|
|
@@ -630,15 +630,9 @@ static bool tcp_in_window(const struct nf_conn *ct,
|
|
|
ack = sack = receiver->td_end;
|
|
|
}
|
|
|
|
|
|
- if (seq == end
|
|
|
- && (!tcph->rst
|
|
|
- || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)))
|
|
|
+ if (tcph->rst && seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)
|
|
|
/*
|
|
|
- * Packets contains no data: we assume it is valid
|
|
|
- * and check the ack value only.
|
|
|
- * However RST segments are always validated by their
|
|
|
- * SEQ number, except when seq == 0 (reset sent answering
|
|
|
- * SYN.
|
|
|
+ * RST sent answering SYN.
|
|
|
*/
|
|
|
seq = end = sender->td_end;
|
|
|
|
Jozsef Kadlecsik