aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/cleanfile
diff options
context:
space:
mode:
authorYuchung Cheng <ycheng@google.com>2013-08-09 20:21:27 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2013-08-10 12:36:22 -0400
commit356d7d88e088687b6578ca64601b0a2c9d145296 (patch)
tree99e749ab856f5d1f9084d48f4b8b6e137352287c /scripts/cleanfile
parente4d091d7bf787cd303383725b8071d0bae76f981 (diff)
netfilter: nf_conntrack: fix tcp_in_window for Fast Open
Currently the conntrack checks if the ending sequence of a packet falls within the observed receive window. However it does so even if it has not observe any packet from the remote yet and uses an uninitialized receive window (td_maxwin). If a connection uses Fast Open to send a SYN-data packet which is dropped afterward in the network. The subsequent SYNs retransmits will all fail this check and be discarded, leading to a connection timeout. This is because the SYN retransmit does not contain data payload so end == initial sequence number (isn) + 1 sender->td_end == isn + syn_data_len receiver->td_maxwin == 0 The fix is to only apply this check after td_maxwin is initialized. Reported-by: Michael Chan <mcfchan@stanford.edu> Signed-off-by: Yuchung Cheng <ycheng@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'scripts/cleanfile')
0 files changed, 0 insertions, 0 deletions