git: 20a2fe68faac - main - pf: correctly reset max_win if the SYN-ACK lacks a wscale option.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 12 Jun 2024 21:33:43 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=20a2fe68faacb98b3c87ce7ea46a16b0d6c2462b commit 20a2fe68faacb98b3c87ce7ea46a16b0d6c2462b Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-06-12 18:01:58 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-06-12 21:33:11 +0000 pf: correctly reset max_win if the SYN-ACK lacks a wscale option. pf was setting max_win to 0 and discarded retransmitted SYN-ACK segments without wscale if the original SYN contained a wscale option. with gerhard@, ok henning@ Obtained From: OpenBSD Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 8c97d1bf200d..c635251c3490 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5315,8 +5315,9 @@ pf_tcp_track_full(struct pf_kstate **state, struct pfi_kkif *kif, dws = dst->wscale & PF_WSCALE_MASK; } else { /* fixup other window */ - dst->max_win <<= dst->wscale & - PF_WSCALE_MASK; + dst->max_win = MIN(TCP_MAXWIN, + (u_int32_t)dst->max_win << + (dst->wscale & PF_WSCALE_MASK)); /* in case of a retrans SYN|ACK */ dst->wscale = 0; }