author: Garrett Wollman <wollman@FreeBSD.org> 1997-11-20 20:04:49 +0000
committer: Garrett Wollman <wollman@FreeBSD.org> 1997-11-20 20:04:49 +0000
commit: 76d3eadb53d6ef98fe37a3af91d70218adead69f (patch)
tree: e72a439cb76ec1f9078c777e94dc4063f12cf9c5 /sys/netinet/tcp_input.c
parent: d447dbee36ff2a837dc8ff84a9091ee2e241a5a1 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 97855518c672..31fa80d1c7ab 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)tcp_input.c	8.12 (Berkeley) 5/24/95
- *	$Id: tcp_input.c,v 1.64 1997/10/28 15:58:52 bde Exp $
+ *	$Id: tcp_input.c,v 1.65 1997/11/07 08:53:21 phk Exp $
  */
 
 #include "opt_tcpdebug.h"
@@ -317,6 +317,19 @@ tcp_input(m, iphlen)
 #endif /* TUBA_INCLUDE */
 
 	/*
+	 * Reject attempted self-connects.  XXX This actually masks
+	 * a bug elsewhere, since self-connect should work.
+	 * However, a urrently-active DoS attack in the Internet
+	 * sends a phony self-connect request which causes an infinite
+	 * loop.
+	 */
+	if (ti->ti_src.s_addr == ti->ti_dst.s_addr
+	    && ti->ti_sport == ti->ti_dport) {
+		tcpstat.tcps_badsyn++;
+		goto drop;
+	}
+
+	/*
 	 * Check that TCP offset makes sense,
 	 * pull out TCP options and adjust length.		XXX
 	 */
author	Garrett Wollman <wollman@FreeBSD.org>	1997-11-20 20:04:49 +0000
committer	Garrett Wollman <wollman@FreeBSD.org>	1997-11-20 20:04:49 +0000
commit	76d3eadb53d6ef98fe37a3af91d70218adead69f (patch)
tree	e72a439cb76ec1f9078c777e94dc4063f12cf9c5 /sys/netinet/tcp_input.c
parent	d447dbee36ff2a837dc8ff84a9091ee2e241a5a1 (diff)