aboutsummaryrefslogtreecommitdiff
path: root/net/sctp
AgeCommit message (Collapse)Author
2007-09-26fix sctp_del_bind_addr() last argument typeAl Viro
It gets pointer to fastcall function, expects a pointer to normal one and calls the sucker. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-25SCTP : Add paramters validity check for ASCONF chunkWei Yongjun
If ADDIP is enabled, when an ASCONF chunk is received with ASCONF paramter length set to zero, this will cause infinite loop. By the way, if an malformed ASCONF chunk is received, will cause processing to access memory without verifying. This is because of not check the validity of parameters in ASCONF chunk. This patch fixed this. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25SCTP: Discard OOTB packetes with bundled INIT early.Vlad Yasevich
RFC 4460 and future RFC 4960 (2960-bis) specify that packets with bundled INIT chunks need to be dropped. We currenlty do that only after processing any leading chunks. For OOTB chunks, since we already walk the entire packet, we should discard packets with bundled INITs. There are other chunks chunks that MUST NOT be bundled, but the spec is silent on theire treatment. Thus, we'll leave their teatment alone for the moment. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Wei Yongjun <yjwei@cn.fujitsu.com>
2007-09-25SCTP: Clean up OOTB handling and fix infinite loop processingVlad Yasevich
While processing OOTB chunks as well as chunks with an invalid length of 0, it was possible to SCTP to get wedged inside an infinite loop because we didn't catch the condition correctly, or didn't mark the packet for discard correctly. This work is based on original findings and work by Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25SCTP: Explicitely discard OOTB chunksVlad Yasevich
Explicitely discard OOTB chunks, whether the result is a SHUTDOWN COMPLETE or an ABORT. We need to discard the OOTB SHUTDOWN ACK to prevent bombing attackes since responsed MUST NOT be bundled. We also explicietely discard in the ABORT case since that function is widely used internally. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Neil Horman <nhorman@tuxdriver.com>
2007-09-25SCTP: Send ABORT chunk with correct tag in response to INIT ACKWei Yongjun
When SCTP client received an INIT ACK chunk with missing mandatory parameter such as "cookie parameter", it will send back a ABORT with T-bit not set and verification tag is set to 0. This is because before we accept this INIT ACK chunk, we do not know the peer's tag. This patch change to reflect vtag when responding to INIT ACK with missing mandatory parameter. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-25SCTP: Validate buffer room when processing sequential chunksVlad Yasevich
When we process bundled chunks, we need to make sure that the skb has the buffer for each header since we assume it's always there. Some malicious node can send us something like DATA + 2 bytes and we'll try to walk off the end refrencing potentially uninitialized memory. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-09-16[SCTP]: Convert bind_addr_list locking to RCUVlad Yasevich
Since the sctp_sockaddr_entry is now RCU enabled as part of the patch to synchronize sctp_localaddr_list, it makes sense to change all handling of these entries to RCU. This includes the sctp_bind_addrs structure and it's list of bound addresses. This list is currently protected by an external rw_lock and that looks like an overkill. There are only 2 writers to the list: bind()/bindx() calls, and BH processing of ASCONF-ACK chunks. These are already seriealized via the socket lock, so they will not step on each other. These are also relatively rare, so we should be good with RCU. The readers are varied and they are easily converted to RCU. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Sridhar Samdurala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-16[SCTP]: Add RCU synchronization around sctp_localaddr_listVlad Yasevich
sctp_localaddr_list is modified dynamically via NETDEV_UP and NETDEV_DOWN events, but there is not synchronization between writer (even handler) and readers. As a result, the readers can access an entry that has been freed and crash the sytem. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Sridhar Samdurala <sri@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-08-30SCTP: Fix to handle invalid parameter length correctlyWei Yongjun
If an INIT with invalid parameter length look like this: Parameter Type : 1 Parameter Length: 800 and not contain any payload, SCTP will ignore this parameter and send back a INIT-ACK. This patch is fix to handle this invalid parameter length correctly. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Abort on COOKIE-ECHO if backlog is exceeded.Vlad Yasevich
