[NETFILTER]: nf_conntrack_tcp: fix connection reopening fix

Thu, 18 Oct 2007 19:07:38 -0700 

Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc34b841556aad437baf4199744e55500bfa2088
Commit:     bc34b841556aad437baf4199744e55500bfa2088
Parent:     78c2e50253569e62caa4a61fc1cc5a0158edec43
Author:     Jozsef Kadlecsik <[EMAIL PROTECTED]>
AuthorDate: Thu Oct 18 05:20:12 2007 -0700
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Thu Oct 18 05:20:12 2007 -0700

    [NETFILTER]: nf_conntrack_tcp: fix connection reopening fix
    
    If one side aborts an established connection, the entry still lingers
    for 10s in conntrack for the late packets. Allow to open up the
    connection again for the party which sent the RST packet.
    
    Signed-off-by: Jozsef Kadlecsik <[EMAIL PROTECTED]>
    Tested-by: Krzysztof Piotr Oledzki <[EMAIL PROTECTED]>
    Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 net/netfilter/nf_conntrack_proto_tcp.c |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c 
b/net/netfilter/nf_conntrack_proto_tcp.c
index c707534..4dc23ab 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -834,10 +834,12 @@ static int tcp_packet(struct nf_conn *conntrack,
        case TCP_CONNTRACK_SYN_SENT:
                if (old_state < TCP_CONNTRACK_TIME_WAIT)
                        break;
-               if (conntrack->proto.tcp.seen[!dir].flags &
-                       IP_CT_TCP_FLAG_CLOSE_INIT) {
-                       /* Attempt to reopen a closed connection.
-                       * Delete this connection and look up again. */
+               if ((conntrack->proto.tcp.seen[!dir].flags &
+                       IP_CT_TCP_FLAG_CLOSE_INIT)
+                   || (conntrack->proto.tcp.last_dir == dir
+                       && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
+                       /* Attempt to reopen a closed/aborted connection.
+                        * Delete this connection and look up again. */
                        write_unlock_bh(&tcp_lock);
                        if (del_timer(&conntrack->timeout))
                                conntrack->timeout.function((unsigned long)
@@ -925,6 +927,7 @@ static int tcp_packet(struct nf_conn *conntrack,
      in_window:
        /* From now on we have got in-window packets */
        conntrack->proto.tcp.last_index = index;
+       conntrack->proto.tcp.last_dir = dir;
 
        pr_debug("tcp_conntracks: ");
        NF_CT_DUMP_TUPLE(tuple);
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to