summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--src/cache_iterators.c13
2 files changed, 12 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 447d171..6d1aa06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@ version 0.9.6 (yet unreleased)
o fix compilation problem due to missing headers (Krisztian Kovacs)
o include kernel options and Fedora comments in the INSTALL file
+= conntrackd =
+o Remove window tracking disabling limitation (requires Linux kernel >= 2.6.22)
+
version 0.9.5 (2007/07/29)
------------------------------
diff --git a/src/cache_iterators.c b/src/cache_iterators.c
index 36f7364..287f92f 100644
--- a/src/cache_iterators.c
+++ b/src/cache_iterators.c
@@ -78,6 +78,7 @@ void cache_dump(struct cache *c, int fd, int type)
static int do_commit(void *data1, void *data2)
{
int ret;
+ u_int8_t flags;
struct cache *c = data1;
struct us_conntrack *u = data2;
struct nf_conntrack *ct = u->ct;
@@ -97,10 +98,14 @@ static int do_commit(void *data1, void *data2)
*/
nfct_set_attr_u32(ct, ATTR_TIMEOUT, CONFIG(commit_timeout));
- if (ret == -1) {
- dlog(STATE(log), "failed to build: %s", strerror(errno));
- return 0;
- }
+ /*
+ * TCP flags to overpass window tracking for recovered connections
+ */
+ flags = IP_CT_TCP_FLAG_BE_LIBERAL | IP_CT_TCP_FLAG_SACK_PERM;
+ nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_ORIG, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_MASK_ORIG, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_FLAGS_REPL, flags);
+ nfct_set_attr_u8(ct, ATTR_TCP_MASK_REPL, flags);
ret = nfct_query(STATE(dump), NFCT_Q_CREATE_UPDATE, ct);
if (ret == -1) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 11:54:07 +0000