]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 651a915) | patch
netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook
authorLin Zhang <xiaolou4617@gmail.com>
Thu, 5 Oct 2017 16:44:03 +0000 (00:44 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 9 Oct 2017 11:08:39 +0000 (13:08 +0200)
commitf0c468bad976298a6bc77c4c86dac212e226ce46
treef1525ecf75e8f4e4d7c9ffca73f2b097cb4c424atree | snapshot
parent651a91575b5cbe3fb5a97f19cbe46227ec4a7436commit | diff
netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook

In function {ipv4,ipv6}_synproxy_hook we expect a normal tcp packet, but
the real server maybe reply an icmp error packet related to the exist
tcp conntrack, so we will access wrong tcp data.

Fix it by checking for the protocol field and only process tcp traffic.

Signed-off-by: Lin Zhang <xiaolou4617@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/ipt_SYNPROXY.c diff | blob | history
net/ipv6/netfilter/ip6t_SYNPROXY.c diff | blob | history
Linux Kernel Source Tree.