SCTP: Allow ADD_IP to work with AUTH for backward compatibility.

This patch adds a tunable that will allow ADD_IP to work without AUTH for backward compatibility. The default value is off since the default value for ADD_IP is off as well. People who need to use ADD-IP with older implementations take risks of connection hijacking and should consider upgrading or turning this tunable on. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
author: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-10-24 17:24:26 -0400
committer: Vlad Yasevich <vladislav.yasevich@hp.com> 2007-11-07 11:39:27 -0500
commit: 73d9c4fd1a6ec4950b2eac8135d35506bf400d6c (patch)
tree: b2d6fe707cdc790c9b42a2487d2892e97c6561ba /net/sctp
parent: 88799fe5ec65fad1d5cb1d4dc5d8f78edb949f1c (diff)
4 files changed, 19 insertions, 3 deletions
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index eaad5c5535a8..013e3d3ab0f1 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -262,10 +262,14 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a
         */
        asoc->peer.sack_needed = 1;
-        /* Assume that the peer recongizes ASCONF until reported otherwise
+        /* Assume that the peer will tell us if he recognizes ASCONF
-         * via an ERROR chunk.
+         * as part of INIT exchange.
+         * The sctp_addip_noauth option is there for backward compatibilty
+         * and will revert old behavior.
         */
        asoc->peer.asconf_capable = 0;
+        if (sctp_addip_noauth)
+                asoc->peer.asconf_capable = 1;
        /* Create an input queue.  */
        sctp_inq_init(&asoc->base.inqueue);
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 40c1a47d1b8d..ecfab0344e73 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1179,6 +1179,7 @@ SCTP_STATIC __init int sctp_init(void)
        /* Disable ADDIP by default. */
        sctp_addip_enable = 0;
+        sctp_addip_noauth = 0;
        /* Enable PR-SCTP by default. */
        sctp_prsctp_enable = 1;
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 2ff3a3df049d..43e8de1228f9 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2137,8 +2137,10 @@ int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
        /* If the peer claims support for ADD-IP without support
         * for AUTH, disable support for ADD-IP.
+         * Do this only if backward compatible mode is turned off.
         */
-        if (asoc->peer.asconf_capable && !asoc->peer.auth_capable) {
+        if (!sctp_addip_noauth &&
+             (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
                asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
                                                  SCTP_PARAM_DEL_IP |
                                                  SCTP_PARAM_SET_PRIMARY);
diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 0669778e4335..da4f15734fb1 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -263,6 +263,15 @@ static ctl_table sctp_table[] = {
                .proc_handler   = &proc_dointvec,
                .strategy       = &sysctl_intvec
        },
+        {
+                .ctl_name       = CTL_UNNUMBERED,
+                .procname       = "addip_noauth_enable",
+                .data           = &sctp_addip_noauth,
+                .maxlen         = sizeof(int),
+                .mode           = 0644,
+                .proc_handler   = &proc_dointvec,
+                .strategy       = &sysctl_intvec
+        },
        { .ctl_name = 0 }
 };
author	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-10-24 17:24:26 -0400
committer	Vlad Yasevich <vladislav.yasevich@hp.com>	2007-11-07 11:39:27 -0500
commit	73d9c4fd1a6ec4950b2eac8135d35506bf400d6c (patch)
tree	b2d6fe707cdc790c9b42a2487d2892e97c6561ba /net/sctp
parent	88799fe5ec65fad1d5cb1d4dc5d8f78edb949f1c (diff)