aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordavem <davem>2001-12-05 09:01:25 +0000
committerdavem <davem>2001-12-05 09:01:25 +0000
commitdc179e38f644c565ffc09366701e72816fd1b1d6 (patch)
tree7acc9c49cf7468919ddef488455195c08716e167
parent18c039151705858e5a384ff0c3997573caf6b62b (diff)
downloadnetdev-vger-cvs-dc179e38f644c565ffc09366701e72816fd1b1d6.tar.gz
Make ipt_unclean deal with ECE/CWR flag
bits correctly. Fix from Harald Welte.
Diffstat
-rw-r--r--net/ipv4/netfilter/ipt_unclean.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ipt_unclean.c b/net/ipv4/netfilter/ipt_unclean.c
index 80b6c55db..8ca4852f9 100644
--- a/net/ipv4/netfilter/ipt_unclean.c
+++ b/net/ipv4/netfilter/ipt_unclean.c
@@ -257,6 +257,8 @@ check_udp(const struct iphdr *iph,
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
+#define TH_ECE 0x40
+#define TH_CWR 0x80
/* TCP-specific checks. */
static int
@@ -328,9 +330,10 @@ check_tcp(const struct iphdr *iph,
}
/* CHECK: TCP flags. */
- tcpflags = ((u_int8_t *)tcph)[13];
+ tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR));
if (tcpflags != TH_SYN
&& tcpflags != (TH_SYN|TH_ACK)
+ && tcpflags != TH_RST
&& tcpflags != (TH_RST|TH_ACK)
&& tcpflags != (TH_RST|TH_ACK|TH_PUSH)
&& tcpflags != (TH_FIN|TH_ACK)
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-15 06:05:58 +0000