Mercurial > illumos > illumos-gate

changeset 13496:732144cfe2ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
1695 tcp_icmp_input sends packets with a closed connection Reviewed by: Bryan Cantrill <bryan@joyent.com> Reviewed by: Richard Lowe <richlowe@richlowe.net> Reviewed by: Dan McDonald <danmcd@nexenta.com> Reviewed by: Garrett D'Amore <garrett@nexenta.com> Approved by: Richard Lowe <richlowe@richlowe.net>
author Robert Mustacchi <rm@joyent.com>
date Fri, 28 Oct 2011 20:17:44 -0400
parents 4ac8112a8e30
children 205481e35e49
files usr/src/uts/common/inet/tcp/tcp_input.c
diffstat 1 files changed, 11 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/inet/tcp/tcp_input.c	Sun May 15 23:44:52 2011 +0100
+++ b/usr/src/uts/common/inet/tcp/tcp_input.c	Fri Oct 28 20:17:44 2011 -0400
@@ -22,6 +22,7 @@
 /*
  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+ * Copyright (c) 2011 Joyent, Inc. All rights reserved.
  */
 
 /* This file contains all TCP input processing functions. */
@@ -5536,6 +5537,16 @@
 	ASSERT((MBLKL(mp) >= sizeof (ipha_t)));
 
 	/*
+	 * It's possible we have a closed, but not yet destroyed, TCP
+	 * connection. Several fields (e.g. conn_ixa->ixa_ire) are invalid
+	 * in the closed state, so don't take any chances and drop the packet.
+	 */
+	if (tcp->tcp_state == TCPS_CLOSED) {
+		freemsg(mp);
+		return;
+	}
+
+	/*
 	 * Verify IP version. Anything other than IPv4 or IPv6 packet is sent
 	 * upstream. ICMPv6 is handled in tcp_icmp_error_ipv6.
 	 */