summaryrefslogtreecommitdiff
path: root/net/netfilter
diff options
context:
space:
mode:
authorXin Long <lucien.xin@gmail.com>2017-08-20 13:38:08 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-09-08 13:40:23 +0200
commit68913a018f6082f8f90abb8ff9114435ef45dff7 (patch)
tree65753bb798dd1b70fdfa2b5053fce767bdbfb302 /net/netfilter
parent1cc4a018669f2fb18c10010f1a7ab3f6fb688cef (diff)
netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule
There's no reason for ipvs to create a conn for an ABORT packet even if sysctl_sloppy_sctp is set. This patch is to accept it without creating a conn, just as ipvs does for tcp's RST packet. Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/ipvs/ip_vs_proto_sctp.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 81f08198b125..57c8ee66491e 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -25,7 +25,8 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
sch = skb_header_pointer(skb, iph->len + sizeof(_sctph),
sizeof(_schunkh), &_schunkh);
if (sch) {
- if (!(sysctl_sloppy_sctp(ipvs) ||
+ if (sch->type == SCTP_CID_ABORT ||
+ !(sysctl_sloppy_sctp(ipvs) ||
sch->type == SCTP_CID_INIT))
return 1;
ports = &sh->source;