netfilter: conntrack: skip identical origin tuple in same zone only

[mirror_ubuntu-hirsute-kernel.git] / net / netfilter / nf_conntrack_proto_sctp.c

diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 810cca24b399019862f185a65d064aa56aa8a21c..fb8dc02e502f699fec1aa93a9e95b50f3df6db6e 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -543,7 +543,7 @@ static bool sctp_can_early_drop(const struct nf_conn *ct)
 #include <linux/netfilter/nfnetlink_conntrack.h>
 
 static int sctp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
-                         struct nf_conn *ct)
+                         struct nf_conn *ct, bool destroy)
 {
        struct nlattr *nest_parms;
 
@@ -552,15 +552,20 @@ static int sctp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
        if (!nest_parms)
                goto nla_put_failure;
 
-       if (nla_put_u8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state) ||
-           nla_put_be32(skb, CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
+       if (nla_put_u8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state))
+               goto nla_put_failure;
+
+       if (destroy)
+               goto skip_state;
+
+       if (nla_put_be32(skb, CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
                         ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL]) ||
            nla_put_be32(skb, CTA_PROTOINFO_SCTP_VTAG_REPLY,
                         ct->proto.sctp.vtag[IP_CT_DIR_REPLY]))
                goto nla_put_failure;
 
+skip_state:
        spin_unlock_bh(&ct->lock);
-
        nla_nest_end(skb, nest_parms);
 
        return 0;