The specific change in the OpenBSD tree was Revision 1.494 Mon Jul 4 08:28:04 2005 UTC (2 years, 4 months ago) by markus Branch: MAIN Changes since 1.493: +3 -3 lines
restrict the tcp.finwait timeout (45s) to state combinations where we have seen a FIN from both sides (whether ACKed or not) and use tcp.closing (900s) for half closed connections. otherwise half closed connections will time out within 45s. ok dhartmei, henning. http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.493&r2=1.494&f=h Index: pf.c =================================================================== RCS file: /cvs/src/sys/net/pf.c,v retrieving revision 1.493 retrieving revision 1.494 diff -u -r1.493 -r1.494 --- pf.c 13 Jun 2005 20:17:25 -0000 1.493 +++ pf.c 4 Jul 2005 08:28:04 -0000 1.494 @@ -4273,8 +4273,8 @@ if (src->state >= TCPS_FIN_WAIT_2 && dst->state >= TCPS_FIN_WAIT_2) (*state)->timeout = PFTM_TCP_CLOSED; - else if (src->state >= TCPS_FIN_WAIT_2 || - dst->state >= TCPS_FIN_WAIT_2) + else if (src->state >= TCPS_CLOSING && + dst->state >= TCPS_CLOSING) (*state)->timeout = PFTM_TCP_FIN_WAIT; else if (src->state < TCPS_ESTABLISHED || dst->state < TCPS_ESTABLISHED) Daniel _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"