| commit | 7500f93f415a2fc07e0031d99fa3964bf8981cfc | |
| author | Patrick McHardy <kaber@trash.net> | |
| Mon, 29 Jun 2009 12:07:56 +0000 (29 14:07 +0200) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Thu, 30 Jul 2009 21:40:27 +0000 (30 14:40 -0700) | ||
| tree | eae7f43a5ca4783c240f77e534b326fe4c8670dc | treesnapshot (tar.gz zip) |
| parent | fd89e386ea08ddbd4b7757dafb3705d400a45545 | commitdiff |
netfilter: tcp conntrack: fix unacknowledged data detection with NAT
commit a3a9f79e361e864f0e9d75ebe2a0cb43d17c4272 upstream.
When NAT helpers change the TCP packet size, the highest seen sequence
number needs to be corrected. This is currently only done upwards, when
the packet size is reduced the sequence number is unchanged. This causes
TCP conntrack to falsely detect unacknowledged data and decrease the
timeout.
Fix by updating the highest seen sequence number in both directions after
packet mangling.
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit a3a9f79e361e864f0e9d75ebe2a0cb43d17c4272 upstream.
When NAT helpers change the TCP packet size, the highest seen sequence
number needs to be corrected. This is currently only done upwards, when
the packet size is reduced the sequence number is unchanged. This causes
TCP conntrack to falsely detect unacknowledged data and decrease the
timeout.
Fix by updating the highest seen sequence number in both directions after
packet mangling.
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| include/net/netfilter/nf_conntrack.h | diffblobblamehistory | |
| net/ipv4/netfilter/nf_nat_helper.c | diffblobblamehistory | |
| net/netfilter/nf_conntrack_proto_tcp.c | diffblobblamehistory |