From 29d958bb8a7d29fac97f5d3d95d3474333c5fa1e Mon Sep 17 00:00:00 2001
From: Ruslan Ermilov <ru@FreeBSD.org>
Date: Thu, 9 Sep 1999 13:42:51 +0000
Subject: [PATCH] Handle TCP reset sequence properly.

In the words of originator:
:If an incoming connection is initiated through natd and deny_incoming is
:not set, then a new alias_link structure is created to handle the link.
:If there is nothing listening for the incoming connection, then the kernel
:responds with a RST for the connection. However, this is not processed
:correctly in libalias/alias.c:TcpMonitor{In,Out} and
:libalias/alias_db.c:SetState{In,Out} as it thinks a connection
:has been established and therefore applies a timeout of 86400 seconds
:to the link.
:
:If many of these half-connections are initiated (during, for example, a
:port scan of the host), then many thousands of unnecessary links are
:created and the resident size of natd balloons to 20MB or more.

PR:		13639
Reviewed by:	brian
---
 lib/libalias/alias.c         | 4 ++--
 sys/netinet/libalias/alias.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c
index af0f50c1bb01..38089120b5f6 100644
--- a/lib/libalias/alias.c
+++ b/lib/libalias/alias.c
@@ -142,7 +142,7 @@ TcpMonitorIn(struct ip *pip, struct alias_link *link)
         case ALIAS_TCP_STATE_NOT_CONNECTED:
             if (tc->th_flags & TH_SYN)
                 SetStateIn(link, ALIAS_TCP_STATE_CONNECTED);
-            break;
+            /*FALLTHROUGH*/
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & TH_FIN
                 || tc->th_flags & TH_RST)
@@ -163,7 +163,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
         case ALIAS_TCP_STATE_NOT_CONNECTED:
             if (tc->th_flags & TH_SYN)
                 SetStateOut(link, ALIAS_TCP_STATE_CONNECTED);
-            break;
+            /*FALLTHROUGH*/
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & TH_FIN
                 || tc->th_flags & TH_RST)
diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
index af0f50c1bb01..38089120b5f6 100644
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -142,7 +142,7 @@ TcpMonitorIn(struct ip *pip, struct alias_link *link)
         case ALIAS_TCP_STATE_NOT_CONNECTED:
             if (tc->th_flags & TH_SYN)
                 SetStateIn(link, ALIAS_TCP_STATE_CONNECTED);
-            break;
+            /*FALLTHROUGH*/
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & TH_FIN
                 || tc->th_flags & TH_RST)
@@ -163,7 +163,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
         case ALIAS_TCP_STATE_NOT_CONNECTED:
             if (tc->th_flags & TH_SYN)
                 SetStateOut(link, ALIAS_TCP_STATE_CONNECTED);
-            break;
+            /*FALLTHROUGH*/
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & TH_FIN
                 || tc->th_flags & TH_RST)