{"id":803648,"url":"http://patchwork.ozlabs.org/api/patches/803648/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/9475ae3e6d80f0c6547371f5a910edfbbd4a9b2a.1503207076.git.lucien.xin@gmail.com/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<9475ae3e6d80f0c6547371f5a910edfbbd4a9b2a.1503207076.git.lucien.xin@gmail.com>","list_archive_url":null,"date":"2017-08-20T05:38:07","name":"[net,1/2] netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"3d794b9eec08418a2a1e093675569757b30d0674","submitter":{"id":61073,"url":"http://patchwork.ozlabs.org/api/people/61073/?format=json","name":"Xin Long","email":"lucien.xin@gmail.com"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/9475ae3e6d80f0c6547371f5a910edfbbd4a9b2a.1503207076.git.lucien.xin@gmail.com/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/803648/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/803648/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"B6lTf/Tj\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xZlwh38jLz9t2K\n\tfor <incoming@patchwork.ozlabs.org>;\n\tSun, 20 Aug 2017 15:38:28 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752473AbdHTFi1 (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 20 Aug 2017 01:38:27 -0400","from mail-pg0-f66.google.com ([74.125.83.66]:38218 \"EHLO\n\tmail-pg0-f66.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751182AbdHTFiZ (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tSun, 20 Aug 2017 01:38:25 -0400","by mail-pg0-f66.google.com with SMTP id 123so19521969pga.5;\n\tSat, 19 Aug 2017 22:38:25 -0700 (PDT)","from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id\n\tv9sm24554899pge.26.2017.08.19.22.38.23\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tSat, 19 Aug 2017 22:38:24 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references\n\t:in-reply-to:references;\n\tbh=Bx550/MqXNWxeNuj2hnoxiTE9gVummDyV6RskL3pEVA=;\n\tb=B6lTf/Tjk+Rsk/I0c6F1voCdwoV3lUMHGpZ+q2sy7Ko0UYlpfpKSGdJW22PpKj4HPy\n\tIBlrnoIOU0hlnCZU6DerG0T5ivwawQsCRyCzKyanVsiIkjWPGMDarbPKOm9w8n/S8ZAF\n\tvSZtcTNTmOxJlFKl6qoJvj57vPS7hs7d12bOpi8mUpNu/6l859KX/qezWDGv0ticr+Nm\n\tUrqhg8uzQann+EwwUY4Q0t3gJxYT8/gVBnpcryhLXjln254fFOXYihDjWFB+9JICnO3Y\n\tswKpXGKmiUdwO2CA5BNJ7X7L+vxcsW2BiVL3BOTgx+HErMSyqfC2hzZx/VUtJcUXrkv9\n\tImkg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references:in-reply-to:references;\n\tbh=Bx550/MqXNWxeNuj2hnoxiTE9gVummDyV6RskL3pEVA=;\n\tb=e0sU5vES5+lMXWaQ4SqluiNGz6TBCwtXbvE09Pm+PU8zCfO1XzyKFAKfbM3Jcask9T\n\t+nOHtzYlJwEf0jn5V+EyocW3CqyDk8dkkl7Fe2Lnasb0w2y9J6sioJsNqbucij/gthae\n\tUqOwERZmRMPkSSfh03a0t727q4BKtdFdu/uo+mnHVwKHC0lqAjjxZSsULNSjja6gLE9D\n\t6ZmkDJr1GqFmZzDIhiqN2XlCfoZDzGQ3aCIl1NJg8rs52B3I8AokFQmdzk6Q9zZfqTXE\n\tx6GSJGZUykxuZeH8/XX31BJjzMiRi/vvbsmbESl+VwYHMNx9sk4uarw+wVyJGKG5tjEc\n\tLg7w==","X-Gm-Message-State":"AHYfb5hYmPI+xhm8n+iHUq2ewDsbIwNaWSMrICGnbfP0HPXEZwmxPL3H\n\tQmbYLSQR0luJ1T1yC4c=","X-Received":"by 10.84.209.142 with SMTP id y14mr15485201plh.286.1503207504579;\n\tSat, 19 Aug 2017 22:38:24 -0700 (PDT)","From":"Xin Long <lucien.xin@gmail.com>","To":"netfilter-devel@vger.kernel.org","Cc":"pablo@netfilter.org, Alex Gartrell <agartrell@fb.com>,\n\tlvs-devel@vger.kernel.org, netdev@vger.kernel.org,\n\thorms@verge.net.au, ja@ssi.bg, wensong@linux-vs.org","Subject":"[PATCH net 1/2] netfilter: ipvs: fix the issue that\n\tsctp_conn_schedule drops non-INIT packet","Date":"Sun, 20 Aug 2017 13:38:07 +0800","Message-Id":"<9475ae3e6d80f0c6547371f5a910edfbbd4a9b2a.1503207076.git.lucien.xin@gmail.com>","X-Mailer":"git-send-email 2.1.0","In-Reply-To":["<cover.1503207076.git.lucien.xin@gmail.com>","<cover.1503207076.git.lucien.xin@gmail.com>"],"References":["<cover.1503207076.git.lucien.xin@gmail.com>","<cover.1503207076.git.lucien.xin@gmail.com>"],"Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"Commit 5e26b1b3abce (\"ipvs: support scheduling inverse and icmp SCTP\npackets\") changed to check packet type early. It introduced a side\neffect: if it's not a INIT packet, ports will be set as  NULL, and\nthe packet will be dropped later.\n\nIt caused that sctp couldn't create connection when ipvs module is\nloaded and any scheduler is registered on server.\n\nLi Shuang reproduced it by running the cmds on sctp server:\n  # ipvsadm -A -t 1.1.1.1:80 -s rr\n  # ipvsadm -D -t 1.1.1.1:80\nthen the server could't work any more.\n\nThis patch is to return 1 when it's not an INIT packet. It means ipvs\nwill accept it without creating a conn for it, just like what it does\nfor tcp.\n\nFixes: 5e26b1b3abce (\"ipvs: support scheduling inverse and icmp SCTP packets\")\nReported-by: Li Shuang <shuali@redhat.com>\nSigned-off-by: Xin Long <lucien.xin@gmail.com>\n---\n net/netfilter/ipvs/ip_vs_proto_sctp.c | 7 +++++--\n 1 file changed, 5 insertions(+), 2 deletions(-)","diff":"diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c\nindex 3ffad4a..e9b18ac 100644\n--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c\n+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c\n@@ -24,9 +24,12 @@ sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,\n \t\tif (sh) {\n \t\t\tsch = skb_header_pointer(skb, iph->len + sizeof(_sctph),\n \t\t\t\t\t\t sizeof(_schunkh), &_schunkh);\n-\t\t\tif (sch && (sch->type == SCTP_CID_INIT ||\n-\t\t\t\t    sysctl_sloppy_sctp(ipvs)))\n+\t\t\tif (sch) {\n+\t\t\t\tif (!(sysctl_sloppy_sctp(ipvs) ||\n+\t\t\t\t      sch->type == SCTP_CID_INIT))\n+\t\t\t\t\treturn 1;\n \t\t\t\tports = &sh->source;\n+\t\t\t}\n \t\t}\n \t} else {\n \t\tports = skb_header_pointer(\n","prefixes":["net","1/2"]}