Re: [PATCH v2] netfilter: SYNPROXY: fix process non tcp packet bug in... | netdev

Re: [PATCH v2] netfilter: SYNPROXY: fix process non tcp packet bug in {ipv4,ipv6}_synproxy_hook

From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: 2017-10-03 13:28:25
Also in: netfilter-devel

On Sat, Sep 30, 2017 at 06:25:15PM +0800, Lin Zhang wrote:

In function {ipv4,ipv6}_synproxy_hook we expect a normal tcp packet,
but the real server maybe reply an icmp error packet related to the 
exist tcp conntrack, so we will access wrong tcp data.

For fix it, check for the protocol field and only process tcp traffic.

Applied, thanks.

I have made minor comestic changes to patch title:

netfilter: SYNPROXY: skip non-TCP packets from {ipv4,ipv6}_synproxy_hook

for the record.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help