On 24/10/13 15:05, Eric Dumazet wrote:
sk_state 7 means TCP_CLOSE
I do not see how a TCP_CLOSE socket can be matched...
Yep, TCP_CLOSE can't be right, sk_state isn't correct with early demux
perhaps?
Finding
https://android.googlesource.com/kernel/common/+/experimental/android-3.8%5E!/
I managed to get the old behaviour with the attached patch, but I'm
having a hard time following what's really happening.
--- /usr/src/debug/kernel-3.11.fc19/linux-3.11.6-200.fc19.x86_64/net/netfilter/xt_socket.c 2013-09-02 23:46:10.000000000 +0300
+++ xt_socket.c 2013-10-24 15:07:59.592607433 +0300
@@ -115,6 +115,8 @@
struct nf_conn const *ct;
enum ip_conntrack_info ctinfo;
#endif
+ if (sk && sk->sk_state == TCP_CLOSE)
+ sk = NULL;
if (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_TCP) {
hp = skb_header_pointer(skb, ip_hdrlen(skb),
