[NETFILTER]: nf_conntrack: attach conntrack to TCP RST generated by ip6t_REJECT
TCP RSTs generated by the REJECT target should be associated with the conntrack of the original TCP packet. Since the conntrack entry is usually not is the hash tables, it must be manually attached. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
7d3cdc6b55
commit
08857fa745
1 changed files with 2 additions and 0 deletions
|
@ -160,6 +160,8 @@ static void send_reset(struct sk_buff *oldskb)
|
|||
csum_partial((char *)tcph,
|
||||
sizeof(struct tcphdr), 0));
|
||||
|
||||
nf_ct_attach(nskb, oldskb);
|
||||
|
||||
NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
|
||||
dst_output);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue