/[linux-patches]/genpatches-2.6/historical/2.6.10/2100_iptables-conntrack.patch
Gentoo

Contents of /genpatches-2.6/historical/2.6.10/2100_iptables-conntrack.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2 - (show annotations) (download) (as text)
Sat Jun 11 23:16:54 2005 UTC (15 years ago) by dsd
File MIME type: text/x-diff
File size: 1654 byte(s)
Import historical releases
1 # This is a BitKeeper generated diff -Nru style patch.
2 #
3 # ChangeSet
4 # 2005/01/03 20:19:30-08:00 gandalf@netfilter.org
5 # [PATCH] Fix broken RST handling in ip_conntrack
6 #
7 # Here's a patch that fixes a pretty serious bug introduced by a recent
8 # "bugfix". The problem is that RST packets are ignored if they follow an
9 # ACK packet, this means that the timeout of the connection isn't decreased,
10 # so we get lots of old connections lingering around until the timeout
11 # expires, the default timeout for state ESTABLISHED is 5 days.
12 #
13 # This needs to go into -bk as soon as possible. The bug is present in
14 # 2.6.10 as well.
15 #
16 # Signed-off-by: Andrew Morton <akpm@osdl.org>
17 # Signed-off-by: Linus Torvalds <torvalds@osdl.org>
18 #
19 # net/ipv4/netfilter/ip_conntrack_proto_tcp.c
20 # 2005/01/03 15:49:17-08:00 gandalf@netfilter.org +2 -1
21 # Fix broken RST handling in ip_conntrack
22 #
23 diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
24 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-03 23:39:36 -08:00
25 +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-03 23:39:36 -08:00
26 @@ -906,7 +906,8 @@
27 if (index == TCP_RST_SET
28 && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
29 && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET)
30 - || conntrack->proto.tcp.last_index == TCP_ACK_SET)
31 + || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
32 + && conntrack->proto.tcp.last_index == TCP_ACK_SET))
33 && after(ntohl(th->ack_seq),
34 conntrack->proto.tcp.last_seq)) {
35 /* Ignore RST closing down invalid SYN or ACK

  ViewVC Help
Powered by ViewVC 1.1.20