diff options
author | Andre Oppermann <andre@FreeBSD.org> | 2005-04-21 12:37:12 +0000 |
---|---|---|
committer | Andre Oppermann <andre@FreeBSD.org> | 2005-04-21 12:37:12 +0000 |
commit | 1600372b6b8f7d4f5d6c90a480c7e18434111f9f (patch) | |
tree | 7b9a0e3c485902d0bc77850e4bcc3582acddb4c4 /sys/netinet/tcp_output.c | |
parent | 1d968d225ff78310fc4fd829fc6f79936d354f3f (diff) | |
download | src-1600372b6b8f7d4f5d6c90a480c7e18434111f9f.tar.gz src-1600372b6b8f7d4f5d6c90a480c7e18434111f9f.zip |
Ignore ICMP Source Quench messages for TCP sessions. Source Quench is
ineffective, depreciated and can be abused to degrade the performance
of active TCP sessions if spoofed.
Replace a bogus call to tcp_quench() in tcp_output() with the direct
equivalent tcpcb variable assignment.
Security: draft-gont-tcpm-icmp-attacks-03.txt Section 7.1
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=145355
Diffstat (limited to 'sys/netinet/tcp_output.c')
-rw-r--r-- | sys/netinet/tcp_output.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index fce9c9c448a1..37a4ef1f94dd 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1066,7 +1066,7 @@ out: !callout_active(tp->tt_persist)) callout_reset(tp->tt_rexmt, tp->t_rxtcur, tcp_timer_rexmt, tp); - tcp_quench(tp->t_inpcb, 0); + tp->snd_cwnd = tp->t_maxseg; return (0); } if (error == EMSGSIZE) { |