diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-11-07 01:16:53 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-11-07 01:16:53 +0000 |
commit | fde7956f24ef2f8299a5234e90c6143a61cee2ca (patch) | |
tree | 687bb49de66987ead87d0d984c7a6caf3e023ebc | |
parent | 67920a3b797b97323d0e21e06e5166109945f7b8 (diff) |
For RST generated due to state mismatch during handshake, don't set
th_flags TH_ACK and leave th_ack 0, just like the RST generated by
the stack in this case. Fixes the Raptor workaround. ok beck@, markus@
-rw-r--r-- | sys/net/pf.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 6d278dc5e4c..c9e82ca6ad8 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.460 2004/09/29 10:32:33 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.461 2004/11/07 01:16:52 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4109,20 +4109,13 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, if ((*state)->dst.state == TCPS_SYN_SENT && (*state)->src.state == TCPS_SYN_SENT) { /* Send RST for state mismatches during handshake */ - if (!(th->th_flags & TH_RST)) { - u_int32_t ack = ntohl(th->th_seq) + pd->p_len; - - if (th->th_flags & TH_SYN) - ack++; - if (th->th_flags & TH_FIN) - ack++; + if (!(th->th_flags & TH_RST)) pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst, pd->src, th->th_dport, - th->th_sport, ntohl(th->th_ack), ack, - TH_RST|TH_ACK, 0, 0, + th->th_sport, ntohl(th->th_ack), 0, + TH_RST, 0, 0, (*state)->rule.ptr->return_ttl, 1, pd->eh, kif->pfik_ifp); - } src->seqlo = 0; src->seqhi = 1; src->max_win = 1; |