Merge git://git.linux-nfs.org/pub/linux/nfs-2.6

[linux-2.6] / net / netfilter / nf_conntrack_proto_tcp.c

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index a127ab32881efc68e397b929ee14595c9c11adc4..7a3f64c1aca6f346581c0ef0bc54427f2fb75d14 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -834,10 +834,12 @@ static int tcp_packet(struct nf_conn *conntrack,
        case TCP_CONNTRACK_SYN_SENT:
                if (old_state < TCP_CONNTRACK_TIME_WAIT)
                        break;
-               if (conntrack->proto.tcp.seen[!dir].flags &
-                       IP_CT_TCP_FLAG_CLOSE_INIT) {
-                       /* Attempt to reopen a closed connection.
-                       * Delete this connection and look up again. */
+               if ((conntrack->proto.tcp.seen[!dir].flags &
+                       IP_CT_TCP_FLAG_CLOSE_INIT)
+                   || (conntrack->proto.tcp.last_dir == dir
+                       && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
+                       /* Attempt to reopen a closed/aborted connection.
+                        * Delete this connection and look up again. */
                        write_unlock_bh(&tcp_lock);
                        if (del_timer(&conntrack->timeout))
                                conntrack->timeout.function((unsigned long)
@@ -925,6 +927,7 @@ static int tcp_packet(struct nf_conn *conntrack,
      in_window:
        /* From now on we have got in-window packets */
        conntrack->proto.tcp.last_index = index;
+       conntrack->proto.tcp.last_dir = dir;
 
        pr_debug("tcp_conntracks: ");
        NF_CT_DUMP_TUPLE(tuple);