[src/netbsd-3-0]: src/sys/netinet Pull up following revision(s) (requested by...

[ghen <ghen%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3aa4f6f0a9d3
branches:  netbsd-3-0
changeset: 579327:3aa4f6f0a9d3
user:      ghen <ghen%NetBSD.org@localhost>
date:      Thu Oct 26 10:51:14 2006 +0000

description:
Pull up following revision(s) (requested by rpaulo in ticket #1547):
        sys/netinet/tcp_input.c: revision 1.250
PR 34776: don't accept TCP connections to broadcast addresses.
Move the multicast/broadcast check above (before creating a
syn_cache entry)
By Yasuoka Yasuoka.

diffstat:

 sys/netinet/tcp_input.c |  43 ++++++++++++++++++++-----------------------
 1 files changed, 20 insertions(+), 23 deletions(-)

diffs (72 lines):

diff -r 9159e26f134f -r 3aa4f6f0a9d3 sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c   Thu Oct 26 10:23:23 2006 +0000
+++ b/sys/netinet/tcp_input.c   Thu Oct 26 10:51:14 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_input.c,v 1.224.2.2 2005/04/28 11:02:08 tron Exp $ */
+/*     $NetBSD: tcp_input.c,v 1.224.2.2.2.1 2006/10/26 10:51:14 ghen Exp $     */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -150,7 +150,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.224.2.2 2005/04/28 11:02:08 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.224.2.2.2.1 2006/10/26 10:51:14 ghen Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -1385,7 +1385,25 @@
                        } else {
                                /*
                                 * Received a SYN.
+                                *
+                                * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
                                 */
+                               if (m->m_flags & (M_BCAST|M_MCAST))
+                                       goto drop;
+
+                               switch (af) {
+#ifdef INET6
+                               case AF_INET6:
+                                       if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
+                                               goto drop;
+                                       break;
+#endif /* INET6 */
+                               case AF_INET:
+                                       if (IN_MULTICAST(ip->ip_dst.s_addr) ||
+                                           in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
+                                               goto drop;
+                               break;
+                               }
 
 #ifdef INET6
                                /*
@@ -1684,27 +1702,6 @@
        }
 
        switch (tp->t_state) {
-       case TCPS_LISTEN:
-               /*
-                * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
-                */
-               if (m->m_flags & (M_BCAST|M_MCAST))
-                       goto drop;
-               switch (af) {
-#ifdef INET6
-               case AF_INET6:
-                       if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
-                               goto drop;
-                       break;
-#endif /* INET6 */
-               case AF_INET:
-                       if (IN_MULTICAST(ip->ip_dst.s_addr) ||
-                           in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
-                               goto drop;
-                       break;
-               }
-               break;
-
        /*
         * If the state is SYN_SENT:
         *      if seg contains an ACK, but not for our SYN, drop the input.