sun purge

[unix-history] / usr / src / sys / netinet / tcp_input.c
diff --git a/usr/src/sys/netinet/tcp_input.c b/usr/src/sys/netinet/tcp_input.c

index cf96e45..46d7b9d 100644 (file)
--- a/usr/src/sys/netinet/tcp_input.c
+++ b/usr/src/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*     tcp_input.c     1.60    82/03/13        */
+/*     tcp_input.c     1.95    83/06/14        */
  
  #include "../h/param.h"
  #include "../h/systm.h"
  
  #include "../h/param.h"
  #include "../h/systm.h"
@@ -6,26 +6,26 @@
  #include "../h/protosw.h"
  #include "../h/socket.h"
  #include "../h/socketvar.h"
  #include "../h/protosw.h"
  #include "../h/socket.h"
  #include "../h/socketvar.h"
-#include "../net/in.h"
-#include "../net/in_pcb.h"
-#include "../net/in_systm.h"
+#include "../h/errno.h"
+
  #include "../net/if.h"
  #include "../net/if.h"
-#include "../net/ip.h"
-#include "../net/ip_var.h"
-#include "../net/tcp.h"
-#include "../net/tcp_fsm.h"
-#include "../net/tcp_seq.h"
-#include "../net/tcp_timer.h"
-#include "../net/tcp_var.h"
-#include "../net/tcpip.h"
-#include "../net/tcp_debug.h"
-#include "../errno.h"
-
-#ifdef notdef
+#include "../net/route.h"
+
+#include "../netinet/in.h"
+#include "../netinet/in_pcb.h"
+#include "../netinet/in_systm.h"
+#include "../netinet/ip.h"
+#include "../netinet/ip_var.h"
+#include "../netinet/tcp.h"
+#include "../netinet/tcp_fsm.h"
+#include "../netinet/tcp_seq.h"
+#include "../netinet/tcp_timer.h"
+#include "../netinet/tcp_var.h"
+#include "../netinet/tcpip.h"
+#include "../netinet/tcp_debug.h"
+
  int    tcpprintfs = 0;
  int    tcpprintfs = 0;
-#endif
  int    tcpcksum = 1;
  int    tcpcksum = 1;
-struct sockaddr_in tcp_in = { AF_INET };
  struct tcpiphdr tcp_saveti;
  extern tcpnodelack;
  
  struct tcpiphdr tcp_saveti;
  extern tcpnodelack;
  
@@ -48,8 +48,8 @@ tcp_input(m0)
         int todrop, acked;
         short ostate;
         struct in_addr laddr;
         int todrop, acked;
         short ostate;
         struct in_addr laddr;
+       int dropsocket = 0;
  
