Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
deda4987
Commit
deda4987
authored
Dec 01, 2005
by
Linus Torvalds
Browse files
Options
Browse Files
Download
Plain Diff
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
parents
ca98f825
ea86575e
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
47 additions
and
20 deletions
+47
-20
net/ipv4/fib_frontend.c
net/ipv4/fib_frontend.c
+6
-2
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+20
-9
net/ipv4/netfilter/ipt_recent.c
net/ipv4/netfilter/ipt_recent.c
+1
-0
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_tcp.c
+20
-9
No files found.
net/ipv4/fib_frontend.c
View file @
deda4987
...
@@ -544,12 +544,16 @@ static void nl_fib_input(struct sock *sk, int len)
...
@@ -544,12 +544,16 @@ static void nl_fib_input(struct sock *sk, int len)
struct
sk_buff
*
skb
=
NULL
;
struct
sk_buff
*
skb
=
NULL
;
struct
nlmsghdr
*
nlh
=
NULL
;
struct
nlmsghdr
*
nlh
=
NULL
;
struct
fib_result_nl
*
frn
;
struct
fib_result_nl
*
frn
;
int
err
;
u32
pid
;
u32
pid
;
struct
fib_table
*
tb
;
struct
fib_table
*
tb
;
skb
=
skb_
recv_datagram
(
sk
,
0
,
0
,
&
err
);
skb
=
skb_
dequeue
(
&
sk
->
sk_receive_queue
);
nlh
=
(
struct
nlmsghdr
*
)
skb
->
data
;
nlh
=
(
struct
nlmsghdr
*
)
skb
->
data
;
if
(
skb
->
len
<
NLMSG_SPACE
(
0
)
||
skb
->
len
<
nlh
->
nlmsg_len
||
nlh
->
nlmsg_len
<
NLMSG_LENGTH
(
sizeof
(
*
frn
)))
{
kfree_skb
(
skb
);
return
;
}
frn
=
(
struct
fib_result_nl
*
)
NLMSG_DATA
(
nlh
);
frn
=
(
struct
fib_result_nl
*
)
NLMSG_DATA
(
nlh
);
tb
=
fib_get_table
(
frn
->
tb_id_in
);
tb
=
fib_get_table
(
frn
->
tb_id_in
);
...
...
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
View file @
deda4987
...
@@ -272,9 +272,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
...
@@ -272,9 +272,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL
* sCL -> sCL
*/
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/
{
sIV
,
sI
V
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*ack*/
{
sIV
,
sI
G
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*
/*
* sSS -> sI
V
Might be a half-open connection.
* sSS -> sI
G
Might be a half-open connection.
* sSR -> sSR Might answer late resent SYN.
* sSR -> sSR Might answer late resent SYN.
* sES -> sES :-)
* sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK.
* sFW -> sCW Normal close request answered by ACK.
...
@@ -917,8 +917,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -917,8 +917,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
switch
(
new_state
)
{
switch
(
new_state
)
{
case
TCP_CONNTRACK_IGNORE
:
case
TCP_CONNTRACK_IGNORE
:
/* Either SYN in ORIGINAL
/* Ignored packets:
* or SYN/ACK in REPLY. */
*
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
*/
if
(
index
==
TCP_SYNACK_SET
if
(
index
==
TCP_SYNACK_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
...
@@ -985,13 +989,20 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -985,13 +989,20 @@ static int tcp_packet(struct ip_conntrack *conntrack,
}
}
case
TCP_CONNTRACK_CLOSE
:
case
TCP_CONNTRACK_CLOSE
:
if
(
index
==
TCP_RST_SET
if
(
index
==
TCP_RST_SET
&&
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
)
||
(
!
test_bit
(
IPS_ASSURED_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_ACK_SET
))
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
/* RST sent to invalid SYN we had let trough
/* RST sent to invalid SYN or ACK we had let trough
* SYN was in window then, tear down connection.
* at a) and c) above:
*
* a) SYN was in window then
* c) we hold a half-open connection.
*
* Delete our connection entry.
