From owner-freebsd-security  Mon Jun  2 03:15:18 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id DAA11028
          for security-outgoing; Mon, 2 Jun 1997 03:15:18 -0700 (PDT)
Received: from plum.cyber.com.au (plum.cyber.com.au [203.7.155.24])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id DAA11022
          for <security@freebsd.org>; Mon, 2 Jun 1997 03:15:13 -0700 (PDT)
Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id UAA26583 for security@freebsd.org; Mon, 2 Jun 1997 20:15:08 +1000
From: Darren Reed <darrenr@cyber.com.au>
Message-Id: <199706021015.UAA26583@plum.cyber.com.au>
Subject: TCP RST Handling in 2.2
To: security@freebsd.org
Date: Mon, 2 Jun 1997 20:15:08 +1000 (EST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Can someone cross check with the RFC (I will later), but there is no ack/seq
numbers checked for a RST packet.  Is this deliberate ?

Look at code paths which lead to ~line 1121 of tcp_input.c which I see as:
        if (tiflags&TH_RST) switch (tp->t_state) {

consider the case of a RST only packet as well as a RST+ACK packet.

Darren