What | Removed | Added |
---|---|---|
Flags | needinfo?(mkubecek@suse.com) |
Sounds like the issue fixed by commit 9cf7490360bf ("tcp: do not drop syn_recv on all icmp reports") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9cf7490360bf It caused receiving side of a TCP connection to respond to any ICMP packet related to it (including redirects) received while in "synack sent" state by resetting the connection. The symptom was that TCP connections via PRG openvpn from outside to machines in PRG office were reset by receiving side because default gateway issued a redirect (to tell them to use the openvpn gateway instead). The fix has been backported to stable-4.4 and is present in 4.4.4 (and mainline since 4.5-rc4).