Change incorrect stale cookie detection in syncookie_lookup() that prematurely

declared a cookie as expired. Reviewed by: andre@, silby@ Reported by: Yahoo!
author: ups <ups@FreeBSD.org> 2008-06-16 20:08:22 +0000
committer: ups <ups@FreeBSD.org> 2008-06-16 20:08:22 +0000
commit: 817daf0500884544d6808465f77fed800a5d823a (patch)
tree: d809d507247fdfaa055bec82d41159ec927720f8
parent: c8dbf3db604365bed1d33a5686b9b83fb23d6200 (diff)
download: FreeBSD-src-817daf0500884544d6808465f77fed800a5d823a.zip
FreeBSD-src-817daf0500884544d6808465f77fed800a5d823a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 88b2c5e..97df5d4 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1618,7 +1618,7 @@ syncookie_lookup(struct in_conninfo *inc, struct syncache_head *sch,
 	 * The secret wasn't updated for the lifetime of a syncookie,
 	 * so this SYN-ACK/ACK is either too old (replay) or totally bogus.
 	 */
-	if (sch->sch_reseed < time_uptime) {
+	if (sch->sch_reseed + SYNCOOKIE_LIFETIME < time_uptime) {
 		return (NULL);
 	}
author	ups <ups@FreeBSD.org>	2008-06-16 20:08:22 +0000
committer	ups <ups@FreeBSD.org>	2008-06-16 20:08:22 +0000
commit	817daf0500884544d6808465f77fed800a5d823a (patch)
tree	d809d507247fdfaa055bec82d41159ec927720f8
parent	c8dbf3db604365bed1d33a5686b9b83fb23d6200 (diff)
download	FreeBSD-src-817daf0500884544d6808465f77fed800a5d823a.zip FreeBSD-src-817daf0500884544d6808465f77fed800a5d823a.tar.gz