Import pf.c, rev 1.559 by markus:

allow state reuse for tcp if both sides are in FIN_WAIT_2 and a new SYN arrives; ok dhartmei, henning, feedback aaron
2008-08-04 14:08:55 +00:00 · 2008-08-04 14:08:55 +00:00 · c48a03d37a
commit c48a03d37a
parent cb8db6f292
1 changed files with 17 additions and 0 deletions
--- a/net/pf.c
+++ b/net/pf.c
@ -1,4 +1,5 @@
 /*	$OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */
+/* add:	$OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */

 /*
 * Copyright (c) 2001 Daniel Hartmeier
@ -4278,6 +4279,22 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif,
 		}
 	}

+	if (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) &&
+	    dst->state >= TCPS_FIN_WAIT_2 &&
+	    src->state >= TCPS_FIN_WAIT_2) {
+		if (pf_status.debug >= PF_DEBUG_MISC) {
+			printf("pf: state reuse ");
+			pf_print_state(*state);
+			pf_print_flags(th->th_flags);
+			printf("\n");
+		}
+		/* XXX make sure it's the same direction ?? */
+		(*state)->src.state = (*state)->dst.state = TCPS_CLOSED;
+		pf_unlink_state(*state);
+		*state = NULL;
+		return (PF_DROP);
+	}
+
 	if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) {
 		sws = src->wscale & PF_WSCALE_MASK;
 		dws = dst->wscale & PF_WSCALE_MASK;