  
-COUNT(TCP_INPUT);
         /*
          * Get IP and TCP header together in first mbuf.
          * Note: IP leaves IP header in first mbuf.
         /*
          * Get IP and TCP header together in first mbuf.
          * Note: IP leaves IP header in first mbuf.
@@ -75,12 +75,11 @@ COUNT(TCP_INPUT);
                 ti->ti_next = ti->ti_prev = 0;
                 ti->ti_x1 = 0;
                 ti->ti_len = (u_short)tlen;
                 ti->ti_next = ti->ti_prev = 0;
                 ti->ti_x1 = 0;
                 ti->ti_len = (u_short)tlen;
-#if vax
                 ti->ti_len = htons((u_short)ti->ti_len);
                 ti->ti_len = htons((u_short)ti->ti_len);
-#endif
                 if (ti->ti_sum = in_cksum(m, len)) {
                 if (ti->ti_sum = in_cksum(m, len)) {
+                       if (tcpprintfs)
+                               printf("tcp sum: src %x\n", ti->ti_src);
                         tcpstat.tcps_badsum++;
                         tcpstat.tcps_badsum++;
-                       printf("tcp cksum %x\n", ti->ti_sum);
                         goto drop;
                 }
         }
                         goto drop;
                 }
         }
@@ -91,20 +90,22 @@ COUNT(TCP_INPUT);
          */
         off = ti->ti_off << 2;
         if (off < sizeof (struct tcphdr) || off > tlen) {
          */
         off = ti->ti_off << 2;
         if (off < sizeof (struct tcphdr) || off > tlen) {
+               if (tcpprintfs)
+                       printf("tcp off: src %x off %d\n", ti->ti_src, off);
                 tcpstat.tcps_badoff++;
                 goto drop;
         }
                 tcpstat.tcps_badoff++;
                 goto drop;
         }
-       ti->ti_len = tlen - off;
+       tlen -= off;
+       ti->ti_len = tlen;
         if (off > sizeof (struct tcphdr)) {
                 if ((m = m_pullup(m, sizeof (struct ip) + off)) == 0) {
                         tcpstat.tcps_hdrops++;
         if (off > sizeof (struct tcphdr)) {
                 if ((m = m_pullup(m, sizeof (struct ip) + off)) == 0) {
                         tcpstat.tcps_hdrops++;
-                       goto drop;
+                       return;
                 }
                 ti = mtod(m, struct tcpiphdr *);
                 }
                 ti = mtod(m, struct tcpiphdr *);
-               om = m_get(M_DONTWAIT);
+               om = m_get(M_DONTWAIT, MT_DATA);
                 if (om == 0)
                         goto drop;
                 if (om == 0)
                         goto drop;
-               om->m_off = MMINOFF;
                 om->m_len = off - sizeof (struct tcphdr);
                 { caddr_t op = mtod(m, caddr_t) + sizeof (struct tcpiphdr);
                   bcopy(op, mtod(om, caddr_t), (unsigned)om->m_len);
                 om->m_len = off - sizeof (struct tcphdr);
                 { caddr_t op = mtod(m, caddr_t) + sizeof (struct tcpiphdr);
                   bcopy(op, mtod(om, caddr_t), (unsigned)om->m_len);
@@ -116,13 +117,12 @@ COUNT(TCP_INPUT);
         tiflags = ti->ti_flags;
  
         /*
         tiflags = ti->ti_flags;
  
         /*
-        * drop IP header
+        * Drop TCP and IP headers.
          */
         off += sizeof (struct ip);
         m->m_off += off;
         m->m_len -= off;
  
          */
         off += sizeof (struct ip);
         m->m_off += off;
         m->m_len -= off;
  
-#if vax
         /*
          * Convert TCP protocol specific fields to host format.
          */
         /*
          * Convert TCP protocol specific fields to host format.
          */
@@ -130,11 +130,9 @@ COUNT(TCP_INPUT);
         ti->ti_ack = ntohl(ti->ti_ack);
         ti->ti_win = ntohs(ti->ti_win);
         ti->ti_urp = ntohs(ti->ti_urp);
         ti->ti_ack = ntohl(ti->ti_ack);
         ti->ti_win = ntohs(ti->ti_win);
         ti->ti_urp = ntohs(ti->ti_urp);
-#endif
  
         /*
  
         /*
-        * Locate pcb for segment.  On match, update the local
-        * address stored in the block to reflect anchoring.
+        * Locate pcb for segment.
          */
         inp = in_pcblookup
                 (&tcb, ti->ti_src, ti->ti_sport, ti->ti_dst, ti->ti_dport,
          */
         inp = in_pcblookup
                 (&tcb, ti->ti_src, ti->ti_sport, ti->ti_dst, ti->ti_dport,
@@ -154,6 +152,28 @@ COUNT(TCP_INPUT);
                 ostate = tp->t_state;
                 tcp_saveti = *ti;
         }
                 ostate = tp->t_state;
                 tcp_saveti = *ti;
         }
+       if (so->so_options & SO_ACCEPTCONN) {
+               so = sonewconn(so);
+               if (so == 0)
+                       goto drop;
+               /*
+                * This is ugly, but ....
+                *
+                * Mark socket as temporary until we're
+                * committed to keeping it.  The code at
+                * ``drop'' and ``dropwithreset'' check the
+                * flag dropsocket to see if the temporary
+                * socket created here should be discarded.
+                * We mark the socket as discardable until
+                * we're committed to it below in TCPS_LISTEN.
+                */
+               dropsocket++;
+               inp = (struct inpcb *)so->so_pcb;
+               inp->inp_laddr = ti->ti_dst;
+               inp->inp_lport = ti->ti_dport;
+               tp = intotcpcb(inp);
+               tp->t_state = TCPS_LISTEN;
+       }
  
         /*
          * Segment received on connection.
  
