verify payload of the icmp need fragment message at the tcp layer. okay itojun@

1 files changed, 23 insertions, 3 deletions

diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 836bda2197e..308e7f28a7a 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_subr.c,v 1.33 2000/09/25 09:41:03 provos Exp $	*/
+/*	$OpenBSD: tcp_subr.c,v 1.34 2000/10/10 15:16:02 provos Exp $	*/
 /*	$NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $	*/
 
 /*
@@ -87,6 +87,10 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.
 #include <sys/md5k.h>
 #endif /* TCP_SIGNATURE */
 
+#ifndef offsetof
+#define offsetof(type, member)	((size_t)(&((type *)0)->member))
+#endif
+
 /* patchable/settable parameters for tcp */
 int	tcp_mssdflt = TCP_MSS;
 int	tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ;
@@ -809,9 +813,25 @@ tcp_ctlinput(cmd, sa, v)
 		notify = tcp_quench;
 	else if (PRC_IS_REDIRECT(cmd))
 		notify = in_rtchange, ip = 0;
-	else if (cmd == PRC_MSGSIZE && ip_mtudisc)
+	else if (cmd == PRC_MSGSIZE && ip_mtudisc) {
+		th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
+		/*
+		 * Verify that the packet in the icmp payload refers
+		 * to an existing TCP connection.
+		 */
+		if (in_pcblookup(&tcbtable,
+				 &ip->ip_dst, th->th_dport,
+				 &ip->ip_src, th->th_sport,
+				 INPLOOKUP_WILDCARD)) {
+			struct icmp *icp;
+			icp = (struct icmp *)((caddr_t)ip -
+					      offsetof(struct icmp, icmp_ip));
+
+			/* Calculate new mtu and create corresponding route */
+			icmp_mtudisc(icp);
+		}
 		notify = tcp_mtudisc, ip = 0;
-	else if (cmd == PRC_MTUINC)
+	} else if (cmd == PRC_MTUINC)
 		notify = tcp_mtudisc_increase, ip = 0;
 	else if (cmd == PRC_HOSTDEAD)
 		ip = 0;