Merge pull request #18 from aojea/sctp_ref

add references to the sctp bug
aojea · Apr 7, 2024 · e0459f5 · e0459f5
2 parents b3dda16 + 30fd7b1
commit e0459f5
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/pkg/networkpolicy/controller.go b/pkg/networkpolicy/controller.go
@@ -249,11 +249,14 @@ func (c *Controller) Run(ctx context.Context) error {
 		go wait.Until(func() { c.syncNFTablesRules(ctx) }, 60*time.Second, ctx.Done())
 	}
 
+	var flags uint32
 	// https://netfilter.org/projects/libnetfilter_queue/doxygen/html/group__Queue.html
 	// the kernel will not normalize offload packets,
 	// i.e. your application will need to be able to handle packets larger than the mtu.
 	// Normalization is expensive, so this flag should always be set.
-	var flags uint32
+	// This also solves a bug with SCTP
+	// https://github.com/aojea/kube-netpol/issues/8
+	// https://bugzilla.netfilter.org/show_bug.cgi?id=1742
 	flags = nfqueue.NfQaCfgFlagGSO
 	if c.config.FailOpen {
 		flags += nfqueue.NfQaCfgFlagFailOpen