In January bluhm@ introduced 'data_end' to pf.c:tcp_track_full().
Now this breaks the handling of non-data packets. They may be rejected
because the SEQ_GEQ(src->seqhi, data_end) check fails.
The patch below should fix this.
Gerhard
Index: sys/net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.841
diff -u -p -u -p -r1.841 pf.c
--- sys/net/pf.c 9 Oct 2013 09:32:01 -0000 1.841
+++ sys/net/pf.c 11 Oct 2013 09:57:20 -0000
@@ -3940,7 +3940,7 @@ pf_tcp_track_full(struct pf_pdesc *pd, s
if (seq == end) {
/* Ease sequencing restrictions on no data packets */
seq = src->seqlo;
- end = seq;
+ data_end = end = seq;
}
ackskew = dst->seqlo - ack;
