diff options
author | Vlad Yasevich <vladislav.yasevich@hp.com> | 2007-11-09 11:43:41 -0500 |
---|---|---|
committer | Vlad Yasevich <vladislav.yasevich@hp.com> | 2007-11-09 11:43:41 -0500 |
commit | 7ab9080467040054e27ae54d67cc185f24d881ae (patch) | |
tree | 7364119d931501db9d8794294d037096a48d0863 | |
parent | d970dbf8455eb1b8cebd3cde6e18f73dd1b3ce38 (diff) |
SCTP: Make sctp_verify_param return multiple indications.
SCTP-AUTH and future ADD-IP updates have a requirement to
do additional verification of parameters and an ability to
ABORT the association if verification fails. So, introduce
additional return code so that we can clear signal a required
action.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
-rw-r--r-- | include/net/sctp/constants.h | 2 | ||||
-rw-r--r-- | net/sctp/sm_make_chunk.c | 149 |
2 files changed, 77 insertions, 74 deletions
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index 73fbdf6a24f8..f30b537d6952 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h | |||
@@ -186,6 +186,8 @@ typedef enum { | |||
186 | SCTP_IERROR_AUTH_BAD_HMAC, | 186 | SCTP_IERROR_AUTH_BAD_HMAC, |
187 | SCTP_IERROR_AUTH_BAD_KEYID, | 187 | SCTP_IERROR_AUTH_BAD_KEYID, |
188 | SCTP_IERROR_PROTO_VIOLATION, | 188 | SCTP_IERROR_PROTO_VIOLATION, |
189 | SCTP_IERROR_ERROR, | ||
190 | SCTP_IERROR_ABORT, | ||
189 | } sctp_ierror_t; | 191 | } sctp_ierror_t; |
190 | 192 | ||
191 | 193 | ||
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c index 43e8de1228f9..5a9783c38de1 100644 --- a/net/sctp/sm_make_chunk.c +++ b/net/sctp/sm_make_chunk.c | |||
@@ -1788,9 +1788,14 @@ static int sctp_process_inv_paramlength(const struct sctp_association *asoc, | |||
1788 | sizeof(sctp_paramhdr_t); | 1788 | sizeof(sctp_paramhdr_t); |
1789 | 1789 | ||
1790 | 1790 | ||
1791 | /* This is a fatal error. Any accumulated non-fatal errors are | ||
1792 | * not reported. | ||
1793 | */ | ||
1794 | if (*errp) | ||
1795 | sctp_chunk_free(*errp); | ||
1796 | |||
1791 | /* Create an error chunk and fill it in with our payload. */ | 1797 | /* Create an error chunk and fill it in with our payload. */ |
1792 | if (!*errp) | 1798 | *errp = sctp_make_op_error_space(asoc, chunk, payload_len); |
1793 | *errp = sctp_make_op_error_space(asoc, chunk, payload_len); | ||
1794 | 1799 | ||
1795 | if (*errp) { | 1800 | if (*errp) { |
1796 | sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, | 1801 | sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, |
@@ -1813,9 +1818,15 @@ static int sctp_process_hn_param(const struct sctp_association *asoc, | |||
1813 | { | 1818 | { |
1814 | __u16 len = ntohs(param.p->length); | 1819 | __u16 len = ntohs(param.p->length); |
1815 | 1820 | ||
1816 | /* Make an ERROR chunk. */ | 1821 | /* Processing of the HOST_NAME parameter will generate an |
1817 | if (!*errp) | 1822 | * ABORT. If we've accumulated any non-fatal errors, they |
1818 | *errp = sctp_make_op_error_space(asoc, chunk, len); | 1823 | * would be unrecognized parameters and we should not include |
1824 | * them in the ABORT. | ||
1825 | */ | ||
1826 | if (*errp) | ||
1827 | sctp_chunk_free(*errp); | ||
1828 | |||
1829 | *errp = sctp_make_op_error_space(asoc, chunk, len); | ||
1819 | 1830 | ||
1820 | if (*errp) { | 1831 | if (*errp) { |
1821 | sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); | 1832 | sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); |
@@ -1862,56 +1873,40 @@ static void sctp_process_ext_param(struct sctp_association *asoc, | |||
1862 | * taken if the processing endpoint does not recognize the | 1873 | * taken if the processing endpoint does not recognize the |
1863 | * Parameter Type. | 1874 | * Parameter Type. |
1864 | * | 1875 | * |
1865 | * 00 - Stop processing this SCTP chunk and discard it, | 1876 | * 00 - Stop processing this parameter; do not process any further |
