Displaying 2 results from an estimated 2 matches for "ip_conntrack_info".
Did you mean:
ip_conntrack_in
2003 Aug 02
1
[SECURITY] Netfilter Security Advisory: NAT Remote DOS (SACK mangle)
...49 @@ sack_adjust(struct tcphdr *tcph,=20
}
=09
=20
-/* TCP SACK sequence number adjustment, return 0 if sack found and adjuste=
d */
-static inline int
+/* TCP SACK sequence number adjustment. */
+static inline void
ip_nat_sack_adjust(struct sk_buff *skb,
- struct ip_conntrack *ct,
- enum ip_conntrack_info ctinfo)
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo)
{
- struct iphdr *iph;
struct tcphdr *tcph;
- unsigned char *ptr;
- int length, dir, sack_adjusted =3D 0;
+ unsigned char *ptr, *optend;
+ unsigned int dir;
=20
- iph =3D skb->nh.iph;
- tcph =3D (void *)iph + iph->...
2003 Aug 02
0
[SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS
...v 2=
9 00:53:15 2002
+++ linux-2.4.20-del/include/linux/netfilter_ipv4/ip_conntrack.h Fri Feb 21=
17:01:38 2003
@@ -6,6 +6,7 @@
=20
#include <linux/config.h>
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
+#include <linux/bitops.h>
#include <asm/atomic.h>
=20
enum ip_conntrack_info
@@ -41,6 +42,10 @@
/* Conntrack should never be early-expired. */
IPS_ASSURED_BIT =3D 2,
IPS_ASSURED =3D (1 << IPS_ASSURED_BIT),
+
+ /* Connection is confirmed: originating packet has left box */
+ IPS_CONFIRMED_BIT =3D 3,
+ IPS_CONFIRMED =3D (1 << IPS_CONFIRMED_BIT),
};
=20
#in...