netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule

There's no reason for ipvs to create a conn for an ABORT packet even if sysctl_sloppy_sctp is set. This patch is to accept it without creating a conn, just as ipvs does for tcp's RST packet. Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Xin Long <lucien.xin@gmail.com> 2017-08-20 01:38:08 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-09-08 07:40:23 -0400
commit: 68913a018f6082f8f90abb8ff9114435ef45dff7 (patch)
tree: 65753bb798dd1b70fdfa2b5053fce767bdbfb302
parent: 1cc4a018669f2fb18c10010f1a7ab3f6fb688cef (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 81f08198b125..57c8ee66491e 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -25,7 +25,8 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
                        sch = skb_header_pointer(skb, iph->len + sizeof(_sctph),
                                                 sizeof(_schunkh), &_schunkh);
                        if (sch) {
-                                if (!(sysctl_sloppy_sctp(ipvs) ||
+                                if (sch->type == SCTP_CID_ABORT ||
+                                    !(sysctl_sloppy_sctp(ipvs) ||
                                      sch->type == SCTP_CID_INIT))
                                        return 1;
                                ports = &sh->source;
author	Xin Long <lucien.xin@gmail.com>	2017-08-20 01:38:08 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-09-08 07:40:23 -0400
commit	68913a018f6082f8f90abb8ff9114435ef45dff7 (patch)
tree	65753bb798dd1b70fdfa2b5053fce767bdbfb302
parent	1cc4a018669f2fb18c10010f1a7ab3f6fb688cef (diff)