diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2024-12-12 12:57:45 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2024-12-12 12:57:45 +0000 |
| commit | 9ea8d692f4cb552902b9e8394260d7f3cf4aefb0 (patch) | |
| tree | 1458689e9615a89519fa63a20747aa5d5ab19379 | |
| parent | dfd52321b7beba716fa2bdd4f54e57e9ac806e96 (diff) | |
ipfw: use only needed TCP flags for state tracking
This fixes stateful firewall failures after adding TH_AE flag
into TH_FLAGS.
Reported by: ronald
Fixes: 347dd05
MFC after: 2 weeks
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_dynamic.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 34aae71c174b..ff55e3360c13 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -920,7 +920,8 @@ print_dyn_rule_flags(const struct ipfw_flow_id *id, int dyn_type, #define _SEQ_GE(a,b) ((int)((a)-(b)) >= 0) #define BOTH_SYN (TH_SYN | (TH_SYN << 8)) #define BOTH_FIN (TH_FIN | (TH_FIN << 8)) -#define TCP_FLAGS (TH_FLAGS | (TH_FLAGS << 8)) +#define BOTH_RST (TH_RST | (TH_RST << 8)) +#define TCP_FLAGS (BOTH_SYN | BOTH_FIN | BOTH_RST) #define ACK_FWD 0x00010000 /* fwd ack seen */ #define ACK_REV 0x00020000 /* rev ack seen */ #define ACK_BOTH (ACK_FWD | ACK_REV) |