Change Details

The handling of RST segments in the SYN-RCVD state exists in the code paths. Both are not consistent and the one on the syn cache code does not conform to the relevant specifications ([[ https://tools.ietf.org/html/rfc793 | RFC 793 ]] and [[ https://tools.ietf.org/html/rfc5961 | RFC 5961 ]]). This patch fixes this: * The sequence numbers checks are fixed as specified in [[ https://tools.ietf.org/html/rfc793 | RFC 793 ]]. * The `sysctl variable` `net.inet.tcp.insecure_rst` is now honored as specified in [[ https://tools.ietf.org/html/rfc5961 | RFC 5961 ]].

The handling of RST segments in the SYN-RCVD state exists in the code paths. Both are not consistent and the one on the syn cache code does not conform to the relevant specifications (Page 69 of [[ https://tools.ietf.org/html/rfc793 | RFC 793 ]] and [[https://tools.ietf.org/html/rfc5961#section-4.2 | RFC 5961 ]]). This patch fixes this: * The sequence numbers checks are fixed as specified in page Page 69 [[ https://tools.ietf.org/html/rfc793 | RFC 793 ]]. * The `sysctl variable` `net.inet.tcp.insecure_rst` is now honored as specified in [[ https://tools.ietf.org/html/rfc5961#section-4.2 | RFC 5961 ]].

The handling of RST segments in the SYN-RCVD state exists in the code paths. Both are not consistent and the one on the syn cache code does not conform to the relevant specifications (Page 69 of [[ https://tools.ietf.org/html/rfc793 | RFC 793 ]] and [[ https://tools.ietf.org/html/rfc5961#section-4.2 | RFC 5961 ]]). This patch fixes this: * The sequence numbers checks are fixed as specified in page Page 69 [[ https://tools.ietf.org/html/rfc793 | RFC 793 ]]. * The `sysctl variable` `net.inet.tcp.insecure_rst` is now honored as specified in [[ https://tools.ietf.org/html/rfc5961#section-4.2 | RFC 5961 ]].