diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2006-09-18 09:53:06 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2006-09-18 09:53:06 +0000 |
commit | dc107a3bdd465dc2da2ddafbee78378e91f4b625 (patch) | |
tree | d2aa6fd3ee4fe8693acb708c7441e0ad90d715ec /sys | |
parent | 83d2c56837684d2e9b30b364df754198b3250cd1 (diff) |
allow RST from TCP client, even if client does not send data after SYN;
ok frantzen, dhartmei, henning
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 0b99fc7123f..085e81458f5 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.514 2006/09/18 07:03:35 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.515 2006/09/18 09:53:05 markus Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4404,8 +4404,8 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, (ackskew <= (MAXACKWINDOW << sws)) && /* Acking not more than one window forward */ ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo || - (pd->flags & PFDESC_IP_REAS) == 0)) { - /* Require an exact sequence match on resets when possible */ + (orig_seq == src->seqlo + 1) || (pd->flags & PFDESC_IP_REAS) == 0)) { + /* Require an exact/+1 sequence match on resets when possible */ if (dst->scrub || src->scrub) { if (pf_normalize_tcp_stateful(m, off, pd, reason, th, |