*** netinet/ip_fw.c	1997/11/22 13:00:48	1.51.2.6
--- new/netinet/ip_fw.c	1997/12/19 02:54:54
***************
*** 576,598 ****
  		  {
  			struct tcphdr *const tcp =
  				(struct tcphdr *) ((u_long *)ip + ip->ip_hl);
! 			struct tcpiphdr ti;
  
  			if (offset != 0 || (tcp->th_flags & TH_RST))
  				break;
  			ti.ti_i = *((struct ipovly *) ip);
  			ti.ti_t = *tcp;
! 			NTOHL(ti.ti_seq);
! 			NTOHL(ti.ti_ack);
! 			ti.ti_len = ip->ip_len - hlen - (ti.ti_off << 2);
  			if (tcp->th_flags & TH_ACK) {
! 				tcp_respond(NULL, &ti, *m,
  				    (tcp_seq)0, ntohl(tcp->th_ack), TH_RST);
  			} else {
  				if (tcp->th_flags & TH_SYN)
! 					ti.ti_len++;
! 				tcp_respond(NULL, &ti, *m, ti.ti_seq
! 				    + ti.ti_len, (tcp_seq)0, TH_RST|TH_ACK);
  			}
  			*m = NULL;
  			break;
--- 576,599 ----
  		  {
  			struct tcphdr *const tcp =
  				(struct tcphdr *) ((u_long *)ip + ip->ip_hl);
! 			struct tcpiphdr ti, *const tip = (struct tcpiphdr *) ip;
  
  			if (offset != 0 || (tcp->th_flags & TH_RST))
  				break;
  			ti.ti_i = *((struct ipovly *) ip);
  			ti.ti_t = *tcp;
! 			bcopy(&ti, ip, sizeof(ti));
! 			NTOHL(tip->ti_seq);
! 			NTOHL(tip->ti_ack);
! 			tip->ti_len = ip->ip_len - hlen - (tip->ti_off << 2);
  			if (tcp->th_flags & TH_ACK) {
! 				tcp_respond(NULL, tip, *m,
  				    (tcp_seq)0, ntohl(tcp->th_ack), TH_RST);
  			} else {
  				if (tcp->th_flags & TH_SYN)
! 					tip->ti_len++;
! 				tcp_respond(NULL, tip, *m, tip->ti_seq
! 				    + tip->ti_len, (tcp_seq)0, TH_RST|TH_ACK);
  			}
  			*m = NULL;
  			break;
*** netinet/tcp_subr.c	1997/09/30 16:25:11	1.31.2.3
--- new/netinet/tcp_subr.c	1997/12/19 03:01:16
***************
*** 168,173 ****
--- 168,175 ----
   *
   * In any case the ack and sequence number of the transmitted
   * segment are as specified by the parameters.
+  *
+  * NOTE: If m != NULL, then ti must point to *inside* the mbuf.
   */
  void
  tcp_respond(tp, ti, m, ack, seq, flags)