Commit 08857fa7 authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by David S. Miller

[NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECT

TCP RSTs generated by the REJECT target should be associated with the
conntrack of the original TCP packet. Since the conntrack entry is
usually not is the hash tables, it must be manually attached.
Signed-off-by: default avatarYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7d3cdc6b
...@@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb) ...@@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb)
csum_partial((char *)tcph, csum_partial((char *)tcph,
sizeof(struct tcphdr), 0)); sizeof(struct tcphdr), 0));
nf_ct_attach(nskb, oldskb);
NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev, NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
dst_output); dst_output);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment