From owner-svn-src-head@freebsd.org  Fri Oct 21 10:32:59 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00B48C1B2AE;
 Fri, 21 Oct 2016 10:32:59 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id CC30E19B;
 Fri, 21 Oct 2016 10:32:58 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u9LAWv2Q007883;
 Fri, 21 Oct 2016 10:32:57 GMT (envelope-from tuexen@FreeBSD.org)
Received: (from tuexen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u9LAWv4k007879;
 Fri, 21 Oct 2016 10:32:57 GMT (envelope-from tuexen@FreeBSD.org)
Message-Id: <201610211032.u9LAWv4k007879@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: tuexen set sender to
 tuexen@FreeBSD.org using -f
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Fri, 21 Oct 2016 10:32:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r307726 - in head/sys: netinet netinet6
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 10:32:59 -0000

Author: tuexen
Date: Fri Oct 21 10:32:57 2016
New Revision: 307726
URL: https://svnweb.freebsd.org/changeset/base/307726

Log:
  Make ICMPv6 hard error handling for TCP consistent with the ICMPv4
  handling. Ensure that:
  * Protocol unreachable errors are handled by indicating ECONNREFUSED
    to the TCP user for both IPv4 and IPv6. These were ignored for IPv6.
  * Communication prohibited errors are handled by indicating ECONNREFUSED
    to the TCP user for both IPv4 and IPv6. These were ignored for IPv6.
  * Hop Limited exceeded errors are handled by indicating EHOSTUNREACH
    to the TCP user for both IPv4 and IPv6.
    For IPv6 the TCP connected was dropped but errno wasn't set.
  
  Reviewed by: gallatin, rrs
  MFC after: 1 month
  Sponsored by: Netflix
  Differential Revision: 7904

Modified:
  head/sys/netinet/ip_icmp.c
  head/sys/netinet/tcp_subr.c
  head/sys/netinet6/icmp6.c
  head/sys/netinet6/ip6_input.c

Modified: head/sys/netinet/ip_icmp.c
==============================================================================
--- head/sys/netinet/ip_icmp.c	Fri Oct 21 09:15:34 2016	(r307725)
+++ head/sys/netinet/ip_icmp.c	Fri Oct 21 10:32:57 2016	(r307726)
@@ -457,6 +457,8 @@ icmp_input(struct mbuf **mp, int *offp, 
 			 * Treat subcodes 2,3 as immediate RST
 			 */
 			case ICMP_UNREACH_PROTOCOL:
+				code = PRC_UNREACH_PROTOCOL;
+				break;
 			case ICMP_UNREACH_PORT:
 				code = PRC_UNREACH_PORT;
 				break;

Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c	Fri Oct 21 09:15:34 2016	(r307725)
+++ head/sys/netinet/tcp_subr.c	Fri Oct 21 10:32:57 2016	(r307726)
@@ -1968,7 +1968,8 @@ tcp_ctlinput(int cmd, struct sockaddr *s
 	if (cmd == PRC_MSGSIZE)
 		notify = tcp_mtudisc_notify;
 	else if (V_icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
-		cmd == PRC_UNREACH_PORT || cmd == PRC_TIMXCEED_INTRANS) && ip)
+		cmd == PRC_UNREACH_PORT || cmd == PRC_UNREACH_PROTOCOL || 
+		cmd == PRC_TIMXCEED_INTRANS) && ip)
 		notify = tcp_drop_syn_sent;
 
 	/*
@@ -2100,8 +2101,8 @@ tcp6_ctlinput(int cmd, struct sockaddr *
 	if (cmd == PRC_MSGSIZE)
 		notify = tcp_mtudisc_notify;
 	else if (V_icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
-		cmd == PRC_UNREACH_PORT || cmd == PRC_TIMXCEED_INTRANS) &&
-		ip6 != NULL)
+		cmd == PRC_UNREACH_PORT || cmd == PRC_UNREACH_PROTOCOL || 
+		cmd == PRC_TIMXCEED_INTRANS) && ip6 != NULL)
 		notify = tcp_drop_syn_sent;
 
 	/*

Modified: head/sys/netinet6/icmp6.c
==============================================================================
--- head/sys/netinet6/icmp6.c	Fri Oct 21 09:15:34 2016	(r307725)
+++ head/sys/netinet6/icmp6.c	Fri Oct 21 10:32:57 2016	(r307726)
@@ -490,7 +490,7 @@ icmp6_input(struct mbuf **mp, int *offp,
 			break;
 		case ICMP6_DST_UNREACH_ADMIN:
 			icmp6_ifstat_inc(ifp, ifs6_in_adminprohib);
-			code = PRC_UNREACH_PROTOCOL; /* is this a good code? */
+			code = PRC_UNREACH_ADMIN_PROHIB;
 			break;
 		case ICMP6_DST_UNREACH_BEYONDSCOPE:
 			/* I mean "source address was incorrect." */

Modified: head/sys/netinet6/ip6_input.c
==============================================================================
--- head/sys/netinet6/ip6_input.c	Fri Oct 21 09:15:34 2016	(r307725)
+++ head/sys/netinet6/ip6_input.c	Fri Oct 21 10:32:57 2016	(r307726)
@@ -1772,6 +1772,6 @@ u_char	inet6ctlerrmap[PRC_NCMDS] = {
 	0,		EMSGSIZE,	EHOSTDOWN,	EHOSTUNREACH,
 	EHOSTUNREACH,	EHOSTUNREACH,	ECONNREFUSED,	ECONNREFUSED,
 	EMSGSIZE,	EHOSTUNREACH,	0,		0,
-	0,		0,		0,		0,
-	ENOPROTOOPT
+	0,		0,		EHOSTUNREACH,	0,
+	ENOPROTOOPT,	ECONNREFUSED
 };