git: 20a2fe68faac - main - pf: correctly reset max_win if the SYN-ACK lacks a wscale option.

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 12 Jun 2024 21:33:43 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=20a2fe68faacb98b3c87ce7ea46a16b0d6c2462b

commit 20a2fe68faacb98b3c87ce7ea46a16b0d6c2462b
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-06-12 18:01:58 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-06-12 21:33:11 +0000

    pf: correctly reset max_win if the SYN-ACK lacks a wscale option.
    
    pf was setting max_win to 0 and discarded retransmitted SYN-ACK segments without
    wscale if the original SYN contained a wscale option. with gerhard@, ok
    henning@
    
    Obtained From:  OpenBSD
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 8c97d1bf200d..c635251c3490 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -5315,8 +5315,9 @@ pf_tcp_track_full(struct pf_kstate **state, struct pfi_kkif *kif,
 					dws = dst->wscale & PF_WSCALE_MASK;
 				} else {
 					/* fixup other window */
-					dst->max_win <<= dst->wscale &
-					    PF_WSCALE_MASK;
+					dst->max_win = MIN(TCP_MAXWIN,
+					    (u_int32_t)dst->max_win <<
+					    (dst->wscale & PF_WSCALE_MASK));
 					/* in case of a retrans SYN|ACK */
 					dst->wscale = 0;
 				}