From 55c2ca09dd8546fb9707d8129e1ab6a14a4e3220 Mon Sep 17 00:00:00 2001 From: ru Date: Thu, 9 Sep 1999 13:42:51 +0000 Subject: Handle TCP reset sequence properly. In the words of originator: :If an incoming connection is initiated through natd and deny_incoming is :not set, then a new alias_link structure is created to handle the link. :If there is nothing listening for the incoming connection, then the kernel :responds with a RST for the connection. However, this is not processed :correctly in libalias/alias.c:TcpMonitor{In,Out} and :libalias/alias_db.c:SetState{In,Out} as it thinks a connection :has been established and therefore applies a timeout of 86400 seconds :to the link. : :If many of these half-connections are initiated (during, for example, a :port scan of the host), then many thousands of unnecessary links are :created and the resident size of natd balloons to 20MB or more. PR: 13639 Reviewed by: brian --- lib/libalias/alias.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/libalias/alias.c') diff --git a/lib/libalias/alias.c b/lib/libalias/alias.c index af0f50c..3808912 100644 --- a/lib/libalias/alias.c +++ b/lib/libalias/alias.c @@ -142,7 +142,7 @@ TcpMonitorIn(struct ip *pip, struct alias_link *link) case ALIAS_TCP_STATE_NOT_CONNECTED: if (tc->th_flags & TH_SYN) SetStateIn(link, ALIAS_TCP_STATE_CONNECTED); - break; + /*FALLTHROUGH*/ case ALIAS_TCP_STATE_CONNECTED: if (tc->th_flags & TH_FIN || tc->th_flags & TH_RST) @@ -163,7 +163,7 @@ TcpMonitorOut(struct ip *pip, struct alias_link *link) case ALIAS_TCP_STATE_NOT_CONNECTED: if (tc->th_flags & TH_SYN) SetStateOut(link, ALIAS_TCP_STATE_CONNECTED); - break; + /*FALLTHROUGH*/ case ALIAS_TCP_STATE_CONNECTED: if (tc->th_flags & TH_FIN || tc->th_flags & TH_RST) -- cgit v1.1