Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
deda4987
Commit
deda4987
authored
Dec 01, 2005
by
Linus Torvalds
Browse files
Options
Browse Files
Download
Plain Diff
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
parents
ca98f825
ea86575e
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
47 additions
and
20 deletions
+47
-20
net/ipv4/fib_frontend.c
net/ipv4/fib_frontend.c
+6
-2
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+20
-9
net/ipv4/netfilter/ipt_recent.c
net/ipv4/netfilter/ipt_recent.c
+1
-0
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_tcp.c
+20
-9
No files found.
net/ipv4/fib_frontend.c
View file @
deda4987
...
@@ -544,12 +544,16 @@ static void nl_fib_input(struct sock *sk, int len)
...
@@ -544,12 +544,16 @@ static void nl_fib_input(struct sock *sk, int len)
struct
sk_buff
*
skb
=
NULL
;
struct
sk_buff
*
skb
=
NULL
;
struct
nlmsghdr
*
nlh
=
NULL
;
struct
nlmsghdr
*
nlh
=
NULL
;
struct
fib_result_nl
*
frn
;
struct
fib_result_nl
*
frn
;
int
err
;
u32
pid
;
u32
pid
;
struct
fib_table
*
tb
;
struct
fib_table
*
tb
;
skb
=
skb_
recv_datagram
(
sk
,
0
,
0
,
&
err
);
skb
=
skb_
dequeue
(
&
sk
->
sk_receive_queue
);
nlh
=
(
struct
nlmsghdr
*
)
skb
->
data
;
nlh
=
(
struct
nlmsghdr
*
)
skb
->
data
;
if
(
skb
->
len
<
NLMSG_SPACE
(
0
)
||
skb
->
len
<
nlh
->
nlmsg_len
||
nlh
->
nlmsg_len
<
NLMSG_LENGTH
(
sizeof
(
*
frn
)))
{
kfree_skb
(
skb
);
return
;
}
frn
=
(
struct
fib_result_nl
*
)
NLMSG_DATA
(
nlh
);
frn
=
(
struct
fib_result_nl
*
)
NLMSG_DATA
(
nlh
);
tb
=
fib_get_table
(
frn
->
tb_id_in
);
tb
=
fib_get_table
(
frn
->
tb_id_in
);
...
...
net/ipv4/netfilter/ip_conntrack_proto_tcp.c
View file @
deda4987
...
@@ -272,9 +272,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
...
@@ -272,9 +272,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL
* sCL -> sCL
*/
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/
{
sIV
,
sI
V
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*ack*/
{
sIV
,
sI
G
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*
/*
* sSS -> sI
V
Might be a half-open connection.
* sSS -> sI
G
Might be a half-open connection.
* sSR -> sSR Might answer late resent SYN.
* sSR -> sSR Might answer late resent SYN.
* sES -> sES :-)
* sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK.
* sFW -> sCW Normal close request answered by ACK.
...
@@ -917,8 +917,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -917,8 +917,12 @@ static int tcp_packet(struct ip_conntrack *conntrack,
switch
(
new_state
)
{
switch
(
new_state
)
{
case
TCP_CONNTRACK_IGNORE
:
case
TCP_CONNTRACK_IGNORE
:
/* Either SYN in ORIGINAL
/* Ignored packets:
* or SYN/ACK in REPLY. */
*
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
*/
if
(
index
==
TCP_SYNACK_SET
if
(
index
==
TCP_SYNACK_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
...
@@ -985,13 +989,20 @@ static int tcp_packet(struct ip_conntrack *conntrack,
...
@@ -985,13 +989,20 @@ static int tcp_packet(struct ip_conntrack *conntrack,
}
}
case
TCP_CONNTRACK_CLOSE
:
case
TCP_CONNTRACK_CLOSE
:
if
(
index
==
TCP_RST_SET
if
(
index
==
TCP_RST_SET
&&
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
)
||
(
!
test_bit
(
IPS_ASSURED_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_ACK_SET
))
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
/* RST sent to invalid SYN we had let trough
/* RST sent to invalid SYN or ACK we had let trough
* SYN was in window then, tear down connection.
* at a) and c) above:
*
* a) SYN was in window then
* c) we hold a half-open connection.
*
* Delete our connection entry.
* We skip window checking, because packet might ACK
* We skip window checking, because packet might ACK
* segments we ignored
in the SYN
. */
* segments we ignored. */
goto
in_window
;
goto
in_window
;
}
}
/* Just fall trough */
/* Just fall trough */
...
