sun purge

[unix-history] / usr / src / sys / netinet / tcp_input.c
diff --git a/usr/src/sys/netinet/tcp_input.c b/usr/src/sys/netinet/tcp_input.c

index aded2cb..46d7b9d 100644 (file)
--- a/usr/src/sys/netinet/tcp_input.c
+++ b/usr/src/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*     tcp_input.c     1.87    83/01/17        */
+/*     tcp_input.c     1.95    83/06/14        */
  
  #include "../h/param.h"
  #include "../h/systm.h"
  
  #include "../h/param.h"
  #include "../h/systm.h"
@@ -6,11 +6,14 @@
  #include "../h/protosw.h"
  #include "../h/socket.h"
  #include "../h/socketvar.h"
  #include "../h/protosw.h"
  #include "../h/socket.h"
  #include "../h/socketvar.h"
-#include "../netinet/in.h"
+#include "../h/errno.h"
+
+#include "../net/if.h"
  #include "../net/route.h"
  #include "../net/route.h"
+
+#include "../netinet/in.h"
  #include "../netinet/in_pcb.h"
  #include "../netinet/in_systm.h"
  #include "../netinet/in_pcb.h"
  #include "../netinet/in_systm.h"
-#include "../net/if.h"
  #include "../netinet/ip.h"
  #include "../netinet/ip_var.h"
  #include "../netinet/tcp.h"
  #include "../netinet/ip.h"
  #include "../netinet/ip_var.h"
  #include "../netinet/tcp.h"
@@ -20,7 +23,6 @@
  #include "../netinet/tcp_var.h"
  #include "../netinet/tcpip.h"
  #include "../netinet/tcp_debug.h"
  #include "../netinet/tcp_var.h"
  #include "../netinet/tcpip.h"
  #include "../netinet/tcp_debug.h"
-#include <errno.h>
  
  int    tcpprintfs = 0;
  int    tcpcksum = 1;
  
  int    tcpprintfs = 0;
  int    tcpcksum = 1;
@@ -46,6 +48,7 @@ tcp_input(m0)
         int todrop, acked;
         short ostate;
         struct in_addr laddr;
         int todrop, acked;
         short ostate;
         struct in_addr laddr;
+       int dropsocket = 0;
  
         /*
          * Get IP and TCP header together in first mbuf.
  
         /*
          * Get IP and TCP header together in first mbuf.
@@ -74,9 +77,9 @@ tcp_input(m0)
                 ti->ti_len = (u_short)tlen;
                 ti->ti_len = htons((u_short)ti->ti_len);
                 if (ti->ti_sum = in_cksum(m, len)) {
                 ti->ti_len = (u_short)tlen;
                 ti->ti_len = htons((u_short)ti->ti_len);
                 if (ti->ti_sum = in_cksum(m, len)) {
-                       tcpstat.tcps_badsum++;
                         if (tcpprintfs)
                         if (tcpprintfs)
-                               printf("tcp cksum %x\n", ti->ti_sum);
+                               printf("tcp sum: src %x\n", ti->ti_src);
+                       tcpstat.tcps_badsum++;
                         goto drop;
                 }
         }
                         goto drop;
                 }
         }
@@ -87,6 +90,8 @@ tcp_input(m0)
          */
         off = ti->ti_off << 2;
         if (off < sizeof (struct tcphdr) || off > tlen) {
          */
         off = ti->ti_off << 2;
         if (off < sizeof (struct tcphdr) || off > tlen) {
+               if (tcpprintfs)
+                       printf("tcp off: src %x off %d\n", ti->ti_src, off);
                 tcpstat.tcps_badoff++;
                 goto drop;
         }
                 tcpstat.tcps_badoff++;
                 goto drop;
         }
@@ -95,7 +100,7 @@ tcp_input(m0)
         if (off > sizeof (struct tcphdr)) {
                 if ((m = m_pullup(m, sizeof (struct ip) + off)) == 0) {
                         tcpstat.tcps_hdrops++;
         if (off > sizeof (struct tcphdr)) {
                 if ((m = m_pullup(m, sizeof (struct ip) + off)) == 0) {
                         tcpstat.tcps_hdrops++;
-                       goto drop;
+                       return;
                 }
                 ti = mtod(m, struct tcpiphdr *);
                 om = m_get(M_DONTWAIT, MT_DATA);
                 }
                 ti = mtod(m, struct tcpiphdr *);
                 om = m_get(M_DONTWAIT, MT_DATA);
@@ -151,6 +156,18 @@ tcp_input(m0)
                 so = sonewconn(so);
                 if (so == 0)
                         goto drop;
                 so = sonewconn(so);
                 if (so == 0)
                         goto drop;
+               /*
+                * This is ugly, but ....
+                *
+                * Mark socket as temporary until we're
+                * committed to keeping it.  The code at
+                * ``drop'' and ``dropwithreset'' check the
+                * flag dropsocket to see if the temporary
+                * socket created here should be discarded.
+                * We mark the socket as discardable until
+                * we're committed to it below in TCPS_LISTEN.
+                */
+               dropsocket++;
                 inp = (struct inpcb *)so->so_pcb;
                 inp->inp_laddr = ti->ti_dst;
                 inp->inp_lport = ti->ti_dport;
                 inp = (struct inpcb *)so->so_pcb;
                 inp->inp_laddr = ti->ti_dst;
                 inp->inp_lport = ti->ti_dport;
@@ -235,6 +252,7 @@ tcp_input(m0)
                 tcp_rcvseqinit(tp);
                 tp->t_state = TCPS_SYN_RECEIVED;
                 tp->t_timer[TCPT_KEEP] = TCPTV_KEEP;
                 tcp_rcvseqinit(tp);
                 tp->t_state = TCPS_SYN_RECEIVED;
                 tp->t_timer[TCPT_KEEP] = TCPTV_KEEP;
+               dropsocket = 0;         /* committed to socket */
                 goto trimthenstep6;
                 }
  