1866 | * do not process any further chunks within it. | 1877 | * parameters within this chunk |
1867 | * | 1878 | * |
1868 | * 01 - Stop processing this SCTP chunk and discard it, | 1879 | * 01 - Stop processing this parameter, do not process any further |
1869 | * do not process any further chunks within it, and report | 1880 | * parameters within this chunk, and report the unrecognized |
1870 | * the unrecognized parameter in an 'Unrecognized | 1881 | * parameter in an 'Unrecognized Parameter' ERROR chunk. |
1871 | * Parameter Type' (in either an ERROR or in the INIT ACK). | ||
1872 | * | 1882 | * |
1873 | * 10 - Skip this parameter and continue processing. | 1883 | * 10 - Skip this parameter and continue processing. |
1874 | * | 1884 | * |
1875 | * 11 - Skip this parameter and continue processing but | 1885 | * 11 - Skip this parameter and continue processing but |
1876 | * report the unrecognized parameter in an | 1886 | * report the unrecognized parameter in an |
1877 | * 'Unrecognized Parameter Type' (in either an ERROR or in | 1887 | * 'Unrecognized Parameter' ERROR chunk. |
1878 | * the INIT ACK). | ||
1879 | * | 1888 | * |
1880 | * Return value: | 1889 | * Return value: |
1881 | * 0 - discard the chunk | 1890 | * SCTP_IERROR_NO_ERROR - continue with the chunk |
1882 | * 1 - continue with the chunk | 1891 | * SCTP_IERROR_ERROR - stop and report an error. |
1892 | * SCTP_IERROR_NOMEME - out of memory. | ||
1883 | */ | 1893 | */ |
1884 | static int sctp_process_unk_param(const struct sctp_association *asoc, | 1894 | static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, |
1885 | union sctp_params param, | 1895 | union sctp_params param, |
1886 | struct sctp_chunk *chunk, | 1896 | struct sctp_chunk *chunk, |
1887 | struct sctp_chunk **errp) | 1897 | struct sctp_chunk **errp) |
1888 | { | 1898 | { |
1889 | int retval = 1; | 1899 | int retval = SCTP_IERROR_NO_ERROR; |
1890 | 1900 | ||
1891 | switch (param.p->type & SCTP_PARAM_ACTION_MASK) { | 1901 | switch (param.p->type & SCTP_PARAM_ACTION_MASK) { |
1892 | case SCTP_PARAM_ACTION_DISCARD: | 1902 | case SCTP_PARAM_ACTION_DISCARD: |
1893 | retval = 0; | 1903 | retval = SCTP_IERROR_ERROR; |
1894 | break; | ||
1895 | case SCTP_PARAM_ACTION_DISCARD_ERR: | ||
1896 | retval = 0; | ||
1897 | /* Make an ERROR chunk, preparing enough room for | ||
1898 | * returning multiple unknown parameters. | ||
1899 | */ | ||
1900 | if (NULL == *errp) | ||
1901 | *errp = sctp_make_op_error_space(asoc, chunk, | ||
1902 | ntohs(chunk->chunk_hdr->length)); | ||
1903 | |||
1904 | if (*errp) { | ||
1905 | sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, | ||
1906 | WORD_ROUND(ntohs(param.p->length))); | ||
1907 | sctp_addto_chunk(*errp, | ||
1908 | WORD_ROUND(ntohs(param.p->length)), | ||
1909 | param.v); | ||
1910 | } | ||
1911 | |||
1912 | break; | 1904 | break; |
1913 | case SCTP_PARAM_ACTION_SKIP: | 1905 | case SCTP_PARAM_ACTION_SKIP: |
1914 | break; | 1906 | break; |
1907 | case SCTP_PARAM_ACTION_DISCARD_ERR: | ||
1908 | retval = SCTP_IERROR_ERROR; | ||
1909 | /* Fall through */ | ||
1915 | case SCTP_PARAM_ACTION_SKIP_ERR: | 1910 | case SCTP_PARAM_ACTION_SKIP_ERR: |
1916 | /* Make an ERROR chunk, preparing enough room for | 1911 | /* Make an ERROR chunk, preparing enough room for |
1917 | * returning multiple unknown parameters. | 1912 | * returning multiple unknown parameters. |
@@ -1932,9 +1927,8 @@ static int sctp_process_unk_param(const struct sctp_association *asoc, | |||
1932 | * to the peer and the association won't be | 1927 | * to the peer and the association won't be |
1933 | * established. | 1928 | * established. |
1934 | */ | 1929 | */ |
1935 | retval = 0; | 1930 | retval = SCTP_IERROR_NOMEM; |
1936 | } | 1931 | } |
1937 | |||
1938 | break; | 1932 | break; |
