Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bc34b841 authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik Committed by David S. Miller
Browse files

[NETFILTER]: nf_conntrack_tcp: fix connection reopening fix 



If one side aborts an established connection, the entry still lingers
for 10s in conntrack for the late packets. Allow to open up the
connection again for the party which sent the RST packet.

Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tested-by: default avatarKrzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 78c2e502

net/netfilter/nf_conntrack_proto_tcp.c

+7 −4
Original line number Diff line number Diff line
@@ -834,9 +834,11 @@ static int tcp_packet(struct nf_conn *conntrack, 
	case TCP_CONNTRACK_SYN_SENT:

		if (old_state < TCP_CONNTRACK_TIME_WAIT)

			break;

		if (conntrack->proto.tcp.seen[!dir].flags &

			IP_CT_TCP_FLAG_CLOSE_INIT) {

			/* Attempt to reopen a closed connection.

		if ((conntrack->proto.tcp.seen[!dir].flags &

			IP_CT_TCP_FLAG_CLOSE_INIT)

		    || (conntrack->proto.tcp.last_dir == dir

		        && conntrack->proto.tcp.last_index == TCP_RST_SET)) {

			/* Attempt to reopen a closed/aborted connection.

			 * Delete this connection and look up again. */

			write_unlock_bh(&tcp_lock);

			if (del_timer(&conntrack->timeout))
@@ -925,6 +927,7 @@ static int tcp_packet(struct nf_conn *conntrack, 
     in_window:

	/* From now on we have got in-window packets */

	conntrack->proto.tcp.last_index = index;

	conntrack->proto.tcp.last_dir = dir;



	pr_debug("tcp_conntracks: ");

	NF_CT_DUMP_TUPLE(tuple);