iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e971ceb803
linux/net
History
Fernando Fernandez Mancera e971ceb803 netfilter: synproxy: fix rst sequence number mismatch 
14:51:00.024418 IP 192.168.122.1.41462 > netfilter.90: Flags [S], seq
4023580551,
14:51:00.024454 IP netfilter.90 > 192.168.122.1.41462: Flags [S.], seq
727560212, ack 4023580552,
14:51:00.024524 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1,

Note: here, synproxy will send a SYN to the real server, as the 3whs was
completed sucessfully. Instead of a syn/ack that we can intercept, we instead
received a reset packet from the real backend, that we forward to the original
client. However, we don't use the correct sequence number, so the reset is not
effective in closing the connection coming from the client.

14:51:00.024550 IP netfilter.90 > 192.168.122.1.41462: Flags [R.], seq
3567407084,
14:51:00.231196 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1,
14:51:00.647911 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1,
14:51:01.474395 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1,

Fixes: 48b1de4c11 ("netfilter: add SYNPROXY core/target")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-07-18 20:55:53 +02:00
..
6lowpan 6lowpan: no need to check return value of debugfs_create functions 2019-07-06 12:50:01 +02:00
9p 9p pull request for inclusion in 5.13 2019-07-12 17:31:19 -07:00
802 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
appletalk treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372 2019-06-05 17:37:10 +02:00
atm
ax25 ax25: fix inconsistent lock state in ax25_destroy_timer 2019-06-16 14:22:37 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
bpf
bpfilter Kbuild updates for v5.3 2019-07-12 16:03:16 -07:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
caif
can can: purge socket error queue on sock destruct 2019-06-07 23:03:54 +02:00
ceph Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
core mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options 2019-07-12 11:05:46 -07:00
dcb
dccp ipv6: elide flowlabel check if no exclusive leases exist 2019-07-08 19:38:03 -07:00
decnet
dns_resolver Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
dsa net: dsa: add support for BRIDGE_MROUTER attribute 2019-07-09 14:49:34 -07:00
ethernet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 11:00:14 -07:00
hsr hsr: switch ->dellink() to ->ndo_uninit() 2019-07-11 14:37:45 -07:00
ieee802154 inet: fix various use-after-free in defrags units 2019-06-19 11:37:47 -04:00
ife
ipv4 netfilter: synproxy: fix erroneous tcp mss option 2019-07-16 13:17:01 +02:00
ipv6 netfilter: synproxy: fix erroneous tcp mss option 2019-07-16 13:17:01 +02:00
iucv net/af_iucv: always register net_device notifier 2019-06-19 16:26:33 -04:00
kcm treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
l2tp ipv6: elide flowlabel check if no exclusive leases exist 2019-07-08 19:38:03 -07:00
l3mdev ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF 2019-06-23 13:24:17 -07:00
lapb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-17 20:20:36 -07:00
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
mac802154
mpls mpls: fix af_mpls dependencies for real 2019-06-12 09:42:34 -07:00
ncsi
netfilter netfilter: synproxy: fix rst sequence number mismatch 2019-07-18 20:55:53 +02:00
netlabel
netlink net: remove empty netlink_tap_exit_net 2019-06-14 19:50:33 -07:00
netrom netrom: fix a memory leak in nr_rx_frame() 2019-07-01 19:00:52 -07:00
nfc nfc: fix potential illegal memory access 2019-07-08 12:46:24 -07:00
nsh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
openvswitch net: openvswitch: do not update max_headroom if new headroom is equal to old headroom 2019-07-12 15:16:58 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-27 21:06:39 -07:00
phonet
psample treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
qrtr
rds rds: avoid version downgrade to legitimate newer peer connections 2019-07-09 21:45:43 -07:00
rfkill treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
sched net: sched: Fix NULL-pointer dereference in tc_indr_block_ing_cmd() 2019-07-12 15:21:53 -07:00
sctp sctp: remove rcu_read_lock from sctp_bind_addr_state 2019-07-08 20:18:11 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-27 21:06:39 -07:00
strparser Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
sunrpc Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
switchdev
tipc tipc: ensure head->lock is initialised 2019-07-12 15:34:26 -07:00
tls net/tls: fix socket wmem accounting on fallback with netem 2019-07-08 20:21:10 -07:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 11:00:14 -07:00
vmw_vsock vsock/virtio: fix flush of works during the .remove() 2019-07-08 15:35:17 -07:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-07-11 10:55:49 -07:00
x25
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
compat.c
Kconfig net: ipv4: move tcp_fastopen server side code to SipHash library 2019-06-17 13:56:26 -07:00
Makefile
socket.c for-5.3/io_uring-20190711 2019-07-13 10:36:53 -07:00
sysctl_net.c