Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
66e57dd8
Commit
66e57dd8
authored
Dec 13, 2004
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge nuts.davemloft.net:/disk1/BK/network-2.6
into nuts.davemloft.net:/disk1/BK/net-2.6
parents
37658b57
8774514c
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
20 additions
and
15 deletions
+20
-15
include/linux/netfilter_ipv4/ip_conntrack_tcp.h
include/linux/netfilter_ipv4/ip_conntrack_tcp.h
+1
-1
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+19
-14
No files found.
include/linux/netfilter_ipv4/ip_conntrack_tcp.h
View file @
66e57dd8
...
@@ -18,7 +18,7 @@ enum tcp_conntrack {
...
@@ -18,7 +18,7 @@ enum tcp_conntrack {
};
};
/* Window scaling is advertised by the sender */
/* Window scaling is advertised by the sender */
#define IP_CT_TCP_
STATE_FLAG_WINDOW_SCALE
0x01
#define IP_CT_TCP_
FLAG_WINDOW_SCALE
0x01
/* SACK is permitted by the sender */
/* SACK is permitted by the sender */
#define IP_CT_TCP_FLAG_SACK_PERM 0x02
#define IP_CT_TCP_FLAG_SACK_PERM 0x02
...
...
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
View file @
66e57dd8
...
@@ -273,9 +273,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
...
@@ -273,9 +273,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL
* sCL -> sCL
*/
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/
{
sIV
,
sI
V
,
sIV
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*ack*/
{
sIV
,
sI
G
,
sIV
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*
/*
* sSS -> sI
V ACK is invalid: we haven't seen a SYN/ACK yet
.
* sSS -> sI
G Might be a half-open connection
.
* sSR -> sIV Simultaneous open.
* sSR -> sIV Simultaneous open.
* sES -> sES :-)
* sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK.
* sFW -> sCW Normal close request answered by ACK.
...
@@ -436,7 +436,7 @@ static void tcp_options(const struct sk_buff *skb,
...
@@ -436,7 +436,7 @@ static void tcp_options(const struct sk_buff *skb,
state
->
td_scale
=
14
;
state
->
td_scale
=
14
;
}
}
state
->
flags
|=
state
->
flags
|=
IP_CT_TCP_
STATE_
FLAG_WINDOW_SCALE
;
IP_CT_TCP_FLAG_WINDOW_SCALE
;
}
}
ptr
+=
opsize
-
2
;
ptr
+=
opsize
-
2
;
length
-=
opsize
;
length
-=
opsize
;
...
@@ -552,8 +552,8 @@ static int tcp_in_window(struct ip_ct_tcp *state,
...
@@ -552,8 +552,8 @@ static int tcp_in_window(struct ip_ct_tcp *state,
* Both sides must send the Window Scale option
* Both sides must send the Window Scale option
* to enable window scaling in either direction.
* to enable window scaling in either direction.
*/
*/
if
(
!
(
sender
->
flags
&
IP_CT_TCP_
STATE_
FLAG_WINDOW_SCALE
if
(
!
(
sender
->
flags
&
IP_CT_TCP_FLAG_WINDOW_SCALE
&&
receiver
->
flags
&
IP_CT_TCP_
STATE_
FLAG_WINDOW_SCALE
))
&&
receiver
->
flags
&
IP_CT_TCP_FLAG_WINDOW_SCALE
))
sender
->
td_scale
=
sender
->
td_scale
=
receiver
->
td_scale
=
0
;
receiver
->
td_scale
=
0
;
}
else
{
}
else
{
...
@@ -566,8 +566,10 @@ static int tcp_in_window(struct ip_ct_tcp *state,
...
@@ -566,8 +566,10 @@ static int tcp_in_window(struct ip_ct_tcp *state,
sender
->
td_maxwin
=
(
win
==
0
?
1
:
win
);
sender
->
td_maxwin
=
(
win
==
0
?
1
:
win
);
sender
->
td_maxend
=
end
+
sender
->
td_maxwin
;
sender
->
td_maxend
=
end
+
sender
->
td_maxwin
;
}
}
}
else
if
(
state
->
state
==
TCP_CONNTRACK_SYN_SENT
}
else
if
(((
state
->
state
==
TCP_CONNTRACK_SYN_SENT
&&
dir
==
IP_CT_DIR_ORIGINAL
&&
dir
==
IP_CT_DIR_ORIGINAL
)
||
(
state
->
state
==
TCP_CONNTRACK_SYN_RECV
&&
dir
==
IP_CT_DIR_REPLY
))
&&
after
(
end
,
sender
->
td_end
))
{
&&
after
(
end
,
sender
->
td_end
))
{
/*
/*
* RFC 793: "if a TCP is reinitialized ... then it need
* RFC 793: "if a TCP is reinitialized ... then it need
...
