On 26/02/11 22:45, Jozsef Kadlecsik wrote:
> On Sat, 26 Feb 2011, Pablo Neira Ayuso wrote:
>> I have test it here, it works fine. Let me know if you're OK with it.
>
> The patch looks OK but I think Changli Gao is also right and it'd be
> simpler to set the [reply][synack][SR] state to sIG. What do you think?
I read his email before leaving and after I made the new patch.
Indeed, his idea is simpler, here's a new patch. I tested it here, it
works fine.
Patrick, please apply!
Index: linux-2.6.37/net/netfilter/nf_conntrack_proto_tcp.c
===================================================================
--- linux-2.6.37.orig/net/netfilter/nf_conntrack_proto_tcp.c 2011-02-26 20:14:44.000000000 +0000
+++ linux-2.6.37/net/netfilter/nf_conntrack_proto_tcp.c 2011-02-26 20:15:03.000000000 +0000
@@ -227,11 +227,11 @@
* sCL -> sIV
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sS2 */
-/*synack*/ { sIV, sSR, sSR, sIG, sIG, sIG, sIG, sIG, sIG, sSR },
+/*synack*/ { sIV, sSR, sIG, sIG, sIG, sIG, sIG, sIG, sIG, sSR },
/*
* sSS -> sSR Standard open.
* sS2 -> sSR Simultaneous open
- * sSR -> sSR Retransmitted SYN/ACK.
+ * sSR -> sIG Retransmitted SYN/ACK, ignore it.
* sES -> sIG Late retransmitted SYN/ACK?
* sFW -> sIG Might be SYN/ACK answering ignored SYN
* sCW -> sIG
