diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2006-02-15 15:23:28 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-02-15 15:23:28 -0800 |
commit | 08857fa745ab6ce46601960d2774490e1cef2cff (patch) | |
tree | 8a7c4e341441bc5acc76f9fcf8b75de0086ff060 | |
parent | 7d3cdc6b554137a7a0534ce38b155a63a3117f27 (diff) | |
download | op-kernel-dev-08857fa745ab6ce46601960d2774490e1cef2cff.zip op-kernel-dev-08857fa745ab6ce46601960d2774490e1cef2cff.tar.gz |
[NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECT
TCP RSTs generated by the REJECT target should be associated with the
conntrack of the original TCP packet. Since the conntrack entry is
usually not is the hash tables, it must be manually attached.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index c745717..0e6d1d4 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c @@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb) csum_partial((char *)tcph, sizeof(struct tcphdr), 0)); + nf_ct_attach(nskb, oldskb); + NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev, dst_output); } |