         /*
          * Segment received on connection.
@@ -192,36 +212,49 @@ COUNT(TCP_INPUT);
          * Enter SYN_RECEIVED state, and process any other fields of this
          * segment in this state.
          */
          * Enter SYN_RECEIVED state, and process any other fields of this
          * segment in this state.
          */
-       case TCPS_LISTEN:
+       case TCPS_LISTEN: {
+               struct mbuf *am;
+               register struct sockaddr_in *sin;
+
                 if (tiflags & TH_RST)
                         goto drop;
                 if (tiflags & TH_ACK)
                         goto dropwithreset;
                 if ((tiflags & TH_SYN) == 0)
                         goto drop;
                 if (tiflags & TH_RST)
                         goto drop;
                 if (tiflags & TH_ACK)
                         goto dropwithreset;
                 if ((tiflags & TH_SYN) == 0)
                         goto drop;
-               tcp_in.sin_addr = ti->ti_src;
-               tcp_in.sin_port = ti->ti_sport;
+               am = m_get(M_DONTWAIT, MT_SONAME);
+               if (am == NULL)
+                       goto drop;
+               am->m_len = sizeof (struct sockaddr_in);
+               sin = mtod(am, struct sockaddr_in *);
+               sin->sin_family = AF_INET;
+               sin->sin_addr = ti->ti_src;
+               sin->sin_port = ti->ti_sport;
                 laddr = inp->inp_laddr;
                 laddr = inp->inp_laddr;
-               if (inp->inp_laddr.s_addr == 0)
+               if (inp->inp_laddr.s_addr == INADDR_ANY)
                         inp->inp_laddr = ti->ti_dst;
                         inp->inp_laddr = ti->ti_dst;
-               if (in_pcbconnect(inp, (struct sockaddr_in *)&tcp_in)) {
+               if (in_pcbconnect(inp, am)) {
                         inp->inp_laddr = laddr;
                         inp->inp_laddr = laddr;
+                       (void) m_free(am);
                         goto drop;
                 }
                         goto drop;
                 }
+               (void) m_free(am);
                 tp->t_template = tcp_template(tp);
                 if (tp->t_template == 0) {
                         in_pcbdisconnect(inp);
                         inp->inp_laddr = laddr;
                 tp->t_template = tcp_template(tp);
                 if (tp->t_template == 0) {
                         in_pcbdisconnect(inp);
                         inp->inp_laddr = laddr;
+                       tp = 0;
                         goto drop;
                 }
                         goto drop;
                 }
-               in_setsockaddr(inp);
                 tp->iss = tcp_iss; tcp_iss += TCP_ISSINCR/2;
                 tp->irs = ti->ti_seq;
                 tcp_sendseqinit(tp);
                 tcp_rcvseqinit(tp);
                 tp->t_state = TCPS_SYN_RECEIVED;
                 tp->t_timer[TCPT_KEEP] = TCPTV_KEEP;
                 tp->iss = tcp_iss; tcp_iss += TCP_ISSINCR/2;
                 tp->irs = ti->ti_seq;
                 tcp_sendseqinit(tp);
                 tcp_rcvseqinit(tp);
                 tp->t_state = TCPS_SYN_RECEIVED;
                 tp->t_timer[TCPT_KEEP] = TCPTV_KEEP;
+               dropsocket = 0;         /* committed to socket */
                 goto trimthenstep6;
                 goto trimthenstep6;
+               }
  
         /*
          * If the state is SYN_SENT:
  
