-stable review patch. If anyone has any objections, please let us know.
------------------
From: Patrick McHardy <[EMAIL PROTECTED]>
[NETFILTER]: tcp conntrack: accept SYN|URG as valid
Some stacks apparently send packets with SYN|URG set. Linux accepts
these packets, so TCP conntrack should to.
Pointed out by Martijn Posthuma <[EMAIL PROTECTED]>.
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 4 +++-
net/netfilter/nf_conntrack_proto_tcp.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -821,8 +821,10 @@ void ip_conntrack_tcp_update(struct sk_b
static const u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) +
1] =
{
[TH_SYN] = 1,
- [TH_SYN|TH_ACK] = 1,
[TH_SYN|TH_PUSH] = 1,
+ [TH_SYN|TH_URG] = 1,
+ [TH_SYN|TH_PUSH|TH_URG] = 1,
+ [TH_SYN|TH_ACK] = 1,
[TH_SYN|TH_ACK|TH_PUSH] = 1,
[TH_RST] = 1,
[TH_RST|TH_ACK] = 1,
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -778,8 +778,10 @@ EXPORT_SYMBOL_GPL(nf_conntrack_tcp_updat
static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] =
{
[TH_SYN] = 1,
- [TH_SYN|TH_ACK] = 1,
[TH_SYN|TH_PUSH] = 1,
+ [TH_SYN|TH_URG] = 1,
+ [TH_SYN|TH_PUSH|TH_URG] = 1,
+ [TH_SYN|TH_ACK] = 1,
[TH_SYN|TH_ACK|TH_PUSH] = 1,
[TH_RST] = 1,
[TH_RST|TH_ACK] = 1,
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
