| Message ID | 1318969055.2959.7.camel@nessa.odu |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: KOVACS Krisztian <hidden@balabit.hu> Date: Tue, 18 Oct 2011 22:17:35 +0200 > The transparent socket option setting was not copied to the time wait > socket when an inet socket was being replaced by a time wait socket. This > broke the --transparent option of the socket match and may have caused > that FIN packets belonging to sockets in FIN_WAIT2 or TIME_WAIT state > were being dropped by the packet filter. > > Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> I can't believe such a fundamental bug went unspotted for so long :-) I'll apply this, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index d2fe4e0..0ce3d06 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -328,6 +328,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo) struct tcp_timewait_sock *tcptw = tcp_twsk((struct sock *)tw); const int rto = (icsk->icsk_rto << 2) - (icsk->icsk_rto >> 1); + tw->tw_transparent = inet_sk(sk)->transparent; tw->tw_rcv_wscale = tp->rx_opt.rcv_wscale; tcptw->tw_rcv_nxt = tp->rcv_nxt; tcptw->tw_snd_nxt = tp->snd_nxt;
The transparent socket option setting was not copied to the time wait socket when an inet socket was being replaced by a time wait socket. This broke the --transparent option of the socket match and may have caused that FIN packets belonging to sockets in FIN_WAIT2 or TIME_WAIT state were being dropped by the packet filter. Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> --- net/ipv4/tcp_minisocks.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)