git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Lin Zhang <xiaolou4617@gmail.com>
	Thu, 5 Oct 2017 16:44:03 +0000 (00:44 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 9 Oct 2017 11:08:39 +0000 (13:08 +0200)
commit	d1e2bdb17a1808efe1264c878a22c4f0fbb54a84
tree	f1525ecf75e8f4e4d7c9ffca73f2b097cb4c424a	tree \| snapshot
parent	5183dfba624e7ff408ce3d50cedee4697edd870e	commit \| diff

netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook

In function {ipv4,ipv6}_synproxy_hook we expect a normal tcp packet, but
the real server maybe reply an icmp error packet related to the exist
tcp conntrack, so we will access wrong tcp data.

Fix it by checking for the protocol field and only process tcp traffic.

Signed-off-by: Lin Zhang <xiaolou4617@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/ipv4/netfilter/ipt_SYNPROXY.c		diff \| blob \| history
net/ipv6/netfilter/ip6t_SYNPROXY.c		diff \| blob \| history

Linux Kernel Source Tree.

RSS Atom