         /*
          * If the state is SYN_SENT:
@@ -243,7 +276,7 @@ COUNT(TCP_INPUT);
                         goto dropwithreset;
                 if (tiflags & TH_RST) {
                         if (tiflags & TH_ACK)
                         goto dropwithreset;
                 if (tiflags & TH_RST) {
                         if (tiflags & TH_ACK)
-                               tcp_drop(tp, ECONNREFUSED);
+                               tp = tcp_drop(tp, ECONNREFUSED);
                         goto drop;
                 }
                 if ((tiflags & TH_SYN) == 0)
                         goto drop;
                 }
                 if ((tiflags & TH_SYN) == 0)
@@ -256,8 +289,6 @@ COUNT(TCP_INPUT);
                 tcp_rcvseqinit(tp);
                 tp->t_flags |= TF_ACKNOW;
                 if (SEQ_GT(tp->snd_una, tp->iss)) {
                 tcp_rcvseqinit(tp);
                 tp->t_flags |= TF_ACKNOW;
                 if (SEQ_GT(tp->snd_una, tp->iss)) {
-                       if (so->so_options & SO_ACCEPTCONN)
-                               so->so_state |= SS_CONNAWAITING;
                         soisconnected(so);
                         tp->t_state = TCPS_ESTABLISHED;
                         (void) tcp_reass(tp, (struct tcpiphdr *)0);
                         soisconnected(so);
                         tp->t_state = TCPS_ESTABLISHED;
                         (void) tcp_reass(tp, (struct tcpiphdr *)0);
@@ -317,7 +348,8 @@ trimthenstep6:
                                         tiflags &= ~TH_URG;
                                 todrop--;
                         }
                                         tiflags &= ~TH_URG;
                                 todrop--;
                         }
-                       if (todrop > ti->ti_len)
+                       if (todrop > ti->ti_len ||
+                           todrop == ti->ti_len && (tiflags&TH_FIN) == 0)
                                 goto dropafterack;
                         m_adj(m, todrop);
                         ti->ti_seq += todrop;
                                 goto dropafterack;
                         m_adj(m, todrop);
                         ti->ti_seq += todrop;
@@ -336,7 +368,7 @@ trimthenstep6:
                  */
                 todrop = (ti->ti_seq+ti->ti_len) - (tp->rcv_nxt+tp->rcv_wnd);
                 if (todrop > 0) {
                  */
                 todrop = (ti->ti_seq+ti->ti_len) - (tp->rcv_nxt+tp->rcv_wnd);
                 if (todrop > 0) {
-                       if (todrop > ti->ti_len)
+                       if (todrop >= ti->ti_len)
                                 goto dropafterack;
                         m_adj(m, -todrop);
                         ti->ti_len -= todrop;
                                 goto dropafterack;
                         m_adj(m, -todrop);
                         ti->ti_len -= todrop;
@@ -345,11 +377,12 @@ trimthenstep6:
         }
  
         /*
         }
  
         /*
-        * If a segment is received on a connection after the
+        * If data is received on a connection after the
          * user processes are gone, then RST the other end.
          */
          * user processes are gone, then RST the other end.
          */
-       if (so->so_state & SS_USERGONE) {
-               tcp_close(tp);
+       if ((so->so_state & SS_NOFDREF) && tp->t_state > TCPS_CLOSE_WAIT &&
+           ti->ti_len) {
+               tp = tcp_close(tp);
                 goto dropwithreset;
         }
  
                 goto dropwithreset;
         }
  
@@ -366,32 +399,20 @@ trimthenstep6:
         if (tiflags&TH_RST) switch (tp->t_state) {
  
         case TCPS_SYN_RECEIVED:
         if (tiflags&TH_RST) switch (tp->t_state) {
  
         case TCPS_SYN_RECEIVED:
-               if (inp->inp_socket->so_options & SO_ACCEPTCONN) {
-                       /* a miniature tcp_close, but invisible to user */
-                       (void) m_free(dtom(tp->t_template));
-                       (void) m_free(dtom(tp));
-                       inp->inp_ppcb = 0;
-                       tp = tcp_newtcpcb(inp);
-                       tp->t_state = TCPS_LISTEN;
-                       inp->inp_faddr.s_addr = 0;
-                       inp->inp_fport = 0;
-                       inp->inp_laddr.s_addr = 0;      /* not quite right */
-                       goto drop;
-               }
-               tcp_drop(tp, ECONNREFUSED);
+               tp = tcp_drop(tp, ECONNREFUSED);
                 goto drop;
  
         case TCPS_ESTABLISHED:
         case TCPS_FIN_WAIT_1:
         case TCPS_FIN_WAIT_2:
         case TCPS_CLOSE_WAIT:
                 goto drop;
  
         case TCPS_ESTABLISHED:
         case TCPS_FIN_WAIT_1:
         case TCPS_FIN_WAIT_2:
         case TCPS_CLOSE_WAIT:
-               tcp_drop(tp, ECONNRESET);
+               tp = tcp_drop(tp, ECONNRESET);
                 goto drop;
  
         case TCPS_CLOSING:
         case TCPS_LAST_ACK:
         case TCPS_TIME_WAIT:
                 goto drop;
  
