projects / deliverable / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NETFILTER]: Introduce NF_INET_ hook values
[deliverable/linux.git] / net / netfilter / nf_conntrack_proto_tcp.c
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index c7075345971b000d6396fd07b4c710fcefc22227..d96f18863fd2ef24dcdb68db3376efdaabdc3fa3 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -783,9 +783,7 @@ static int tcp_error(struct sk_buff *skb,
         * because the checksum is assumed to be correct.
         */
        /* FIXME: Source route IP option packets --RR */
-       if (nf_conntrack_checksum &&
-           ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-            (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
+       if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
                if (LOG_INVALID(IPPROTO_TCP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
@@ -834,10 +832,12 @@ static int tcp_packet(struct nf_conn *conntrack,
        case TCP_CONNTRACK_SYN_SENT:
                if (old_state < TCP_CONNTRACK_TIME_WAIT)
                        break;
-               if (conntrack->proto.tcp.seen[!dir].flags &
-                       IP_CT_TCP_FLAG_CLOSE_INIT) {
-                       /* Attempt to reopen a closed connection.
-                       * Delete this connection and look up again. */
+               if ((conntrack->proto.tcp.seen[!dir].flags &
+                       IP_CT_TCP_FLAG_CLOSE_INIT)
+                   || (conntrack->proto.tcp.last_dir == dir
+                       && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
+                       /* Attempt to reopen a closed/aborted connection.
+                        * Delete this connection and look up again. */
                        write_unlock_bh(&tcp_lock);
                        if (del_timer(&conntrack->timeout))
                                conntrack->timeout.function((unsigned long)
@@ -925,6 +925,7 @@ static int tcp_packet(struct nf_conn *conntrack,
      in_window:
        /* From now on we have got in-window packets */
        conntrack->proto.tcp.last_index = index;
+       conntrack->proto.tcp.last_dir = dir;
 
        pr_debug("tcp_conntracks: ");
        NF_CT_DUMP_TUPLE(tuple);
@@ -1162,7 +1163,6 @@ static unsigned int tcp_sysctl_table_users;
 static struct ctl_table_header *tcp_sysctl_header;
 static struct ctl_table tcp_sysctl_table[] = {
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
                .procname       = "nf_conntrack_tcp_timeout_syn_sent",
                .data           = &nf_ct_tcp_timeout_syn_sent,
                .maxlen         = sizeof(unsigned int),
@@ -1170,7 +1170,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
                .procname       = "nf_conntrack_tcp_timeout_syn_recv",
                .data           = &nf_ct_tcp_timeout_syn_recv,
                .maxlen         = sizeof(unsigned int),
@@ -1178,7 +1177,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
                .procname       = "nf_conntrack_tcp_timeout_established",
                .data           = &nf_ct_tcp_timeout_established,
                .maxlen         = sizeof(unsigned int),
@@ -1186,7 +1184,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
                .procname       = "nf_conntrack_tcp_timeout_fin_wait",
                .data           = &nf_ct_tcp_timeout_fin_wait,
                .maxlen         = sizeof(unsigned int),
@@ -1194,7 +1191,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
                .procname       = "nf_conntrack_tcp_timeout_close_wait",
                .data           = &nf_ct_tcp_timeout_close_wait,
                .maxlen         = sizeof(unsigned int),
@@ -1202,7 +1198,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
                .procname       = "nf_conntrack_tcp_timeout_last_ack",
                .data           = &nf_ct_tcp_timeout_last_ack,
                .maxlen         = sizeof(unsigned int),
@@ -1210,7 +1205,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
                .procname       = "nf_conntrack_tcp_timeout_time_wait",
                .data           = &nf_ct_tcp_timeout_time_wait,
                .maxlen         = sizeof(unsigned int),
@@ -1218,7 +1212,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
                .procname       = "nf_conntrack_tcp_timeout_close",
                .data           = &nf_ct_tcp_timeout_close,
                .maxlen         = sizeof(unsigned int),
@@ -1226,7 +1219,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
                .procname       = "nf_conntrack_tcp_timeout_max_retrans",
                .data           = &nf_ct_tcp_timeout_max_retrans,
                .maxlen         = sizeof(unsigned int),
@@ -1265,7 +1257,6 @@ static struct ctl_table tcp_sysctl_table[] = {
 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
 static struct ctl_table tcp_compat_sysctl_table[] = {
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
                .procname       = "ip_conntrack_tcp_timeout_syn_sent",
                .data           = &nf_ct_tcp_timeout_syn_sent,
                .maxlen         = sizeof(unsigned int),
@@ -1273,7 +1264,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
                .procname       = "ip_conntrack_tcp_timeout_syn_recv",
                .data           = &nf_ct_tcp_timeout_syn_recv,
                .maxlen         = sizeof(unsigned int),
@@ -1281,7 +1271,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
                .procname       = "ip_conntrack_tcp_timeout_established",
                .data           = &nf_ct_tcp_timeout_established,
                .maxlen         = sizeof(unsigned int),
@@ -1289,7 +1278,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
                .procname       = "ip_conntrack_tcp_timeout_fin_wait",
                .data           = &nf_ct_tcp_timeout_fin_wait,
                .maxlen         = sizeof(unsigned int),
@@ -1297,7 +1285,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
                .procname       = "ip_conntrack_tcp_timeout_close_wait",
                .data           = &nf_ct_tcp_timeout_close_wait,
                .maxlen         = sizeof(unsigned int),
@@ -1305,7 +1292,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
                .procname       = "ip_conntrack_tcp_timeout_last_ack",
                .data           = &nf_ct_tcp_timeout_last_ack,
                .maxlen         = sizeof(unsigned int),
@@ -1313,7 +1299,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
                .procname       = "ip_conntrack_tcp_timeout_time_wait",
                .data           = &nf_ct_tcp_timeout_time_wait,
                .maxlen         = sizeof(unsigned int),
@@ -1321,7 +1306,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
                .procname       = "ip_conntrack_tcp_timeout_close",
                .data           = &nf_ct_tcp_timeout_close,
                .maxlen         = sizeof(unsigned int),
@@ -1329,7 +1313,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
                .procname       = "ip_conntrack_tcp_timeout_max_retrans",
                .data           = &nf_ct_tcp_timeout_max_retrans,
                .maxlen         = sizeof(unsigned int),
Linux kernel - Deliverables
This page took 0.042279 seconds and 5 git commands to generate.