Please refer to my previous message for a detailed explanation.
What follows is a brief rationale and a patch...
The kernel should handle TCP RST packets using the same criteria as
PF. PF accepts the exact SEQ and the SEQ +1/-1 case, as seen here:
vi /usr/src/sys/net/pf.c +/'match on resets'
Hello tech@,
Spamd does not always detect when a connection is closed by a
legit (non-spoofed) RST packet (i.e.: read() does not return -1).
PF accepts the RST and clears state, but the kernel drops it and
the error condition of ECONNRESET is not set for the socket.
So... PF and the kernel hand
