netfilter: conntrack: unify established states for SCTP paths
stable inclusion from stable-v5.10.166 commit 743435cd1705b4a3a4b8e73a538c4c1a1efc7edb category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I87FRA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=743435cd1705b4a3a4b8e73a538c4c1a1efc7edb -------------------------------- commit a44b7651 upstream. An SCTP endpoint can start an association through a path and tear it down over another one. That means the initial path will not see the shutdown sequence, and the conntrack entry will remain in ESTABLISHED state for 5 days. By merging the HEARTBEAT_ACKED and ESTABLISHED states into one ESTABLISHED state, there remains no difference between a primary or secondary path. The timeout for the merged ESTABLISHED state is set to 210 seconds (hb_interval * max_path_retrans + rto_max). So, even if a path doesn't see the shutdown sequence, it will expire in a reasonable amount of time. With this change in place, there is now more than one state from which we can transition to ESTABLISHED, COOKIE_ECHOED and HEARTBEAT_SENT, so handle the setting of ASSURED bit whenever a state change has happened and the new state is ESTABLISHED. Removed the check for dir==REPLY since the transition to ESTABLISHED can happen only in the reply direction. Fixes: 9fb9cbb1 ("[NETFILTER]: Add nf_conntrack subsystem.") Signed-off-by:Sriram Yagnaraman <sriram.yagnaraman@est.tech> Signed-off-by:
Loading
Please sign in to comment