         case TCPS_CLOSING:
         case TCPS_LAST_ACK:
         case TCPS_TIME_WAIT:
-               tcp_close(tp);
+               tp = tcp_close(tp);
                 goto drop;
         }
  
                 goto drop;
         }
  
@@ -400,7 +421,7 @@ trimthenstep6:
          * error and we send an RST and drop the connection.
          */
         if (tiflags & TH_SYN) {
          * error and we send an RST and drop the connection.
          */
         if (tiflags & TH_SYN) {
-               tcp_drop(tp, ECONNRESET);
+               tp = tcp_drop(tp, ECONNRESET);
                 goto dropwithreset;
         }
  
                 goto dropwithreset;
         }
  
@@ -428,8 +449,6 @@ trimthenstep6:
                 if (SEQ_LT(tp->snd_nxt, tp->snd_una))
                         tp->snd_nxt = tp->snd_una;
                 tp->t_timer[TCPT_REXMT] = 0;
                 if (SEQ_LT(tp->snd_nxt, tp->snd_una))
                         tp->snd_nxt = tp->snd_una;
                 tp->t_timer[TCPT_REXMT] = 0;
-               if (so->so_options & SO_ACCEPTCONN)
-                       so->so_state |= SS_CONNAWAITING;
                 soisconnected(so);
                 tp->t_state = TCPS_ESTABLISHED;
                 (void) tcp_reass(tp, (struct tcpiphdr *)0);
                 soisconnected(so);
                 tp->t_state = TCPS_ESTABLISHED;
                 (void) tcp_reass(tp, (struct tcpiphdr *)0);
@@ -470,7 +489,6 @@ trimthenstep6:
                                 tp->t_srtt =
                                     tcp_alpha * tp->t_srtt +
                                     (1 - tcp_alpha) * tp->t_rtt;
                                 tp->t_srtt =
                                     tcp_alpha * tp->t_srtt +
                                     (1 - tcp_alpha) * tp->t_rtt;
-/* printf("rtt %d srtt*100 now %d\n", tp->t_rtt, (int)(tp->t_srtt*100)); */
                         tp->t_rtt = 0;
                 }
  
                         tp->t_rtt = 0;
                 }
  
@@ -490,7 +508,7 @@ trimthenstep6:
                         tp->snd_wnd -= acked;
                         acked = 0;
                 }
                         tp->snd_wnd -= acked;
                         acked = 0;
                 }
-               if (so->so_snd.sb_flags & SB_WAIT)
+               if ((so->so_snd.sb_flags & SB_WAIT) || so->so_snd.sb_sel)
                         sowwakeup(so);
                 tp->snd_una = ti->ti_ack;
                 if (SEQ_LT(tp->snd_nxt, tp->snd_una))
                         sowwakeup(so);
                 tp->snd_una = ti->ti_ack;
                 if (SEQ_LT(tp->snd_nxt, tp->snd_una))
@@ -538,7 +556,7 @@ trimthenstep6:
                  */
                 case TCPS_LAST_ACK:
                         if (ourfinisacked)
                  */
                 case TCPS_LAST_ACK:
                         if (ourfinisacked)
-                               tcp_close(tp);
+                               tp = tcp_close(tp);
                         goto drop;
  
                 /*
                         goto drop;
  
                 /*
@@ -563,14 +581,27 @@ step6:
                 tp->snd_wnd = ti->ti_win;
                 tp->snd_wl1 = ti->ti_seq;
                 tp->snd_wl2 = ti->ti_ack;
                 tp->snd_wnd = ti->ti_win;
                 tp->snd_wl1 = ti->ti_seq;
                 tp->snd_wl2 = ti->ti_ack;
-               if (tp->snd_wnd > 0)
+               if (tp->snd_wnd != 0)
                         tp->t_timer[TCPT_PERSIST] = 0;
         }
  
         /*
          * Process segments with URG.
          */
                         tp->t_timer[TCPT_PERSIST] = 0;
         }
  
