Revision c317428644c0af137d80069ab178cd797da3be45 authored by Pablo Neira Ayuso on 09 February 2011, 07:08:20 UTC, committed by Patrick McHardy on 09 February 2011, 07:08:20 UTC
The TCP tracking code has a special case that allows to return
NF_REPEAT if we receive a new SYN packet while in TIME_WAIT state.
In this situation, the TCP tracking code destroys the existing
conntrack to start a new clean session.
[DESTROY] tcp 6 src=192.168.0.2 dst=192.168.1.2 sport=38925 dport=8000 src=192.168.1.2 dst=192.168.1.100 sport=8000 dport=38925 [ASSURED]
[NEW] tcp 6 120 SYN_SENT src=192.168.0.2 dst=192.168.1.2 sport=38925 dport=8000 [UNREPLIED] src=192.168.1.2 dst=192.168.1.100 sport=8000 dport=38925
However, this is a problem for the iptables' CT target event filtering
which will not work in this case since the conntrack template will not
be there for the new session. To fix this, we reassign the conntrack
template to the packet if we return NF_REPEAT.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
1 parent 3db7e93
| File | Mode | Size |
|---|---|---|
| lzo | ||
| raid6 | ||
| reed_solomon | ||
| zlib_deflate | ||
| zlib_inflate | ||
| .gitignore | -rw-r--r-- | 51 bytes |
| Kconfig | -rw-r--r-- | 4.1 KB |
| Kconfig.debug | -rw-r--r-- | 42.3 KB |
| Kconfig.kgdb | -rw-r--r-- | 2.3 KB |
| Kconfig.kmemcheck | -rw-r--r-- | 2.9 KB |
| Makefile | -rw-r--r-- | 3.6 KB |
| argv_split.c | -rw-r--r-- | 1.8 KB |
| atomic64.c | -rw-r--r-- | 4.1 KB |
| atomic64_test.c | -rw-r--r-- | 3.5 KB |
| audit.c | -rw-r--r-- | 1.2 KB |
| average.c | -rw-r--r-- | 1.9 KB |
| bcd.c | -rw-r--r-- | 257 bytes |
| bitmap.c | -rw-r--r-- | 32.5 KB |
| bitrev.c | -rw-r--r-- | 2.1 KB |
| btree.c | -rw-r--r-- | 19.2 KB |
| bug.c | -rw-r--r-- | 4.7 KB |
| bust_spinlocks.c | -rw-r--r-- | 636 bytes |
| check_signature.c | -rw-r--r-- | 599 bytes |
| checksum.c | -rw-r--r-- | 4.9 KB |
| cmdline.c | -rw-r--r-- | 3.6 KB |
| cpu-notifier-error-inject.c | -rw-r--r-- | 1.5 KB |
| cpumask.c | -rw-r--r-- | 4.6 KB |
| crc-ccitt.c | -rw-r--r-- | 3.0 KB |
| crc-itu-t.c | -rw-r--r-- | 2.8 KB |
| crc-t10dif.c | -rw-r--r-- | 2.9 KB |
| crc16.c | -rw-r--r-- | 2.8 KB |
| crc32.c | -rw-r--r-- | 14.5 KB |
| crc32defs.h | -rw-r--r-- | 1.0 KB |
| crc7.c | -rw-r--r-- | 2.3 KB |
| ctype.c | -rw-r--r-- | 1.3 KB |
| debug_locks.c | -rw-r--r-- | 1.1 KB |
| debugobjects.c | -rw-r--r-- | 25.2 KB |
| dec_and_lock.c | -rw-r--r-- | 782 bytes |
| decompress.c | -rw-r--r-- | 1.2 KB |
| decompress_bunzip2.c | -rw-r--r-- | 23.5 KB |
| decompress_inflate.c | -rw-r--r-- | 3.6 KB |
| decompress_unlzma.c | -rw-r--r-- | 15.5 KB |
| decompress_unlzo.c | -rw-r--r-- | 4.9 KB |
| devres.c | -rw-r--r-- | 7.7 KB |
| div64.c | -rw-r--r-- | 3.1 KB |
| dma-debug.c | -rw-r--r-- | 31.5 KB |
| dump_stack.c | -rw-r--r-- | 290 bytes |
| dynamic_debug.c | -rw-r--r-- | 18.0 KB |
| extable.c | -rw-r--r-- | 2.4 KB |
| fault-inject.c | -rw-r--r-- | 7.9 KB |
| find_last_bit.c | -rw-r--r-- | 1.1 KB |
| find_next_bit.c | -rw-r--r-- | 6.4 KB |
| flex_array.c | -rw-r--r-- | 9.8 KB |
| gcd.c | -rw-r--r-- | 291 bytes |
