Subject: CVS commit: src/sys/dist/pf/net
To: None <source-changes@NetBSD.org>
From: Peter Postma <peter@netbsd.org>
List: source-changes
Date: 10/07/2006 21:45:49
Module Name:	src
Committed By:	peter
Date:		Sat Oct  7 21:45:49 UTC 2006

Modified Files:
	src/sys/dist/pf/net: pf.c

Log Message:
PR/34746: Nino Dehne: pf(4)'s synproxy state breaks when used with tags

Apply OpenBSD src/sys/net/pf.c rev 1.486 and 1.487:

1.486:
When synproxy sends packets to the destination host, make sure to copy
the 'tag' from the original state entry into the outgoing mbuf.

1.487:
When synproxy completes the replayed handshake and modifies the state
into a normal one, it sets both peers' sequence windows. Fix a bug where
the previously advertised windows are applied to the wrong side (i.e.
peer A's seqhi is peer A's seqlo plus peer B's, not A's, window). This
went undetected because mostly the windows are similar and/or re-
advertised soon. But there are (rare) cases where a synproxy'd connection
would stall right after handshake. Found by Gleb Smirnoff.


To generate a diff of this commit:
cvs rdiff -r1.24 -r1.25 src/sys/dist/pf/net/pf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.