From owner-freebsd-hackers Sun Nov 19 12:54: 6 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97]) by hub.freebsd.org (Postfix) with ESMTP id 71E6037B479 for ; Sun, 19 Nov 2000 12:54:02 -0800 (PST) Received: by freesbee.wheel.dk (Postfix, from userid 1001) id 4852A3E4F; Sun, 19 Nov 2000 21:53:57 +0100 (CET) Date: Sun, 19 Nov 2000 21:53:57 +0100 From: Jesper Skriver To: hackers@FreeBSD.ORG Subject: Re: React to ICMP administratively prohibited ? Message-ID: <20001119215357.A41281@skriver.dk> References: <20001118155446.A81075@skriver.dk> <20001118183632.A99512@skriver.dk> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001118183632.A99512@skriver.dk>; from jesper@skriver.dk on Sat, Nov 18, 2000 at 06:36:32PM +0100 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Nov 18, 2000 at 06:36:32PM +0100, Jesper Skriver wrote: > I'll see if I can get code together which will do this. I've now got this working (diff attached), it was actually quite simple when I got a grip on what was going on in sys/netinet/, I'm gratefull for comments. Now I need to get this under the control of a sysctl, 'man 3 sysctl' gives some information on how to read the setting of a sysctl, in sys/netinet/ip_icmp.c I see how some of the others was implemented, but should I put this here ? static int drop_unreachable = 1; SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_unreachable, CTLFLAG_RW, &drop_unreachable, 0, ""); /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="drop_unreachable.diff" diff -u -r sys/netinet.old/ip_icmp.c sys/netinet/ip_icmp.c --- sys/netinet.old/ip_icmp.c Thu Nov 2 10:46:23 2000 +++ sys/netinet/ip_icmp.c Sun Nov 19 21:49:27 2000 @@ -328,6 +328,9 @@ case ICMP_UNREACH_NET_UNKNOWN: case ICMP_UNREACH_NET_PROHIB: + code = PRC_UNREACH_PORT; + break; + case ICMP_UNREACH_TOSNET: code = PRC_UNREACH_NET; break; @@ -335,11 +338,17 @@ case ICMP_UNREACH_HOST_UNKNOWN: case ICMP_UNREACH_ISOLATED: case ICMP_UNREACH_HOST_PROHIB: + code = PRC_UNREACH_PORT; + break; + case ICMP_UNREACH_TOSHOST: code = PRC_UNREACH_HOST; break; case ICMP_UNREACH_FILTER_PROHIB: + code = PRC_UNREACH_PORT; + break; + case ICMP_UNREACH_HOST_PRECEDENCE: case ICMP_UNREACH_PRECEDENCE_CUTOFF: code = PRC_UNREACH_PORT; diff -u -r sys/netinet.old/tcp_subr.c sys/netinet/tcp_subr.c --- sys/netinet.old/tcp_subr.c Fri Oct 27 13:45:41 2000 +++ sys/netinet/tcp_subr.c Sun Nov 19 21:17:40 2000 @@ -961,6 +961,8 @@ if (cmd == PRC_QUENCH) notify = tcp_quench; + else if ((cmd == PRC_UNREACH_PORT) && (ip)) + notify = tcp_drop_syn_sent; else if (cmd == PRC_MSGSIZE) notify = tcp_mtudisc; else if (!PRC_IS_REDIRECT(cmd) && @@ -1071,6 +1073,20 @@ if (tp) tp->snd_cwnd = tp->t_maxseg; +} + +/* + * When a ICMP unreachable is recieved, drop the + * TCP connection, but only if in SYN SENT + */ +void +tcp_drop_syn_sent(inp, errno) + struct inpcb *inp; + int errno; +{ + struct tcpcb *tp = intotcpcb(inp); + if((tp) && (tp->t_state == TCPS_SYN_SENT)) + tcp_drop(tp, errno); } /* diff -u -r sys/netinet.old/tcp_var.h sys/netinet/tcp_var.h --- sys/netinet.old/tcp_var.h Sat Jul 22 01:26:37 2000 +++ sys/netinet/tcp_var.h Sun Nov 19 21:17:55 2000 @@ -387,6 +387,7 @@ void tcp_input __P((struct mbuf *, int, int)); void tcp_mss __P((struct tcpcb *, int)); int tcp_mssopt __P((struct tcpcb *)); +void tcp_drop_syn_sent __P((struct inpcb *, int)); void tcp_mtudisc __P((struct inpcb *, int)); struct tcpcb * tcp_newtcpcb __P((struct inpcb *)); --ZGiS0Q5IWpPtfppv-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message