diff options
| author |   fgont <fgont@openbsd.org> | 2005-05-24 00:02:37 +0000 |
|---|---|---|
| committer | fgont <fgont@openbsd.org> | 2005-05-24 00:02:37 +0000 |
| commit | 53b31d658b698baab2f19f832a8829071f25fe0d (patch) | |
| tree | 0c19d7c2a01e9d093ce2b2e86249a74d7c432da7 | |
| parent | fix rasops initialization when not acting as console; ok miod@ (diff) | |
| download | wireguard-openbsd-53b31d658b698baab2f19f832a8829071f25fe0d.tar.xz wireguard-openbsd-53b31d658b698baab2f19f832a8829071f25fe0d.zip | |
Ignore ICMP Source Quench messages meant for TCP connections. (Details in
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html)
ok markus frantzen
| -rw-r--r-- | sys/netinet/tcp_output.c | 8 | ||||
| -rw-r--r-- | sys/netinet/tcp_subr.c | 28 | ||||
| -rw-r--r-- | sys/netinet/tcp_var.h | 3 |
3 files changed, 18 insertions, 21 deletions
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 5c57acaa65e..e19d623de96 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.77 2005/04/25 17:55:52 brad Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.78 2005/05/24 00:02:37 fgont Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -1118,7 +1118,11 @@ send: if (error) { out: if (error == ENOBUFS) { - tcp_quench(tp->t_inpcb, 0); + /* + * If the interface queue is full, or IP cannot + * get an mbuf, trigger TCP slow start. + */ + tp->snd_cwnd = tp->t_maxseg; return (0); } if (error == EMSGSIZE) { diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index b4c6805ddc3..35964b0bf71 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.88 2005/03/04 13:21:42 markus Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.89 2005/05/24 00:02:37 fgont Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -733,8 +733,12 @@ tcp6_ctlinput(cmd, sa, d) if ((unsigned)cmd >= PRC_NCMDS) return; else if (cmd == PRC_QUENCH) { + /* + * Don't honor ICMP Source Quench messages meant for + * TCP connections. + */ /* XXX there's no PRC_QUENCH in IPv6 */ - notify = tcp_quench; + return; } else if (PRC_IS_REDIRECT(cmd)) notify = in_rtchange, d = NULL; else if (cmd == PRC_MSGSIZE) @@ -839,7 +843,11 @@ tcp_ctlinput(cmd, sa, v) return NULL; errno = inetctlerrmap[cmd]; if (cmd == PRC_QUENCH) - notify = tcp_quench; + /* + * Don't honor ICMP Source Quench messages meant for + * TCP connections. + */ + return NULL; else if (PRC_IS_REDIRECT(cmd)) notify = in_rtchange, ip = 0; else if (cmd == PRC_MSGSIZE && ip_mtudisc && ip) { @@ -903,20 +911,6 @@ tcp_ctlinput(cmd, sa, v) return NULL; } -/* - * When a source quench is received, close congestion window - * to one segment. We will gradually open it again as we proceed. - */ -void -tcp_quench(inp, errno) - struct inpcb *inp; - int errno; -{ - struct tcpcb *tp = intotcpcb(inp); - - if (tp) - tp->snd_cwnd = tp->t_maxseg; -} #ifdef INET6 /* diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index e91872a60f6..04334ea17e6 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_var.h,v 1.73 2005/04/05 20:27:35 markus Exp $ */ +/* $OpenBSD: tcp_var.h,v 1.74 2005/05/24 00:02:37 fgont Exp $ */ /* $NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $ */ /* @@ -593,7 +593,6 @@ struct tcpcb * void tcp_notify(struct inpcb *, int); int tcp_output(struct tcpcb *); void tcp_pulloutofband(struct socket *, u_int, struct mbuf *, int); -void tcp_quench(struct inpcb *, int); int tcp_reass(struct tcpcb *, struct tcphdr *, struct mbuf *, int *); void tcp_rscale(struct tcpcb *, u_long); void tcp_respond(struct tcpcb *, caddr_t, struct mbuf *, tcp_seq, |