diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-08-08 14:31:52 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-08-08 14:31:52 +0000 |
commit | 13eaf0d1ac79f9925e4d05ce6236743ecdbeba41 (patch) | |
tree | 14d080c0e9fa91c11fc0ca83ace9b3cab71370a2 | |
parent | 11b60a9a4291ba3d72c9a0046addf6f9f5e9a883 (diff) |
th_flags doesn't have to be equal to TH_SYN to generate modulator, it's
sufficient if TH_SYN is set and TH_ACK is unset, ignore TH_ECN etc.
ok frantzen@
-rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index d9d79a34eab..922fd1f7a0b 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.240 2002/07/24 17:56:03 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.241 2002/08/08 14:31:51 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1862,8 +1862,8 @@ pf_test_tcp(struct pf_rule **rm, int direction, struct ifnet *ifp, s->src.seqlo = ntohl(th->th_seq); s->src.seqhi = s->src.seqlo + len + 1; - if (th->th_flags == TH_SYN && *rm != NULL - && (*rm)->keep_state == PF_STATE_MODULATE) { + if (th->th_flags & TH_SYN && !(th->th_flags & TH_ACK) && + *rm != NULL && (*rm)->keep_state == PF_STATE_MODULATE) { /* Generate sequence number modulator */ while ((s->src.seqdiff = arc4random()) == 0) ; |