unsigned long ip_ct_tcp_timeout_close = 10 SECS;
static unsigned long * tcp_timeouts[]
-= { 0, /* TCP_CONNTRACK_NONE */
+= { NULL, /* TCP_CONNTRACK_NONE */
&ip_ct_tcp_timeout_established, /* TCP_CONNTRACK_ESTABLISHED, */
&ip_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
&ip_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
&ip_ct_tcp_timeout_close, /* TCP_CONNTRACK_CLOSE, */
&ip_ct_tcp_timeout_close_wait, /* TCP_CONNTRACK_CLOSE_WAIT, */
&ip_ct_tcp_timeout_last_ack, /* TCP_CONNTRACK_LAST_ACK, */
- 0, /* TCP_CONNTRACK_LISTEN */
+ NULL, /* TCP_CONNTRACK_LISTEN */
};
#define sNO TCP_CONNTRACK_NONE
if (skb_copy_bits(skb, skb->nh.iph->ihl * 4, &tcph, sizeof(tcph)) != 0)
return -1;
+ if (skb->len < skb->nh.iph->ihl * 4 + tcph.doff * 4)
+ return -1;
/* If only reply is a RST, we can consider ourselves not to
have an established connection: this is a fairly common
set_bit(IPS_ASSURED_BIT, &conntrack->status);
out: WRITE_UNLOCK(&tcp_lock);
- ip_ct_refresh(conntrack, *tcp_timeouts[newconntrack]);
+ ip_ct_refresh_acct(conntrack, ctinfo, skb, *tcp_timeouts[newconntrack]);
return NF_ACCEPT;
}