diff options
| author | Gui Jianfeng <guijianfeng@cn.fujitsu.com> | 2008-04-12 21:39:34 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-04-12 21:39:34 -0400 |
| commit | f4ad85ca3ef8a1ede76c5020a28a8f4057b4d24f (patch) | |
| tree | cfab9dcd7b29eb150bd6168cf40c375bd9006bbe /net/sctp | |
| parent | 72da7b3860cabf427590b4982bc880bafab4d5c8 (diff) | |
[SCTP]: Fix protocol violation when receiving an error lenght INIT-ACK
When receiving an error length INIT-ACK during COOKIE-WAIT,
a 0-vtag ABORT will be responsed. This action violates the
protocol apparently. This patch achieves the following things.
1 If the INIT-ACK contains all the fixed parameters, use init-tag
recorded from INIT-ACK as vtag.
2 If the INIT-ACK doesn't contain all the fixed parameters,
just reflect its vtag.
Signed-off-by: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp')
| -rw-r--r-- | net/sctp/outqueue.c | 3 | ||||
| -rw-r--r-- | net/sctp/sm_sideeffect.c | 3 | ||||
| -rw-r--r-- | net/sctp/sm_statefuns.c | 18 |
3 files changed, 24 insertions, 0 deletions
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c index 1bb3c5c35d2a..c0714469233c 100644 --- a/net/sctp/outqueue.c +++ b/net/sctp/outqueue.c | |||
| @@ -793,6 +793,9 @@ int sctp_outq_flush(struct sctp_outq *q, int rtx_timeout) | |||
| 793 | break; | 793 | break; |
| 794 | 794 | ||
| 795 | case SCTP_CID_ABORT: | 795 | case SCTP_CID_ABORT: |
| 796 | if (sctp_test_T_bit(chunk)) { | ||
| 797 | packet->vtag = asoc->c.my_vtag; | ||
| 798 | } | ||
| 796 | case SCTP_CID_SACK: | 799 | case SCTP_CID_SACK: |
| 797 | case SCTP_CID_HEARTBEAT: | 800 | case SCTP_CID_HEARTBEAT: |
| 798 | case SCTP_CID_HEARTBEAT_ACK: | 801 | case SCTP_CID_HEARTBEAT_ACK: |
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c index 28eb38eb6083..a4763fd24fd8 100644 --- a/net/sctp/sm_sideeffect.c +++ b/net/sctp/sm_sideeffect.c | |||
| @@ -1536,6 +1536,9 @@ static int sctp_cmd_interpreter(sctp_event_t event_type, | |||
| 1536 | error = sctp_auth_asoc_init_active_key(asoc, | 1536 | error = sctp_auth_asoc_init_active_key(asoc, |
| 1537 | GFP_ATOMIC); | 1537 | GFP_ATOMIC); |
| 1538 | break; | 1538 | break; |
| 1539 | case SCTP_CMD_UPDATE_INITTAG: | ||
| 1540 | asoc->peer.i.init_tag = cmd->obj.u32; | ||
| 1541 | break; | ||
| 1539 | 1542 | ||
| 1540 | default: | 1543 | default: |
| 1541 | printk(KERN_WARNING "Impossible command: %u, %p\n", | 1544 | printk(KERN_WARNING "Impossible command: %u, %p\n", |
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index f2ed6473feef..3ef97499df0d 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c | |||
| @@ -4144,6 +4144,24 @@ static sctp_disposition_t sctp_sf_abort_violation( | |||
| 4144 | goto nomem; | 4144 | goto nomem; |
| 4145 | 4145 | ||
| 4146 | if (asoc) { | 4146 | if (asoc) { |
| 4147 | /* Treat INIT-ACK as a special case during COOKIE-WAIT. */ | ||
| 4148 | if (chunk->chunk_hdr->type == SCTP_CID_INIT_ACK && | ||
| 4149 | !asoc->peer.i.init_tag) { | ||
| 4150 | sctp_initack_chunk_t *initack; | ||
| 4151 | |||
| 4152 | initack = (sctp_initack_chunk_t *)chunk->chunk_hdr; | ||
| 4153 | if (!sctp_chunk_length_valid(chunk, | ||
| 4154 | sizeof(sctp_initack_chunk_t))) | ||
| 4155 | abort->chunk_hdr->flags |= SCTP_CHUNK_FLAG_T; | ||
| 4156 | else { | ||
| 4157 | unsigned int inittag; | ||
| 4158 | |||
| 4159 | inittag = ntohl(initack->init_hdr.init_tag); | ||
| 4160 | sctp_add_cmd_sf(commands, SCTP_CMD_UPDATE_INITTAG, | ||
| 4161 | SCTP_U32(inittag)); | ||
| 4162 | } | ||
| 4163 | } | ||
| 4164 | |||
| 4147 | sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); | 4165 | sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort)); |
| 4148 | SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); | 4166 | SCTP_INC_STATS(SCTP_MIB_OUTCTRLCHUNKS); |
| 4149 | 4167 | ||