| gen_crc32table.c | -rw-r--r-- | 2.2 KB |
| genalloc.c | -rw-r--r-- | 5.1 KB |
| halfmd4.c | -rw-r--r-- | 2.0 KB |
| hexdump.c | -rw-r--r-- | 6.5 KB |
| hweight.c | -rw-r--r-- | 1.9 KB |
| idr.c | -rw-r--r-- | 21.9 KB |
| inflate.c | -rw-r--r-- | 38.6 KB |
| int_sqrt.c | -rw-r--r-- | 533 bytes |
| iomap.c | -rw-r--r-- | 7.4 KB |
| iomap_copy.c | -rw-r--r-- | 2.1 KB |
| iommu-helper.c | -rw-r--r-- | 1006 bytes |
| ioremap.c | -rw-r--r-- | 2.1 KB |
| irq_regs.c | -rw-r--r-- | 578 bytes |
| is_single_threaded.c | -rw-r--r-- | 1.3 KB |
| kasprintf.c | -rw-r--r-- | 704 bytes |
| kernel_lock.c | -rw-r--r-- | 3.2 KB |
| klist.c | -rw-r--r-- | 9.3 KB |
| kobject.c | -rw-r--r-- | 24.3 KB |
| kobject_uevent.c | -rw-r--r-- | 10.3 KB |
| kref.c | -rw-r--r-- | 1.6 KB |
| lcm.c | -rw-r--r-- | 265 bytes |
| libcrc32c.c | -rw-r--r-- | 2.1 KB |
| list_debug.c | -rw-r--r-- | 1.7 KB |
| list_sort.c | -rw-r--r-- | 7.0 KB |
| locking-selftest-hardirq.h | -rw-r--r-- | 207 bytes |
| locking-selftest-mutex.h | -rw-r--r-- | 120 bytes |
| locking-selftest-rlock-hardirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-rlock-softirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-rlock.h | -rw-r--r-- | 158 bytes |
| locking-selftest-rsem.h | -rw-r--r-- | 163 bytes |
| locking-selftest-softirq.h | -rw-r--r-- | 207 bytes |
| locking-selftest-spin-hardirq.h | -rw-r--r-- | 73 bytes |
| locking-selftest-spin-softirq.h | -rw-r--r-- | 73 bytes |
| locking-selftest-spin.h | -rw-r--r-- | 118 bytes |
| locking-selftest-wlock-hardirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-wlock-softirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-wlock.h | -rw-r--r-- | 158 bytes |
| locking-selftest-wsem.h | -rw-r--r-- | 163 bytes |
| locking-selftest.c | -rw-r--r-- | 28.6 KB |
| lru_cache.c | -rw-r--r-- | 14.6 KB |
| nlattr.c | -rw-r--r-- | 12.2 KB |
| parser.c | -rw-r--r-- | 6.1 KB |
| percpu_counter.c | -rw-r--r-- | 5.0 KB |
| plist.c | -rw-r--r-- | 2.9 KB |
| prio_heap.c | -rw-r--r-- | 1.4 KB |
| prio_tree.c | -rw-r--r-- | 12.2 KB |
| proportions.c | -rw-r--r-- | 9.3 KB |
| radix-tree.c | -rw-r--r-- | 37.0 KB |
| random32.c | -rw-r--r-- | 3.9 KB |
| ratelimit.c | -rw-r--r-- | 1.5 KB |
| rational.c | -rw-r--r-- | 1.5 KB |
| rbtree.c | -rw-r--r-- | 9.9 KB |
| reciprocal_div.c | -rw-r--r-- | 159 bytes |
| rwsem-spinlock.c | -rw-r--r-- | 6.9 KB |
| rwsem.c | -rw-r--r-- | 8.1 KB |
| scatterlist.c | -rw-r--r-- | 12.8 KB |
| sha1.c | -rw-r--r-- | 2.4 KB |
| show_mem.c | -rw-r--r-- | 1.3 KB |
| smp_processor_id.c | -rw-r--r-- | 1.1 KB |
| sort.c | -rw-r--r-- | 2.5 KB |
| spinlock_debug.c | -rw-r--r-- | 6.9 KB |
| string.c | -rw-r--r-- | 14.3 KB |
| string_helpers.c | -rw-r--r-- | 1.7 KB |
| swiotlb.c | -rw-r--r-- | 25.5 KB |
| syscall.c | -rw-r--r-- | 2.4 KB |
| textsearch.c | -rw-r--r-- | 9.6 KB |
| timerqueue.c | -rw-r--r-- | 3.1 KB |
| ts_bm.c | -rw-r--r-- | 5.3 KB |
| ts_fsm.c | -rw-r--r-- | 10.6 KB |
| ts_kmp.c | -rw-r--r-- | 4.3 KB |
| uuid.c | -rw-r--r-- | 1.4 KB |
| vsprintf.c | -rw-r--r-- | 50.4 KB |
Computing file changes ...
