summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/netinet/tcp_input.c54
1 files changed, 20 insertions, 34 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 8df35d0d1be..a9d90cc0f1d 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.136 2003/12/08 10:48:57 markus Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.137 2003/12/21 14:50:04 markus Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -434,6 +434,13 @@ tcp_input(struct mbuf *m, ...)
tcpstat.tcps_rcvtotal++;
/*
+ * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
+ * See below for AF specific multicast.
+ */
+ if (m->m_flags & (M_BCAST|M_MCAST))
+ goto drop;
+
+ /*
* Before we do ANYTHING, we have to figure out if it's TCP/IPv6 or
* TCP/IPv4.
*/
@@ -515,6 +522,10 @@ tcp_input(struct mbuf *m, ...)
struct tcpiphdr *ti;
ip = mtod(m, struct ip *);
+ if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+ goto drop;
+
tlen = m->m_pkthdr.len - iphlen;
ti = mtod(m, struct tcpiphdr *);
@@ -573,6 +584,12 @@ tcp_input(struct mbuf *m, ...)
goto drop;
}
+ /* Discard packets to multicast */
+ if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
+ /* XXX stat */
+ goto drop;
+ }
+
/*
* Checksum extended TCP header and data.
*/
@@ -1142,24 +1159,6 @@ findpcb:
}
}
- /*
- * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
- */
- if (m->m_flags & (M_BCAST|M_MCAST))
- goto drop;
- switch (af) {
-#ifdef INET6
- case AF_INET6:
- if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
- goto drop;
- break;
-#endif /* INET6 */
- case AF_INET:
- if (IN_MULTICAST(ip->ip_dst.s_addr) ||
- in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
- goto drop;
- break;
- }
am = m_get(M_DONTWAIT, MT_SONAME); /* XXX */
if (am == NULL)
goto drop;
@@ -2282,23 +2281,10 @@ dropwithreset:
/*
* Generate a RST, dropping incoming segment.
* Make ACK acceptable to originator of segment.
- * Don't bother to respond if destination was broadcast/multicast.
+ * Don't bother to respond to RST.
*/
- if ((tiflags & TH_RST) || m->m_flags & (M_BCAST|M_MCAST))
+ if (tiflags & TH_RST)
goto drop;
- switch (af) {
-#ifdef INET6
- case AF_INET6:
- /* For following calls to tcp_respond */
- if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
- goto drop;
- break;
-#endif /* INET6 */
- case AF_INET:
- if (IN_MULTICAST(ip->ip_dst.s_addr) ||
- in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
- goto drop;
- }
if (tiflags & TH_ACK) {
tcp_respond(tp, mtod(m, caddr_t), m, (tcp_seq)0, th->th_ack,
TH_RST);