summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorJiri Wiesner <jwiesner@suse.com>2020-01-18 13:10:50 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2020-01-24 18:26:53 +0100
commitab658b9fa7a2c467f79eac8b53ea308b8f98113d (patch)
tree9ad9dded87ab4c82b8696de01bde8ee887bf2f46 /usr
parent32c72165dbd0e246e69d16a3ad348a4851afd415 (diff)
downloadlinux-ab658b9fa7a2c467f79eac8b53ea308b8f98113d.tar.bz2
netfilter: conntrack: sctp: use distinct states for new SCTP connections
The netlink notifications triggered by the INIT and INIT_ACK chunks for a tracked SCTP association do not include protocol information for the corresponding connection - SCTP state and verification tags for the original and reply direction are missing. Since the connection tracking implementation allows user space programs to receive notifications about a connection and then create a new connection based on the values received in a notification, it makes sense that INIT and INIT_ACK notifications should contain the SCTP state and verification tags available at the time when a notification is sent. The missing verification tags cause a newly created netfilter connection to fail to verify the tags of SCTP packets when this connection has been created from the values previously received in an INIT or INIT_ACK notification. A PROTOINFO event is cached in sctp_packet() when the state of a connection changes. The CLOSED and COOKIE_WAIT state will be used for connections that have seen an INIT and INIT_ACK chunk, respectively. The distinct states will cause a connection state change in sctp_packet(). Signed-off-by: Jiri Wiesner <jwiesner@suse.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'usr')
0 files changed, 0 insertions, 0 deletions