]> err.no Git - linux-2.6/blobdiff - net/netfilter/nf_conntrack_proto_tcp.c
projects / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branches 'x86/mmio', 'x86/delay', 'x86/idle', 'x86/oprofile', 'x86/debug',...
[linux-2.6] / net / netfilter / nf_conntrack_proto_tcp.c
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 73a8b32db7be4d4ff057410e98efcfecd82705ae..271cd01d57aed49192d94dc7a98a066d884a9a7b 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -331,12 +331,13 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph)
 
    I.   Upper bound for valid data:    seq <= sender.td_maxend
    II.  Lower bound for valid data:    seq + len >= sender.td_end - receiver.td_maxwin
-   III.        Upper bound for valid ack:      sack <= receiver.td_end
-   IV. Lower bound for valid ack:      ack >= receiver.td_end - MAXACKWINDOW
+   III.        Upper bound for valid (s)ack:   sack <= receiver.td_end
+   IV. Lower bound for valid (s)ack:   sack >= receiver.td_end - MAXACKWINDOW
 
-   where sack is the highest right edge of sack block found in the packet.
+   where sack is the highest right edge of sack block found in the packet
+   or ack in the case of packet without SACK option.
 
-   The upper bound limit for a valid ack is not ignored -
+   The upper bound limit for a valid (s)ack is not ignored -
    we doesn't have to deal with fragments.
 */
 
@@ -505,7 +506,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
 
        pr_debug("tcp_in_window: START\n");
        pr_debug("tcp_in_window: ");
-       NF_CT_DUMP_TUPLE(tuple);
+       nf_ct_dump_tuple(tuple);
        pr_debug("seq=%u ack=%u sack=%u win=%u end=%u\n",
                 seq, ack, sack, win, end);
        pr_debug("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i "
@@ -592,7 +593,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
                seq = end = sender->td_end;
 
        pr_debug("tcp_in_window: ");
-       NF_CT_DUMP_TUPLE(tuple);
+       nf_ct_dump_tuple(tuple);
        pr_debug("seq=%u ack=%u sack =%u win=%u end=%u\n",
                 seq, ack, sack, win, end);
        pr_debug("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i "
@@ -606,12 +607,12 @@ static bool tcp_in_window(const struct nf_conn *ct,
                 before(seq, sender->td_maxend + 1),
                 after(end, sender->td_end - receiver->td_maxwin - 1),
                 before(sack, receiver->td_end + 1),
-                after(ack, receiver->td_end - MAXACKWINDOW(sender)));
+                after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1));
 
        if (before(seq, sender->td_maxend + 1) &&
            after(end, sender->td_end - receiver->td_maxwin - 1) &&
            before(sack, receiver->td_end + 1) &&
-           after(ack, receiver->td_end - MAXACKWINDOW(sender))) {
+           after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) {
                /*
                 * Take into account window scaling (RFC 1323).
                 */
@@ -936,7 +937,7 @@ static int tcp_packet(struct nf_conn *ct,
        ct->proto.tcp.last_dir = dir;
 
        pr_debug("tcp_conntracks: ");
-       NF_CT_DUMP_TUPLE(tuple);
+       nf_ct_dump_tuple(tuple);
        pr_debug("syn=%i ack=%i fin=%i rst=%i old=%i new=%i\n",
                 (th->syn ? 1 : 0), (th->ack ? 1 : 0),
                 (th->fin ? 1 : 0), (th->rst ? 1 : 0),
Linux 2.6 source tree