Fix the vulnerability with TCP ECE packets recently fixed in ipfw.

This is untested, but believed to work.
author: kris <kris@FreeBSD.org> 2001-01-23 21:11:28 +0000
committer: kris <kris@FreeBSD.org> 2001-01-23 21:11:28 +0000
commit: 1a36de8090ca93b96cbcf1600aa926043c3cd362 (patch)
tree: 6adb8641fcf32c14d75d28655a5a414d5d80a75a /sbin/ip6fw
parent: 6ebef802b2dd48f691c8cbe4426a1d3184748405 (diff)
download: FreeBSD-src-1a36de8090ca93b96cbcf1600aa926043c3cd362.zip
FreeBSD-src-1a36de8090ca93b96cbcf1600aa926043c3cd362.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/ip6fw/ip6fw.c b/sbin/ip6fw/ip6fw.c
index a25fed5..0c5b3b4 100644
--- a/sbin/ip6fw/ip6fw.c
+++ b/sbin/ip6fw/ip6fw.c
@@ -364,7 +364,7 @@ show_ip6fw(struct ip6_fw *chain)
 		if (chain->fw_ip6nopt & IPV6_FW_IP6OPT_OPTS)   PRINTOPT("!opts");
 	}
 
-	if (chain->fw_tcpf & IPV6_FW_TCPF_ESTAB)
+	if (chain->fw_ipflg & IPV6_FW_IF_TCPEST)
 		printf(" established");
 	else if (chain->fw_tcpf == IPV6_FW_TCPF_SYN &&
 	    chain->fw_tcpnf == IPV6_FW_TCPF_ACK)
@@ -1060,7 +1060,7 @@ badviacombo:
 		}
 		if (rule.fw_prot == IPPROTO_TCP) {
 			if (!strncmp(*av,"established",strlen(*av))) {
-				rule.fw_tcpf  |= IPV6_FW_TCPF_ESTAB;
+				rule.fw_ipflg |= IPV6_FW_IF_TCPEST;
 				av++; ac--; continue;
 			}
 			if (!strncmp(*av,"setup",strlen(*av))) {
author	kris <kris@FreeBSD.org>	2001-01-23 21:11:28 +0000
committer	kris <kris@FreeBSD.org>	2001-01-23 21:11:28 +0000
commit	1a36de8090ca93b96cbcf1600aa926043c3cd362 (patch)
tree	6adb8641fcf32c14d75d28655a5a414d5d80a75a /sbin/ip6fw
parent	6ebef802b2dd48f691c8cbe4426a1d3184748405 (diff)
download	FreeBSD-src-1a36de8090ca93b96cbcf1600aa926043c3cd362.zip FreeBSD-src-1a36de8090ca93b96cbcf1600aa926043c3cd362.tar.gz