From 90dfc606ada76d0cdc21d64f22912ca56786d84e Mon Sep 17 00:00:00 2001 From: Daniel Hartmeier Date: Fri, 12 Nov 2004 19:44:45 +0000 Subject: The flag to re-filter pf-generated packets was set wrong by synproxy for ACKs. It should filter the ACK replayed to the server, instead of of the one to the client. Thanks to Daniel Polak for testing. --- sys/net/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sys/net/pf.c') diff --git a/sys/net/pf.c b/sys/net/pf.c index c9e82ca6ad8..e2f484664e2 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.461 2004/11/07 01:16:52 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.462 2004/11/12 19:44:44 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3836,12 +3836,12 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, pf_send_tcp((*state)->rule.ptr, pd->af, pd->dst, pd->src, th->th_dport, th->th_sport, ntohl(th->th_ack), ntohl(th->th_seq) + 1, - TH_ACK, (*state)->src.max_win, 0, 0, 1, + TH_ACK, (*state)->src.max_win, 0, 0, 0, NULL, NULL); pf_send_tcp((*state)->rule.ptr, pd->af, &src->addr, &dst->addr, src->port, dst->port, (*state)->src.seqhi + 1, (*state)->src.seqlo + 1, - TH_ACK, (*state)->dst.max_win, 0, 0, 0, + TH_ACK, (*state)->dst.max_win, 0, 0, 1, NULL, NULL); (*state)->src.seqdiff = (*state)->dst.seqhi - (*state)->src.seqlo; -- cgit v1.2.3