Apply by doing:

Apply by doing:
cd /usr/src
patch -p0 < 007_tcprespond.patch

And then build, install and boot a new kernel:
cd /usr/src/sys/arch/`arch -s`/conf
config GENERIC
cd ../compile/GENERIC
make depend && make && sudo make install

If you are using the multiprocessor kernel, replace GENERIC by
GENERIC.MP above.

Index: sys/netinet/tcp_input.c
===================================================================
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.207
diff -u -p -r1.207 tcp_input.c
--- sys/netinet/tcp_input.c 15 Jun 2007 18:23:06 -0000 1.207
+++ sys/netinet/tcp_input.c 21 Feb 2008 15:45:15 -0000
@@ -2207,14 +2207,15 @@ dropwithreset:
if (tiflags & TH_RST)
goto drop;
if (tiflags & TH_ACK) {
- tcp_respond(tp, mtod(m, caddr_t), m, (tcp_seq)0, th->th_ack,
+ tcp_respond(tp, mtod(m, caddr_t), th, (tcp_seq)0, th->th_ack,
TH_RST);
} else {
if (tiflags & TH_SYN)
tlen++;
- tcp_respond(tp, mtod(m, caddr_t), m, th->th_seq + tlen,
+ tcp_respond(tp, mtod(m, caddr_t), th, th->th_seq + tlen,
(tcp_seq)0, TH_RST|TH_ACK);
}
+ m_freem(m);
return;

drop:
@@ -3863,7 +3864,8 @@ syn_cache_get(src, dst, th, hlen, tlen,
return (so);

resetandabort:
- tcp_respond(NULL, mtod(m, caddr_t), m, (tcp_seq)0, th->th_ack, TH_RST);
+ tcp_respond(NULL, mtod(m, caddr_t), th, (tcp_seq)0, th->th_ack, TH_RST);
+ m_freem(m);
abort:
if (so != NULL)
(void) soabort(so);
Index: sys/netinet/tcp_subr.c
===================================================================
RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.98
diff -u -p -r1.98 tcp_subr.c
--- sys/netinet/tcp_subr.c 25 Jun 2007 12:17:43 -0000 1.98
+++ sys/netinet/tcp_subr.c 21 Feb 2008 15:45:15 -0000
@@ -317,18 +317,23 @@ tcp_template(tp)
/* This function looks hairy, because it was so IPv4-dependent. */
#endif /* INET6 */
void
-tcp_respond(tp, template, m, ack, seq, flags)
+tcp_respond(tp, template, th0, ack, seq, flags)
struct tcpcb *tp;
caddr_t template;
- struct mbuf *m;
+ struct tcphdr *th0;
tcp_seq ack, seq;
int flags;
{
int tlen;
int win = 0;
+ struct mbuf *m = 0;
struct route *ro = 0;
struct tcphdr *th;
- struct tcpiphdr *ti = (struct tcpiphdr *)template;
+ struct ip *ip;
+ struct ipovly *ih;
+#ifdef INET6
+ struct ip6_hdr *ip6;
+#endif
int af; /* af on wire */

if (tp) {
@@ -345,69 +350,52 @@ tcp_respond(tp, template, m, ack, seq, f
*/
ro = &tp->t_inpcb->inp_route;
} else
- af = (((struct ip *)ti)->ip_v == 6) ? AF_INET6 : AF_INET;
- if (m == 0) {
- m = m_gethdr(M_DONTWAIT, MT_HEADER);
- if (m == NULL)
- return;
+ af = (((struct ip *)template)->ip_v == 6) ? AF_INET6 : AF_INET;
+
+ m = m_gethdr(M_DONTWAIT, MT_HEADER);
+ if (m == NULL)
+ return;
+ m->m_data += max_linkhdr;
#ifdef TCP_COMPAT_42
- tlen = 1;
+ tlen = 1;
#else
- tlen = 0;
+ tlen = 0;
#endif
- m->m_data += max_linkhdr;
- switch (af) {
-#ifdef INET6
- case AF_INET6:
- bcopy(ti, mtod(m, caddr_t), sizeof(struct tcphdr) +
- sizeof(struct ip6_hdr));
- break;
-#endif /* INET6 */
- case AF_INET:
- bcopy(ti, mtod(m, caddr_t), sizeof(struct tcphdr) +
- sizeof(struct ip));
- break;
- }

