CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2013/06/03 10:57:06
Modified files:
sys/net : pf.c
sys/netinet : tcp_input.c tcp_output.c
sys/sys : mbuf.h
Log message:
Link pf states and socket inpcbs together more tightly. The linking
was only done when a packet traveled up the stack from pf to
tcp_input(). Now also link the state and inpcb when the packet is
going down from tcp_output() to pf. As a consequence, divert-reply
states where the initial SYN does not get an answer, can be handled
more correctly.
This change is part of a larger diff that has been backed out in
2011. Bring the feature back in small steps to see when bad things
start to happen.
OK henning deraadt
