ipvs: allow rescheduling after RST

"RFC 5961, 4.2. Mitigation" describes a mechanism to request client to confirm with RST the restart of TCP connection before resending its SYN. As result, IPVS can see SYNs for existing connection in CLOSE state. Add check to allow rescheduling in this state. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au>

ipvs: allow rescheduling after RST
"RFC 5961, 4.2. Mitigation" describes a mechanism to request client to confirm with RST the restart of TCP connection before resending its SYN. As result, IPVS can see SYNs for existing connection in CLOSE state. Add check to allow rescheduling in this state. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au>
Julian Anastasov · Simon Horman
1 parent f719e3754e
Showing 1 changed file with 1 additions and 0 deletions Side-by-side Diff
net/netfilter/ipvs/ip_vs_core.c
@@ -1089,6 +1089,7 @@
 	switch (cp->protocol) {
 	case IPPROTO_TCP:
 		return (cp->state == IP_VS_TCP_S_TIME_WAIT) ||
+		       (cp->state == IP_VS_TCP_S_CLOSE) ||
 			((conn_reuse_mode & 2) &&
 			 (cp->state == IP_VS_TCP_S_FIN_WAIT) &&
 			 (cp->flags & IP_VS_CONN_F_NOOUTPUT));
...	...	@@ -1089,6 +1089,7 @@
1089	1089	switch (cp->protocol) {
1090	1090	case IPPROTO_TCP:
1091	1091	return (cp->state == IP_VS_TCP_S_TIME_WAIT) \|\|
	1092	+ (cp->state == IP_VS_TCP_S_CLOSE) \|\|
1092	1093	((conn_reuse_mode & 2) &&
1093	1094	(cp->state == IP_VS_TCP_S_FIN_WAIT) &&
1094	1095	(cp->flags & IP_VS_CONN_F_NOOUTPUT));