]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 588444a) | patch
netfilter: tcp conntrack: fix unacknowledged data detection with NAT
authorPatrick McHardy <kaber@trash.net>
Mon, 29 Jun 2009 12:07:56 +0000 (14:07 +0200)
committerPatrick McHardy <kaber@trash.net>
Mon, 29 Jun 2009 12:07:56 +0000 (14:07 +0200)
commit03158db0846d000129f81136469d9ba0a768a95b
treee38bb7cc051cf197a813d553713e3071d375a1b9tree | snapshot
parent588444a75fb52178685ecf35ed5da8699d3682a5commit | diff
netfilter: tcp conntrack: fix unacknowledged data detection with NAT

When NAT helpers change the TCP packet size, the highest seen sequence
number needs to be corrected. This is currently only done upwards, when
the packet size is reduced the sequence number is unchanged. This causes
TCP conntrack to falsely detect unacknowledged data and decrease the
timeout.

Fix by updating the highest seen sequence number in both directions after
packet mangling.

Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
include/net/netfilter/nf_conntrack.h diff | blob | history
net/ipv4/netfilter/nf_nat_helper.c diff | blob | history
net/netfilter/nf_conntrack_proto_tcp.c diff | blob | history
Linux Kernel Source Tree.