1 files changed, 7 insertions, 4 deletions

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index c707534597..4dc23ab3a3 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -834,10 +834,12 @@ static int tcp_packet(struct nf_conn *conntrack,
         case TCP_CONNTRACK_SYN_SENT:
                 if (old_state < TCP_CONNTRACK_TIME_WAIT)
                         break;
-                if (conntrack->proto.tcp.seen[!dir].flags &
-                        IP_CT_TCP_FLAG_CLOSE_INIT) {
-                        /* Attempt to reopen a closed connection.
-                        * Delete this connection and look up again. */
+                if ((conntrack->proto.tcp.seen[!dir].flags &
+                        IP_CT_TCP_FLAG_CLOSE_INIT)
+                    || (conntrack->proto.tcp.last_dir == dir
+                        && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
+                        /* Attempt to reopen a closed/aborted connection.
+                         * Delete this connection and look up again. */
                         write_unlock_bh(&tcp_lock);
                         if (del_timer(&conntrack->timeout))
                                 conntrack->timeout.function((unsigned long)
@@ -925,6 +927,7 @@ static int tcp_packet(struct nf_conn *conntrack,
      in_window:
         /* From now on we have got in-window packets */
         conntrack->proto.tcp.last_index = index;
+        conntrack->proto.tcp.last_dir = dir;
 
         pr_debug("tcp_conntracks: ");
         NF_CT_DUMP_TUPLE(tuple);