Currently we abort on the INIT chunk we our backlog is currenlty exceeded. Delay this about untill COOKIE-ECHO to give the user time to accept the socket. Also, make sure that we treat sk_max_backlog of 0 as no connections allowed. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Correctly disable listening when backlog is 0.Vlad Yasevich
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Do not retransmit chunks that are newer then rtt.Vlad Yasevich
When performing a retransmit, do not include the chunk if it was sent less then 1 rtt ago. The reason is that we may receive the SACK very soon and wouldn't retransmit. Suggested by Randy Stewart. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Uncomfirmed transports can't become InactiveVlad Yasevich
Do not set Unconfirmed transports to Inactive state. This may result in an inactive association being destroyed since we start counting errors on "inactive" transports against the association. This was found at the SCTP interop event. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Pick the correct port when binding to 0.Vlad Yasevich
sctp_bindx() allows the use of unspecified port. The problem is that every address we bind to ends up selecting a new port if the user specified port 0. This patch allows re-use of the already selected port when the port from bindx was 0. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Use net_ratelimit to suppress error messages print too fastWei Yongjun
When multi bundling SHUTDOWN-ACK message is received in ESTAB state, this will cause "sctp protocol violation state" message print many times. If SHUTDOWN-ACK is bundled 300 times in one packet, message will be print 300 times. The same problem also exists when received unexpected HEARTBEAT-ACK message which is bundled message times. This patch used net_ratelimit() to suppress error messages print too fast. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Fix to encode PROTOCOL VIOLATION error cause correctlyWei Yongjun
PROTOCOL VIOLATION error cause in ABORT is bad encode when make abort chunk. When SCTP encode ABORT chunk with PROTOCOL VIOLATION error cause, it just add the error messages to PROTOCOL VIOLATION error cause, the rest four bytes(struct sctp_paramhdr) is just add to the chunk, not change the length of error cause. This cause the ABORT chunk to be a bad format. The chunk is like this: ABORT chunk Chunk type: ABORT (6) Chunk flags: 0x00 Chunk length: 72 (*1) Protocol violation cause Cause code: Protocol violation (0x000d) Cause length: 62 (*2) Cause information: 5468652063756D756C61746976652074736E2061636B2062... Cause padding: 0000 [Needless] 00030010 Chunk Length(*1) = 72 but Cause length(*2) only 62, not include the extend 4 bytes. ((72 - sizeof(chunk_hdr)) = 68) != (62 +3) / 4 * 4 Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-30SCTP: Fix sctp_addto_chunk() to add pad with correct lengthWei Yongjun
At function sctp_addto_chunk(), it do pad before add payload to chunk if chunk length is not 4-byte alignment. But it do pad with a bad length. This patch fixed this probleam. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-29SCTP: Assign stream sequence numbers to the entire messageVlad Yasevich
Currently we only assign the sequence number to a packet that we are about to transmit. This however breaks the Partial Reliability extensions, because it's possible for us to never transmit a packet, i.e. it expires before we get to send it. In such cases, if the message contained multiple SCTP fragments, and we did manage to send the first part of the message, the Stream sequence numbers would get into invalid state and cause receiver to stall. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-29SCTP: properly clean up fragment and ordering queues during FWD-TSN.Vlad Yasevich
When we recieve a FWD-TSN (meaning the peer has abandoned the data), we need to clean up any partially received messages that may be hanging out on the re-assembly or re-ordering queues. This is a MUST requirement that was not properly done before. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com.>
2007-08-02SCTP: remove useless code in function sctp_init_causeWei Yongjun
Some code in function sctp_init_cause() seem useless, this patch remove them. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-02SCTP: drop SACK if ctsn is not less than the next tsn of assocWei Yongjun
We need to drop the SACK if the peer is attempting to acknowledge unset data, i.e. the CTSN in the SACK is greater or equal to the next TSN we will send. Example: Endpoint A Endpoint B <--------------- DATA (TSN=1) SACK(TSN=1) ---------------> <--------------- DATA (TSN=2) <--------------- DATA (TSN=3) <--------------- DATA (TSN=4) <--------------- DATA (TSN=5) SACK(TSN=1000) ---------------> <--------------- DATA (TSN=6) <--------------- DATA (TSN=7) Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01SCTP: IPv4 mapped addr not returned in SCTPv6 accept()Vlad Yasevich
