> I ported the icmp patches from OpenBSD that fix the problems described in:
> 
>         http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
> 
> Please let me know what you think.

why optional?

> +		if (SEQ_LT(seq, tp->snd_una) || SEQ_GEQ(seq, tp->snd_max))
> +			return NULL;

is this PRC_MSGSIZE-specific?

> @@ -232,6 +233,32 @@
>  		splx(s);
>  		return;
>  	}
> +#ifdef STRICT_ICMP
> +	if ((tp->t_flags & TF_PMTUD_PEND) && tp->t_inpcb &&
> +	    SEQ_GEQ(tp->t_pmtud_th_seq, tp->snd_una) &&
> +	    SEQ_LT(tp->t_pmtud_th_seq, (int)(tp->snd_una + tp->t_ourmss))) {
> +		extern struct sockaddr_in icmpsrc;
> +		struct icmp icmp;

it's in tcp_delack(), while openbsd does this in tcp_timer_rexmt().
is it intended?

YAMAMOTO Takashi