@@ -685,7 +687,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
...
@@ -685,7 +687,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
"ip_ct_tcp: %s "
,
"ip_ct_tcp: %s "
,
before
(
end
,
sender
->
td_maxend
+
1
)
?
before
(
end
,
sender
->
td_maxend
+
1
)
?
after
(
seq
,
sender
->
td_end
-
receiver
->
td_maxwin
-
1
)
?
after
(
seq
,
sender
->
td_end
-
receiver
->
td_maxwin
-
1
)
?
before
(
ack
,
receiver
->
td_end
+
1
)
?
before
(
s
ack
,
receiver
->
td_end
+
1
)
?
after
(
ack
,
receiver
->
td_end
-
MAXACKWINDOW
(
sender
))
?
"BUG"
after
(
ack
,
receiver
->
td_end
-
MAXACKWINDOW
(
sender
))
?
"BUG"
:
"ACK is under the lower bound (possibly overly delayed ACK)"
:
"ACK is under the lower bound (possibly overly delayed ACK)"
:
"ACK is over the upper bound (ACKed data has never seen yet)"
:
"ACK is over the upper bound (ACKed data has never seen yet)"
...
@@ -846,7 +848,9 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -846,7 +848,9 @@ static int tcp_packet(struct ip_conntrack *conntrack,
switch
(
new_state
)
{
switch
(
new_state
)
{
case
TCP_CONNTRACK_IGNORE
:
case
TCP_CONNTRACK_IGNORE
:
/* Either SYN in ORIGINAL, or SYN/ACK in REPLY direction. */
/* Either SYN in ORIGINAL
* or SYN/ACK in REPLY
* or ACK in REPLY direction (half-open connection). */
if
(
index
==
TCP_SYNACK_SET
if
(
index
==
TCP_SYNACK_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
...
@@ -875,7 +879,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -875,7 +879,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
WRITE_UNLOCK
(
&
tcp_lock
);
WRITE_UNLOCK
(
&
tcp_lock
);
if
(
LOG_INVALID
(
IPPROTO_TCP
))
if
(
LOG_INVALID
(
IPPROTO_TCP
))
nf_log_packet
(
PF_INET
,
0
,
skb
,
NULL
,
NULL
,
nf_log_packet
(
PF_INET
,
0
,
skb
,
NULL
,
NULL
,
"ip_ct_tcp: invalid
SYN (ignored)
"
);
"ip_ct_tcp: invalid
packet ignored
"
);
return
NF_ACCEPT
;
return
NF_ACCEPT
;
case
TCP_CONNTRACK_MAX
:
case
TCP_CONNTRACK_MAX
:
/* Invalid packet */
/* Invalid packet */
...
@@ -900,11 +904,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -900,11 +904,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
break
;
break
;
case
TCP_CONNTRACK_CLOSE
:
case
TCP_CONNTRACK_CLOSE
:
if
(
index
==
TCP_RST_SET
if
(
index
==
TCP_RST_SET
&&
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
<=
TCP_SYNACK_SET
&&
conntrack
->
proto
.
tcp
.
last_index
<=
TCP_SYNACK_SET
)
||
conntrack
->
proto
.
tcp
.
last_index
==
TCP_ACK_SET
)
&&
after
(
ntohl
(
th
->
ack_seq
),
&&
after
(
ntohl
(
th
->
ack_seq
),
conntrack
->
proto
.
tcp
.
last_seq
))
{
conntrack
->
proto
.
tcp
.
last_seq
))
{
/* Ignore RST closing down invalid SYN
/* Ignore RST closing down invalid SYN
or ACK
we had let trough. */
we had let trough. */
WRITE_UNLOCK
(
&
tcp_lock
);
WRITE_UNLOCK
(
&
tcp_lock
);
if
(
LOG_INVALID
(
IPPROTO_TCP
))
if
(
LOG_INVALID
(
IPPROTO_TCP
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment