netfilter: conntrack: unify established states for SCTP paths
commit a44b7651 upstream. An SCTP endpoint can start an association through a path and tear it down over another one. That means the initial path will not see the shutdown sequence, and the conntrack entry will remain in ESTABLISHED state for 5 days. By merging the HEARTBEAT_ACKED and ESTABLISHED states into one ESTABLISHED state, there remains no difference between a primary or secondary path. The timeout for the merged ESTABLISHED state is set to 210 seconds (hb_interval * max_path_retrans + rto_max). So, even if a path doesn't see the shutdown sequence, it will expire in a reasonable amount of time. With this change in place, there is now more than one state from which we can transition to ESTABLISHED, COOKIE_ECHOED and HEARTBEAT_SENT, so handle the setting of ASSURED bit whenever a state change has happened and the new state is ESTABLISHED. Removed the check for dir==REPLY since the transition to ESTABLISHED can happen only in the reply direction. Fixes: 9fb9cbb1 ("[NETFILTER]: Add nf_conntrack subsystem.") Signed-off-by:Sriram Yagnaraman <sriram.yagnaraman@est.tech> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing
- include/uapi/linux/netfilter/nf_conntrack_sctp.h 1 addition, 1 deletioninclude/uapi/linux/netfilter/nf_conntrack_sctp.h
- include/uapi/linux/netfilter/nfnetlink_cttimeout.h 1 addition, 1 deletioninclude/uapi/linux/netfilter/nfnetlink_cttimeout.h
- net/netfilter/nf_conntrack_proto_sctp.c 39 additions, 54 deletionsnet/netfilter/nf_conntrack_proto_sctp.c
- net/netfilter/nf_conntrack_standalone.c 0 additions, 8 deletionsnet/netfilter/nf_conntrack_standalone.c
Please register or sign in to comment