ipvs: drop SCTP connections depending on state

[firefly-linux-kernel-4.4.55.git] / net / netfilter / ipvs / ip_vs_conn.c

diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index c8c52a98590ba43ffd97f26a7689650384fd95ca..4c8e5c0aa1aba96b03fae69ce153056a10bb7b95 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1231,6 +1231,18 @@ void ip_vs_random_dropentry(struct net *net)
                                default:
                                        continue;
                                }
+                       } else if (cp->protocol == IPPROTO_SCTP) {
+                               switch (cp->state) {
+                               case IP_VS_SCTP_S_INIT1:
+                               case IP_VS_SCTP_S_INIT:
+                                       break;
+                               case IP_VS_SCTP_S_ESTABLISHED:
+                                       if (todrop_entry(cp))
+                                               break;
+                                       continue;
+                               default:
+                                       continue;
+                               }
                        } else {
                                if (!todrop_entry(cp))
                                        continue;