* [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
@ 2005-04-24 21:41 Patrick McHardy
2005-04-25 1:43 ` David S. Miller
2005-04-26 15:15 ` Joubert Berger
0 siblings, 2 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-04-24 21:41 UTC (permalink / raw)
To: David S. Miller; +Cc: Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 261 bytes --]
This patch fixes a problem with TCP connection tracking and
some devices that respond with SYN/ACK/PSH to a SYN packet.
TCP connection tracking considers these packets to be invalid
and the connection never reaches an estabished state. Ignore
PSH on SYN/ACKs.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 968 bytes --]
[NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 72fbbd2b143c27c9c3793698c04302d066d9e4bc
tree 790636ed7460d6ca2b20cfd98df33a381fe2f0db
parent df6c6804ce1d383c878ab071bce8125125d96abc
author NIIBE Yutaka <gniibe@fsij.org> 1114303196 +0200
committer Patrick McHardy <kaber@trash.net> 1114303196 +0200
Index: net/ipv4/netfilter/ip_conntrack_proto_tcp.c
===================================================================
--- 43765d4b40a4a3c64f2a32b684f4041e2f01644d/net/ipv4/netfilter/ip_conntrack_proto_tcp.c (mode:100644 sha1:e800b16fc9209dd5a26e65d2be4eb83d77a7d7af)
+++ 790636ed7460d6ca2b20cfd98df33a381fe2f0db/net/ipv4/netfilter/ip_conntrack_proto_tcp.c (mode:100644 sha1:2b87c1974be605d5bdb1ee769188d7e03fb2ddc8)
@@ -770,6 +770,7 @@
{
[TH_SYN] = 1,
[TH_SYN|TH_ACK] = 1,
+ [TH_SYN|TH_ACK|TH_PUSH] = 1,
[TH_RST] = 1,
[TH_RST|TH_ACK] = 1,
[TH_RST|TH_ACK|TH_PUSH] = 1,
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
2005-04-24 21:41 [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking Patrick McHardy
@ 2005-04-25 1:43 ` David S. Miller
2005-04-26 15:15 ` Joubert Berger
1 sibling, 0 replies; 4+ messages in thread
From: David S. Miller @ 2005-04-25 1:43 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
On Sun, 24 Apr 2005 23:41:15 +0200
Patrick McHardy <kaber@trash.net> wrote:
> This patch fixes a problem with TCP connection tracking and
> some devices that respond with SYN/ACK/PSH to a SYN packet.
> TCP connection tracking considers these packets to be invalid
> and the connection never reaches an estabished state. Ignore
> PSH on SYN/ACKs.
Applied, thanks Patrick.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
2005-04-24 21:41 [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking Patrick McHardy
2005-04-25 1:43 ` David S. Miller
@ 2005-04-26 15:15 ` Joubert Berger
2005-04-26 15:22 ` Patrick McHardy
1 sibling, 1 reply; 4+ messages in thread
From: Joubert Berger @ 2005-04-26 15:15 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Netfilter Development Mailinglist
Will there be a 2.4 patch for this?
--joubert
On 4/24/05, Patrick McHardy <kaber@trash.net> wrote:
> This patch fixes a problem with TCP connection tracking and
> some devices that respond with SYN/ACK/PSH to a SYN packet.
> TCP connection tracking considers these packets to be invalid
> and the connection never reaches an estabished state. Ignore
> PSH on SYN/ACKs.
>
>
> [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
>
> Signed-off-by: Patrick McHardy <kaber@trash.net>
>
> ---
> commit 72fbbd2b143c27c9c3793698c04302d066d9e4bc
> tree 790636ed7460d6ca2b20cfd98df33a381fe2f0db
> parent df6c6804ce1d383c878ab071bce8125125d96abc
> author NIIBE Yutaka <gniibe@fsij.org> 1114303196 +0200
> committer Patrick McHardy <kaber@trash.net> 1114303196 +0200
>
> Index: net/ipv4/netfilter/ip_conntrack_proto_tcp.c
> ===================================================================
> --- 43765d4b40a4a3c64f2a32b684f4041e2f01644d/net/ipv4/netfilter/ip_conntrack_proto_tcp.c (mode:100644 sha1:e800b16fc9209dd5a26e65d2be4eb83d77a7d7af)
> +++ 790636ed7460d6ca2b20cfd98df33a381fe2f0db/net/ipv4/netfilter/ip_conntrack_proto_tcp.c (mode:100644 sha1:2b87c1974be605d5bdb1ee769188d7e03fb2ddc8)
> @@ -770,6 +770,7 @@
> {
> [TH_SYN] = 1,
> [TH_SYN|TH_ACK] = 1,
> + [TH_SYN|TH_ACK|TH_PUSH] = 1,
> [TH_RST] = 1,
> [TH_RST|TH_ACK] = 1,
> [TH_RST|TH_ACK|TH_PUSH] = 1,
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
2005-04-26 15:15 ` Joubert Berger
@ 2005-04-26 15:22 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-04-26 15:22 UTC (permalink / raw)
To: joubert; +Cc: Netfilter Development Mailinglist
Joubert Berger wrote:
> Will there be a 2.4 patch for this?
This problem does not exist in 2.4.
Regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-04-26 15:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-24 21:41 [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking Patrick McHardy
2005-04-25 1:43 ` David S. Miller
2005-04-26 15:15 ` Joubert Berger
2005-04-26 15:22 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.