                 goto trimthenstep6;
                 }
  
@@ -572,6 +590,18 @@ step6:
          */
         if ((tiflags & TH_URG) && ti->ti_urp &&
             TCPS_HAVERCVDFIN(tp->t_state) == 0) {
          */
         if ((tiflags & TH_URG) && ti->ti_urp &&
             TCPS_HAVERCVDFIN(tp->t_state) == 0) {
+               /*
+                * This is a kludge, but if we receive accept
+                * random urgent pointers, we'll crash in
+                * soreceive.  It's hard to imagine someone
+                * actually wanting to send this much urgent data.
+                */
+               if (ti->ti_urp > tp->t_maxseg) {        /* XXX */
+                       ti->ti_urp = 0;                 /* XXX */
+                       tiflags &= ~TH_URG;             /* XXX */
+                       ti->ti_flags &= ~TH_URG;        /* XXX */
+                       goto badurp;                    /* XXX */
+               }
                 /*
                  * If this segment advances the known urgent pointer,
                  * then mark the data stream.  This should not happen
                 /*
                  * If this segment advances the known urgent pointer,
                  * then mark the data stream.  This should not happen
@@ -597,6 +627,7 @@ step6:
                 if (ti->ti_urp <= ti->ti_len)
                         tcp_pulloutofband(so, ti);
         }
                 if (ti->ti_urp <= ti->ti_len)
                         tcp_pulloutofband(so, ti);
         }
+badurp:                                                        /* XXX */
  
         /*
          * Process the segment text, merging it into the TCP sequencing queue,
  
         /*
          * Process the segment text, merging it into the TCP sequencing queue,
@@ -690,8 +721,10 @@ dropafterack:
         return;
  
  dropwithreset:
         return;
  
  dropwithreset:
-       if (om)
+       if (om) {
                 (void) m_free(om);
                 (void) m_free(om);
+               om = 0;
+       }
         /*
          * Generate a RST, dropping incoming segment.
          * Make ACK acceptable to originator of segment.
         /*
          * Generate a RST, dropping incoming segment.
          * Make ACK acceptable to originator of segment.
@@ -706,15 +739,23 @@ dropwithreset:
                 tcp_respond(tp, ti, ti->ti_seq+ti->ti_len, (tcp_seq)0,
                     TH_RST|TH_ACK);
         }
                 tcp_respond(tp, ti, ti->ti_seq+ti->ti_len, (tcp_seq)0,
                     TH_RST|TH_ACK);
         }
+       /* destroy temporarily created socket */
+       if (dropsocket)
+               (void) soabort(so);
         return;
  
  drop:
         return;
  
  drop:
+       if (om)
+               (void) m_free(om);
         /*
          * Drop space held by incoming segment and return.
          */
         if (tp && (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
                 tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0);
         m_freem(m);
         /*
          * Drop space held by incoming segment and return.
          */
         if (tp && (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
                 tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0);
         m_freem(m);
+       /* destroy temporarily created socket */
+       if (dropsocket)
+               (void) soabort(so);
         return;
  }
  
         return;
  }
  
@@ -733,8 +774,11 @@ tcp_dooptions(tp, om)
                         break;
                 if (opt == TCPOPT_NOP)
                         optlen = 1;
                         break;
                 if (opt == TCPOPT_NOP)
                         optlen = 1;
-               else
+               else {
                         optlen = cp[1];
                         optlen = cp[1];
+                       if (optlen <= 0)
+                               break;
+               }
                 switch (opt) {
  
                 default:
                 switch (opt) {
  
                 default: