From 68a538daed2a39dcf1d7c311083cb52ab45b0189 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Tue, 29 Apr 2025 16:31:37 +0300
Subject: [PATCH] nfqws: conntrack: do not reset entry on dup SA

---
 nfq/conntrack.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nfq/conntrack.c b/nfq/conntrack.c
index b402b65..f8c676e 100644
--- a/nfq/conntrack.c
+++ b/nfq/conntrack.c
@@ -143,8 +143,11 @@ static void ConntrackFeedPacket(t_ctrack *t, bool bReverse, const struct tcphdr
 		}
 		else if (tcp_synack_segment(tcphdr))
 		{
-			if (t->state!=SYN) ConntrackReInitTrack(t); // erase current entry
-			if (!t->seq0) t->seq0 = ntohl(tcphdr->th_ack)-1;
+			// ignore SA dups
+			uint32_t seq0 = ntohl(tcphdr->th_ack)-1;
+			if (t->state!=SYN && t->seq0!=seq0)
+				ConntrackReInitTrack(t); // erase current entry
+			if (!t->seq0) t->seq0 = seq0;
 			t->ack0 = ntohl(tcphdr->th_seq);
 		}
 		else if (tcphdr->th_flags & (TH_FIN|TH_RST))