From: Chenbo Feng <[email protected]> Date: Tue, 20 Jun 2017 19:06:40 -0700
> From: Chenbo Feng <[email protected]> > > Currently in both ipv4 and ipv6 code path, the ack packet received when > sk at TCP_NEW_SYN_RECV state is not filtered by socket filter or cgroup > filter since it is handled from tcp_child_process and never reaches the > tcp_filter inside tcp_v4_rcv or tcp_v6_rcv. Adding a tcp_filter hooks > here can make sure all the ingress tcp packet can be correctly filtered. > > Signed-off-by: Chenbo Feng <[email protected]> Applied, thanks.
