mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-25 18:30:06 +00:00
cc5453a5b7
If an sctp connection gets re-used, heartbeats are flagged as invalid because their vtag doesn't match. Handle this in a similar way as TCP conntrack when it suspects that the endpoints and conntrack are out-of-sync. When a HEARTBEAT request fails its vtag validation, flag this in the conntrack state and accept the packet. When a HEARTBEAT_ACK is received with an invalid vtag in the reverse direction after we allowed such a HEARTBEAT through, assume we are out-of-sync and re-set the vtag info. v2: remove left-over snippet from an older incarnation that moved new_state/old_state assignments, thats not needed so keep that as-is. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
16 lines
313 B
C
16 lines
313 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _NF_CONNTRACK_SCTP_H
|
|
#define _NF_CONNTRACK_SCTP_H
|
|
/* SCTP tracking. */
|
|
|
|
#include <uapi/linux/netfilter/nf_conntrack_sctp.h>
|
|
|
|
struct ip_ct_sctp {
|
|
enum sctp_conntrack state;
|
|
|
|
__be32 vtag[IP_CT_DIR_MAX];
|
|
u8 last_dir;
|
|
u8 flags;
|
|
};
|
|
|
|
#endif /* _NF_CONNTRACK_SCTP_H */
|