author: Garrett Wollman <wollman@FreeBSD.org> 1997-11-20 21:45:34 +0000
committer: Garrett Wollman <wollman@FreeBSD.org> 1997-11-20 21:45:34 +0000
commit: ab90fea96b209743d9586fba5e08aede61f47563 (patch)
tree: 79f770e7016116463c5be21eabcb2d1e8602338a /sys/netinet
parent: 157288d3669f7154c80156d0ac306f6261f290c9 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 66d18e089b1c..f775ed8a4a41 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)tcp_input.c	8.12 (Berkeley) 5/24/95
- *	$Id: tcp_input.c,v 1.54.2.4 1997/09/30 16:43:38 fenner Exp $
+ *	$Id: tcp_input.c,v 1.54.2.5 1997/10/04 08:54:12 davidg Exp $
  */
 
 #include "opt_tcpdebug.h"
@@ -318,6 +318,19 @@ tcp_input(m, iphlen)
 #endif /* TUBA_INCLUDE */
 
 	/*
+	 * Reject attempted self-connects.  XXX This actually masks
+	 * a bug elsewhere, since self-connect should work.
+	 * However, a urrently-active DoS attack in the Internet
+	 * sends a phony self-connect request which causes an infinite
+	 * loop.
+	 */
+	if (ti->ti_src.s_addr == ti->ti_dst.s_addr
+	    && ti->ti_sport == ti->ti_dport) {
+		tcpstat.tcps_badsyn++;
+		goto drop;
+	}
+
+	/*
 	 * Check that TCP offset makes sense,
 	 * pull out TCP options and adjust length.		XXX
 	 */
author	Garrett Wollman <wollman@FreeBSD.org>	1997-11-20 21:45:34 +0000
committer	Garrett Wollman <wollman@FreeBSD.org>	1997-11-20 21:45:34 +0000
commit	ab90fea96b209743d9586fba5e08aede61f47563 (patch)
tree	79f770e7016116463c5be21eabcb2d1e8602338a /sys/netinet
parent	157288d3669f7154c80156d0ac306f6261f290c9 (diff)