summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2006-09-18 09:53:06 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2006-09-18 09:53:06 +0000
commitdc107a3bdd465dc2da2ddafbee78378e91f4b625 (patch)
treed2aa6fd3ee4fe8693acb708c7441e0ad90d715ec /sys
parent83d2c56837684d2e9b30b364df754198b3250cd1 (diff)
allow RST from TCP client, even if client does not send data after SYN;
ok frantzen, dhartmei, henning
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 0b99fc7123f..085e81458f5 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.514 2006/09/18 07:03:35 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.515 2006/09/18 09:53:05 markus Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -4404,8 +4404,8 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
(ackskew <= (MAXACKWINDOW << sws)) &&
/* Acking not more than one window forward */
((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo ||
- (pd->flags & PFDESC_IP_REAS) == 0)) {
- /* Require an exact sequence match on resets when possible */
+ (orig_seq == src->seqlo + 1) || (pd->flags & PFDESC_IP_REAS) == 0)) {
+ /* Require an exact/+1 sequence match on resets when possible */
if (dst->scrub || src->scrub) {
if (pf_normalize_tcp_stateful(m, off, pd, reason, th,