Module Name:    src
Committed By:   roy
Date:           Tue Sep 20 14:30:13 UTC 2016

Modified Files:
        src/sys/netinet: ip_output.c
        src/sys/netinet6: ip6_output.c

Log Message:
Drop UDP packets as well as TCP without error when sending from detached or
tentative addresses.


To generate a diff of this commit:
cvs rdiff -u -r1.262 -r1.263 src/sys/netinet/ip_output.c
cvs rdiff -u -r1.174 -r1.175 src/sys/netinet6/ip6_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/ip_output.c
diff -u src/sys/netinet/ip_output.c:1.262 src/sys/netinet/ip_output.c:1.263
--- src/sys/netinet/ip_output.c:1.262	Sun Sep 18 02:17:43 2016
+++ src/sys/netinet/ip_output.c	Tue Sep 20 14:30:13 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_output.c,v 1.262 2016/09/18 02:17:43 christos Exp $	*/
+/*	$NetBSD: ip_output.c,v 1.263 2016/09/20 14:30:13 roy Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.262 2016/09/18 02:17:43 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.263 2016/09/20 14:30:13 roy Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -617,7 +617,7 @@ sendit:
 	KASSERT(ia == NULL);
 	ia = in_get_ia_psref(ip->ip_src, &psref_ia);
 
-	/* Ensure we only sent from a valid address. */
+	/* Ensure we only send from a valid address. */
 	if ((ia != NULL || (flags & IP_FORWARDING) == 0) &&
 	    (error = ip_ifaddrvalid(ia)) != 0)
 	{
@@ -625,11 +625,12 @@ sendit:
 		    "refusing to send from invalid address %s (pid %d)\n",
 		    in_fmtaddr(ip->ip_src), curproc->p_pid);
 		IP_STATINC(IP_STAT_ODROPPED);
-		if (error == 1 && ip->ip_p == IPPROTO_TCP)
-			/* Address exists, but is tentative or detached.
+		if (error == 1)
+			/*
+			 * Address exists, but is tentative or detached.
 			 * We can't send from it because it's invalid,
-			 * so we drop the packet and continue ...
-			 * TCP will timeout eventually. */
+			 * so we drop the packet.
+			 */
 			error = 0;
 		else
 			error = EADDRNOTAVAIL;

Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.174 src/sys/netinet6/ip6_output.c:1.175
--- src/sys/netinet6/ip6_output.c:1.174	Thu Sep 15 18:25:45 2016
+++ src/sys/netinet6/ip6_output.c	Tue Sep 20 14:30:13 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_output.c,v 1.174 2016/09/15 18:25:45 roy Exp $	*/
+/*	$NetBSD: ip6_output.c,v 1.175 2016/09/20 14:30:13 roy Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.174 2016/09/15 18:25:45 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.175 2016/09/20 14:30:13 roy Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -552,16 +552,19 @@ ip6_output(
 
 	/* scope check is done. */
 
-	/* Ensure we only sent from a valid address. */
+	/* Ensure we only send from a valid address. */
 	if ((error = ip6_ifaddrvalid(&src0)) != 0) {
 		nd6log(LOG_ERR,
 		    "refusing to send from invalid address %s (pid %d)\n",
 		    ip6_sprintf(&src0), curproc->p_pid);
-		if (error == 1 && ip6->ip6_nxt == IPPROTO_TCP)
-			/* Address exists, but is tentative or detached.
+		IP6_STATINC(IP6_STAT_ODROPPED);
+		in6_ifstat_inc(origifp, ifs6_out_discard);
+		if (error == 1)
+			/*
+			 * Address exists, but is tentative or detached.
 			 * We can't send from it because it's invalid,
-			 * so we drop the packet and continue ...
-			 * TCP will timeout eventually. */
+			 * so we drop the packet.
+			 */
 			error = 0;
 		else
 			error = EADDRNOTAVAIL;

Reply via email to