From owner-freebsd-hackers  Mon Jun 23 07:46:17 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id HAA07217
          for hackers-outgoing; Mon, 23 Jun 1997 07:46:17 -0700 (PDT)
Received: from Xopek.Card.Ru (root@Xopek.Card.Ru [194.58.132.252])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA07211
          for <freebsd-hackers@freebsd.org>; Mon, 23 Jun 1997 07:46:08 -0700 (PDT)
Received: (from root@localhost) by Xopek.Card.Ru (8.8.5/8.6.12) id VAA06431 for freebsd-hackers@freebsd.org; Mon, 23 Jun 1997 21:45:54 +0700 (NSD)
Date: Mon, 23 Jun 1997 21:45:54 +0700 (NSD)
From: serge terekhov <sts@card.ru>
Message-Id: <199706231445.VAA06431@Xopek.Card.Ru>
To: freebsd-hackers@freebsd.org
Subject: Little help needed.
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Hi,

i am not a big kernel guru - and after upgrading 2.1.0R -> 2.2.2R i got
a little problem porting screend firewall daemon (extensively patched by
me). i have a little routine in kernel space which sends TCP RST packet
as an answer on TCP SYN packet for unwanted incoming TCP session init
request. and this routine makes 2.2.2 to die silently, restarting pc
without any panic or other warning.. please anyone who can help me - comment
this. the code, patched a little for 2.2.2 already, follows.

static void
ip_gwtcprst(pkt)
struct mbuf *pkt;
{
	struct tcpiphdr *ti, *tp;
	struct ip *ii, *ip;
	struct tcphdr *tcp;
	struct mbuf *m;
	int tlen = 0;

	ti = mtod (pkt, struct tcpiphdr *);
	ii = mtod (pkt, struct ip *);
	if (IP_VHL_V (ii->ip_vhl) != IPVERSION || ii->ip_p != IPPROTO_TCP)
		return;			/* foolproofing ;) */
	if (ti->ti_flags & TH_RST)
		return;              /* feedback loop */
        m = m_gethdr (M_DONTWAIT, MT_HEADER);
	if (!m)
		return;
        m->m_data += max_linkhdr;
        if (ti->ti_flags & TH_SYN)
                tlen = 1;
        m->m_len = sizeof (struct tcpiphdr);
        m->m_pkthdr.len = sizeof (struct tcpiphdr);
        m->m_pkthdr.rcvif = (struct ifnet *)0;
        bzero (mtod (m, char *), sizeof (struct tcpiphdr));

        ip = mtod (m, struct ip *);
        tp = mtod (m, struct tcpiphdr *);
        tcp = (struct tcphdr *) ((char *)ip + sizeof (struct ip));
        ip->ip_src.s_addr = ti->ti_dst.s_addr;
        ip->ip_dst.s_addr = ti->ti_src.s_addr;
        tcp->th_dport = ti->ti_sport;
        tcp->th_sport = ti->ti_dport;
        tcp->th_ack = htonl (ntohl (ti->ti_seq) + tlen);
        tcp->th_off = sizeof (struct tcphdr) >> 2;
        tcp->th_flags = TH_RST|TH_ACK;
        tp->ti_pr = ii->ip_p;
        tp->ti_len = htons (sizeof (struct tcphdr));
        tcp->th_sum = in_cksum (m, sizeof (struct tcpiphdr));
	ip->ip_vhl = IP_MAKE_VHL (IPVERSION, sizeof (struct ip) >> 2);
        ip->ip_tos = ii->ip_tos;
        ip->ip_id = ii->ip_id;
        ip->ip_off = ii->ip_off;
        ip->ip_p = ii->ip_p;
        ip->ip_len = sizeof (struct tcpiphdr);
        ip->ip_ttl = ip_defttl;
        /*
         * extra 0 in case of multicast
         */
        (void) ip_output(m, (struct mbuf *)0, 0, IP_FORWARDING, 0);
}


ciao,
/serge