[NETFILTER] nf_conntrack: Add missing code to TCP conntrack module
Looks like the nf_conntrack TCP code was slightly mismerged: it does
not contain an else branch present in the IPv4 version. Let's add that
code and make the testsuite happy.
Signed-off-by: KOVACS Krisztian <[EMAIL PROTECTED]>
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit 705179b0bc86f02354bd09f0b7c4b20f8d3bfbdf
tree 4c08333aa0ca4baec606e3d50d3e4b1c7ca3745c
parent 78496d0ef63df77e59096a9cbdfa264e9ddc75d9
author KOVACS Krisztian <[EMAIL PROTECTED]> Sat, 12 Nov 2005 13:11:58 +0100
committer Harald Welte <[EMAIL PROTECTED]> Sat, 12 Nov 2005 13:11:58 +0100
net/netfilter/nf_conntrack_proto_tcp.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c
b/net/netfilter/nf_conntrack_proto_tcp.c
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -970,6 +970,12 @@ static int tcp_packet(struct nf_conn *co
conntrack->timeout.function((unsigned long)
conntrack);
return -NF_REPEAT;
+ } else {
+ write_unlock_bh(&tcp_lock);
+ if (LOG_INVALID(IPPROTO_TCP))
+ nf_log_packet(pf, 0, skb, NULL, NULL,
+ NULL, "nf_ct_tcp: invalid SYN");
+ return -NF_ACCEPT;
}
case TCP_CONNTRACK_CLOSE:
if (index == TCP_RST_SET
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
