verify payload of the icmp need fragment message at the tcp layer. okay itojun@

5 files changed, 28 insertions, 48 deletions

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 76166411634..b8903ab55ea 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.c,v 1.46 2000/10/09 14:39:46 provos Exp $	*/
+/*	$OpenBSD: in_pcb.c,v 1.47 2000/10/10 15:16:01 provos Exp $	*/
 /*	$NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $	*/
 
 /*
@@ -712,38 +712,6 @@ in_pcbnotifyall(table, dst, errno, notify)
 }
 
 /*
- * Check if we have a socket that talks to the given destination.
- */
-
-int
-in_pcbconnected(table, dst)
-	struct inpcbtable *table;
-	struct sockaddr *dst;
-{
-	struct inpcb *inp;
-	struct in_addr faddr;
-
-	if (dst->sa_family != AF_INET)
-		return (0);
-	faddr = satosin(dst)->sin_addr;
-	if (faddr.s_addr == INADDR_ANY)
-		return (0);
-
-	for (inp = table->inpt_queue.cqh_first;
-	    inp != (struct inpcb *)&table->inpt_queue;
-	    inp = inp->inp_queue.cqe_next) {
-#ifdef INET6
-		if (inp->inp_flags & INP_IPV6)
-			continue;
-#endif
-		if (inp->inp_faddr.s_addr == faddr.s_addr && inp->inp_socket)
-			break;
-	}
-
-	return (inp != (struct inpcb *)&table->inpt_queue);
-}
-
-/*
  * Check for alternatives when higher level complains
  * about service problems.  For now, invalidate cached
  * routing information.  If the route was created dynamically
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h
index 4fa8f75133a..dc81e411531 100644
--- a/sys/netinet/in_pcb.h
+++ b/sys/netinet/in_pcb.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in_pcb.h,v 1.27 2000/10/09 14:39:46 provos Exp $	*/
+/*	$OpenBSD: in_pcb.h,v 1.28 2000/10/10 15:16:02 provos Exp $	*/
 /*	$NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $	*/
 
 /*
@@ -253,7 +253,6 @@ void	 in_pcbnotify __P((struct inpcbtable *, struct sockaddr *,
 	    u_int, struct in_addr, u_int, int, void (*)(struct inpcb *, int)));
 void	 in_pcbnotifyall __P((struct inpcbtable *, struct sockaddr *,
 	    int, void (*)(struct inpcb *, int)));
-int	 in_pcbconnected __P((struct inpcbtable *, struct sockaddr *));
 void	 in_pcbrehash __P((struct inpcb *));
 void	 in_rtchange __P((struct inpcb *, int));
 void	 in_setpeeraddr __P((struct inpcb *, struct mbuf *));
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 93dc9a315e8..674b23822fa 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_icmp.c,v 1.28 2000/10/10 14:24:33 itojun Exp $	*/
+/*	$OpenBSD: ip_icmp.c,v 1.29 2000/10/10 15:16:02 provos Exp $	*/
 /*	$NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $	*/
 
 /*
@@ -71,7 +71,6 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.
 #include <netinet/ip_icmp.h>
 #include <netinet/ip_var.h>
 #include <netinet/icmp_var.h>
-#include <netinet/in_pcb.h>
 
 #include <machine/stdarg.h>
 
@@ -90,7 +89,6 @@ int	icmperrppslim;
 int	icmperrpps_count = 0;
 struct timeval icmperrppslim_last;
 
-void icmp_mtudisc __P((struct icmp *));
 void icmp_mtudisc_timeout __P((struct rtentry *, struct rttimer *));
 int icmp_ratelimit __P((const struct in_addr *, const int, const int));
 
