Change incorrect stale cookie detection in syncookie_lookup() that prematurely

declared a cookie as expired. Reviewed by: andre@, silby@ Reported by: Yahoo!
2008-06-16 20:08:22 +00:00 · 2008-06-16 20:08:22 +00:00 · 606a2669cf
commit 606a2669cf
parent 104ac85378
1 changed files with 1 additions and 1 deletions
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@ -1618,7 +1618,7 @@ syncookie_lookup(struct in_conninfo *inc, struct syncache_head *sch,
 	 * The secret wasn't updated for the lifetime of a syncookie,
 	 * so this SYN-ACK/ACK is either too old (replay) or totally bogus.
 	 */
-	if (sch->sch_reseed < time_uptime) {
+	if (sch->sch_reseed + SYNCOOKIE_LIFETIME < time_uptime) {
 		return (NULL);
 	}