aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c46
1 files changed, 20 insertions, 26 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index fdabef56bf17..e52b6b95b304 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -291,7 +291,7 @@ static int new_state(enum ip_conntrack_dir dir,
291 return sctp_conntracks[dir][i][cur_state]; 291 return sctp_conntracks[dir][i][cur_state];
292} 292}
293 293
294/* Returns verdict for packet, or -1 for invalid. */ 294/* Returns verdict for packet, or -NF_ACCEPT for invalid. */
295static int sctp_packet(struct nf_conn *ct, 295static int sctp_packet(struct nf_conn *ct,
296 const struct sk_buff *skb, 296 const struct sk_buff *skb,
297 unsigned int dataoff, 297 unsigned int dataoff,
@@ -308,10 +308,10 @@ static int sctp_packet(struct nf_conn *ct,
308 308
309 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph); 309 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
310 if (sh == NULL) 310 if (sh == NULL)
311 return -1; 311 goto out;
312 312
313 if (do_basic_checks(ct, skb, dataoff, map) != 0) 313 if (do_basic_checks(ct, skb, dataoff, map) != 0)
314 return -1; 314 goto out;
315 315
316 /* Check the verification tag (Sec 8.5) */ 316 /* Check the verification tag (Sec 8.5) */
317 if (!test_bit(SCTP_CID_INIT, map) && 317 if (!test_bit(SCTP_CID_INIT, map) &&
@@ -321,7 +321,7 @@ static int sctp_packet(struct nf_conn *ct,
321 !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && 321 !test_bit(SCTP_CID_SHUTDOWN_ACK, map) &&
322 sh->vtag != ct->proto.sctp.vtag[dir]) { 322 sh->vtag != ct->proto.sctp.vtag[dir]) {
323 pr_debug("Verification tag check failed\n"); 323 pr_debug("Verification tag check failed\n");
324 return -1; 324 goto out;
325 } 325 }
326 326
327 oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX; 327 oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX;
@@ -331,31 +331,23 @@ static int sctp_packet(struct nf_conn *ct,
331 /* Special cases of Verification tag check (Sec 8.5.1) */ 331 /* Special cases of Verification tag check (Sec 8.5.1) */
332 if (sch->type == SCTP_CID_INIT) { 332 if (sch->type == SCTP_CID_INIT) {
333 /* Sec 8.5.1 (A) */ 333 /* Sec 8.5.1 (A) */
334 if (sh->vtag != 0) { 334 if (sh->vtag != 0)
335 write_unlock_bh(&sctp_lock); 335 goto out_unlock;
336 return -1;
337 }
338 } else if (sch->type == SCTP_CID_ABORT) { 336 } else if (sch->type == SCTP_CID_ABORT) {
339 /* Sec 8.5.1 (B) */ 337 /* Sec 8.5.1 (B) */
340 if (sh->vtag != ct->proto.sctp.vtag[dir] && 338 if (sh->vtag != ct->proto.sctp.vtag[dir] &&
341 sh->vtag != ct->proto.sctp.vtag[!dir]) { 339 sh->vtag != ct->proto.sctp.vtag[!dir])
342 write_unlock_bh(&sctp_lock); 340 goto out_unlock;
343 return -1;
344 }
345 } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { 341 } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
346 /* Sec 8.5.1 (C) */ 342 /* Sec 8.5.1 (C) */
347 if (sh->vtag != ct->proto.sctp.vtag[dir] && 343 if (sh->vtag != ct->proto.sctp.vtag[dir] &&
348 sh->vtag != ct->proto.sctp.vtag[!dir] && 344 sh->vtag != ct->proto.sctp.vtag[!dir] &&
349 (sch->flags & 1)) { 345 (sch->flags & 1))
350 write_unlock_bh(&sctp_lock); 346 goto out_unlock;
351 return -1;
352 }
353 } else if (sch->type == SCTP_CID_COOKIE_ECHO) { 347 } else if (sch->type == SCTP_CID_COOKIE_ECHO) {
354 /* Sec 8.5.1 (D) */ 348 /* Sec 8.5.1 (D) */
355 if (sh->vtag != ct->proto.sctp.vtag[dir]) { 349 if (sh->vtag != ct->proto.sctp.vtag[dir])
356 write_unlock_bh(&sctp_lock); 350 goto out_unlock;
357 return -1;
358 }
359 } 351 }
360 352
361 oldsctpstate = ct->proto.sctp.state; 353 oldsctpstate = ct->proto.sctp.state;
@@ -366,8 +358,7 @@ static int sctp_packet(struct nf_conn *ct,
366 pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u " 358 pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u "
367 "conntrack=%u\n", 359 "conntrack=%u\n",
368 dir, sch->type, oldsctpstate); 360 dir, sch->type, oldsctpstate);
369 write_unlock_bh(&sctp_lock); 361 goto out_unlock;
370 return -1;
371 } 362 }
372 363
373 /* If it is an INIT or an INIT ACK note down the vtag */ 364 /* If it is an INIT or an INIT ACK note down the vtag */
@@ -377,10 +368,8 @@ static int sctp_packet(struct nf_conn *ct,
377 368
378 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), 369 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
379 sizeof(_inithdr), &_inithdr); 370 sizeof(_inithdr), &_inithdr);
380 if (ih == NULL) { 371 if (ih == NULL)
381 write_unlock_bh(&sctp_lock); 372 goto out_unlock;
382 return -1;
383 }
384 pr_debug("Setting vtag %x for dir %d\n", 373 pr_debug("Setting vtag %x for dir %d\n",
385 ih->init_tag, !dir); 374 ih->init_tag, !dir);
386 ct->proto.sctp.vtag[!dir] = ih->init_tag; 375 ct->proto.sctp.vtag[!dir] = ih->init_tag;
@@ -403,6 +392,11 @@ static int sctp_packet(struct nf_conn *ct,
403 } 392 }
404 393
405 return NF_ACCEPT; 394 return NF_ACCEPT;
395
396out_unlock:
397 write_unlock_bh(&sctp_lock);
398out:
399 return -NF_ACCEPT;
406} 400}
407 401
408/* Called when a new connection for this protocol found. */ 402/* Called when a new connection for this protocol found. */