         /*
          * Process segments with URG.
          */
-       if ((tiflags & TH_URG) && TCPS_HAVERCVDFIN(tp->t_state) == 0) {
+       if ((tiflags & TH_URG) && ti->ti_urp &&
+           TCPS_HAVERCVDFIN(tp->t_state) == 0) {
+               /*
+                * This is a kludge, but if we receive accept
+                * random urgent pointers, we'll crash in
+                * soreceive.  It's hard to imagine someone
+                * actually wanting to send this much urgent data.
+                */
+               if (ti->ti_urp > tp->t_maxseg) {        /* XXX */
+                       ti->ti_urp = 0;                 /* XXX */
+                       tiflags &= ~TH_URG;             /* XXX */
+                       ti->ti_flags &= ~TH_URG;        /* XXX */
+                       goto badurp;                    /* XXX */
+               }
                 /*
                  * If this segment advances the known urgent pointer,
                  * then mark the data stream.  This should not happen
                 /*
                  * If this segment advances the known urgent pointer,
                  * then mark the data stream.  This should not happen
@@ -584,10 +615,7 @@ step6:
                             (tp->rcv_up - tp->rcv_nxt) - 1;
                         if (so->so_oobmark == 0)
                                 so->so_state |= SS_RCVATMARK;
                             (tp->rcv_up - tp->rcv_nxt) - 1;
                         if (so->so_oobmark == 0)
                                 so->so_state |= SS_RCVATMARK;
-#ifdef TCPTRUEOOB
-                       if ((tp->t_flags & TF_DOOOB) == 0)
-#endif
-                               sohasoutofband(so);
+                       sohasoutofband(so);
                         tp->t_oobflags &= ~TCPOOB_HAVEDATA;
                 }
                 /*
                         tp->t_oobflags &= ~TCPOOB_HAVEDATA;
                 }
                 /*
@@ -596,10 +624,10 @@ step6:
                  * but if two URG's are pending at once, some out-of-band
                  * data may creep in... ick.
                  */
                  * but if two URG's are pending at once, some out-of-band
                  * data may creep in... ick.
                  */
-               if (ti->ti_urp <= ti->ti_len) {
+               if (ti->ti_urp <= ti->ti_len)
                         tcp_pulloutofband(so, ti);
                         tcp_pulloutofband(so, ti);
-               }
         }
         }
+badurp:                                                        /* XXX */
  
         /*
          * Process the segment text, merging it into the TCP sequencing queue,
  
         /*
          * Process the segment text, merging it into the TCP sequencing queue,
@@ -681,17 +709,22 @@ step6:
  
  dropafterack:
         /*
  
  dropafterack:
         /*
-        * Generate an ACK dropping incoming segment.
-        * Make ACK reflect our state.
+        * Generate an ACK dropping incoming segment if it occupies
+        * sequence space, where the ACK reflects our state.
          */
          */
-       if (tiflags & TH_RST)
+       if ((tiflags&TH_RST) ||
+           tlen == 0 && (tiflags&(TH_SYN|TH_FIN)) == 0)
                 goto drop;
                 goto drop;
+       if (tp->t_inpcb->inp_socket->so_options & SO_DEBUG)
+               tcp_trace(TA_RESPOND, ostate, tp, &tcp_saveti, 0);
         tcp_respond(tp, ti, tp->rcv_nxt, tp->snd_nxt, TH_ACK);
         return;
  
  dropwithreset:
         tcp_respond(tp, ti, tp->rcv_nxt, tp->snd_nxt, TH_ACK);
         return;
  
  dropwithreset:
-       if (om)
+       if (om) {
                 (void) m_free(om);
                 (void) m_free(om);
+               om = 0;
+       }
         /*
          * Generate a RST, dropping incoming segment.
          * Make ACK acceptable to originator of segment.
         /*
          * Generate a RST, dropping incoming segment.
          * Make ACK acceptable to originator of segment.
@@ -703,15 +736,26 @@ dropwithreset:
         else {
                 if (tiflags & TH_SYN)
                         ti->ti_len++;
         else {
                 if (tiflags & TH_SYN)
                         ti->ti_len++;
-               tcp_respond(tp, ti, ti->ti_seq+ti->ti_len, (tcp_seq)0, TH_RST|TH_ACK);
+               tcp_respond(tp, ti, ti->ti_seq+ti->ti_len, (tcp_seq)0,
+                   TH_RST|TH_ACK);
         }
         }
+       /* destroy temporarily created socket */
+       if (dropsocket)
+               (void) soabort(so);
         return;
  
  drop:
         return;
  
