svn commit: r340538 - stable/11/sys/netpfil/ipfw

[Andrey V. Elsukov]

Author: ae
Date: Sun Nov 18 00:27:47 2018
New Revision: 340538
URL: https://svnweb.freebsd.org/changeset/base/340538

Log:
  MFC r339545:
    Do not decrement RST life time if keep_alive is not turned on.
  
    This allows use differen values configured by user for sysctl variable
    net.inet.ip.fw.dyn_rst_lifetime.
  
    Obtained from:	Yandex LLC
    Sponsored by:	Yandex LLC

Modified:
  stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c	Sun Nov 18 00:26:09 2018	(r340537)
+++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c	Sun Nov 18 00:27:47 2018	(r340538)
@@ -978,7 +978,8 @@ dyn_update_tcp_state(struct dyn_data *data, const stru
 		break;
 
 	default:
-		if (V_dyn_rst_lifetime >= V_dyn_keepalive_period)
+		if (V_dyn_keepalive != 0 &&
+		    V_dyn_rst_lifetime >= V_dyn_keepalive_period)
 			V_dyn_rst_lifetime = V_dyn_keepalive_period - 1;
 		expire = time_uptime + V_dyn_rst_lifetime;
 	}