linux/net/netfilter
Dong Wei d2ee3f2c4b netfilter: xt_connlimit: fix accouning when receive RST packet in ESTABLISHED state
In xt_connlimit match module, the counter of an IP is decreased when
the TCP packet is go through the chain with ip_conntrack state TW.
Well, it's very natural that the server and client close the socket
with FIN packet. But when the client/server close the socket with RST
packet(using so_linger), the counter for this connection still exsit.
The following patch can fix it which is based on linux-2.6.25.4

Signed-off-by: Dong Wei <dwei.zh@gmail.com>
Acked-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04 09:57:51 -07:00
..
core.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
Kconfig netfilter: Kconfig: default DCCP/SCTP conntrack support to the protocol config values 2008-05-08 01:16:04 -07:00
Makefile [NETFILTER]: nf_conntrack: add DCCP protocol support 2008-04-14 11:15:49 +02:00
nf_conntrack_amanda.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_core.c netfilter: nf_conntrack: padding breaks conntrack hash on ARM 2008-04-29 03:35:10 -07:00
nf_conntrack_ecache.c
nf_conntrack_expect.c netfilter: nf_conntrack_expect: fix error path unwind in nf_conntrack_expect_init() 2008-05-29 03:19:37 -07:00
nf_conntrack_extend.c [NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks 2008-04-14 11:15:51 +02:00
nf_conntrack_ftp.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_h323_main.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_helper.c [NETFILTER]: annotate rest of nf_conntrack_* with const 2008-04-14 11:15:42 +02:00
nf_conntrack_irc.c [NETFILTER]: annotate rest of nf_conntrack_* with const 2008-04-14 11:15:42 +02:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto 2008-04-14 11:15:52 +02:00
nf_conntrack_netbios_ns.c [NETFILTER]: nf_conntrack: introduce expectation classes and policies 2008-03-25 20:09:15 -07:00
nf_conntrack_netlink.c netfilter: ctnetlink: dump conntrack ID in event messages 2008-05-13 23:27:11 -07:00
nf_conntrack_pptp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_dccp.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_gre.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_sctp.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_tcp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_udp.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_udplite.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_sane.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: restrict RTP expect flushing on error to last request 2008-05-08 01:15:21 -07:00
nf_conntrack_standalone.c netfilter: assign PDE->fops before gluing PDE into /proc tree 2008-05-02 04:10:57 -07:00
nf_conntrack_tftp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_internals.h
nf_log.c [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
nf_queue.c Remove duplicated unlikely() in IS_ERR() 2008-04-29 08:06:25 -07:00
nf_sockopt.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
nfnetlink_log.c [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
nfnetlink_queue.c netfilter: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets 2008-04-29 03:16:34 -07:00
nfnetlink.c [NETNS]: Consolidate kernel netlink socket destruction. 2008-01-28 15:08:07 -08:00
x_tables.c netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:11:52 -07:00
xt_CLASSIFY.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_comment.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_connbytes.c rename div64_64 to div64_u64 2008-05-01 08:03:58 -07:00
xt_connlimit.c netfilter: xt_connlimit: fix accouning when receive RST packet in ESTABLISHED state 2008-06-04 09:57:51 -07:00
xt_connmark.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_CONNMARK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_CONNSECMARK.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_conntrack.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
xt_dccp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_dscp.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_DSCP.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_esp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_hashlimit.c netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 02:45:42 -07:00
xt_helper.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_iprange.c netfilter: xt_iprange: module aliases for xt_iprange 2008-05-13 23:27:48 -07:00
xt_length.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_limit.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_mac.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_mark.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_MARK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_multiport.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_NFLOG.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NFQUEUE.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NOTRACK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_owner.c [NETFILTER]: xt_owner: allow matching UID/GID ranges 2008-01-31 19:27:43 -08:00
xt_physdev.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_pkttype.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_policy.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_quota.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_rateest.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_RATEEST.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_realm.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_sctp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_SECMARK.c [NETFILTER]: make secmark_tg_destroy() static 2008-02-13 17:41:39 -08:00
xt_state.c
xt_statistic.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_string.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_tcpmss.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_TCPMSS.c [NETFILTER]: xt_TCPMSS: consider reverse route's MTU in clamp-to-pmtu 2008-01-31 19:27:42 -08:00
xt_TCPOPTSTRIP.c netfilter: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retval 2008-04-29 03:15:10 -07:00
xt_tcpudp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_time.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_TRACE.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_u32.c [NETFILTER]: xt_u32: drop the actually unused variable from u32_match_it 2008-02-19 17:18:20 -08:00