D41502.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D41502.diff
View Options

	diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
	--- a/sys/netpfil/pf/pf.c
	+++ b/sys/netpfil/pf/pf.c
	@@ -7542,40 +7542,34 @@
	pd.dir == PF_IN) {
	struct mbuf *msyn;

	- msyn = pf_syncookie_recreate_syn(h->ip_ttl,
	- off,&pd);
	+ msyn = pf_syncookie_recreate_syn(h->ip_ttl, off,
	+ &pd);
	if (msyn == NULL) {
	action = PF_DROP;
	break;
	}

	- action = pf_test(dir, pflags, ifp, &msyn, inp, &pd.act);
	+ action = pf_test(dir, pflags, ifp, &msyn, inp,
	+ &pd.act);
	m_freem(msyn);
	+ if (action != PF_PASS)
	+ break;

	- if (action == PF_PASS) {
	- action = pf_test_state_tcp(&s, kif, m,
	- off, h, &pd, &reason);
	- if (action != PF_PASS \|\| s == NULL) {
	- action = PF_DROP;
	- break;
	- }
	-
	- s->src.seqhi = ntohl(pd.hdr.tcp.th_ack)
	- - 1;
	- s->src.seqlo = ntohl(pd.hdr.tcp.th_seq)
	- - 1;
	- pf_set_protostate(s, PF_PEER_SRC,
	- PF_TCPS_PROXY_DST);
	-
	- action = pf_synproxy(&pd, &s, &reason);
	- if (action != PF_PASS)
	- break;
	+ action = pf_test_state_tcp(&s, kif, m, off, h,
	+ &pd, &reason);
	+ if (action != PF_PASS \|\| s == NULL) {
	+ action = PF_DROP;
	+ break;
	}
	+
	+ s->src.seqhi = ntohl(pd.hdr.tcp.th_ack) - 1;
	+ s->src.seqlo = ntohl(pd.hdr.tcp.th_seq) - 1;
	+ pf_set_protostate(s, PF_PEER_SRC, PF_TCPS_PROXY_DST);
	+ action = pf_synproxy(&pd, &s, &reason);
	break;
	- }
	- else {
	- action = pf_test_rule(&r, &s, kif, m, off,
	- &pd, &a, &ruleset, inp);
	+ } else {
	+ action = pf_test_rule(&r, &s, kif, m, off, &pd,
	+ &a, &ruleset, inp);
	}
	}
	break;