When issuing a connect call on an AF_INET6 sctp socket with a IPv4-mapped destination, the peer address that is returned by getpeeraddr() should be v4-mapped as well. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01SCTP: IPv4 mapped addr not returned in SCTPv6 accept()Dave Johnson
An accept() call on a SCTPv6 socket that returns due to connection of a IPv4 mapped peer will fill out the 'struct sockaddr' with a zero IPv6 address instead of the IPv4 mapped address of the peer. This is due to the v4mapped flag not getting copied into the new socket on accept() as well as a missing check for INET6 socket type in sctp_v4_to_sk_*addr(). Signed-off-by: Dave Johnson <djohnson@sw.starentnetworks.com> Cc: Srinivas Akkipeddi <sakkiped@starentnetworks.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01sctp: fix shadow symbol in net/sctp/tsnmap.cSebastian Siewior
net/sctp/tsnmap.c:164:16: warning: symbol '_end' shadows an earlier one include/asm-generic/sections.h:13:13: originally declared here Renamed renamed _end to end_ and _start (for consistence). Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01sctp: try to fix readlockSebastian Siewior
unlock the reader lock in error case. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01sctp: remove shadowed symbolssebastian@breakpoint.cc
Fixes the following sparse warnings: net/sctp/sm_make_chunk.c:1457:9: warning: symbol 'len' shadows an earlier one net/sctp/sm_make_chunk.c:1356:23: originally declared here net/sctp/socket.c:1534:22: warning: symbol 'chunk' shadows an earlier one net/sctp/socket.c:1387:20: originally declared here Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01sctp: move global declaration to header file.sebastian@breakpoint.cc
sctp_chunk_cachep & sctp_bucket_cachep is used module global, so move it to a header file. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-08-01sctp: make locally used function staticsebastian@breakpoint.cc
Forward declarion is static, the function itself is not. Make it consistent. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-07-20mm: Remove slab destructors from kmem_cache_create().Paul Mundt
Slab destructors were no longer supported after Christoph's c59def9f222d44bb7e2f0a559f2906191a0862d7 change. They've been BUGs for both slab and slub, and slob never supported them either. This rips out support for the dtor pointer from kmem_cache_create() completely and fixes up every single callsite in the kernel (there were about 224, not including the slab allocator definitions themselves, or the documentation references). Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2007-07-19[NET] SCTP: Fix whitespace errors.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2007-07-10[NET]: Make all initialized struct seq_operations const.Philippe De Muyter
Make all initialized struct seq_operations in net/ const Signed-off-by: Philippe De Muyter <phdm@macqel.be> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-05SCTP: Add scope_id validation for link-local bindsVlad Yasevich
SCTP currently permits users to bind to link-local addresses, but doesn't verify that the scope id specified at bind matches the interface that the address is configured on. It was report that this can hang a system. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-05SCTP: Check to make sure file is valid before setting timeoutVlad Yasevich
In-kernel sockets created with sock_create_kern don't usually have a file and file descriptor allocated to them. As a result, when SCTP tries to check the non-blocking flag, we Oops when dereferencing a NULL file pointer. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-05SCTP: Fix thinko in sctp_copy_laddrs()Vlad Yasevich
Correctly dereference bytes_copied in sctp_copy_laddrs(). I totally must have spaced when doing this. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-06-26SCTP: lock_sock_nested in sctp_sock_migrateZach Brown
sctp_sock_migrate() grabs the socket lock on a newly allocated socket while holding the socket lock on an old socket. lockdep worries that this might be a recursive lock attempt. task/3026 is trying to acquire lock: (sk_lock-AF_INET){--..}, at: [<ffffffff88105b8c>] sctp_sock_migrate+0x2e3/0x327 [sctp] but task is already holding lock: (sk_lock-AF_INET){--..}, at: [<ffffffff8810891f>] sctp_accept+0xdf/0x1e3 [sctp] This patch tells lockdep that this locking is safe by using lock_sock_nested(). Signed-off-by: Zach Brown <zach.brown@oracle.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-06-19SCTP: Fix sctp_getsockopt_get_peer_addrsNeil Horman
