diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2005-07-04 08:28:05 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2005-07-04 08:28:05 +0000 |
| commit | c7db42d0f1bb442f05060880e56011e44d8c2f3b (patch) | |
| tree | b8b079af054d47bffa7894c2847a318d6893f0f3 /sys | |
| parent | f59a49f3623312b4791787c2f95864208f4a5155 (diff) | |
restrict the tcp.finwait timeout (45s) to state combinations where we have
seen a FIN from both sides (whether ACKed or not) and use tcp.closing (900s)
for half closed connections. otherwise half closed connections will time out
within 45s. ok dhartmei, henning.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index e541d84e429..c7c64b6ed36 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.493 2005/06/13 20:17:25 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.494 2005/07/04 08:28:04 markus Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4273,8 +4273,8 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, if (src->state >= TCPS_FIN_WAIT_2 && dst->state >= TCPS_FIN_WAIT_2) (*state)->timeout = PFTM_TCP_CLOSED; - else if (src->state >= TCPS_FIN_WAIT_2 || - dst->state >= TCPS_FIN_WAIT_2) + else if (src->state >= TCPS_CLOSING && + dst->state >= TCPS_CLOSING) (*state)->timeout = PFTM_TCP_FIN_WAIT; else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) |