diff options
author | Patrick McHardy <kaber@trash.net> | 2007-03-04 18:57:46 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-03-05 16:25:20 -0500 |
commit | d3ab4298aa136d07219664d563d8decf0e75693f (patch) | |
tree | f853aac1189d25c8c37b60010ba4fac386e16d6d | |
parent | e281db5cdfc3ab077ab3e459d098cb4fde0bc57a (diff) |
[NETFILTER]: tcp conntrack: accept SYN|URG as valid
Some stacks apparently send packets with SYN|URG set. Linux accepts
these packets, so TCP conntrack should to.
Pointed out by Martijn Posthuma <posthuma@sangine.com>.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 4 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index 170d625fad67..0a72eab14620 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c | |||
@@ -812,8 +812,10 @@ void ip_conntrack_tcp_update(struct sk_buff *skb, | |||
812 | static const u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] = | 812 | static const u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] = |
813 | { | 813 | { |
814 | [TH_SYN] = 1, | 814 | [TH_SYN] = 1, |
815 | [TH_SYN|TH_ACK] = 1, | ||
816 | [TH_SYN|TH_PUSH] = 1, | 815 | [TH_SYN|TH_PUSH] = 1, |
816 | [TH_SYN|TH_URG] = 1, | ||
817 | [TH_SYN|TH_PUSH|TH_URG] = 1, | ||
818 | [TH_SYN|TH_ACK] = 1, | ||
817 | [TH_SYN|TH_ACK|TH_PUSH] = 1, | 819 | [TH_SYN|TH_ACK|TH_PUSH] = 1, |
818 | [TH_RST] = 1, | 820 | [TH_RST] = 1, |
819 | [TH_RST|TH_ACK] = 1, | 821 | [TH_RST|TH_ACK] = 1, |
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 3b9ad7f6eb5d..153d6619993a 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -769,8 +769,10 @@ EXPORT_SYMBOL_GPL(nf_conntrack_tcp_update); | |||
769 | static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] = | 769 | static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] = |
770 | { | 770 | { |
771 | [TH_SYN] = 1, | 771 | [TH_SYN] = 1, |
772 | [TH_SYN|TH_ACK] = 1, | ||
773 | [TH_SYN|TH_PUSH] = 1, | 772 | [TH_SYN|TH_PUSH] = 1, |
773 | [TH_SYN|TH_URG] = 1, | ||
774 | [TH_SYN|TH_PUSH|TH_URG] = 1, | ||
775 | [TH_SYN|TH_ACK] = 1, | ||
774 | [TH_SYN|TH_ACK|TH_PUSH] = 1, | 776 | [TH_SYN|TH_ACK|TH_PUSH] = 1, |
775 | [TH_RST] = 1, | 777 | [TH_RST] = 1, |
776 | [TH_RST|TH_ACK] = 1, | 778 | [TH_RST|TH_ACK] = 1, |