On Mon, 2014-04-28 at 17:57 +0200, Pablo Neira Ayuso wrote:
> Hi Holger,
> Not your fault, but I think we should also check for ...
>
> ... || skb->sk->sk_state == TCP_TIME_WAIT)
>
> since early demux was introduced, we may have skb->sk pointing to a
> timewait socket.
Hmm... strange... I thought I already checked this code was fine.
And it should be because :
static struct xt_match owner_mt_reg __read_mostly = {
.name = "owner",
.revision = 1,
.family = NFPROTO_UNSPEC,
.checkentry = owner_check,
.match = owner_mt,
.matchsize = sizeof(struct xt_owner_match_info),
.hooks = (1 << NF_INET_LOCAL_OUT) |
(1 << NF_INET_POST_ROUTING),
.me = THIS_MODULE,
};
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