- ti = mtod(m, struct tcpiphdr *);
- flags = TH_ACK;
- } else {
- m_freem(m->m_next);
- m->m_next = 0;
- m->m_data = (caddr_t)ti;
- tlen = 0;
#define xchg(a,b,type) do { type t; t=a; a=b; b=t; } while (0)
- switch (af) {
-#ifdef INET6
- case AF_INET6:
- m->m_len = sizeof(struct tcphdr) + sizeof(struct ip6_hdr);
- xchg(((struct ip6_hdr *)ti)->ip6_dst,
- ((struct ip6_hdr *)ti)->ip6_src, struct in6_addr);
- th = (void *)((caddr_t)ti + sizeof(struct ip6_hdr));
- break;
-#endif /* INET6 */
- case AF_INET:
- m->m_len = sizeof (struct tcpiphdr);
- xchg(ti->ti_dst.s_addr, ti->ti_src.s_addr, u_int32_t);
- th = (void *)((caddr_t)ti + sizeof(struct ip));
- break;
- }
- xchg(th->th_dport, th->th_sport, u_int16_t);
-#undef xchg
- }
switch (af) {
#ifdef INET6
case AF_INET6:
- tlen += sizeof(struct tcphdr) + sizeof(struct ip6_hdr);
- th = (struct tcphdr *)((caddr_t)ti + sizeof(struct ip6_hdr));
+ ip6 = mtod(m, struct ip6_hdr *);
+ th = (struct tcphdr *)(ip6 + 1);
+ tlen = sizeof(*ip6) + sizeof(*th);
+ if (th0) {
+ bcopy(template, ip6, sizeof(*ip6));
+ bcopy(th0, th, sizeof(*th));
+ xchg(ip6->ip6_dst, ip6->ip6_src, struct in6_addr);
+ } else {
+ bcopy(template, ip6, tlen);
+ }
break;
#endif /* INET6 */
case AF_INET:
- ti->ti_len = htons((u_int16_t)(sizeof (struct tcphdr) + tlen));
- tlen += sizeof (struct tcpiphdr);
- th = (struct tcphdr *)((caddr_t)ti + sizeof(struct ip));
- break;
- }
+ ip = mtod(m, struct ip *);
+ th = (struct tcphdr *)(ip + 1);
+ tlen = sizeof(*ip) + sizeof(*th);
+ if (th0) {
+ bcopy(template, ip, sizeof(*ip));
+ bcopy(th0, th, sizeof(*th));
+ xchg(ip->ip_dst.s_addr, ip->ip_src.s_addr, u_int32_t);
+ } else {
+ bcopy(template, ip, tlen);
+ }
+ break;
+ }
+ if (th0)
+ xchg(th->th_dport, th->th_sport, u_int16_t);
+ else
+ flags = TH_ACK;
+#undef xchg

