Date: Sun, 19 Nov 2000 21:53:57 +0100 From: Jesper Skriver <jesper@skriver.dk> To: hackers@FreeBSD.ORG Subject: Re: React to ICMP administratively prohibited ? Message-ID: <20001119215357.A41281@skriver.dk> In-Reply-To: <20001118183632.A99512@skriver.dk>; from jesper@skriver.dk on Sat, Nov 18, 2000 at 06:36:32PM %2B0100 References: <20001118155446.A81075@skriver.dk> <Pine.BSF.4.21.0011181102540.52996-100000@achilles.silby.com> <20001118183632.A99512@skriver.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZGiS0Q5IWpPtfppv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sat, Nov 18, 2000 at 06:36:32PM +0100, Jesper Skriver wrote:
> I'll see if I can get code together which will do this.
I've now got this working (diff attached), it was actually quite
simple when I got a grip on what was going on in sys/netinet/, I'm
gratefull for comments.
Now I need to get this under the control of a sysctl, 'man 3 sysctl'
gives some information on how to read the setting of a sysctl, in
sys/netinet/ip_icmp.c I see how some of the others was implemented,
but should I put this here ?
static int drop_unreachable = 1;
SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_unreachable, CTLFLAG_RW,
&drop_unreachable, 0, "");
/Jesper
--
Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456
Work: Network manager @ AS3292 (Tele Danmark DataNetworks)
Private: Geek @ AS2109 (A much smaller network ;-)
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
--ZGiS0Q5IWpPtfppv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="drop_unreachable.diff"
diff -u -r sys/netinet.old/ip_icmp.c sys/netinet/ip_icmp.c
--- sys/netinet.old/ip_icmp.c Thu Nov 2 10:46:23 2000
+++ sys/netinet/ip_icmp.c Sun Nov 19 21:49:27 2000
@@ -328,6 +328,9 @@
case ICMP_UNREACH_NET_UNKNOWN:
case ICMP_UNREACH_NET_PROHIB:
+ code = PRC_UNREACH_PORT;
+ break;
+
case ICMP_UNREACH_TOSNET:
code = PRC_UNREACH_NET;
break;
@@ -335,11 +338,17 @@
case ICMP_UNREACH_HOST_UNKNOWN:
case ICMP_UNREACH_ISOLATED:
case ICMP_UNREACH_HOST_PROHIB:
+ code = PRC_UNREACH_PORT;
+ break;
+
case ICMP_UNREACH_TOSHOST:
code = PRC_UNREACH_HOST;
break;
case ICMP_UNREACH_FILTER_PROHIB:
+ code = PRC_UNREACH_PORT;
+ break;
+
case ICMP_UNREACH_HOST_PRECEDENCE:
case ICMP_UNREACH_PRECEDENCE_CUTOFF:
code = PRC_UNREACH_PORT;
diff -u -r sys/netinet.old/tcp_subr.c sys/netinet/tcp_subr.c
--- sys/netinet.old/tcp_subr.c Fri Oct 27 13:45:41 2000
+++ sys/netinet/tcp_subr.c Sun Nov 19 21:17:40 2000
@@ -961,6 +961,8 @@
if (cmd == PRC_QUENCH)
notify = tcp_quench;
+ else if ((cmd == PRC_UNREACH_PORT) && (ip))
+ notify = tcp_drop_syn_sent;
else if (cmd == PRC_MSGSIZE)
notify = tcp_mtudisc;
else if (!PRC_IS_REDIRECT(cmd) &&
@@ -1071,6 +1073,20 @@
if (tp)
tp->snd_cwnd = tp->t_maxseg;
+}
+
+/*
+ * When a ICMP unreachable is recieved, drop the
+ * TCP connection, but only if in SYN SENT
+ */
+void
+tcp_drop_syn_sent(inp, errno)
+ struct inpcb *inp;
+ int errno;
+{
+ struct tcpcb *tp = intotcpcb(inp);
+ if((tp) && (tp->t_state == TCPS_SYN_SENT))
+ tcp_drop(tp, errno);
}
/*
diff -u -r sys/netinet.old/tcp_var.h sys/netinet/tcp_var.h
--- sys/netinet.old/tcp_var.h Sat Jul 22 01:26:37 2000
+++ sys/netinet/tcp_var.h Sun Nov 19 21:17:55 2000
@@ -387,6 +387,7 @@
void tcp_input __P((struct mbuf *, int, int));
void tcp_mss __P((struct tcpcb *, int));
int tcp_mssopt __P((struct tcpcb *));
+void tcp_drop_syn_sent __P((struct inpcb *, int));
void tcp_mtudisc __P((struct inpcb *, int));
struct tcpcb *
tcp_newtcpcb __P((struct inpcb *));
--ZGiS0Q5IWpPtfppv--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001119215357.A41281>