* We skip window checking, because packet might ACK
* We skip window checking, because packet might ACK
* segments we ignored
in the SYN
. */
* segments we ignored. */
goto
in_window
;
goto
in_window
;
}
}
/* Just fall trough */
/* Just fall trough */
...
...
net/ipv4/netfilter/ipt_recent.c
View file @
deda4987
...
@@ -532,6 +532,7 @@ match(const struct sk_buff *skb,
...
@@ -532,6 +532,7 @@ match(const struct sk_buff *skb,
}
}
if
(
info
->
seconds
&&
info
->
hit_count
)
{
if
(
info
->
seconds
&&
info
->
hit_count
)
{
for
(
pkt_count
=
0
,
hits_found
=
0
;
pkt_count
<
ip_pkt_list_tot
;
pkt_count
++
)
{
for
(
pkt_count
=
0
,
hits_found
=
0
;
pkt_count
<
ip_pkt_list_tot
;
pkt_count
++
)
{
if
(
r_list
[
location
].
last_pkts
[
pkt_count
]
==
0
)
break
;
if
(
time_before_eq
(
now
,
r_list
[
location
].
last_pkts
[
pkt_count
]
+
info
->
seconds
*
HZ
))
hits_found
++
;
if
(
time_before_eq
(
now
,
r_list
[
location
].
last_pkts
[
pkt_count
]
+
info
->
seconds
*
HZ
))
hits_found
++
;
}
}
if
(
hits_found
>=
info
->
hit_count
)
ans
=
!
info
->
invert
;
else
ans
=
info
->
invert
;
if
(
hits_found
>=
info
->
hit_count
)
ans
=
!
info
->
invert
;
else
ans
=
info
->
invert
;
...
...
net/netfilter/nf_conntrack_proto_tcp.c
View file @
deda4987
...
@@ -280,9 +280,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
...
@@ -280,9 +280,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL
* sCL -> sCL
*/
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/
{
sIV
,
sI
V
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*ack*/
{
sIV
,
sI
G
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*
/*
* sSS -> sI
V
Might be a half-open connection.
* sSS -> sI
G
Might be a half-open connection.
* sSR -> sSR Might answer late resent SYN.
* sSR -> sSR Might answer late resent SYN.
* sES -> sES :-)
* sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK.
* sFW -> sCW Normal close request answered by ACK.
...
@@ -912,8 +912,12 @@ static int tcp_packet(struct nf_conn *conntrack,
...
@@ -912,8 +912,12 @@ static int tcp_packet(struct nf_conn *conntrack,
switch
(
new_state
)
{
switch
(
new_state
)
{
case
TCP_CONNTRACK_IGNORE
:
case
TCP_CONNTRACK_IGNORE
:
/* Either SYN in ORIGINAL
/* Ignored packets:
* or SYN/ACK in REPLY. */
*
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
*/
if
(
index
==
TCP_SYNACK_SET
if
(
index
==
TCP_SYNACK_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
...
@@ -979,13 +983,20 @@ static int tcp_packet(struct nf_conn *conntrack,
...
@@ -979,13 +983,20 @@ static int tcp_packet(struct nf_conn *conntrack,
}
}
case
TCP_CONNTRACK_CLOSE
:
case
TCP_CONNTRACK_CLOSE
:
if
(
index
==
TCP_RST_SET
if
(
index
==
TCP_RST_SET
&&
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
)
||
(
!
test_bit
(
IPS_ASSURED_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_ACK_SET
))
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
/* RST sent to invalid SYN we had let trough
/* RST sent to invalid SYN or ACK we had let trough
* SYN was in window then, tear down connection.
* at a) and c) above:
*
* a) SYN was in window then
* c) we hold a half-open connection.
*
* Delete our connection entry.
* We skip window checking, because packet might ACK
* We skip window checking, because packet might ACK
* segments we ignored
in the SYN
. */
* segments we ignored. */
goto
in_window
;
goto
in_window
;
}
}
/* Just fall trough */
/* Just fall trough */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment