From: Patrick McHardy <kaber@xxxxxxxxx> Date: Thu, 11 Oct 2007 18:44:04 +0200 (MEST) > [NETFILTER]: nf_conntrack_tcp: fix connection reopening > > With your description I could reproduce the bug and actually you were > completely right: the code above is incorrect. Somehow I was able to > misread RFC1122 and mixed the roles :-(: > > When a connection is >>closed actively<<, it MUST linger in > TIME-WAIT state for a time 2xMSL (Maximum Segment Lifetime). > However, it MAY >>accept<< a new SYN from the remote TCP to > reopen the connection directly from TIME-WAIT state, if it: > [...] > > The fix is as follows: if the receiver initiated an active close, then the > sender may reopen the connection - otherwise try to figure out if we hold > a dead connection. > > Signed-off-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> > Tested-by: Krzysztof Piotr Oledzki <ole@xxxxxx> > Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> Patch applied. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
