Reapply "netfilter: conntrack: don't refresh sctp entries in closed state" (4542148a) · Commits · e / devices / android_kernel_fairphone_FP5

net/netfilter/nf_conntrack_proto_sctp.c

+9 −0

Original line number	Diff line number	Diff line
		@@ -485,6 +485,15 @@ int nf_conntrack_sctp_packet(struct nf_conn *ct,
		pr_debug("Setting vtag %x for dir %d\n",
		ih->init_tag, !dir);
		ct->proto.sctp.vtag[!dir] = ih->init_tag;

		/* don't renew timeout on init retransmit so
		* port reuse by client or NAT middlebox cannot
		* keep entry alive indefinitely (incl. nat info).
		*/
		if (new_state == SCTP_CONNTRACK_CLOSED &&
		old_state == SCTP_CONNTRACK_CLOSED &&
		nf_ct_is_confirmed(ct))
		ignore = true;
		}

		ct->proto.sctp.state = new_state;