]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit - net/ipv6/netfilter/ip6t_SYNPROXY.c
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f4de4c8) | patch
netfilter: SYNPROXY: let unrelated packets continue
authorJesper Dangaard Brouer <brouer@redhat.com>
Thu, 29 Aug 2013 10:18:46 +0000 (12:18 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 4 Sep 2013 09:44:23 +0000 (11:44 +0200)
commit7cc9eb6ef78d0dcb97d543ea19966486e98afa0b
treee5b55540fbae354d72709d3679360d7b21fffb1ctree
parentf4de4c89d89df5ead42de9fea895f5b8155270dacommit | diff
netfilter: SYNPROXY: let unrelated packets continue

Packets reaching SYNPROXY were default dropped, as they were most
likely invalid (given the recommended state matching).  This
patch, changes SYNPROXY target to let packets, not consumed,
continue being processed by the stack.

This will be more in line other target modules. As it will allow
more flexible configurations of handling, logging or matching on
packets in INVALID states.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/ipt_SYNPROXY.c diff | blob | blame | history
net/ipv6/netfilter/ip6t_SYNPROXY.c diff | blob | blame | history
Ubuntu Artful kernel mirror