[NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking

All of lore.kernel.org
 help / color / mirror / Atom feed

* [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
@ 2005-04-24 21:41 Patrick McHardy
  2005-04-25  1:43 ` David S. Miller
  2005-04-26 15:15 ` Joubert Berger
  0 siblings, 2 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-04-24 21:41 UTC (permalink / raw)
  To: David S. Miller; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 261 bytes --]

This patch fixes a problem with TCP connection tracking and
some devices that respond with SYN/ACK/PSH to a SYN packet.
TCP connection tracking considers these packets to be invalid
and the connection never reaches an estabished state. Ignore
PSH on SYN/ACKs.


[-- Attachment #2: x --]
[-- Type: text/plain, Size: 968 bytes --]

[NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 72fbbd2b143c27c9c3793698c04302d066d9e4bc
tree 790636ed7460d6ca2b20cfd98df33a381fe2f0db
parent df6c6804ce1d383c878ab071bce8125125d96abc
author NIIBE Yutaka <gniibe@fsij.org> 1114303196 +0200
committer Patrick McHardy <kaber@trash.net> 1114303196 +0200

Index: net/ipv4/netfilter/ip_conntrack_proto_tcp.c
===================================================================
--- 43765d4b40a4a3c64f2a32b684f4041e2f01644d/net/ipv4/netfilter/ip_conntrack_proto_tcp.c  (mode:100644 sha1:e800b16fc9209dd5a26e65d2be4eb83d77a7d7af)
+++ 790636ed7460d6ca2b20cfd98df33a381fe2f0db/net/ipv4/netfilter/ip_conntrack_proto_tcp.c  (mode:100644 sha1:2b87c1974be605d5bdb1ee769188d7e03fb2ddc8)
@@ -770,6 +770,7 @@
 {
 	[TH_SYN]			= 1,
 	[TH_SYN|TH_ACK]			= 1,
+	[TH_SYN|TH_ACK|TH_PUSH]		= 1,
 	[TH_RST]			= 1,
 	[TH_RST|TH_ACK]			= 1,
 	[TH_RST|TH_ACK|TH_PUSH]		= 1,

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
  2005-04-24 21:41 [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking Patrick McHardy
@ 2005-04-25  1:43 ` David S. Miller
  2005-04-26 15:15 ` Joubert Berger
  1 sibling, 0 replies; 4+ messages in thread
From: David S. Miller @ 2005-04-25  1:43 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: netfilter-devel

On Sun, 24 Apr 2005 23:41:15 +0200
Patrick McHardy <kaber@trash.net> wrote:

> This patch fixes a problem with TCP connection tracking and
> some devices that respond with SYN/ACK/PSH to a SYN packet.
> TCP connection tracking considers these packets to be invalid
> and the connection never reaches an estabished state. Ignore
> PSH on SYN/ACKs.

Applied, thanks Patrick.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
  2005-04-24 21:41 [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking Patrick McHardy
  2005-04-25  1:43 ` David S. Miller
@ 2005-04-26 15:15 ` Joubert Berger
  2005-04-26 15:22   ` Patrick McHardy
  1 sibling, 1 reply; 4+ messages in thread
From: Joubert Berger @ 2005-04-26 15:15 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Netfilter Development Mailinglist

Will there be a 2.4 patch for this?

--joubert

On 4/24/05, Patrick McHardy <kaber@trash.net> wrote:
> This patch fixes a problem with TCP connection tracking and
> some devices that respond with SYN/ACK/PSH to a SYN packet.
> TCP connection tracking considers these packets to be invalid
> and the connection never reaches an estabished state. Ignore
> PSH on SYN/ACKs.
> 
> 
> [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
> 
> Signed-off-by: Patrick McHardy <kaber@trash.net>
> 
> ---
> commit 72fbbd2b143c27c9c3793698c04302d066d9e4bc
> tree 790636ed7460d6ca2b20cfd98df33a381fe2f0db
> parent df6c6804ce1d383c878ab071bce8125125d96abc
> author NIIBE Yutaka <gniibe@fsij.org> 1114303196 +0200
> committer Patrick McHardy <kaber@trash.net> 1114303196 +0200
> 
> Index: net/ipv4/netfilter/ip_conntrack_proto_tcp.c
> ===================================================================
> --- 43765d4b40a4a3c64f2a32b684f4041e2f01644d/net/ipv4/netfilter/ip_conntrack_proto_tcp.c  (mode:100644 sha1:e800b16fc9209dd5a26e65d2be4eb83d77a7d7af)
> +++ 790636ed7460d6ca2b20cfd98df33a381fe2f0db/net/ipv4/netfilter/ip_conntrack_proto_tcp.c  (mode:100644 sha1:2b87c1974be605d5bdb1ee769188d7e03fb2ddc8)
> @@ -770,6 +770,7 @@
>  {
>         [TH_SYN]                        = 1,
>         [TH_SYN|TH_ACK]                 = 1,
> +       [TH_SYN|TH_ACK|TH_PUSH]         = 1,
>         [TH_RST]                        = 1,
>         [TH_RST|TH_ACK]                 = 1,
>         [TH_RST|TH_ACK|TH_PUSH]         = 1,
> 
> 
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking
  2005-04-26 15:15 ` Joubert Berger
@ 2005-04-26 15:22   ` Patrick McHardy
  0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-04-26 15:22 UTC (permalink / raw)
  To: joubert; +Cc: Netfilter Development Mailinglist

Joubert Berger wrote:
> Will there be a 2.4 patch for this?

This problem does not exist in 2.4.

Regards
Patrick

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-04-26 15:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-24 21:41 [NETFILTER]: Ignore PSH on SYN/ACK in TCP connection tracking Patrick McHardy
2005-04-25  1:43 ` David S. Miller
2005-04-26 15:15 ` Joubert Berger
2005-04-26 15:22   ` Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.