On Tue, Jul 17, 2018 at 09:03:15PM +0200, Florian Westphal wrote: > When first DCCP packet is SYNC or SYNCACK, we insert a new conntrack > that has an un-initialized timeout value, i.e. such entry could be > reaped at any time. > > Mark them as INVALID and only ignore SYNC/SYNCACK when connection had > an old state. Applied, thanks Florian. > Reported-by: syzbot+6f18401420df260e37ed@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > Does anyone actually use dccp conntrack/nat? > > I propose to axe it in nf-next. Probably better to remove it by when DCCP supported socket family is also discontinued. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
