On Sun, Oct 01, 2023 at 11:07:48AM -0400, Xin Long wrote:
...
> @@ -481,6 +486,24 @@ int nf_conntrack_sctp_packet(struct nf_conn *ct,
> old_state == SCTP_CONNTRACK_CLOSED &&
> nf_ct_is_confirmed(ct))
> ignore = true;
> + } else if (sch->type == SCTP_CID_INIT_ACK) {
> + struct sctp_inithdr _ih, *ih;
> + u32 vtag;
> +
> + ih = skb_header_pointer(skb, offset + sizeof(_sch), sizeof(*ih), &_ih);
> + if (ih == NULL)
> + goto out_unlock;
> +
> + vtag = ct->proto.sctp.vtag[!dir];
> + if (!ct->proto.sctp.init[!dir] && vtag && vtag != ih->init_tag)
> + goto out_unlock;
> + /* collision */
> + if (ct->proto.sctp.init[dir] && ct->proto.sctp.init[!dir] &&
> + vtag != ih->init_tag)
The type of vtag is u32. But the type of ct->proto.sctp.vtag[!dir] and init_tag
is __be32. This doesn't seem right (and makes Sparse unhappy).
> + goto out_unlock;
> +
> + pr_debug("Setting vtag %x for dir %d\n", ih->init_tag, !dir);
> + ct->proto.sctp.vtag[!dir] = ih->init_tag;
> }
>
> ct->proto.sctp.state = new_state;
> --
> 2.39.1
>
>
