diff options
| author |   markus <markus@openbsd.org> | 2005-07-04 08:28:04 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2005-07-04 08:28:04 +0000 |
| commit | 5bea207cee916cde6db405806e599dc2014280f8 (patch) | |
| tree | da174ff7749f60605e007a3fff6c2e36ff635e76 | |
| parent | enable all commands; ok joris@. (diff) | |
| download | wireguard-openbsd-5bea207cee916cde6db405806e599dc2014280f8.tar.xz wireguard-openbsd-5bea207cee916cde6db405806e599dc2014280f8.zip | |
restrict the tcp.finwait timeout (45s) to state combinations where we have
seen a FIN from both sides (whether ACKed or not) and use tcp.closing (900s)
for half closed connections. otherwise half closed connections will time out
within 45s. ok dhartmei, henning.
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index e541d84e429..c7c64b6ed36 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.493 2005/06/13 20:17:25 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.494 2005/07/04 08:28:04 markus Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4273,8 +4273,8 @@ pf_test_state_tcp(struct pf_state **state, int direction, struct pfi_kif *kif, if (src->state >= TCPS_FIN_WAIT_2 && dst->state >= TCPS_FIN_WAIT_2) (*state)->timeout = PFTM_TCP_CLOSED; - else if (src->state >= TCPS_FIN_WAIT_2 || - dst->state >= TCPS_FIN_WAIT_2) + else if (src->state >= TCPS_CLOSING && + dst->state >= TCPS_CLOSING) (*state)->timeout = PFTM_TCP_FIN_WAIT; else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) |