = 1; SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW, @@ -601,7 +598,6 @@ tcp_input(m, off0) } thflags = th->th_flags; -#ifdef TCP_DROP_SYNFIN /* * If the drop_synfin option is enabled, drop all packets with * both the SYN and FIN bits set. This prevents e.g. nmap from @@ -611,7 +607,6 @@ tcp_input(m, off0) */ if (drop_synfin && (thflags & (TH_SYN|TH_FIN)) == (TH_SYN|TH_FIN)) goto drop; -#endif /* * Convert TCP protocol specific fields to host format. |