...
net/ipv4/netfilter/ipt_recent.c
View file @
deda4987
...
@@ -532,6 +532,7 @@ match(const struct sk_buff *skb,
...
@@ -532,6 +532,7 @@ match(const struct sk_buff *skb,
}
}
if
(
info
->
seconds
&&
info
->
hit_count
)
{
if
(
info
->
seconds
&&
info
->
hit_count
)
{
for
(
pkt_count
=
0
,
hits_found
=
0
;
pkt_count
<
ip_pkt_list_tot
;
pkt_count
++
)
{
for
(
pkt_count
=
0
,
hits_found
=
0
;
pkt_count
<
ip_pkt_list_tot
;
pkt_count
++
)
{
if
(
r_list
[
location
].
last_pkts
[
pkt_count
]
==
0
)
break
;
if
(
time_before_eq
(
now
,
r_list
[
location
].
last_pkts
[
pkt_count
]
+
info
->
seconds
*
HZ
))
hits_found
++
;
if
(
time_before_eq
(
now
,
r_list
[
location
].
last_pkts
[
pkt_count
]
+
info
->
seconds
*
HZ
))
hits_found
++
;
}
}
if
(
hits_found
>=
info
->
hit_count
)
ans
=
!
info
->
invert
;
else
ans
=
info
->
invert
;
if
(
hits_found
>=
info
->
hit_count
)
ans
=
!
info
->
invert
;
else
ans
=
info
->
invert
;
...
...
net/netfilter/nf_conntrack_proto_tcp.c
View file @
deda4987
...
@@ -280,9 +280,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
...
@@ -280,9 +280,9 @@ static enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
* sCL -> sCL
* sCL -> sCL
*/
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*ack*/
{
sIV
,
sI
V
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*ack*/
{
sIV
,
sI
G
,
sSR
,
sES
,
sCW
,
sCW
,
sTW
,
sTW
,
sCL
,
sIV
},
/*
/*
* sSS -> sI
V
Might be a half-open connection.
* sSS -> sI
G
Might be a half-open connection.
* sSR -> sSR Might answer late resent SYN.
* sSR -> sSR Might answer late resent SYN.
* sES -> sES :-)
* sES -> sES :-)
* sFW -> sCW Normal close request answered by ACK.
* sFW -> sCW Normal close request answered by ACK.
...
@@ -912,8 +912,12 @@ static int tcp_packet(struct nf_conn *conntrack,
...
@@ -912,8 +912,12 @@ static int tcp_packet(struct nf_conn *conntrack,
switch
(
new_state
)
{
switch
(
new_state
)
{
case
TCP_CONNTRACK_IGNORE
:
case
TCP_CONNTRACK_IGNORE
:
/* Either SYN in ORIGINAL
/* Ignored packets:
* or SYN/ACK in REPLY. */
*
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
*/
if
(
index
==
TCP_SYNACK_SET
if
(
index
==
TCP_SYNACK_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
&&
conntrack
->
proto
.
tcp
.
last_dir
!=
dir
...
@@ -979,13 +983,20 @@ static int tcp_packet(struct nf_conn *conntrack,
...
@@ -979,13 +983,20 @@ static int tcp_packet(struct nf_conn *conntrack,
}
}
case
TCP_CONNTRACK_CLOSE
:
case
TCP_CONNTRACK_CLOSE
:
if
(
index
==
TCP_RST_SET
if
(
index
==
TCP_RST_SET
&&
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
)
||
(
!
test_bit
(
IPS_ASSURED_BIT
,
&
conntrack
->
status
)
&&
conntrack
->
proto
.
tcp
.
last_index
==
TCP_ACK_SET
))
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
&&
ntohl
(
th
->
ack_seq
)
==
conntrack
->
proto
.
tcp
.
last_end
)
{
/* RST sent to invalid SYN we had let trough
/* RST sent to invalid SYN or ACK we had let trough
* SYN was in window then, tear down connection.
* at a) and c) above:
*
* a) SYN was in window then
* c) we hold a half-open connection.
*
* Delete our connection entry.
* We skip window checking, because packet might ACK
* We skip window checking, because packet might ACK
* segments we ignored
in the SYN
. */
* segments we ignored. */
goto
in_window
;
goto
in_window
;
}
}
/* Just fall trough */
/* Just fall trough */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment