git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Mon, 5 Nov 2007 11:37:55 +0000 (12:37 +0100)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Wed, 21 Nov 2007 17:25:53 +0000 (09:25 -0800)
commit	5263c68d8f067f8bc4f6dd8bfb4ceb547d60fe7c
tree	8ce14300a6c6dd07e9c64747ad8702cbfaad5602	tree \| snapshot
parent	79d84e19d774dd71757b9dff90179ae593eaf550	commit \| diff

NETFILTER: nf_conntrack_tcp: fix connection reopening

Upstream commits: 17311393 + bc34b841 merged together.  Merge done by
Patrick McHardy <kaber@trash.net>

[NETFILTER]: nf_conntrack_tcp: fix connection reopening

With your description I could reproduce the bug and actually you were
completely right: the code above is incorrect. Somehow I was able to
misread RFC1122 and mixed the roles :-(:

   When a connection is >>closed actively<<, it MUST linger in
   TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime).
   However, it MAY >>accept<< a new SYN from the remote TCP to
   reopen the connection directly from TIME-WAIT state, if it:
   [...]

The fix is as follows: if the receiver initiated an active close, then the
sender may reopen the connection - otherwise try to figure out if we hold
a dead connection.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>