summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarco Pfatschbacher <mpf@cvs.openbsd.org>2008-09-09 15:26:13 +0000
committerMarco Pfatschbacher <mpf@cvs.openbsd.org>2008-09-09 15:26:13 +0000
commitfe36bd947fa17e3c7c8f2079091bcdfeb9832dc8 (patch)
tree46ae3a155acfe43b67a6d8ac54f3da4edc08a1ea
parent5fe82ea5e7f83227ec396e3f83fcf09249e5005e (diff)
The pf state to pcb linking code change didn't account for the
TIME_WAIT socket recycling code to redo the pcb lookup w/out resetting the inp pointer. Therefore we used the stale pcb, which leads us to reply with a RST to SYNs received on TIME_WAIT sockets. Also move the findpcb label below the pf pcb cache lookup, to avoid using a stale pcb when the caching code gets activated. OK markus@, henning@
-rw-r--r--sys/netinet/tcp_input.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 15e6dde0424..331e13ec05e 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.220 2008/07/03 15:46:24 henning Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.221 2008/09/09 15:26:12 mpf Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -594,11 +594,11 @@ tcp_input(struct mbuf *m, ...)
/*
* Locate pcb for segment.
*/
-findpcb:
#if NPF > 0
if (m->m_pkthdr.pf.statekey)
inp = ((struct pf_state_key *)m->m_pkthdr.pf.statekey)->inp;
#endif
+findpcb:
if (inp == NULL) {
switch (af) {
#ifdef INET6
@@ -1309,6 +1309,7 @@ trimthenstep6:
((arc4random() & 0x7fffffff) | 0x8000);
reuse = &iss;
tp = tcp_close(tp);
+ inp = NULL;
goto findpcb;
}
}