diff options
| author | John Dykstra <john.dykstra1@gmail.com> | 2009-07-16 01:04:51 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2009-07-20 10:49:07 -0400 |
| commit | e3afe7b75ed8f809c1473ea9b39267487c187ccb (patch) | |
| tree | 715aa813d57ffbc6b1a179e2f7f2957b88b415dc | |
| parent | a50a97d415d839e6db9df288ff0205528e52c03e (diff) | |
tcp: Fix MD5 signature checking on IPv4 mapped sockets
Fix MD5 signature checking so that an IPv4 active open
to an IPv6 socket can succeed. In particular, use the
correct address family's signature generation function
for the SYN/ACK.
Reported-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: John Dykstra <john.dykstra1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/tcp.h | 5 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 1 | ||||
| -rw-r--r-- | net/ipv4/tcp_output.c | 2 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 1 |
4 files changed, 8 insertions, 1 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h index 19f4150f4d4d..88af84306471 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
| @@ -1425,6 +1425,11 @@ struct tcp_request_sock_ops { | |||
| 1425 | #ifdef CONFIG_TCP_MD5SIG | 1425 | #ifdef CONFIG_TCP_MD5SIG |
| 1426 | struct tcp_md5sig_key *(*md5_lookup) (struct sock *sk, | 1426 | struct tcp_md5sig_key *(*md5_lookup) (struct sock *sk, |
| 1427 | struct request_sock *req); | 1427 | struct request_sock *req); |
| 1428 | int (*calc_md5_hash) (char *location, | ||
| 1429 | struct tcp_md5sig_key *md5, | ||
| 1430 | struct sock *sk, | ||
| 1431 | struct request_sock *req, | ||
| 1432 | struct sk_buff *skb); | ||
| 1428 | #endif | 1433 | #endif |
| 1429 | }; | 1434 | }; |
| 1430 | 1435 | ||
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 5a1ca2698c88..7c107eb876c8 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1160,6 +1160,7 @@ struct request_sock_ops tcp_request_sock_ops __read_mostly = { | |||
| 1160 | #ifdef CONFIG_TCP_MD5SIG | 1160 | #ifdef CONFIG_TCP_MD5SIG |
| 1161 | static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { | 1161 | static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { |
| 1162 | .md5_lookup = tcp_v4_reqsk_md5_lookup, | 1162 | .md5_lookup = tcp_v4_reqsk_md5_lookup, |
| 1163 | .calc_md5_hash = tcp_v4_md5_hash_skb, | ||
| 1163 | }; | 1164 | }; |
| 1164 | #endif | 1165 | #endif |
| 1165 | 1166 | ||
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 5bdf08d312d9..bd62712848fa 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
| @@ -2261,7 +2261,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
| 2261 | #ifdef CONFIG_TCP_MD5SIG | 2261 | #ifdef CONFIG_TCP_MD5SIG |
| 2262 | /* Okay, we have all we need - do the md5 hash if needed */ | 2262 | /* Okay, we have all we need - do the md5 hash if needed */ |
| 2263 | if (md5) { | 2263 | if (md5) { |
| 2264 | tp->af_specific->calc_md5_hash(md5_hash_location, | 2264 | tcp_rsk(req)->af_specific->calc_md5_hash(md5_hash_location, |
| 2265 | md5, NULL, req, skb); | 2265 | md5, NULL, req, skb); |
| 2266 | } | 2266 | } |
| 2267 | #endif | 2267 | #endif |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 58810c65b635..ae3d65753562 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -896,6 +896,7 @@ struct request_sock_ops tcp6_request_sock_ops __read_mostly = { | |||
| 896 | #ifdef CONFIG_TCP_MD5SIG | 896 | #ifdef CONFIG_TCP_MD5SIG |
| 897 | static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { | 897 | static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { |
| 898 | .md5_lookup = tcp_v6_reqsk_md5_lookup, | 898 | .md5_lookup = tcp_v6_reqsk_md5_lookup, |
| 899 | .calc_md5_hash = tcp_v6_md5_hash_skb, | ||
| 899 | }; | 900 | }; |
| 900 | #endif | 901 | #endif |
| 901 | 902 | ||