linux/include/net/netfilter
Patrick McHardy a3a9f79e36 netfilter: tcp conntrack: fix unacknowledged data detection with NAT
When NAT helpers change the TCP packet size, the highest seen sequence
number needs to be corrected. This is currently only done upwards, when
the packet size is reduced the sequence number is unchanged. This causes
TCP conntrack to falsely detect unacknowledged data and decrease the
timeout.

Fix by updating the highest seen sequence number in both directions after
packet mangling.

Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-29 14:07:56 +02:00
..
ipv4 netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
ipv6 netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
nf_conntrack_acct.h netfilter: netns nf_conntrack: per-netns conntrack accounting 2008-10-08 11:35:09 +02:00
nf_conntrack_core.h netfilter: conntrack: don't deliver events for racy packets 2009-03-16 15:06:42 +01:00
nf_conntrack_ecache.h netfilter: conntrack: optional reliable conntrack event delivery 2009-06-13 12:30:52 +02:00
nf_conntrack_expect.h netfilter: ctnetlink: fix regression in expectation handling 2009-04-06 17:47:20 +02:00
nf_conntrack_extend.h netfilter: conntrack: move event caching to conntrack extension infrastructure 2009-06-13 12:26:29 +02:00
nf_conntrack_helper.h netfilter: conntrack: move helper destruction to nf_ct_helper_destroy() 2009-06-13 12:28:22 +02:00
nf_conntrack_l3proto.h netfilter: ctnetlink: add callbacks to the per-proto nlattrs 2009-03-25 18:24:48 +01:00
nf_conntrack_l4proto.h netfilter: nf_conntrack: use per-conntrack locks for protocol data 2009-06-10 14:32:47 +02:00
nf_conntrack_tuple.h netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() 2009-03-25 21:05:46 +01:00
nf_conntrack.h netfilter: tcp conntrack: fix unacknowledged data detection with NAT 2009-06-29 14:07:56 +02:00
nf_log.h netfilter: use a linked list of loggers 2009-03-16 14:54:21 +01:00
nf_nat_core.h netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat 2008-10-14 11:58:31 -07:00
nf_nat_helper.h [NETFILTER]: nf_nat: kill helper and seq_adjust hooks 2008-04-14 11:15:52 +02:00
nf_nat_protocol.h [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_rule.h [NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks 2008-04-14 11:15:51 +02:00
nf_nat.h netfilter: nf_nat: add support for persistent mappings 2009-04-16 18:33:01 +02:00
nf_queue.h netfilter: Use unsigned types for hooknum and pf vars 2008-10-08 11:35:00 +02:00
nf_tproxy_core.h netfilter: iptables tproxy core 2008-10-08 11:35:12 +02:00
nfnetlink_log.h netfilter: nfnetlink_log: fix warning and prototype mismatch 2008-11-18 12:16:52 +01:00
xt_rateest.h [NETFILTER]: x_tables: add RATEEST target 2008-01-28 14:56:02 -08:00