summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2008-06-10 22:59:14 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2008-06-10 22:59:14 +0000
commit548bf8f79057a402e214a7c5893fcfa396632fa4 (patch)
tree5b786a00239f3f4bddaaa94a99b17c445f13e585
parent5877a4fdcb173af7d144983ee494969516e19b3e (diff)
Handle the closing of half connections where we don't see the full
bidirectional FIN/ACK+ACK handshake. ok henning@
-rw-r--r--sys/net/pf.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 3fd065b102a..6a3ed2a8ed8 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.588 2008/06/10 22:39:31 mcbride Exp $ */
+/* $OpenBSD: pf.c,v 1.589 2008/06/10 22:59:13 reyk Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -4013,6 +4013,15 @@ pf_tcp_track_sloppy(struct pf_state_peer *src, struct pf_state_peer *dst,
REASON_SET(reason, PFRES_SRCLIMIT);
return (PF_DROP);
}
+ } else if (src->state == TCPS_CLOSING &&
+ dst->state == TCPS_ESTABLISHED &&
+ dst->seqlo == 0) {
+ /*
+ * Handle the closing of half connections where we
+ * don't see the full bidirectional FIN/ACK+ACK
+ * handshake.
+ */
+ dst->state = TCPS_CLOSING;
}
}
if (th->th_flags & TH_RST)