git.baikalelectronics.ru Git - kernel.git/commit

netfilter: conntrack: unify established states for SCTP paths

commit a44b7651489f26271ac784b70895e8a85d0cebf4 upstream.

An SCTP endpoint can start an association through a path and tear it
down over another one. That means the initial path will not see the
shutdown sequence, and the conntrack entry will remain in ESTABLISHED
state for 5 days.

By merging the HEARTBEAT_ACKED and ESTABLISHED states into one
ESTABLISHED state, there remains no difference between a primary or
secondary path. The timeout for the merged ESTABLISHED state is set to
210 seconds (hb_interval * max_path_retrans + rto_max). So, even if a
path doesn't see the shutdown sequence, it will expire in a reasonable
amount of time.

With this change in place, there is now more than one state from which
we can transition to ESTABLISHED, COOKIE_ECHOED and HEARTBEAT_SENT, so
handle the setting of ASSURED bit whenever a state change has happened
and the new state is ESTABLISHED. Removed the check for dir==REPLY since
the transition to ESTABLISHED can happen only in the reply direction.

Fixes: b0bbff62ec62 ("[NETFILTER]: Add nf_conntrack subsystem.")
Signed-off-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Sriram Yagnaraman <sriram.yagnaraman@est.tech>
	Tue, 24 Jan 2023 01:47:21 +0000 (02:47 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 6 Feb 2023 06:52:47 +0000 (07:52 +0100)
commit	4786c4879e190ecb05c815104adca7e488e7befd
tree	dc458ecbc22e19f64e344d76e75de1239ec6e71f	tree \| snapshot
parent	1ae6e760f52797d48df46660d354ada659862ecd	commit \| diff

include/uapi/linux/netfilter/nf_conntrack_sctp.h		diff \| blob \| history
include/uapi/linux/netfilter/nfnetlink_cttimeout.h		diff \| blob \| history
net/netfilter/nf_conntrack_proto_sctp.c		diff \| blob \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| history