diff options
| author | Max Laier <mlaier@FreeBSD.org> | 2008-08-04 14:08:55 +0000 |
|---|---|---|
| committer | Max Laier <mlaier@FreeBSD.org> | 2008-08-04 14:08:55 +0000 |
| commit | c48a03d37af67495ce1d7b9904ea01fb524ced57 (patch) | |
| tree | 929a80997418fc382fdc2cf604306e4a708d12dc | |
| parent | cb8db6f29291645989cc2f00917d391ad6412fca (diff) | |
Import pf.c, rev 1.559 by markus:vendor/pf-sys/4.1.001
allow state reuse for tcp if both sides are in FIN_WAIT_2 and a new SYN
arrives; ok dhartmei, henning, feedback aaron
Notes
Notes:
svn path=/vendor-sys/pf/dist/; revision=181291
svn path=/vendor-sys/pf/4.1.001/; revision=181292; tag=vendor/pf-sys/4.1.001
| -rw-r--r-- | net/pf.c | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -1,4 +1,5 @@ /* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */ +/* add: $OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4278,6 +4279,22 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, } } + if (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) && + dst->state >= TCPS_FIN_WAIT_2 && + src->state >= TCPS_FIN_WAIT_2) { + if (pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: state reuse "); + pf_print_state(*state); + pf_print_flags(th->th_flags); + printf("\n"); + } + /* XXX make sure it's the same direction ?? */ + (*state)->src.state = (*state)->dst.state = TCPS_CLOSED; + pf_unlink_state(*state); + *state = NULL; + return (PF_DROP); + } + if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) { sws = src->wscale & PF_WSCALE_MASK; dws = dst->wscale & PF_WSCALE_MASK; |