tcp_subr.c (72650) | tcp_subr.c (72778) |
---|---|
1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 | 1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993, 1995 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 |
34 * $FreeBSD: head/sys/netinet/tcp_subr.c 72650 2001-02-18 13:30:20Z green $ | 34 * $FreeBSD: head/sys/netinet/tcp_subr.c 72778 2001-02-20 23:25:04Z jesper $ |
35 */ 36 37#include "opt_compat.h" 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_tcpdebug.h" 41 42#include <sys/param.h> --- 984 unchanged lines hidden (view full) --- 1027 else if (!PRC_IS_REDIRECT(cmd) && 1028 ((unsigned)cmd > PRC_NCMDS || inetctlerrmap[cmd] == 0)) 1029 return; 1030 if (ip) { 1031 th = (struct tcphdr *)((caddr_t)ip 1032 + (IP_VHL_HL(ip->ip_vhl) << 2)); 1033 if (tcp_seq_check == 1) 1034 tcp_sequence = ntohl(th->th_seq); | 35 */ 36 37#include "opt_compat.h" 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40#include "opt_tcpdebug.h" 41 42#include <sys/param.h> --- 984 unchanged lines hidden (view full) --- 1027 else if (!PRC_IS_REDIRECT(cmd) && 1028 ((unsigned)cmd > PRC_NCMDS || inetctlerrmap[cmd] == 0)) 1029 return; 1030 if (ip) { 1031 th = (struct tcphdr *)((caddr_t)ip 1032 + (IP_VHL_HL(ip->ip_vhl) << 2)); 1033 if (tcp_seq_check == 1) 1034 tcp_sequence = ntohl(th->th_seq); |
1035 /* 1036 * Only call in_pcbnotify if the src port number != 0, as we 1037 * treat 0 as a wildcard in src/sys/in_pbc.c:in_pcbnotify() 1038 * 1039 * It's sufficient to check for src|local port, as we'll have no 1040 * sessions with src|local port == 0 1041 * 1042 * Without this a attacker sending ICMP messages, where the attached 1043 * IP header (+ 8 bytes) has the address and port numbers == 0, would 1044 * have the ICMP message applied to all sessions (modulo TCP sequence 1045 * number check). 1046 */ 1047 if (th->th_sport == 0) 1048 return; |
|
1035 in_pcbnotify(&tcb, sa, th->th_dport, ip->ip_src, th->th_sport, 1036 cmd, notify, tcp_sequence, tcp_seq_check); 1037 } else 1038 in_pcbnotify(&tcb, sa, 0, zeroin_addr, 0, cmd, notify, 0, 0); 1039} 1040 1041#ifdef INET6 1042void --- 389 unchanged lines hidden --- | 1049 in_pcbnotify(&tcb, sa, th->th_dport, ip->ip_src, th->th_sport, 1050 cmd, notify, tcp_sequence, tcp_seq_check); 1051 } else 1052 in_pcbnotify(&tcb, sa, 0, zeroin_addr, 0, cmd, notify, 0, 0); 1053} 1054 1055#ifdef INET6 1056void --- 389 unchanged lines hidden --- |