diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-11-12 19:44:45 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-11-12 19:44:45 +0000 |
| commit | 90dfc606ada76d0cdc21d64f22912ca56786d84e (patch) | |
| tree | 0953d2d12e79a77556d462e3f3e3b23bfee35a38 /sys/net/pf.c | |
| parent | d250e072c64e84ad60a06823d468807da521472d (diff) | |
The flag to re-filter pf-generated packets was set wrong by synproxy
for ACKs. It should filter the ACK replayed to the server, instead of
of the one to the client. Thanks to Daniel Polak for testing.
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index c9e82ca6ad8..e2f484664e2 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.461 2004/11/07 01:16:52 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.462 2004/11/12 19:44:44 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3836,12 +3836,12 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst, pd->src, th->th_dport, th->th_sport, ntohl(th->th_ack), ntohl(th->th_seq) + 1, - TH_ACK, (*state)->src.max_win, 0, 0, 1, + TH_ACK, (*state)->src.max_win, 0, 0, 0, NULL, NULL); pf_send_tcp((*state)->rule.ptr, pd->af, &src->addr, &dst->addr, src->port, dst->port, (*state)->src.seqhi + 1, (*state)->src.seqlo + 1, - TH_ACK, (*state)->dst.max_win, 0, 0, 0, + TH_ACK, (*state)->dst.max_win, 0, 0, 1, NULL, NULL); (*state)->src.seqdiff = (*state)->dst.seqhi - (*state)->src.seqlo; |