[src/trunk]: src/sys/net/npf npf_tcp_inwindow: enable strict RST check by def...

[rmind <rmind%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a1352730874c
branches:  trunk
changeset: 330960:a1352730874c
user:      rmind <rmind%NetBSD.org@localhost>
date:      Fri Jul 25 20:07:32 2014 +0000

description:
npf_tcp_inwindow: enable strict RST check by default.

diffstat:

 sys/net/npf/npf_state_tcp.c |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (36 lines):

diff -r 235de31da8bf -r a1352730874c sys/net/npf/npf_state_tcp.c
--- a/sys/net/npf/npf_state_tcp.c       Fri Jul 25 18:29:45 2014 +0000
+++ b/sys/net/npf/npf_state_tcp.c       Fri Jul 25 20:07:32 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_state_tcp.c,v 1.15 2014/07/20 00:37:41 rmind Exp $ */
+/*     $NetBSD: npf_state_tcp.c,v 1.16 2014/07/25 20:07:32 rmind Exp $ */
 
 /*-
  * Copyright (c) 2010-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.15 2014/07/20 00:37:41 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_state_tcp.c,v 1.16 2014/07/25 20:07:32 rmind Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -89,7 +89,7 @@
        [NPF_TCPS_TIME_WAIT]    = 60 * 2 * 2,
 };
 
-static bool npf_strict_order_rst __read_mostly = false;
+static bool npf_strict_order_rst __read_mostly = true;
 
 #define        NPF_TCP_MAXACKWIN       66000
 
@@ -395,7 +395,7 @@
                        seq = end;
                }
 
-               /* Strict in-order sequence for RST packets. */
+               /* Strict in-order sequence for RST packets (RFC 5961). */
                if (npf_strict_order_rst && (fstate->nst_end - seq) > 1) {
                        return false;
                }