aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-02-07 18:05:33 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2007-02-08 15:39:10 -0500
commita09113c2c8ec59a5cc228efa5869aade2b8f13f7 (patch)
treedf582dfa453cb8e1c6eb397062f60d69508c38fe /include
parent6fecd1985116fb08bdee3b9db6719e159fe5e43d (diff)
[NETFILTER]: tcp conntrack: do liberal tracking for picked up connections
Do liberal tracking (only RSTs need to be in-window) for connections picked up without seeing a SYN to deal with window scaling. Also change logging of invalid packets not to log packets accepted by liberal tracking to avoid spamming the logs. Based on suggestion from James Ralston <ralston@pobox.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index 2f4e98b90cc0..007af4c2770b 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -27,6 +27,9 @@ enum tcp_conntrack {
27/* This sender sent FIN first */ 27/* This sender sent FIN first */
28#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 28#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
29 29
30/* Be liberal in window checking */
31#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08
32
30#ifdef __KERNEL__ 33#ifdef __KERNEL__
31 34
32struct ip_ct_tcp_state { 35struct ip_ct_tcp_state {
@@ -34,7 +37,6 @@ struct ip_ct_tcp_state {
34 u_int32_t td_maxend; /* max of ack + max(win, 1) */ 37 u_int32_t td_maxend; /* max of ack + max(win, 1) */
35 u_int32_t td_maxwin; /* max(win) */ 38 u_int32_t td_maxwin; /* max(win) */
36 u_int8_t td_scale; /* window scale factor */ 39 u_int8_t td_scale; /* window scale factor */
37 u_int8_t loose; /* used when connection picked up from the middle */
38 u_int8_t flags; /* per direction options */ 40 u_int8_t flags; /* per direction options */
39}; 41};
40 42