]> err.no Git - linux-2.6/commitdiff
[NETFILTER] nf_conntrack: Add missing code to TCP conntrack module
authorKOVACS Krisztian <hidden@balabit.hu>
Mon, 14 Nov 2005 23:23:01 +0000 (15:23 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 14 Nov 2005 23:23:01 +0000 (15:23 -0800)
Looks like the nf_conntrack TCP code was slightly mismerged: it does
not contain an else branch present in the IPv4 version. Let's add that
code and make the testsuite happy.

Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netfilter/nf_conntrack_proto_tcp.c

index 156680ddb042e2f9fff86b5e862b1aac48c93aed..5a6fcf349bdfacfadf38e990db70f5422023226a 100644 (file)
@@ -970,6 +970,12 @@ static int tcp_packet(struct nf_conn *conntrack,
                                conntrack->timeout.function((unsigned long)
                                                            conntrack);
                        return -NF_REPEAT;
+               } else {
+                       write_unlock_bh(&tcp_lock);
+                       if (LOG_INVALID(IPPROTO_TCP))
+                               nf_log_packet(pf, 0, skb, NULL, NULL,
+                                             NULL, "nf_ct_tcp: invalid SYN");
+                       return -NF_ACCEPT;
                }
        case TCP_CONNTRACK_CLOSE:
                if (index == TCP_RST_SET