git.baikalelectronics.ru Git - kernel.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Sun, 20 Aug 2017 05:38:07 +0000 (13:38 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 8 Sep 2017 11:40:02 +0000 (13:40 +0200)
commit	fcaa0c21a617f45091fe5a3c8b6c3277cc45493d
tree	f73c5c0827f9f187aaab2cc7ebf906c3aab5c614	tree \| snapshot
parent	73137a1185d5c1ce5585bbed6136ab57614bc054	commit \| diff

netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet

Commit ee834587b950 ("ipvs: support scheduling inverse and icmp SCTP
packets") changed to check packet type early. It introduced a side
effect: if it's not a INIT packet, ports will be set as  NULL, and
the packet will be dropped later.

It caused that sctp couldn't create connection when ipvs module is
loaded and any scheduler is registered on server.

Li Shuang reproduced it by running the cmds on sctp server:
  # ipvsadm -A -t 1.1.1.1:80 -s rr
  # ipvsadm -D -t 1.1.1.1:80
then the server could't work any more.

This patch is to return 1 when it's not an INIT packet. It means ipvs
will accept it without creating a conn for it, just like what it does
for tcp.

Fixes: ee834587b950 ("ipvs: support scheduling inverse and icmp SCTP packets")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>