From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28ADF3DEFE1; Mon, 13 Apr 2026 14:32:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.216.245.30 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776090768; cv=none; b=SM+5MxPPBGB7wpKRPf66oMJWNyXgJA/UwK/9hSLwXWbz5TJEzGEAPzGCn63o6kO2DuXYBKk+Oh1Ni9evaMsMZnXq9iqPyJmprbUrkICgGiYjS8U12uA4XhKnZLV6qf9Y2Cdh29wVj7qCEryHzlzGsiXtEovWxuPtsAn1meyU4Jw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776090768; c=relaxed/simple; bh=P+vBb7u7tqmeMcpkdLnZeJuPiZ3o1V7thVIcm9v5nqk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=dWKQa7zthaLAwWfDRmJSUKDjzJt4WrHWNInqQU95nezgsj4wOlzQFtNKVI0EDnNPNK6teg2/4BZtt5EKO4pj+gPAmQ1u0HeEXfxPvGY0MJpk+ltEwq3FNk3xr/PRUQ05TtfpRX6BfdebUCGZ3BnKiTvlLgbx7SSS6zvBa4X79Pw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de; spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=strlen.de Received: by Chamillionaire.breakpoint.cc (Postfix, from userid 1003) id 5AB086066A; Mon, 13 Apr 2026 16:23:36 +0200 (CEST) Date: Mon, 13 Apr 2026 16:23:31 +0200 From: Florian Westphal To: Xin Long Cc: network dev , linux-sctp@vger.kernel.org, davem@davemloft.net, kuba@kernel.org, Eric Dumazet , Paolo Abeni , Simon Horman , Marcelo Ricardo Leitner , Yi Chen Subject: Re: [PATCH net 1/2] netfilter: skip recording stale or retransmitted INIT Message-ID: References: <6e09f9a8d1f13f3ce691c696d3dd7b2a2e6c6184.1775847557.git.lucien.xin@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Xin Long wrote: > On Sat, Apr 11, 2026 at 4:16 PM Florian Westphal wrote: > > Xin Long wrote: > > > > > diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c > > > index 645d2c43ebf7..7e10fa65cbdd 100644 > > > --- a/net/netfilter/nf_conntrack_proto_sctp.c > > > +++ b/net/netfilter/nf_conntrack_proto_sctp.c > > > @@ -466,9 +466,13 @@ int nf_conntrack_sctp_packet(struct nf_conn *ct, > > > if (!ih) > > > goto out_unlock; > > > > > > - if (ct->proto.sctp.init[dir] && ct->proto.sctp.init[!dir]) > > > - ct->proto.sctp.init[!dir] = 0; > > > - ct->proto.sctp.init[dir] = 1; > > > + /* Do not record INIT matching peer vtag (stale or retransmitted INIT). */ > > > + if (old_state == SCTP_CONNTRACK_NONE || > > > + ct->proto.sctp.vtag[!dir] != ih->init_tag) { > > > > Should ct->proto.sctp.vtag[!dir] == ih->init_tag case also > > set ignore = true? > > It should for a stale INIT, but not for a retransmitted one. At this point, > though, we don't reliably distinguish between the two. > > Also, as this patch only aims to prevent updating ct->proto.sctp.init[] > (introduced in 8e56b063c865) in this scenario, it’s safer to avoid > changing other behavior. Alright. I'm fine with this going in via net directly: Acked-by: Florian Westphal