Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3746a2b1 authored by KOVACS Krisztian's avatar KOVACS Krisztian Committed by David S. Miller
Browse files

[NETFILTER] nf_conntrack: Add missing code to TCP conntrack module 



Looks like the nf_conntrack TCP code was slightly mismerged: it does
not contain an else branch present in the IPv4 version. Let's add that
code and make the testsuite happy.

Signed-off-by: default avatarKOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 56558208

net/netfilter/nf_conntrack_proto_tcp.c

+6 −0
Original line number Diff line number Diff line
@@ -970,6 +970,12 @@ static int tcp_packet(struct nf_conn *conntrack, 
		    		conntrack->timeout.function((unsigned long)

		    					    conntrack);

		    	return -NF_REPEAT;

		} else {

			write_unlock_bh(&tcp_lock);

			if (LOG_INVALID(IPPROTO_TCP))

				nf_log_packet(pf, 0, skb, NULL, NULL,

					      NULL, "nf_ct_tcp: invalid SYN");

			return -NF_ACCEPT;

		}

	case TCP_CONNTRACK_CLOSE:

		if (index == TCP_RST_SET