diff options
author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2003-03-09 20:26:13 +0000 |
---|---|---|
committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2003-03-09 20:26:13 +0000 |
commit | 1a10d8039060033625c2b38c0327ce88907747a2 (patch) | |
tree | 4e0c3039b985f54f129f87674fe6e96c75b7d5f9 /sys | |
parent | eb33b408acfd7857bbde94e065ab1a7c70aeaeff (diff) |
tighten the TCP state code in relation to a FIN before any server responses
ok dhartmei@ henning@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 8367f7aabcd..955963ecc38 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.326 2003/03/04 11:23:43 pb Exp $ */ +/* $OpenBSD: pf.c,v 1.327 2003/03/09 20:26:12 frantzen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3022,14 +3022,14 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct ifnet *ifp, dst->state >= TCPS_FIN_WAIT_2) (*state)->expire = time.tv_sec + TIMEOUT((*state)->rule.ptr, PFTM_TCP_FIN_WAIT); - else if (src->state >= TCPS_CLOSING || - dst->state >= TCPS_CLOSING) - (*state)->expire = time.tv_sec + - TIMEOUT((*state)->rule.ptr, PFTM_TCP_CLOSING); else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) (*state)->expire = time.tv_sec + TIMEOUT((*state)->rule.ptr, PFTM_TCP_OPENING); + else if (src->state >= TCPS_CLOSING || + dst->state >= TCPS_CLOSING) + (*state)->expire = time.tv_sec + + TIMEOUT((*state)->rule.ptr, PFTM_TCP_CLOSING); else (*state)->expire = time.tv_sec + TIMEOUT((*state)->rule.ptr, PFTM_TCP_ESTABLISHED); |