Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

[linux-2.6] / net / netfilter / nf_conntrack_proto_tcp.c
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c

index c7075345971b000d6396fd07b4c710fcefc22227..7a3f64c1aca6f346581c0ef0bc54427f2fb75d14 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -834,10 +834,12 @@ static int tcp_packet(struct nf_conn *conntrack,
         case TCP_CONNTRACK_SYN_SENT:
                 if (old_state < TCP_CONNTRACK_TIME_WAIT)
                         break;
-               if (conntrack->proto.tcp.seen[!dir].flags &
-                       IP_CT_TCP_FLAG_CLOSE_INIT) {
-                       /* Attempt to reopen a closed connection.
-                       * Delete this connection and look up again. */
+               if ((conntrack->proto.tcp.seen[!dir].flags &
+                       IP_CT_TCP_FLAG_CLOSE_INIT)
+                   || (conntrack->proto.tcp.last_dir == dir
+                       && conntrack->proto.tcp.last_index == TCP_RST_SET)) {
+                       /* Attempt to reopen a closed/aborted connection.
+                        * Delete this connection and look up again. */
                         write_unlock_bh(&tcp_lock);
                         if (del_timer(&conntrack->timeout))
                                 conntrack->timeout.function((unsigned long)
@@ -925,6 +927,7 @@ static int tcp_packet(struct nf_conn *conntrack,
       in_window:
         /* From now on we have got in-window packets */
         conntrack->proto.tcp.last_index = index;
+       conntrack->proto.tcp.last_dir = dir;
  
         pr_debug("tcp_conntracks: ");
         NF_CT_DUMP_TUPLE(tuple);
@@ -1162,7 +1165,6 @@ static unsigned int tcp_sysctl_table_users;
  static struct ctl_table_header *tcp_sysctl_header;
  static struct ctl_table tcp_sysctl_table[] = {
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
                 .procname       = "nf_conntrack_tcp_timeout_syn_sent",
                 .data           = &nf_ct_tcp_timeout_syn_sent,
                 .maxlen         = sizeof(unsigned int),
@@ -1170,7 +1172,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
                 .procname       = "nf_conntrack_tcp_timeout_syn_recv",
                 .data           = &nf_ct_tcp_timeout_syn_recv,
                 .maxlen         = sizeof(unsigned int),
@@ -1178,7 +1179,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
                 .procname       = "nf_conntrack_tcp_timeout_established",
                 .data           = &nf_ct_tcp_timeout_established,
                 .maxlen         = sizeof(unsigned int),
@@ -1186,7 +1186,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
                 .procname       = "nf_conntrack_tcp_timeout_fin_wait",
                 .data           = &nf_ct_tcp_timeout_fin_wait,
                 .maxlen         = sizeof(unsigned int),
@@ -1194,7 +1193,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
                 .procname       = "nf_conntrack_tcp_timeout_close_wait",
                 .data           = &nf_ct_tcp_timeout_close_wait,
                 .maxlen         = sizeof(unsigned int),
@@ -1202,7 +1200,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
                 .procname       = "nf_conntrack_tcp_timeout_last_ack",
                 .data           = &nf_ct_tcp_timeout_last_ack,
                 .maxlen         = sizeof(unsigned int),
@@ -1210,7 +1207,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
                 .procname       = "nf_conntrack_tcp_timeout_time_wait",
                 .data           = &nf_ct_tcp_timeout_time_wait,
                 .maxlen         = sizeof(unsigned int),
@@ -1218,7 +1214,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
                 .procname       = "nf_conntrack_tcp_timeout_close",
                 .data           = &nf_ct_tcp_timeout_close,
                 .maxlen         = sizeof(unsigned int),
@@ -1226,7 +1221,6 @@ static struct ctl_table tcp_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
                 .procname       = "nf_conntrack_tcp_timeout_max_retrans",
                 .data           = &nf_ct_tcp_timeout_max_retrans,
                 .maxlen         = sizeof(unsigned int),
@@ -1265,7 +1259,6 @@ static struct ctl_table tcp_sysctl_table[] = {
  #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
  static struct ctl_table tcp_compat_sysctl_table[] = {
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
                 .procname       = "ip_conntrack_tcp_timeout_syn_sent",
                 .data           = &nf_ct_tcp_timeout_syn_sent,
                 .maxlen         = sizeof(unsigned int),
@@ -1273,7 +1266,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
                 .procname       = "ip_conntrack_tcp_timeout_syn_recv",
                 .data           = &nf_ct_tcp_timeout_syn_recv,
                 .maxlen         = sizeof(unsigned int),
@@ -1281,7 +1273,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
                 .procname       = "ip_conntrack_tcp_timeout_established",
                 .data           = &nf_ct_tcp_timeout_established,
                 .maxlen         = sizeof(unsigned int),
@@ -1289,7 +1280,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
                 .procname       = "ip_conntrack_tcp_timeout_fin_wait",
                 .data           = &nf_ct_tcp_timeout_fin_wait,
                 .maxlen         = sizeof(unsigned int),
@@ -1297,7 +1287,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
                 .procname       = "ip_conntrack_tcp_timeout_close_wait",
                 .data           = &nf_ct_tcp_timeout_close_wait,
                 .maxlen         = sizeof(unsigned int),
@@ -1305,7 +1294,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
                 .procname       = "ip_conntrack_tcp_timeout_last_ack",
                 .data           = &nf_ct_tcp_timeout_last_ack,
                 .maxlen         = sizeof(unsigned int),
@@ -1313,7 +1301,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
                 .procname       = "ip_conntrack_tcp_timeout_time_wait",
                 .data           = &nf_ct_tcp_timeout_time_wait,
                 .maxlen         = sizeof(unsigned int),
@@ -1321,7 +1308,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
                 .procname       = "ip_conntrack_tcp_timeout_close",
                 .data           = &nf_ct_tcp_timeout_close,
                 .maxlen         = sizeof(unsigned int),
@@ -1329,7 +1315,6 @@ static struct ctl_table tcp_compat_sysctl_table[] = {
                 .proc_handler   = &proc_dointvec_jiffies,
         },
         {
-               .ctl_name       = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
                 .procname       = "ip_conntrack_tcp_timeout_max_retrans",
                 .data           = &nf_ct_tcp_timeout_max_retrans,
                 .maxlen         = sizeof(unsigned int),