aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2007-10-24 17:24:26 -0400
committerVlad Yasevich <vladislav.yasevich@hp.com>2007-11-07 11:39:27 -0500
commit73d9c4fd1a6ec4950b2eac8135d35506bf400d6c (patch)
treeb2d6fe707cdc790c9b42a2487d2892e97c6561ba
parent88799fe5ec65fad1d5cb1d4dc5d8f78edb949f1c (diff)
SCTP: Allow ADD_IP to work with AUTH for backward compatibility.
This patch adds a tunable that will allow ADD_IP to work without AUTH for backward compatibility. The default value is off since the default value for ADD_IP is off as well. People who need to use ADD-IP with older implementations take risks of connection hijacking and should consider upgrading or turning this tunable on. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
-rw-r--r--include/net/sctp/structs.h2
-rw-r--r--net/sctp/associola.c8
-rw-r--r--net/sctp/protocol.c1
-rw-r--r--net/sctp/sm_make_chunk.c4
-rw-r--r--net/sctp/sysctl.c9
5 files changed, 21 insertions, 3 deletions
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 41f1039186dd..44f2672859e2 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -212,6 +212,7 @@ extern struct sctp_globals {
212 212
213 /* Flag to indicate if addip is enabled. */ 213 /* Flag to indicate if addip is enabled. */
214 int addip_enable; 214 int addip_enable;
215 int addip_noauth_enable;
215 216
216 /* Flag to indicate if PR-SCTP is enabled. */ 217 /* Flag to indicate if PR-SCTP is enabled. */
217 int prsctp_enable; 218 int prsctp_enable;
@@ -249,6 +250,7 @@ extern struct sctp_globals {
249#define sctp_local_addr_list (sctp_globals.local_addr_list) 250#define sctp_local_addr_list (sctp_globals.local_addr_list)
250#define sctp_local_addr_lock (sctp_globals.addr_list_lock) 251#define sctp_local_addr_lock (sctp_globals.addr_list_lock)
251#define sctp_addip_enable (sctp_globals.addip_enable) 252#define sctp_addip_enable (sctp_globals.addip_enable)
253#define sctp_addip_noauth (sctp_globals.addip_noauth_enable)
252#define sctp_prsctp_enable (sctp_globals.prsctp_enable) 254#define sctp_prsctp_enable (sctp_globals.prsctp_enable)
253#define sctp_auth_enable (sctp_globals.auth_enable) 255#define sctp_auth_enable (sctp_globals.auth_enable)
254 256
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index eaad5c5535a8..013e3d3ab0f1 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -262,10 +262,14 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
262 */ 262 */
263 asoc->peer.sack_needed = 1; 263 asoc->peer.sack_needed = 1;
264 264
265 /* Assume that the peer recongizes ASCONF until reported otherwise 265 /* Assume that the peer will tell us if he recognizes ASCONF
266 * via an ERROR chunk. 266 * as part of INIT exchange.
267 * The sctp_addip_noauth option is there for backward compatibilty
268 * and will revert old behavior.
267 */ 269 */
268 asoc->peer.asconf_capable = 0; 270 asoc->peer.asconf_capable = 0;
271 if (sctp_addip_noauth)
272 asoc->peer.asconf_capable = 1;
269 273
270 /* Create an input queue. */ 274 /* Create an input queue. */
271 sctp_inq_init(&asoc->base.inqueue); 275 sctp_inq_init(&asoc->base.inqueue);
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 40c1a47d1b8d..ecfab0344e73 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1179,6 +1179,7 @@ SCTP_STATIC __init int sctp_init(void)
1179 1179
1180 /* Disable ADDIP by default. */ 1180 /* Disable ADDIP by default. */
1181 sctp_addip_enable = 0; 1181 sctp_addip_enable = 0;
1182 sctp_addip_noauth = 0;
1182 1183
1183 /* Enable PR-SCTP by default. */ 1184 /* Enable PR-SCTP by default. */
1184 sctp_prsctp_enable = 1; 1185 sctp_prsctp_enable = 1;
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 2ff3a3df049d..43e8de1228f9 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2137,8 +2137,10 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
2137 2137
2138 /* If the peer claims support for ADD-IP without support 2138 /* If the peer claims support for ADD-IP without support
2139 * for AUTH, disable support for ADD-IP. 2139 * for AUTH, disable support for ADD-IP.
2140 * Do this only if backward compatible mode is turned off.
2140 */ 2141 */
2141 if (asoc->peer.asconf_capable && !asoc->peer.auth_capable) { 2142 if (!sctp_addip_noauth &&
2143 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2142 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2144 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2143 SCTP_PARAM_DEL_IP | 2145 SCTP_PARAM_DEL_IP |
2144 SCTP_PARAM_SET_PRIMARY); 2146 SCTP_PARAM_SET_PRIMARY);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 0669778e4335..da4f15734fb1 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -263,6 +263,15 @@ static ctl_table sctp_table[] = {
263 .proc_handler = &proc_dointvec, 263 .proc_handler = &proc_dointvec,
264 .strategy = &sysctl_intvec 264 .strategy = &sysctl_intvec
265 }, 265 },
266 {
267 .ctl_name = CTL_UNNUMBERED,
268 .procname = "addip_noauth_enable",
269 .data = &sctp_addip_noauth,
270 .maxlen = sizeof(int),
271 .mode = 0644,
272 .proc_handler = &proc_dointvec,
273 .strategy = &sysctl_intvec
274 },
266 { .ctl_name = 0 } 275 { .ctl_name = 0 }
267}; 276};
268 277