Reapply "netfilter: conntrack: don't refresh sctp entries in closed state"

This reverts commit 2867afd647 as it
causes merge conflicts with 5.4.258.  It will be added back after the
merge.

Change-Id: Ibe09c3b147ba00fb3978f0b7372c5fbdbf1bc93d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

net/netfilter/nf_conntrack_proto_sctp.c

@@ -485,6 +485,15 @@ int nf_conntrack_sctp_packet(struct nf_conn *ct,
 			pr_debug("Setting vtag %x for dir %d\n",
 				 ih->init_tag, !dir);
 			ct->proto.sctp.vtag[!dir] = ih->init_tag;
+
+			/* don't renew timeout on init retransmit so
+			 * port reuse by client or NAT middlebox cannot
+			 * keep entry alive indefinitely (incl. nat info).
+			 */
+			if (new_state == SCTP_CONNTRACK_CLOSED &&
+			    old_state == SCTP_CONNTRACK_CLOSED &&
+			    nf_ct_is_confirmed(ct))
+				ignore = true;
 		}
 
 		ct->proto.sctp.state = new_state;