Skip to content

Commit

Permalink
[NETFILTER] nf_conntrack: Add missing code to TCP conntrack module
Browse files Browse the repository at this point in the history 
Looks like the nf_conntrack TCP code was slightly mismerged: it does
not contain an else branch present in the IPv4 version. Let's add that
code and make the testsuite happy.

Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
KOVACS Krisztian authored and David S. Miller committed Nov 14, 2005
1 parent 5655820 commit 3746a2b
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions net/netfilter/nf_conntrack_proto_tcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -970,6 +970,12 @@ static int tcp_packet(struct nf_conn *conntrack,
conntrack->timeout.function((unsigned long)
conntrack);
return -NF_REPEAT;
} else {
write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(pf, 0, skb, NULL, NULL,
NULL, "nf_ct_tcp: invalid SYN");
return -NF_ACCEPT;
}
case TCP_CONNTRACK_CLOSE:
if (index == TCP_RST_SET
Expand Down

0 comments on commit 3746a2b

Please sign in to comment.