diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2008-06-30 15:41:30 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-06-30 15:41:30 -0400 |
commit | 84ebe1cdae56707b9aa1b40ae5aa7d817ba745f5 (patch) | |
tree | d325c80abe018baac9cd492a76d38b998ae87d4c | |
parent | d420895efb259a78dda50f95289571faa6e10e41 (diff) |
netfilter: nf_conntrack_tcp: fixing to check the lower bound of valid ACK
Lost connections was reported by Thomas Bätzler (running 2.6.25 kernel) on
the netfilter mailing list (see the thread "Weird nat/conntrack Problem
with PASV FTP upload"). He provided tcpdump recordings which helped to
find a long lingering bug in conntrack.
In TCP connection tracking, checking the lower bound of valid ACK could
lead to mark valid packets as INVALID because:
- We have got a "higher or equal" inequality, but the test checked
the "higher" condition only; fixed.
- If the packet contains a SACK option, it could occur that the ACK
value was before the left edge of our (S)ACK "window": if a previous
packet from the other party intersected the right edge of the window
of the receiver, we could move forward the window parameters beyond
accepting a valid ack. Therefore in this patch we check the rightmost
SACK edge instead of the ACK value in the lower bound of valid (S)ACK
test.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index ba94004fe323..271cd01d57ae 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -331,12 +331,13 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph) | |||
331 | 331 | ||
332 | I. Upper bound for valid data: seq <= sender.td_maxend | 332 | I. Upper bound for valid data: seq <= sender.td_maxend |
333 | II. Lower bound for valid data: seq + len >= sender.td_end - receiver.td_maxwin | 333 | II. Lower bound for valid data: seq + len >= sender.td_end - receiver.td_maxwin |
334 | III. Upper bound for valid ack: sack <= receiver.td_end | 334 | III. Upper bound for valid (s)ack: sack <= receiver.td_end |
335 | IV. Lower bound for valid ack: ack >= receiver.td_end - MAXACKWINDOW | 335 | IV. Lower bound for valid (s)ack: sack >= receiver.td_end - MAXACKWINDOW |
336 | 336 | ||
337 | where sack is the highest right edge of sack block found in the packet. | 337 | where sack is the highest right edge of sack block found in the packet |
338 | or ack in the case of packet without SACK option. | ||
338 | 339 | ||
339 | The upper bound limit for a valid ack is not ignored - | 340 | The upper bound limit for a valid (s)ack is not ignored - |
340 | we doesn't have to deal with fragments. | 341 | we doesn't have to deal with fragments. |
341 | */ | 342 | */ |
342 | 343 | ||
@@ -606,12 +607,12 @@ static bool tcp_in_window(const struct nf_conn *ct, | |||
606 | before(seq, sender->td_maxend + 1), | 607 | before(seq, sender->td_maxend + 1), |
607 | after(end, sender->td_end - receiver->td_maxwin - 1), | 608 | after(end, sender->td_end - receiver->td_maxwin - 1), |
608 | before(sack, receiver->td_end + 1), | 609 | before(sack, receiver->td_end + 1), |
609 | after(ack, receiver->td_end - MAXACKWINDOW(sender))); | 610 | after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)); |
610 | 611 | ||
611 | if (before(seq, sender->td_maxend + 1) && | 612 | if (before(seq, sender->td_maxend + 1) && |
612 | after(end, sender->td_end - receiver->td_maxwin - 1) && | 613 | after(end, sender->td_end - receiver->td_maxwin - 1) && |
613 | before(sack, receiver->td_end + 1) && | 614 | before(sack, receiver->td_end + 1) && |
614 | after(ack, receiver->td_end - MAXACKWINDOW(sender))) { | 615 | after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) { |
615 | /* | 616 | /* |
616 | * Take into account window scaling (RFC 1323). | 617 | * Take into account window scaling (RFC 1323). |
617 | */ | 618 | */ |