diff options
| author | Samuel Jero <sj323707@ohio.edu> | 2012-02-26 20:22:02 -0500 |
|---|---|---|
| committer | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2012-03-03 11:02:52 -0500 |
| commit | f541fb7e20c848f947ca65fbf169efe69400c942 (patch) | |
| tree | 689f3a7a46ca00b6610667e33313f339645b229d /net/dccp/minisocks.c | |
| parent | 793734b587a670e47a8d65f9e5211ba2188bb904 (diff) | |
dccp: fix bug in sequence number validation during connection setup
This fixes a bug in the sequence number validation during the initial handshake.
The code did not treat the initial sequence numbers ISS and ISR as read-only and
did not keep state for GSR and GSS as required by the specification. This causes
problems with retransmissions during the initial handshake, causing the
budding connection to be reset.
This patch now treats ISS/ISR as read-only and tracks GSS/GSR as required.
Signed-off-by: Samuel Jero <sj323707@ohio.edu>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Diffstat (limited to 'net/dccp/minisocks.c')
| -rw-r--r-- | net/dccp/minisocks.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c index 5a7f90bbffa..ea850ce35d4 100644 --- a/net/dccp/minisocks.c +++ b/net/dccp/minisocks.c | |||
| @@ -127,9 +127,11 @@ struct sock *dccp_create_openreq_child(struct sock *sk, | |||
| 127 | * activation below, as these windows all depend on the local | 127 | * activation below, as these windows all depend on the local |
| 128 | * and remote Sequence Window feature values (7.5.2). | 128 | * and remote Sequence Window feature values (7.5.2). |
| 129 | */ | 129 | */ |
| 130 | newdp->dccps_gss = newdp->dccps_iss = dreq->dreq_iss; | 130 | newdp->dccps_iss = dreq->dreq_iss; |
| 131 | newdp->dccps_gss = dreq->dreq_gss; | ||
| 131 | newdp->dccps_gar = newdp->dccps_iss; | 132 | newdp->dccps_gar = newdp->dccps_iss; |
| 132 | newdp->dccps_gsr = newdp->dccps_isr = dreq->dreq_isr; | 133 | newdp->dccps_isr = dreq->dreq_isr; |
| 134 | newdp->dccps_gsr = dreq->dreq_gsr; | ||
| 133 | 135 | ||
| 134 | /* | 136 | /* |
| 135 | * Activate features: initialise CCIDs, sequence windows etc. | 137 | * Activate features: initialise CCIDs, sequence windows etc. |
| @@ -164,9 +166,9 @@ struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb, | |||
| 164 | /* Check for retransmitted REQUEST */ | 166 | /* Check for retransmitted REQUEST */ |
| 165 | if (dccp_hdr(skb)->dccph_type == DCCP_PKT_REQUEST) { | 167 | if (dccp_hdr(skb)->dccph_type == DCCP_PKT_REQUEST) { |
| 166 | 168 | ||
| 167 | if (after48(DCCP_SKB_CB(skb)->dccpd_seq, dreq->dreq_isr)) { | 169 | if (after48(DCCP_SKB_CB(skb)->dccpd_seq, dreq->dreq_gsr)) { |
| 168 | dccp_pr_debug("Retransmitted REQUEST\n"); | 170 | dccp_pr_debug("Retransmitted REQUEST\n"); |
| 169 | dreq->dreq_isr = DCCP_SKB_CB(skb)->dccpd_seq; | 171 | dreq->dreq_gsr = DCCP_SKB_CB(skb)->dccpd_seq; |
| 170 | /* | 172 | /* |
| 171 | * Send another RESPONSE packet | 173 | * Send another RESPONSE packet |
| 172 | * To protect against Request floods, increment retrans | 174 | * To protect against Request floods, increment retrans |
| @@ -186,12 +188,14 @@ struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb, | |||
| 186 | goto drop; | 188 | goto drop; |
| 187 | 189 | ||
| 188 | /* Invalid ACK */ | 190 | /* Invalid ACK */ |
| 189 | if (DCCP_SKB_CB(skb)->dccpd_ack_seq != dreq->dreq_iss) { | 191 | if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, |
| 192 | dreq->dreq_iss, dreq->dreq_gss)) { | ||
| 190 | dccp_pr_debug("Invalid ACK number: ack_seq=%llu, " | 193 | dccp_pr_debug("Invalid ACK number: ack_seq=%llu, " |
| 191 | "dreq_iss=%llu\n", | 194 | "dreq_iss=%llu, dreq_gss=%llu\n", |
| 192 | (unsigned long long) | 195 | (unsigned long long) |
| 193 | DCCP_SKB_CB(skb)->dccpd_ack_seq, | 196 | DCCP_SKB_CB(skb)->dccpd_ack_seq, |
| 194 | (unsigned long long) dreq->dreq_iss); | 197 | (unsigned long long) dreq->dreq_iss, |
| 198 | (unsigned long long) dreq->dreq_gss); | ||
| 195 | goto drop; | 199 | goto drop; |
| 196 | } | 200 | } |
| 197 | 201 | ||