From: KOVACS Krisztian Date: Mon, 14 Nov 2005 23:23:01 +0000 (-0800) Subject: [NETFILTER] nf_conntrack: Add missing code to TCP conntrack module X-Git-Tag: v2.6.15-rc2~103 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3746a2b1402e7933c7f1eabdce384b8454dc2ef7;p=linux-2.6 [NETFILTER] nf_conntrack: Add missing code to TCP conntrack module Looks like the nf_conntrack TCP code was slightly mismerged: it does not contain an else branch present in the IPv4 version. Let's add that code and make the testsuite happy. Signed-off-by: KOVACS Krisztian Signed-off-by: Harald Welte Signed-off-by: David S. Miller --- diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 156680ddb0..5a6fcf349b 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -970,6 +970,12 @@ static int tcp_packet(struct nf_conn *conntrack, conntrack->timeout.function((unsigned long) conntrack); return -NF_REPEAT; + } else { + write_unlock_bh(&tcp_lock); + if (LOG_INVALID(IPPROTO_TCP)) + nf_log_packet(pf, 0, skb, NULL, NULL, + NULL, "nf_ct_tcp: invalid SYN"); + return -NF_ACCEPT; } case TCP_CONNTRACK_CLOSE: if (index == TCP_RST_SET