Handle TCP reset sequence properly.

In the words of originator:
:If an incoming connection is initiated through natd and deny_incoming is
:not set, then a new alias_link structure is created to handle the link.
:If there is nothing listening for the incoming connection, then the kernel
:responds with a RST for the connection. However, this is not processed
:correctly in libalias/alias.c:TcpMonitor{In,Out} and
:libalias/alias_db.c:SetState{In,Out} as it thinks a connection
:has been established and therefore applies a timeout of 86400 seconds
:to the link.
:
:If many of these half-connections are initiated (during, for example, a
:port scan of the host), then many thousands of unnecessary links are
:created and the resident size of natd balloons to 20MB or more.

PR:		13639
Reviewed by:	brian

1 files changed, 2 insertions, 2 deletions

diff --git a/sys/netinet/libalias/alias.c b/sys/netinet/libalias/alias.c
index af0f50c..3808912 100644
--- a/sys/netinet/libalias/alias.c
+++ b/sys/netinet/libalias/alias.c
@@ -142,7 +142,7 @@ TcpMonitorIn(struct ip *pip, struct alias_link *link)
         case ALIAS_TCP_STATE_NOT_CONNECTED:
             if (tc->th_flags & TH_SYN)
                 SetStateIn(link, ALIAS_TCP_STATE_CONNECTED);
-            break;
+            /*FALLTHROUGH*/
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & TH_FIN
                 || tc->th_flags & TH_RST)
@@ -163,7 +163,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link)
         case ALIAS_TCP_STATE_NOT_CONNECTED:
             if (tc->th_flags & TH_SYN)
                 SetStateOut(link, ALIAS_TCP_STATE_CONNECTED);
-            break;
+            /*FALLTHROUGH*/
         case ALIAS_TCP_STATE_CONNECTED:
             if (tc->th_flags & TH_FIN
                 || tc->th_flags & TH_RST)