tcp syn cache address family

Wed, 13 Jun 2018 16:02:17 -0700 

Hi,

In syn_cache_get() the INP_IPV6 flag was checked in the AF_INET
case, but not for AF_INET6.  In fact the check should be done in
syn_cache_lookup() so that the received syn cache entry has the
correct address family.

ok?

bluhm

Index: netinet/tcp_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.356
diff -u -p -r1.356 tcp_input.c
--- netinet/tcp_input.c 11 Jun 2018 07:40:26 -0000      1.356
+++ netinet/tcp_input.c 13 Jun 2018 22:33:01 -0000
@@ -3390,7 +3390,9 @@ syn_cache_lookup(struct sockaddr *src, s
                TAILQ_FOREACH(sc, &scp->sch_bucket, sc_bucketq) {
                        if (sc->sc_hash != hash)
                                continue;
-                       if (!bcmp(&sc->sc_src, src, src->sa_len) &&
+                       if (sc->sc_src.sa.sa_family == src->sa_family &&
+                           sc->sc_dst.sa.sa_family == dst->sa_family &&
+                           !bcmp(&sc->sc_src, src, src->sa_len) &&
                            !bcmp(&sc->sc_dst, dst, dst->sa_len) &&
                            rtable_l2(rtableid) == rtable_l2(sc->sc_rtableid))
                                return (sc);
@@ -3540,11 +3542,6 @@ syn_cache_get(struct sockaddr *src, stru
 
        switch (src->sa_family) {
        case AF_INET:
-               /* drop IPv4 packet to AF_INET6 socket */
-               if (inp->inp_flags & INP_IPV6) {
-                       (void) m_free(am);
-                       goto resetandabort;
-               }
                if (in_pcbconnect(inp, am)) {
                        (void) m_free(am);
                        goto resetandabort;

Reply via email to