CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2013/01/20 15:51:16
Modified files:
sys/net : pf.c
Log message:
Make pf TCP sequence number tracking less strict by one octet for
FIN packets. The data of a TCP packet must fit into the announced
window, but this is not required for the sequence number of the
FIN. A packet with the FIN bit set and containing data that fits
exactly into the announced window was blocked. Our stack generates
such packets when the receive buffer size is set to 1024. Now pf
uses only the data lenght for window comparison.
OK henning@
