There are two improvements to the TCP blackhole support:
- If net.inet.tcp.blackhole is set to 2, also sent no RST whenever a segment is received on an existing closed socket or if there is a port mismatch when using UDP encapsulation.
- If net.inet.tcp.blackhole is set to 3, no RST segment is sent in response to incoming segments on closed sockets or in response to unexpected segments on listening sockets.
Thanks to gallatin@ for suggesting such an improvement.