[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Problems with stateful filtering in 4.1.22
From:       Martti Kuparinen <martti.kuparinen () iki ! fi>
Date:       2007-05-25 6:56:27
Message-ID: Pine.NEB.4.64.0705250954420.1564 () p130 ! piuha ! net
[Download RAW message or body]

These problems can be solved with the following patch (which is already
commited to NetBSD 4.99.x and pullup request for netbsd-4 already sent).

Martti



Index: ip_state.c
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_state.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ip_state.c	15 May 2007 22:52:51 -0000	1.24
+++ ip_state.c	25 May 2007 06:44:20 -0000	1.25
@@ -3510,6 +3510,7 @@
  			if ((tcpflags & (TH_FIN|TH_ACK)) == TH_ACK) {
  				nstate = IPF_TCPS_TIME_WAIT;
  			}
+			rval = 1;
  			break;

  		case IPF_TCPS_LAST_ACK: /* 8 */
@@ -3547,13 +3548,14 @@

  		case IPF_TCPS_TIME_WAIT: /* 10 */
  			/* we're in 2MSL timeout now */
+			rval = 2;
  			if (ostate == IPF_TCPS_LAST_ACK) {
  				nstate = IPF_TCPS_CLOSED;
  			}
-			rval = 1;
  			break;

  		case IPF_TCPS_CLOSED: /* 11 */
+			rval = 2;
  			break;

  		default :
[prev in list] [next in list] [prev in thread] [next in thread]