When calculating the sequence number to use in an ip6fw reset, remember to

add one if the SYN flag was set in the original packet. This seems to make ip6fw reset work correctly for new and in-progress connections. Update the man page to reflect the fact it now seems to work. Glanced at by: ume MFC after: 2 weeks
2003-12-25 23:39:44 +00:00 · 2003-12-25 23:39:44 +00:00 · 7028d20d07
commit 7028d20d07
parent dfa244fc22
2 changed files with 2 additions and 1 deletions
--- a/sbin/ip6fw/ip6fw.8
+++ b/sbin/ip6fw/ip6fw.8
@ -235,7 +235,6 @@ TCP packets only.
 Discard packets that match this rule,
 and try to send a TCP reset (RST) notice.
 The search terminates
-.Em ( "not working yet" ) .
 .It Ar count
 Update counters for all packets that match rule.
 The search continues with the next rule.
--- a/sys/netinet6/ip6_fw.c
+++ b/sys/netinet6/ip6_fw.c
@ -810,6 +810,8 @@ got_match:
 					*m = 0;
 					break;
 				}
+				if (tcp->th_flags & TH_SYN)
+					ack++;
 				seq = 0;
 				flags = TH_RST|TH_ACK;
 			}