This is the split out of the patch that we agreed I should split out from my last patch. It changes space_left to be computed in the same way the to variable is. I know we talked about changing space_left to an int, but I think size_t is more appropriate, since we should never have negative space in our buffer, and computing using offsetof means space_left should now never drop below zero. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-06-19SCTP: update sctp_getsockopt helpers to allow oversized buffersNeil Horman
I noted the other day while looking at a bug that was ostensibly in some perl networking library, that we strictly avoid allowing getsockopt operations to complete if we pass in oversized buffers. This seems to make libraries like Perl::NET malfunction since it seems to allocate oversized buffers for use in several operations. It also seems to be out of line with the way udp, tcp and ip getsockopt routines handle buffer input (since the *optlen pointer in both an input and an output and gets set to the length of the data that we copy into the buffer). This patch brings our getsockopt helpers into line with other protocols, and allows us to accept oversized buffers for our getsockopt operations. Tested by me with good results. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-06-13[SCTP] Don't disable PMTU discovery when mtu is smallVlad Yasevich
Right now, when we receive a mtu estimate smaller then minim threshold in the ICMP message, we disable the path mtu discovery on the transport. This leads to the never increasing sctp fragmentation point even when the real path mtu has increased. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-06-13[SCTP] Flag a pmtu change requestVlad Yasevich
Currently, if the socket is owned by the user, we drop the ICMP message. As a result SCTP forgets that path MTU changed and never adjusting it's estimate. This causes all subsequent packets to be fragmented. With this patch, we'll flag the association that it needs to udpate it's estimate based on the already updated routing information. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com>
2007-06-13[SCTP] Update pmtu handling to be similar to tcpVlad Yasevich
Introduce new function sctp_transport_update_pmtu that updates the transports and destination caches view of the path mtu. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com>
2007-06-13[SCTP] Fix leak in sctp_getsockopt_local_addrs when copy_to_user failsVlad Yasevich
If the copy_to_user or copy_user calls fail in sctp_getsockopt_local_addrs(), the function should free locally allocated storage before returning error. Spotted by Coverity. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com>
2007-06-13[SCTP]: Allow unspecified port in sctp_bindx()Vlad Yasevich
Allow sctp_bindx() to accept multiple address with unspecified port. In this case, all addresses inherit the first bound port. We still catch full mis-matches. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com>
2007-06-13[SCTP]: Correctly set daddr for IPv6 sockets during peeloffVlad Yasevich
During peeloff of AF_INET6 socket, the inet6_sk(sk)->daddr wasn't set correctly since the code was assuming IPv4 only. Now we use a correct call to set the destination address. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Acked-by: Sridhar Samudrala <sri@us.ibm.com>
2007-06-03[NET]: Fix comparisons of unsigned < 0.Bill Nottingham
Recent gcc versions emit warnings when unsigned variables are compared < 0 or >= 0. Signed-off-by: Bill Nottingham <notting@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-24[SCTP]: Use menuconfig objects.Jan Engelhardt
Use menuconfigs instead of menus, so the whole menu can be disabled at once instead of going through all options. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-10[SCTP]: Do not include ABORT chunk header in the notification.Vlad Yasevich
The socket API draft is unclear about whether to include the chunk header or not. Recent discussion on the sctp implementors mailing list clarified that the chunk header shouldn't be included, but the error parameter header still needs to be there. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-10[SCTP]: Correctly copy addresses in sctp_copy_laddrsVlad Yasevich
I broke the non-wildcard case recently. This is to fixes it. Now, explictitly bound addresses can ge retrieved using the API. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-10[SCTP]: Prevent OOPS if hmac modules didn't loadVlad Yasevich
SCTP was checking for NULL when trying to detect hmac allocation failure where it should have been using IS_ERR. Also, print a rate limited warning to the log telling the user what happend. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-09Fix occurrences of "the the "Michael Opdenacker
Signed-off-by: Michael Opdenacker <michael@free-electrons.com> Signed-off-by: Adrian Bunk <bunk@stusta.de>