Module Name:	syssrc
Committed By:	itojun
Date:		Fri Jul 28 02:31:13 UTC 2000

Modified Files:
	syssrc/sys/netinet [netbsd-1-5]: tcp_input.c

Log Message:
pullup 1.114 -> 1.115 (approved by releng-1-5)

 > be proactive about unspecified IPv6 source address.  pcb layer uses
 > unspecified address (::) to mean "unbounded" or "unconnected",
 > and can be confused by packets from outside.
 >
 > use of :: as source is not documented well in IPv6 specification.
 >
 > not sure if it presents a real threat.  the worst case scenario is a DoS
 > against TCP listening socket:
 > - - outsider transmit TCP SYN with :: as IPv6 source
 > - - receiving side creates TCP control block with:
 >      local address = my addres
 >      remote address = ::     (meaning "unconnected")
 >      state = SYN_RCVD
 >   note that SYN ACK will not be sent due to ip6_output() filter.
 >   this stays until it timeouts.
 > - - the TCP control block prevents listening TCP control block from
 >   being contacted (DoS).
 >
 > udp6/raw6 socket may have similar problem, but as they are connectionless,
 > it may too much to filter it out.


To generate a diff of this commit:
cvs rdiff -r1.108.4.5 -r1.108.4.6 syssrc/sys/netinet/tcp_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.