From 30ab4eae6a196102285fd649119fa2d9afe35a32 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 25 Jan 2009 17:53:21 +0100 Subject: netlink: set IP_CT_TCP_FLAG_CLOSE_INIT for TIME_WAIT states This patch sets IP_CT_TCP_FLAG_CLOSE_INIT if the entry is in TCP TIME_WAIT state. This patch is a workaround, the daemon should propagate the internal TCP flags to make it fully independent of possible changes in the TCP tracking code. Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index 24d61a0..a9e3d2d 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -27,6 +27,7 @@ #include #include #include +#include struct nfct_handle *nl_init_event_handler(void) { @@ -226,6 +227,12 @@ int nl_create_conntrack(struct nfct_handle *h, if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) { uint8_t flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM; + + /* FIXME: workaround, we should send TCP flags in updates */ + if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) == + TCP_CONNTRACK_TIME_WAIT) { + flags |= IP_CT_TCP_FLAG_CLOSE_INIT; + } nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); @@ -285,6 +292,12 @@ int nl_update_conntrack(struct nfct_handle *h, if (nfct_attr_is_set(ct, ATTR_TCP_STATE)) { uint8_t flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM; + + /* FIXME: workaround, we should send TCP flags in updates */ + if (nfct_get_attr_u32(ct, ATTR_TCP_STATE) == + TCP_CONNTRACK_TIME_WAIT) { + flags |= IP_CT_TCP_FLAG_CLOSE_INIT; + } nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags); nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags); nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags); -- cgit v1.2.3