Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Jun 1997 21:45:54 +0700 (NSD)
From:      serge terekhov <sts@card.ru>
To:        freebsd-hackers@freebsd.org
Subject:   Little help needed.
Message-ID:  <199706231445.VAA06431@Xopek.Card.Ru>
next in thread | raw e-mail | index | archive | help 

Hi,

i am not a big kernel guru - and after upgrading 2.1.0R -> 2.2.2R i got
a little problem porting screend firewall daemon (extensively patched by
me). i have a little routine in kernel space which sends TCP RST packet
as an answer on TCP SYN packet for unwanted incoming TCP session init
request. and this routine makes 2.2.2 to die silently, restarting pc
without any panic or other warning.. please anyone who can help me - comment
this. the code, patched a little for 2.2.2 already, follows.

static void
ip_gwtcprst(pkt)
struct mbuf *pkt;
{
	struct tcpiphdr *ti, *tp;
	struct ip *ii, *ip;
	struct tcphdr *tcp;
	struct mbuf *m;
	int tlen = 0;

	ti = mtod (pkt, struct tcpiphdr *);
	ii = mtod (pkt, struct ip *);
	if (IP_VHL_V (ii->ip_vhl) != IPVERSION || ii->ip_p != IPPROTO_TCP)
		return;			/* foolproofing ;) */
	if (ti->ti_flags & TH_RST)
		return;              /* feedback loop */
        m = m_gethdr (M_DONTWAIT, MT_HEADER);
	if (!m)
		return;
        m->m_data += max_linkhdr;
        if (ti->ti_flags & TH_SYN)
                tlen = 1;
        m->m_len = sizeof (struct tcpiphdr);
        m->m_pkthdr.len = sizeof (struct tcpiphdr);
        m->m_pkthdr.rcvif = (struct ifnet *)0;
        bzero (mtod (m, char *), sizeof (struct tcpiphdr));

        ip = mtod (m, struct ip *);
        tp = mtod (m, struct tcpiphdr *);
        tcp = (struct tcphdr *) ((char *)ip + sizeof (struct ip));
        ip->ip_src.s_addr = ti->ti_dst.s_addr;
        ip->ip_dst.s_addr = ti->ti_src.s_addr;
        tcp->th_dport = ti->ti_sport;
        tcp->th_sport = ti->ti_dport;
        tcp->th_ack = htonl (ntohl (ti->ti_seq) + tlen);
        tcp->th_off = sizeof (struct tcphdr) >> 2;
        tcp->th_flags = TH_RST|TH_ACK;
        tp->ti_pr = ii->ip_p;
        tp->ti_len = htons (sizeof (struct tcphdr));
        tcp->th_sum = in_cksum (m, sizeof (struct tcpiphdr));
	ip->ip_vhl = IP_MAKE_VHL (IPVERSION, sizeof (struct ip) >> 2);
        ip->ip_tos = ii->ip_tos;
        ip->ip_id = ii->ip_id;
        ip->ip_off = ii->ip_off;
        ip->ip_p = ii->ip_p;
        ip->ip_len = sizeof (struct tcpiphdr);
        ip->ip_ttl = ip_defttl;
        /*
         * extra 0 in case of multicast
         */
        (void) ip_output(m, (struct mbuf *)0, 0, IP_FORWARDING, 0);
}


ciao,
/serge

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706231445.VAA06431>