[PATCH 0/2] netfilter: nf_ct_sctp: improve SCTP multihoming

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Sriram Yagnaraman <sriram.yagnaraman@xxxxxxxx>

This patch series introduces a couple of changes to improve SCTP multihoming support when running behind NAT.

An SCTP association having multiple alternative paths, will have different IP addreses but will still have to use the same SCTP port. This means all the paths that have an NAT/middlebox will have to co-ordinate and use the same source port after SNAT.
This patch series introduces a sysctl to disable source port randomization.

An SCTP endpoint is allowed to use alternative paths during the lifetime of an association. This makes it hard to write a stateful SCTP connection tracking module. This patch series adds a new conntrack state DATA_SENT that will be triggered on receiving a DATA/SACK chunk on a new conntrack entry. This state behaves similar to the existing HEARTBEAT_SENT state.

Sriram Yagnaraman (2):
  netfilter: nf_ct_sctp: introduce no_random_port proc entry
  netfilter: nf_ct_sctp: add DATA_SENT conntrack state

 include/net/netns/conntrack.h                 |   1 +
 .../uapi/linux/netfilter/nf_conntrack_sctp.h  |   1 +
 .../linux/netfilter/nfnetlink_cttimeout.h     |   1 +
 net/netfilter/nf_conntrack_proto_sctp.c       | 107 +++++++++++-------
 net/netfilter/nf_conntrack_standalone.c       |  21 ++++
 net/netfilter/nf_nat_core.c                   |   8 +-
 6 files changed, 95 insertions(+), 44 deletions(-)

-- 
2.34.1




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux