diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-04-22 09:53:19 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2005-04-22 09:53:19 +0000 |
commit | c05033b07a7be4645c27de0a0186e57baf89e72d (patch) | |
tree | 4ee8e3477e310d764e0da3947a7a4e467212f7cd /sys/net | |
parent | daae1245faa84210e9aee3234a97c21d2cc3c51e (diff) |
When synproxy completes the replayed handshake and modifies the state
into a normal one, it sets both peers' sequence windows. Fix a bug where
the previously advertised windows are applied to the wrong side (i.e.
peer A's seqhi is peer A's seqlo plus peer B's, not A's, window). This
went undetected because mostly the windows are similar and/or re-
advertised soon. But there are (rare) cases where a synproxy'd connection
would stall right after handshake. Found by Gleb Smirnoff.
Diffstat (limited to 'sys/net')
-rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index a5f9434551f..cff71acc1cc 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.486 2005/04/15 12:59:40 joel Exp $ */ +/* $OpenBSD: pf.c,v 1.487 2005/04/22 09:53:18 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4077,9 +4077,9 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, (*state)->dst.seqdiff = (*state)->src.seqhi - (*state)->dst.seqlo; (*state)->src.seqhi = (*state)->src.seqlo + - (*state)->src.max_win; - (*state)->dst.seqhi = (*state)->dst.seqlo + (*state)->dst.max_win; + (*state)->dst.seqhi = (*state)->dst.seqlo + + (*state)->src.max_win; (*state)->src.wscale = (*state)->dst.wscale = 0; (*state)->src.state = (*state)->dst.state = TCPS_ESTABLISHED; |