m->m_len = tlen;
m->m_pkthdr.len = tlen;
@@ -427,23 +415,23 @@ tcp_respond(tp, template, m, ack, seq, f
switch (af) {
#ifdef INET6
case AF_INET6:
- ((struct ip6_hdr *)ti)->ip6_flow = htonl(0x60000000);
- ((struct ip6_hdr *)ti)->ip6_nxt = IPPROTO_TCP;
- ((struct ip6_hdr *)ti)->ip6_hlim =
- in6_selecthlim(tp ? tp->t_inpcb : NULL, NULL); /*XXX*/
- ((struct ip6_hdr *)ti)->ip6_plen = tlen - sizeof(struct ip6_hdr);
+ ip6->ip6_flow = htonl(0x60000000);
+ ip6->ip6_nxt = IPPROTO_TCP;
+ ip6->ip6_hlim = in6_selecthlim(tp ? tp->t_inpcb : NULL, NULL); /*XXX*/
+ ip6->ip6_plen = tlen - sizeof(struct ip6_hdr);
th->th_sum = 0;
th->th_sum = in6_cksum(m, IPPROTO_TCP,
- sizeof(struct ip6_hdr), ((struct ip6_hdr *)ti)->ip6_plen);
- HTONS(((struct ip6_hdr *)ti)->ip6_plen);
+ sizeof(struct ip6_hdr), ip6->ip6_plen);
+ HTONS(ip6->ip6_plen);
ip6_output(m, tp ? tp->t_inpcb->inp_outputopts6 : NULL,
(struct route_in6 *)ro, 0, NULL, NULL,
tp ? tp->t_inpcb : NULL);
break;
#endif /* INET6 */
case AF_INET:
- bzero(ti->ti_x1, sizeof ti->ti_x1);
- ti->ti_len = htons((u_short)tlen - sizeof(struct ip));
+ ih = (struct ipovly *)ip;
+ bzero(ih->ih_x1, sizeof ih->ih_x1);
+ ih->ih_len = htons((u_short)tlen - sizeof(struct ip));

/*
* There's no point deferring to hardware checksum processing
@@ -452,8 +440,8 @@ tcp_respond(tp, template, m, ack, seq, f
*/
th->th_sum = 0;
th->th_sum = in_cksum(m, tlen);
- ((struct ip *)ti)->ip_len = htons(tlen);
- ((struct ip *)ti)->ip_ttl = ip_defttl;
+ ip->ip_len = htons(tlen);
+ ip->ip_ttl = ip_defttl;
ip_output(m, (void *)NULL, ro, ip_mtudisc ? IP_MTUDISC : 0,
(void *)NULL, tp ? tp->t_inpcb : (void *)NULL);
}
Index: sys/netinet/tcp_timer.c
===================================================================
RCS file: /cvs/src/sys/netinet/tcp_timer.c,v
retrieving revision 1.39
diff -u -p -r1.39 tcp_timer.c
--- sys/netinet/tcp_timer.c 15 Jun 2007 18:23:07 -0000 1.39
+++ sys/netinet/tcp_timer.c 21 Feb 2008 15:45:15 -0000
@@ -463,10 +463,10 @@ tcp_timer_keep(void *arg)
* to get a 4.2 host to respond.
*/
tcp_respond(tp, mtod(tp->t_template, caddr_t),
- (struct mbuf *)NULL, tp->rcv_nxt - 1, tp->snd_una - 1, 0);
+ NULL, tp->rcv_nxt - 1, tp->snd_una - 1, 0);
#else
tcp_respond(tp, mtod(tp->t_template, caddr_t),
- (struct mbuf *)NULL, tp->rcv_nxt, tp->snd_una - 1, 0);
+ NULL, tp->rcv_nxt, tp->snd_una - 1, 0);
#endif
TCP_TIMER_ARM(tp, TCPT_KEEP, tcp_keepintvl);
} else
Index: sys/netinet/tcp_var.h
===================================================================
RCS file: /cvs/src/sys/netinet/tcp_var.h,v
retrieving revision 1.83
diff -u -p -r1.83 tcp_var.h
--- sys/netinet/tcp_var.h 25 Jun 2007 12:17:43 -0000 1.83
+++ sys/netinet/tcp_var.h 21 Feb 2008 15:45:16 -0000
@@ -613,7 +613,7 @@ int tcp_output(struct tcpcb *);
void tcp_pulloutofband(struct socket *, u_int, struct mbuf *, int);
int tcp_reass(struct tcpcb *, struct tcphdr *, struct mbuf *, int *);
void tcp_rscale(struct tcpcb *, u_long);
-void tcp_respond(struct tcpcb *, caddr_t, struct mbuf *, tcp_seq,
+void tcp_respond(struct tcpcb *, caddr_t, struct tcphdr *, tcp_seq,
tcp_seq, int);
void tcp_setpersist(struct tcpcb *);
void tcp_slowtimo(void);