[SCTP]: Implement the receive and verification of AUTH chunk

This patch implements the receive path needed to process authenticated
chunks.  Add ability to process the AUTH chunk and handle edge cases
for authenticated COOKIE-ECHO as well.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 55 insertions, 10 deletions

diff --git a/net/sctp/input.c b/net/sctp/input.c
index f9a0c9276e3b..86503e7fa21e 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -911,15 +911,6 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb,
 
         ch = (sctp_chunkhdr_t *) skb->data;
 
-        /* If this is INIT/INIT-ACK look inside the chunk too. */
-        switch (ch->type) {
-        case SCTP_CID_INIT:
-        case SCTP_CID_INIT_ACK:
-                break;
-        default:
-                return NULL;
-        }
-
         /* The code below will attempt to walk the chunk and extract
          * parameter information.  Before we do that, we need to verify
          * that the chunk length doesn't cause overflow.  Otherwise, we'll
@@ -964,6 +955,60 @@ static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb,
         return NULL;
 }
 
+/* SCTP-AUTH, Section 6.3:
+*    If the receiver does not find a STCB for a packet containing an AUTH
+*    chunk as the first chunk and not a COOKIE-ECHO chunk as the second
+*    chunk, it MUST use the chunks after the AUTH chunk to look up an existing
+*    association.
+*
+* This means that any chunks that can help us identify the association need
+* to be looked at to find this assocation.
+*
+* TODO: The only chunk currently defined that can do that is ASCONF, but we
+* don't support that functionality yet.
+*/
+static struct sctp_association *__sctp_rcv_auth_lookup(struct sk_buff *skb,
+                                      const union sctp_addr *paddr,
+                                      const union sctp_addr *laddr,
+                                      struct sctp_transport **transportp)
+{
+        /* XXX - walk through the chunks looking for something that can
+         * help us find the association.  INIT, and INIT-ACK are not permitted.
+         * That leaves ASCONF, but we don't support that yet.
+         */
+        return NULL;
+}
+
+/*
+ * There are circumstances when we need to look inside the SCTP packet
+ * for information to help us find the association.   Examples
+ * include looking inside of INIT/INIT-ACK chunks or after the AUTH
+ * chunks.
+ */
+static struct sctp_association *__sctp_rcv_lookup_harder(struct sk_buff *skb,
+                                      const union sctp_addr *paddr,
+                                      const union sctp_addr *laddr,
+                                      struct sctp_transport **transportp)
+{
+        sctp_chunkhdr_t *ch;
+
+        ch = (sctp_chunkhdr_t *) skb->data;
+
+        /* If this is INIT/INIT-ACK look inside the chunk too. */
+        switch (ch->type) {
+        case SCTP_CID_INIT:
+        case SCTP_CID_INIT_ACK:
+                return __sctp_rcv_init_lookup(skb, laddr, transportp);
+                break;
+
+        case SCTP_CID_AUTH:
+                return __sctp_rcv_auth_lookup(skb, paddr, laddr, transportp);
+                break;
+        }
+
+        return NULL;
+}
+
 /* Lookup an association for an inbound skb. */
 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb,
                                       const union sctp_addr *paddr,
@@ -979,7 +1024,7 @@ static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb,
          * parameters within the INIT or INIT-ACK.
          */
         if (!asoc)
-                asoc = __sctp_rcv_init_lookup(skb, laddr, transportp);
+                asoc = __sctp_rcv_lookup_harder(skb, paddr, laddr, transportp);
 
         return asoc;
 }