1939 | default: | 1933 | default: |
1940 | break; | 1934 | break; |
@@ -1943,18 +1937,20 @@ static int sctp_process_unk_param(const struct sctp_association *asoc, | |||
1943 | return retval; | 1937 | return retval; |
1944 | } | 1938 | } |
1945 | 1939 | ||
1946 | /* Find unrecognized parameters in the chunk. | 1940 | /* Verify variable length parameters |
1947 | * Return values: | 1941 | * Return values: |
1948 | * 0 - discard the chunk | 1942 | * SCTP_IERROR_ABORT - trigger an ABORT |
1949 | * 1 - continue with the chunk | 1943 | * SCTP_IERROR_NOMEM - out of memory (abort) |
1944 | * SCTP_IERROR_ERROR - stop processing, trigger an ERROR | ||
1945 | * SCTP_IERROR_NO_ERROR - continue with the chunk | ||
1950 | */ | 1946 | */ |
1951 | static int sctp_verify_param(const struct sctp_association *asoc, | 1947 | static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, |
1952 | union sctp_params param, | 1948 | union sctp_params param, |
1953 | sctp_cid_t cid, | 1949 | sctp_cid_t cid, |
1954 | struct sctp_chunk *chunk, | 1950 | struct sctp_chunk *chunk, |
1955 | struct sctp_chunk **err_chunk) | 1951 | struct sctp_chunk **err_chunk) |
1956 | { | 1952 | { |
1957 | int retval = 1; | 1953 | int retval = SCTP_IERROR_NO_ERROR; |
1958 | 1954 | ||
1959 | /* FIXME - This routine is not looking at each parameter per the | 1955 | /* FIXME - This routine is not looking at each parameter per the |
1960 | * chunk type, i.e., unrecognized parameters should be further | 1956 | * chunk type, i.e., unrecognized parameters should be further |
@@ -1976,7 +1972,9 @@ static int sctp_verify_param(const struct sctp_association *asoc, | |||
1976 | 1972 | ||
1977 | case SCTP_PARAM_HOST_NAME_ADDRESS: | 1973 | case SCTP_PARAM_HOST_NAME_ADDRESS: |
1978 | /* Tell the peer, we won't support this param. */ | 1974 | /* Tell the peer, we won't support this param. */ |
1979 | return sctp_process_hn_param(asoc, param, chunk, err_chunk); | 1975 | sctp_process_hn_param(asoc, param, chunk, err_chunk); |
1976 | retval = SCTP_IERROR_ABORT; | ||
1977 | break; | ||
1980 | 1978 | ||
1981 | case SCTP_PARAM_FWD_TSN_SUPPORT: | 1979 | case SCTP_PARAM_FWD_TSN_SUPPORT: |
1982 | if (sctp_prsctp_enable) | 1980 | if (sctp_prsctp_enable) |
@@ -1993,9 +1991,11 @@ static int sctp_verify_param(const struct sctp_association *asoc, | |||
1993 | * cause 'Protocol Violation'. | 1991 | * cause 'Protocol Violation'. |
1994 | */ | 1992 | */ |
1995 | if (SCTP_AUTH_RANDOM_LENGTH != | 1993 | if (SCTP_AUTH_RANDOM_LENGTH != |
1996 | ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) | 1994 | ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { |
1997 | return sctp_process_inv_paramlength(asoc, param.p, | 1995 | sctp_process_inv_paramlength(asoc, param.p, |
1998 | chunk, err_chunk); | 1996 | chunk, err_chunk); |
1997 | retval = SCTP_IERROR_ABORT; | ||
1998 | } | ||
1999 | break; | 1999 | break; |
2000 | 2000 | ||
2001 | case SCTP_PARAM_CHUNKS: | 2001 | case SCTP_PARAM_CHUNKS: |
@@ -2007,9 +2007,11 @@ static int sctp_verify_param(const struct sctp_association *asoc, | |||
2007 | * INIT-ACK chunk if the sender wants to receive authenticated | 2007 | * INIT-ACK chunk if the sender wants to receive authenticated |
2008 | * chunks. Its maximum length is 260 bytes. | 2008 | * chunks. Its maximum length is 260 bytes. |
2009 | */ | 2009 | */ |
2010 | if (260 < ntohs(param.p->length)) | 2010 | if (260 < ntohs(param.p->length)) { |
2011 | return sctp_process_inv_paramlength(asoc, param.p, | 2011 | sctp_process_inv_paramlength(asoc, param.p, |
2012 | chunk, err_chunk); | 2012 | chunk, err_chunk); |
2013 | retval = SCTP_IERROR_ABORT; | ||
2014 | } | ||
2013 | break; | 2015 | break; |
2014 | 2016 | ||
2015 | case SCTP_PARAM_HMAC_ALGO: | 2017 | case SCTP_PARAM_HMAC_ALGO: |
@@ -2020,8 +2022,7 @@ fallthrough: | |||
