From 4c0ebce0a3b07eaac5a5df746423c996be19e718 Mon Sep 17 00:00:00 2001
From: "David S. Miller" <davem@davemloft.net>
Date: Mon, 30 Jun 2008 13:18:53 -0700
Subject: [PATCH] --- yaml --- r: 98577 b: refs/heads/master c:
 2a64cc4b793f8a84969401afe5a28bd08bc20c9b h: refs/heads/master i:   98575:
 22bfe765ca97051191bbb43e202de69ada89b0cf v: v3

---
 [refs]                                       |  2 +-
 trunk/lib/ts_bm.c                            |  2 +-
 trunk/net/netfilter/nf_conntrack_proto_tcp.c | 13 +++++++------
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/[refs] b/[refs]
index 94247f495347..2da1db8b1879 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 23976efedd5ecb420b87455787c537eb4aed1981
+refs/heads/master: 2a64cc4b793f8a84969401afe5a28bd08bc20c9b
diff --git a/trunk/lib/ts_bm.c b/trunk/lib/ts_bm.c
index d90822c378a4..4a7fce72898e 100644
--- a/trunk/lib/ts_bm.c
+++ b/trunk/lib/ts_bm.c
@@ -63,7 +63,7 @@ static unsigned int bm_find(struct ts_config *conf, struct ts_state *state)
 	struct ts_bm *bm = ts_config_priv(conf);
 	unsigned int i, text_len, consumed = state->offset;
 	const u8 *text;
-	int shift = bm->patlen, bs;
+	int shift = bm->patlen - 1, bs;
 
 	for (;;) {
 		text_len = conf->get_next_block(consumed, &text, conf, state);
diff --git a/trunk/net/netfilter/nf_conntrack_proto_tcp.c b/trunk/net/netfilter/nf_conntrack_proto_tcp.c
index ba94004fe323..271cd01d57ae 100644
--- a/trunk/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/trunk/net/netfilter/nf_conntrack_proto_tcp.c
@@ -331,12 +331,13 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph)
 
    I.   Upper bound for valid data:	seq <= sender.td_maxend
    II.  Lower bound for valid data:	seq + len >= sender.td_end - receiver.td_maxwin
-   III.	Upper bound for valid ack:      sack <= receiver.td_end
-   IV.	Lower bound for valid ack:	ack >= receiver.td_end - MAXACKWINDOW
+   III.	Upper bound for valid (s)ack:   sack <= receiver.td_end
+   IV.	Lower bound for valid (s)ack:	sack >= receiver.td_end - MAXACKWINDOW
 
-   where sack is the highest right edge of sack block found in the packet.
+   where sack is the highest right edge of sack block found in the packet
+   or ack in the case of packet without SACK option.
 
-   The upper bound limit for a valid ack is not ignored -
+   The upper bound limit for a valid (s)ack is not ignored -
    we doesn't have to deal with fragments.
 */
 
@@ -606,12 +607,12 @@ static bool tcp_in_window(const struct nf_conn *ct,
 		 before(seq, sender->td_maxend + 1),
 		 after(end, sender->td_end - receiver->td_maxwin - 1),
 		 before(sack, receiver->td_end + 1),
-		 after(ack, receiver->td_end - MAXACKWINDOW(sender)));
+		 after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1));
 
 	if (before(seq, sender->td_maxend + 1) &&
 	    after(end, sender->td_end - receiver->td_maxwin - 1) &&
 	    before(sack, receiver->td_end + 1) &&
-	    after(ack, receiver->td_end - MAXACKWINDOW(sender))) {
+	    after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) {
 		/*
 		 * Take into account window scaling (RFC 1323).
 		 */