summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2004-11-07 01:16:53 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2004-11-07 01:16:53 +0000
commitfde7956f24ef2f8299a5234e90c6143a61cee2ca (patch)
tree687bb49de66987ead87d0d984c7a6caf3e023ebc
parent67920a3b797b97323d0e21e06e5166109945f7b8 (diff)
For RST generated due to state mismatch during handshake, don't set
th_flags TH_ACK and leave th_ack 0, just like the RST generated by the stack in this case. Fixes the Raptor workaround. ok beck@, markus@
-rw-r--r--sys/net/pf.c15
1 files changed, 4 insertions, 11 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 6d278dc5e4c..c9e82ca6ad8 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.460 2004/09/29 10:32:33 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.461 2004/11/07 01:16:52 dhartmei Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -4109,20 +4109,13 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
if ((*state)->dst.state == TCPS_SYN_SENT &&
(*state)->src.state == TCPS_SYN_SENT) {
/* Send RST for state mismatches during handshake */
- if (!(th->th_flags & TH_RST)) {
- u_int32_t ack = ntohl(th->th_seq) + pd->p_len;
-
- if (th->th_flags & TH_SYN)
- ack++;
- if (th->th_flags & TH_FIN)
- ack++;
+ if (!(th->th_flags & TH_RST))
pf_send_tcp((*state)->rule.ptr, pd->af,
pd->dst, pd->src, th->th_dport,
- th->th_sport, ntohl(th->th_ack), ack,
- TH_RST|TH_ACK, 0, 0,
+ th->th_sport, ntohl(th->th_ack), 0,
+ TH_RST, 0, 0,
(*state)->rule.ptr->return_ttl, 1,
pd->eh, kif->pfik_ifp);
- }
src->seqlo = 0;
src->seqhi = 1;
src->max_win = 1;