[NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECT
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Wed, 15 Feb 2006 23:23:28 +0000 (15:23 -0800)
committerDavid S. Miller <davem@davemloft.net>
Wed, 15 Feb 2006 23:23:28 +0000 (15:23 -0800)
TCP RSTs generated by the REJECT target should be associated with the
conntrack of the original TCP packet. Since the conntrack entry is
usually not is the hash tables, it must be manually attached.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/netfilter/ip6t_REJECT.c

index c745717b4ce2165d0d8b73a415c4cf229b88df00..0e6d1d4bbd5c406e6db2a5558f10f6dd1818f82d 100644 (file)
@@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb)
                                      csum_partial((char *)tcph,
                                                   sizeof(struct tcphdr), 0));
 
+       nf_ct_attach(nskb, oldskb);
+
        NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
                dst_output);
 }