From owner-freebsd-current  Thu Oct 10 15:06:24 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA19744
          for current-outgoing; Thu, 10 Oct 1996 15:06:24 -0700 (PDT)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id PAA19725;
          Thu, 10 Oct 1996 15:05:55 -0700 (PDT)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <15734(7)>; Thu, 10 Oct 1996 15:01:58 PDT
Received: by crevenia.parc.xerox.com id <177476>; Thu, 10 Oct 1996 15:01:40 -0700
From: Bill Fenner <fenner@parc.xerox.com>
To: fenner@parc.xerox.com, karl@mcs.net
Subject: Re: Crash in -current (from the current SNAP)
Cc: current@freebsd.org, hackers@freebsd.org, pst@jnx.com
Message-Id: <96Oct10.150140pdt.177476@crevenia.parc.xerox.com>
Date: Thu, 10 Oct 1996 15:01:25 PDT
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>Me smells a problem with the SYN flood patch.

Yup.  Looks to me like tcp_drop() freed the tcpcb/inpcb, but then tcp_input()
wants to use the tcpcb/inpcb.  I suspect that an OK patch might be to turn
the code around line 420 of tcp_input.c into

			if (so2) {
				tcp_drop(sototcpcb(so2), ETIMEDOUT);
				tcp_attach(so2);	/* attach a new pcb */
			} else
				goto drop;

  Bill