Re: [PATCH] TCP window tracking patch with nfsim testsuite

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] TCP window tracking patch with nfsim testsuite
Date: Thu, 03 Mar 2005 13:50:34 +0100	[thread overview]
Message-ID: <4227081A.40509@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0502212344350.1749@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:
> Hi,
> 
> The first attached patch addresses several problems in the current TCP
> connection tracking in the 2.6 tree. Some of the problems was reported,
> others was discovered by nfsim tests:
> 
> - tcp_sack function was not safe against nonlinear skbs
> - practically arbitrary RST segments (addresses, ports assumed to be
>   known) could cause connection teardown in conntrack (thanks to Tim
>   Burress for the bugreport and patch)
> - article on which the code was based falsely assumed that packets
>   must fit completely into the window: packets must at least overlap
>   (thanks to Phil Oester for the bugreport and patch)
> - state table slightly changed to handle ACK packets sent by server to
>   late resent SYNs
> - tracking reopening connections reworked
> - cosmetic change: when window tracking is ignored by setting
>   ip_conntrack_tcp_be_liberal to nonzero, it's ignored completely from
>   now on
> 
> I think, after review, the patch should be sent for kernel inclusion.

Unfortunately there are too many changes for me to give it some
good review, but I've been running it for some time now without
problems. I'm going to push it to Dave with my next batch of
patches.

Regards
Patrick

     prev parent reply	other threads:[~2005-03-03 12:50 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-02-21 22:48 [PATCH] TCP window tracking patch with nfsim testsuite Jozsef Kadlecsik
2005-03-03 12:50 ` Patrick McHardy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4227081A.40509@trash.net \
    --to=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.