  drop:
+       if (om)
+               (void) m_free(om);
         /*
          * Drop space held by incoming segment and return.
          */
         /*
          * Drop space held by incoming segment and return.
          */
+       if (tp && (tp->t_inpcb->inp_socket->so_options & SO_DEBUG))
+               tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0);
         m_freem(m);
         m_freem(m);
+       /* destroy temporarily created socket */
+       if (dropsocket)
+               (void) soabort(so);
         return;
  }
  
         return;
  }
  
@@ -730,8 +774,11 @@ tcp_dooptions(tp, om)
                         break;
                 if (opt == TCPOPT_NOP)
                         optlen = 1;
                         break;
                 if (opt == TCPOPT_NOP)
                         optlen = 1;
-               else
+               else {
                         optlen = cp[1];
                         optlen = cp[1];
+                       if (optlen <= 0)
+                               break;
+               }
                 switch (opt) {
  
                 default:
                 switch (opt) {
  
                 default:
@@ -741,63 +788,9 @@ tcp_dooptions(tp, om)
                         if (optlen != 4)
                                 continue;
                         tp->t_maxseg = *(u_short *)(cp + 2);
                         if (optlen != 4)
                                 continue;
                         tp->t_maxseg = *(u_short *)(cp + 2);
-#if vax
                         tp->t_maxseg = ntohs((u_short)tp->t_maxseg);
                         tp->t_maxseg = ntohs((u_short)tp->t_maxseg);
-#endif
-                       break;
-                       
-#ifdef TCPTRUEOOB
-               case TCPOPT_WILLOOB:
-                       tp->t_flags |= TF_DOOOB;
-printf("tp %x dooob\n", tp);
-                       break;
-
-               case TCPOPT_OOBDATA: {
-                       int seq;
-                       register struct socket *so = tp->t_inpcb->inp_socket;
-                       tcp_seq mark;
-
-                       if (optlen != 8)
-                               continue;
-                       seq = cp[2];
-                       if (seq < tp->t_iobseq)
-                               seq += 256;
-printf("oobdata cp[2] %d iobseq %d seq %d\n", cp[2], tp->t_iobseq, seq);
-                       if (seq - tp->t_iobseq > 128) {
-printf("bad seq\n");
-                               tp->t_oobflags |= TCPOOB_OWEACK;
-                               break;
-                       }
-                       tp->t_iobseq = cp[2];
-                       tp->t_iobc = cp[3];
-                       mark = *(tcp_seq *)(cp + 4);
-#if vax
-                       mark = ntohl(mark);
-#endif
-                       so->so_oobmark = so->so_rcv.sb_cc + (mark-tp->rcv_nxt);
-                       if (so->so_oobmark == 0)
-                               so->so_state |= SS_RCVATMARK;
-printf("take oob data %x input iobseq now %x\n", tp->t_iobc, tp->t_iobseq);
-                       sohasoutofband(so);
-                       break;
-               }
-
-               case TCPOPT_OOBACK: {
-                       int seq;
-
-                       if (optlen != 4)
-                               continue;
-                       if (tp->t_oobseq != cp[2]) {
-printf("wrong ack\n");
-                               break;
-                       }
-printf("take oob ack %x and cancel rexmt\n", cp[2]);
-                       tp->t_oobflags &= ~TCPOOB_NEEDACK;
-                       tp->t_timer[TCPT_OOBREXMT] = 0;
                         break;
                 }
                         break;
                 }
-#endif TCPTRUEOOB
-               }
         }
         (void) m_free(om);
  }
         }
         (void) m_free(om);
  }
@@ -848,7 +841,6 @@ tcp_reass(tp, ti)
         struct socket *so = tp->t_inpcb->inp_socket;
         struct mbuf *m;
         int flags;
         struct socket *so = tp->t_inpcb->inp_socket;
         struct mbuf *m;
         int flags;
-COUNT(TCP_REASS);
  
         /*
          * Call with ti==0 after become established to
  
         /*
          * Call with ti==0 after become established to
@@ -878,7 +870,7 @@ COUNT(TCP_REASS);
                 if (i > 0) {
                         if (i >= ti->ti_len)
                                 goto drop;
                 if (i > 0) {
                         if (i >= ti->ti_len)
                                 goto drop;
-                       m_adj(dtom(tp), i);
+                       m_adj(dtom(ti), i);
                         ti->ti_len -= i;
                         ti->ti_seq += i;
                 }
                         ti->ti_len -= i;
                         ti->ti_seq += i;
                 }