diff options
author | darrenr <darrenr@FreeBSD.org> | 2006-12-24 02:18:36 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 2006-12-24 02:18:36 +0000 |
commit | c636cf4e7104540ba66c035229138c1f5f52c374 (patch) | |
tree | 07d69b8c9e81d21414a40a87953f84af809840e4 /sys/contrib/ipfilter/netinet/ip_state.c | |
parent | 8e846a84a40de00567b5dc5d32a588dd850a7674 (diff) | |
download | FreeBSD-src-c636cf4e7104540ba66c035229138c1f5f52c374.zip FreeBSD-src-c636cf4e7104540ba66c035229138c1f5f52c374.tar.gz |
TCP Window scaling was being recognised but the recorded settings were being
clobbered and thus effectively disabled.
MFC after: 7 days
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_state.c')
-rw-r--r-- | sys/contrib/ipfilter/netinet/ip_state.c | 26 |
1 files changed, 7 insertions, 19 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_state.c b/sys/contrib/ipfilter/netinet/ip_state.c index 5a877a6..ae17dbb 100644 --- a/sys/contrib/ipfilter/netinet/ip_state.c +++ b/sys/contrib/ipfilter/netinet/ip_state.c @@ -1358,21 +1358,16 @@ ipstate_t *is; if (flags == (TH_SYN|TH_ACK)) { is->is_s0[source] = ntohl(tcp->th_ack); is->is_s0[!source] = ntohl(tcp->th_seq) + 1; - if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2)) && - (tdata->td_winflags & TCP_WSCALE_SEEN)) { + if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) { if (fr_tcpoptions(fin, tcp, fdata) == -1) fin->fin_flx |= FI_BAD; - if (!(fdata->td_winflags & TCP_WSCALE_SEEN)) { - fdata->td_winscale = 0; - tdata->td_winscale = 0; - } } if ((fin->fin_out != 0) && (is->is_pass & FR_NEWISN)) fr_checknewisn(fin, is); } else if (flags == TH_SYN) { is->is_s0[source] = ntohl(tcp->th_seq) + 1; if ((TCP_OFF(tcp) > (sizeof(tcphdr_t) >> 2))) { - if (fr_tcpoptions(fin, tcp, tdata) == -1) + if (fr_tcpoptions(fin, tcp, fdata) == -1) fin->fin_flx |= FI_BAD; } @@ -1479,17 +1474,8 @@ int flags; * the receiver also does window scaling) */ if (!(tcpflags & TH_SYN) && (fdata->td_winflags & TCP_WSCALE_FIRST)) { - if (tdata->td_winflags & TCP_WSCALE_SEEN) { - fdata->td_winflags &= ~TCP_WSCALE_FIRST; - fdata->td_maxwin = win; - } else { - fdata->td_winscale = 0; - fdata->td_winflags &= ~(TCP_WSCALE_FIRST| - TCP_WSCALE_SEEN); - tdata->td_winscale = 0; - tdata->td_winflags &= ~(TCP_WSCALE_FIRST| - TCP_WSCALE_SEEN); - } + fdata->td_winflags &= ~TCP_WSCALE_FIRST; + fdata->td_maxwin = win; } end = seq + dsize; @@ -1532,7 +1518,7 @@ int flags; (SEQ_GE(seq, fdata->td_end - maxwin)) && /* XXX what about big packets */ #define MAXACKWINDOW 66000 - (-ackskew <= (MAXACKWINDOW << fdata->td_winscale)) && + (-ackskew <= (MAXACKWINDOW)) && ( ackskew <= (MAXACKWINDOW << fdata->td_winscale))) { inseq = 1; /* @@ -1578,6 +1564,8 @@ int flags; } } + /* TRACE(inseq, fdata, tdata, seq, end, ack, ackskew, win, maxwin) */ + if (inseq) { /* if ackskew < 0 then this should be due to fragmented * packets. There is no way to know the length of the |