aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2007-10-18 08:20:12 -0400
committerDavid S. Miller <davem@davemloft.net>2007-10-18 08:20:12 -0400
commitbc34b841556aad437baf4199744e55500bfa2088 (patch)
tree20596c842006cf8bcbff20c7050da51ff51686e1
parent78c2e50253569e62caa4a61fc1cc5a0158edec43 (diff)
[NETFILTER]: nf_conntrack_tcp: fix connection reopening fix
If one side aborts an established connection, the entry still lingers for 10s in conntrack for the late packets. Allow to open up the connection again for the party which sent the RST packet. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index c7075345971b..4dc23ab3a39f 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -834,10 +834,12 @@ static int tcp_packet(struct nf_conn *conntrack,
834 case TCP_CONNTRACK_SYN_SENT: 834 case TCP_CONNTRACK_SYN_SENT:
835 if (old_state < TCP_CONNTRACK_TIME_WAIT) 835 if (old_state < TCP_CONNTRACK_TIME_WAIT)
836 break; 836 break;
837 if (conntrack->proto.tcp.seen[!dir].flags & 837 if ((conntrack->proto.tcp.seen[!dir].flags &
838 IP_CT_TCP_FLAG_CLOSE_INIT) { 838 IP_CT_TCP_FLAG_CLOSE_INIT)
839 /* Attempt to reopen a closed connection. 839 || (conntrack->proto.tcp.last_dir == dir
840 * Delete this connection and look up again. */ 840 && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
841 /* Attempt to reopen a closed/aborted connection.
842 * Delete this connection and look up again. */
841 write_unlock_bh(&tcp_lock); 843 write_unlock_bh(&tcp_lock);
842 if (del_timer(&conntrack->timeout)) 844 if (del_timer(&conntrack->timeout))
843 conntrack->timeout.function((unsigned long) 845 conntrack->timeout.function((unsigned long)
@@ -925,6 +927,7 @@ static int tcp_packet(struct nf_conn *conntrack,
925 in_window: 927 in_window:
926 /* From now on we have got in-window packets */ 928 /* From now on we have got in-window packets */
927 conntrack->proto.tcp.last_index = index; 929 conntrack->proto.tcp.last_index = index;
930 conntrack->proto.tcp.last_dir = dir;
928 931
929 pr_debug("tcp_conntracks: "); 932 pr_debug("tcp_conntracks: ");
930 NF_CT_DUMP_TUPLE(tuple); 933 NF_CT_DUMP_TUPLE(tuple);