2020 | default: | 2022 | default: |
2021 | SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", | 2023 | SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", |
2022 | ntohs(param.p->type), cid); | 2024 | ntohs(param.p->type), cid); |
2023 | return sctp_process_unk_param(asoc, param, chunk, err_chunk); | 2025 | retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); |
2024 | |||
2025 | break; | 2026 | break; |
2026 | } | 2027 | } |
2027 | return retval; | 2028 | return retval; |
@@ -2036,6 +2037,7 @@ int sctp_verify_init(const struct sctp_association *asoc, | |||
2036 | { | 2037 | { |
2037 | union sctp_params param; | 2038 | union sctp_params param; |
2038 | int has_cookie = 0; | 2039 | int has_cookie = 0; |
2040 | int result; | ||
2039 | 2041 | ||
2040 | /* Verify stream values are non-zero. */ | 2042 | /* Verify stream values are non-zero. */ |
2041 | if ((0 == peer_init->init_hdr.num_outbound_streams) || | 2043 | if ((0 == peer_init->init_hdr.num_outbound_streams) || |
@@ -2043,8 +2045,7 @@ int sctp_verify_init(const struct sctp_association *asoc, | |||
2043 | (0 == peer_init->init_hdr.init_tag) || | 2045 | (0 == peer_init->init_hdr.init_tag) || |
2044 | (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { | 2046 | (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { |
2045 | 2047 | ||
2046 | sctp_process_inv_mandatory(asoc, chunk, errp); | 2048 | return sctp_process_inv_mandatory(asoc, chunk, errp); |
2047 | return 0; | ||
2048 | } | 2049 | } |
2049 | 2050 | ||
2050 | /* Check for missing mandatory parameters. */ | 2051 | /* Check for missing mandatory parameters. */ |
@@ -2062,29 +2063,29 @@ int sctp_verify_init(const struct sctp_association *asoc, | |||
2062 | * VIOLATION error. We build the ERROR chunk here and let the normal | 2063 | * VIOLATION error. We build the ERROR chunk here and let the normal |
2063 | * error handling code build and send the packet. | 2064 | * error handling code build and send the packet. |
2064 | */ | 2065 | */ |
2065 | if (param.v != (void*)chunk->chunk_end) { | 2066 | if (param.v != (void*)chunk->chunk_end) |
2066 | sctp_process_inv_paramlength(asoc, param.p, chunk, errp); | 2067 | return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); |
2067 | return 0; | ||
2068 | } | ||
2069 | 2068 | ||
2070 | /* The only missing mandatory param possible today is | 2069 | /* The only missing mandatory param possible today is |
2071 | * the state cookie for an INIT-ACK chunk. | 2070 | * the state cookie for an INIT-ACK chunk. |
2072 | */ | 2071 | */ |
2073 | if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { | 2072 | if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) |
2074 | sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, | 2073 | return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, |
2075 | chunk, errp); | 2074 | chunk, errp); |
2076 | return 0; | ||
2077 | } | ||
2078 | |||
2079 | /* Find unrecognized parameters. */ | ||
2080 | 2075 | ||
2076 | /* Verify all the variable length parameters */ | ||
2081 | sctp_walk_params(param, peer_init, init_hdr.params) { | 2077 | sctp_walk_params(param, peer_init, init_hdr.params) { |
2082 | 2078 | ||
2083 | if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { | 2079 | result = sctp_verify_param(asoc, param, cid, chunk, errp); |
2084 | if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) | 2080 | switch (result) { |
2081 | case SCTP_IERROR_ABORT: | ||
2082 | case SCTP_IERROR_NOMEM: | ||
2085 | return 0; | 2083 | return 0; |
2086 | else | 2084 | case SCTP_IERROR_ERROR: |
2087 | return 1; | 2085 | return 1; |
2086 | case SCTP_IERROR_NO_ERROR: | ||
2087 | default: | ||
2088 | break; | ||
2088 | } | 2089 | } |
2089 | 2090 | ||
2090 | } /* for (loop through all parameters) */ | 2091 | } /* for (loop through all parameters) */ |