SCTP: Allow ADD_IP to work with AUTH for backward compatibility.

This patch adds a tunable that will allow ADD_IP to work without AUTH for backward compatibility. The default value is off since the default value for ADD_IP is off as well. People who need to use ADD-IP with older implementations take risks of connection hijacking and should consider upgrading or turning this tunable on. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
author: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-10-24 17:24:26 -0400
committer: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-11-07 11:39:27 -0500
commit: 73d9c4fd1a6ec4950b2eac8135d35506bf400d6c (patch)
tree: b2d6fe707cdc790c9b42a2487d2892e97c6561ba /net/sctp/sm_make_chunk.c
parent: 88799fe5ec65fad1d5cb1d4dc5d8f78edb949f1c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 2ff3a3df049d..43e8de1228f9 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2137,8 +2137,10 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
        /* If the peer claims support for ADD-IP without support
         * for AUTH, disable support for ADD-IP.
+         * Do this only if backward compatible mode is turned off.
         */
-        if (asoc->peer.asconf_capable && !asoc->peer.auth_capable) {
+        if (!sctp_addip_noauth &&
+             (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
                asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
                                                  SCTP_PARAM_DEL_IP |
                                                  SCTP_PARAM_SET_PRIMARY);
author	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-10-24 17:24:26 -0400
committer	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-11-07 11:39:27 -0500
commit	73d9c4fd1a6ec4950b2eac8135d35506bf400d6c (patch)
tree	b2d6fe707cdc790c9b42a2487d2892e97c6561ba /net/sctp/sm_make_chunk.c
parent	88799fe5ec65fad1d5cb1d4dc5d8f78edb949f1c (diff)