@@ -402,8 +400,6 @@ icmp_input(m, va_alist)
 			printf("deliver to protocol %d\n", icp->icmp_ip.ip_p);
 #endif
 		icmpsrc.sin_addr = icp->icmp_ip.ip_dst;
-		if (code == PRC_MSGSIZE && ip_mtudisc)
-			icmp_mtudisc(icp);
 		/*
 		 * XXX if the packet contains [IPv4 AH TCP], we can't make a
 		 * notification to TCP layer.
@@ -759,16 +755,12 @@ icmp_mtudisc(icp)
 	struct sockaddr *dst = sintosa(&icmpsrc);
 	u_long mtu = ntohs(icp->icmp_nextmtu);  /* Why a long?  IPv6 */
 	int    error;
-	extern struct inpcbtable tcbtable;
 	
 	/* Table of common MTUs: */
 
 	static u_short mtu_table[] = {65535, 65280, 32000, 17914, 9180, 8166, 
 				      4352, 2002, 1492, 1006, 508, 296, 68, 0};
     
-	if (!in_pcbconnected(&tcbtable, sintosa(&icmpsrc)))
-		return;
-
 	rt = rtalloc1(dst, 1);
 	if (rt == 0)
 		return;
diff --git a/sys/netinet/ip_icmp.h b/sys/netinet/ip_icmp.h
index 74e11928258..387e3b1b2c0 100644
--- a/sys/netinet/ip_icmp.h
+++ b/sys/netinet/ip_icmp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_icmp.h,v 1.9 1999/01/07 09:20:17 deraadt Exp $	*/
+/*	$OpenBSD: ip_icmp.h,v 1.10 2000/10/10 15:16:02 provos Exp $	*/
 /*	$NetBSD: ip_icmp.h,v 1.10 1996/02/13 23:42:28 christos Exp $	*/
 
 /*
@@ -186,4 +186,5 @@ void	icmp_input __P((struct mbuf *, ...));
 void	icmp_reflect __P((struct mbuf *));
 void	icmp_send __P((struct mbuf *, struct mbuf *));
 int	icmp_sysctl __P((int *, u_int, void *, size_t *, void *, size_t));
+void	icmp_mtudisc __P((struct icmp *));
 #endif
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 836bda2197e..308e7f28a7a 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_subr.c,v 1.33 2000/09/25 09:41:03 provos Exp $	*/
+/*	$OpenBSD: tcp_subr.c,v 1.34 2000/10/10 15:16:02 provos Exp $	*/
 /*	$NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $	*/
 
 /*
@@ -87,6 +87,10 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.
 #include <sys/md5k.h>
 #endif /* TCP_SIGNATURE */
 
+#ifndef offsetof
+#define offsetof(type, member)	((size_t)(&((type *)0)->member))
+#endif
+
 /* patchable/settable parameters for tcp */
 int	tcp_mssdflt = TCP_MSS;
 int	tcp_rttdflt = TCPTV_SRTTDFLT / PR_SLOWHZ;
@@ -809,9 +813,25 @@ tcp_ctlinput(cmd, sa, v)
 		notify = tcp_quench;
 	else if (PRC_IS_REDIRECT(cmd))
 		notify = in_rtchange, ip = 0;
-	else if (cmd == PRC_MSGSIZE && ip_mtudisc)
+	else if (cmd == PRC_MSGSIZE && ip_mtudisc) {
+		th = (struct tcphdr *)((caddr_t)ip + (ip->ip_hl << 2));
+		/*
+		 * Verify that the packet in the icmp payload refers
+		 * to an existing TCP connection.
+		 */
+		if (in_pcblookup(&tcbtable,
+				 &ip->ip_dst, th->th_dport,
+				 &ip->ip_src, th->th_sport,
+				 INPLOOKUP_WILDCARD)) {
+			struct icmp *icp;
+			icp = (struct icmp *)((caddr_t)ip -
+					      offsetof(struct icmp, icmp_ip));
+
+			/* Calculate new mtu and create corresponding route */
+			icmp_mtudisc(icp);
+		}
 		notify = tcp_mtudisc, ip = 0;
-	else if (cmd == PRC_MTUINC)
+	} else if (cmd == PRC_MTUINC)
 		notify = tcp_mtudisc_increase, ip = 0;
 	else if (cmd == PRC_HOSTDEAD)
 		ip = 0;