aboutsummaryrefslogtreecommitdiff
path: root/net/sctp
AgeCommit message (Collapse)Author
2008-02-06[SCTP]: Set ports in every address returned by sctp_getladdrs()Vlad Yasevich
Thomas Dreibholz has reported that port numbers are not filled in the results of sctp_getladdrs() when the socket was bound to an ephemeral port. This is only true, if the address was not specified either. So, fill in the port number correctly. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2008-02-06[SCTP]: Correctly reap SSNs when processing FORWARD_TSN chunkVlad Yasevich
When we recieve a FORWARD_TSN chunk, we need to reap all the queued fast-forwarded chunks from the ordering queue However, if we don't have them queued, we need to see if the next expected one is there as well. If it is, start deliver from that point instead of waiting for the next chunk to arrive. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2008-02-05[SCTP]: Kill silly inlines in ulpqueue.cVlad Yasevich
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2008-02-05[SCTP]: Do not increase rwnd when reading partial notification.Vlad Yasevich
When a user reads a partial notification message, do not update rwnd since notifications must not be counted towards receive window. Tested-by: Oliver Roll <mail@oliroll.de> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2008-02-05[SCTP]: Stop claiming that this is a "reference implementation"Vlad Yasevich
I was notified by Randy Stewart that lksctp claims to be "the reference implementation". First of all, "the refrence implementation" was the original implementation of SCTP in usersapce written ty Randy and a few others. Second, after looking at the definiton of 'reference implementation', we don't really meet the requirements. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2008-02-05[SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key ↵Wei Yongjun
identifier If SCTP-AUTH is enabled, received AUTH chunk with BAD shared key identifier will cause kernel panic. Test as following: step1: enabled /proc/sys/net/sctp/auth_enable step 2: connect to SCTP server with auth capable. Association is established between endpoints. Then send a AUTH chunk with a bad shareid, SCTP server will kernel panic after received that AUTH chunk. SCTP client SCTP server INIT ----------> (with auth capable) <---------- INIT-ACK (with auth capable) COOKIE-ECHO ----------> <---------- COOKIE-ACK AUTH ----------> AUTH chunk is like this: AUTH chunk Chunk type: AUTH (15) Chunk flags: 0x00 Chunk length: 28 Shared key identifier: 10 HMAC identifier: SHA-1 (1) HMAC: 0000000000000000000000000000000000000000 The assignment of NULL to key can safely be removed, since key_for_each (which is just list_for_each_entry under the covers does an initial assignment to key anyway). If the endpoint_shared_keys list is empty, or if the key_id being requested does not exist, the function as it currently stands returns the actuall list_head (in this case endpoint_shared_keys. Since that list_head isn't surrounded by an actuall data structure, the last iteration through list_for_each_entry will do a container_of on key, and we wind up returning a bogus pointer, instead of NULL, as we should. > Neil Horman wrote: >> On Tue, Jan 22, 2008 at 05:29:20PM +0900, Wei Yongjun wrote: >> >> FWIW, Ack from me. The assignment of NULL to key can safely be >> removed, since >> key_for_each (which is just list_for_each_entry under the covers does >> an initial >> assignment to key anyway). >> If the endpoint_shared_keys list is empty, or if the key_id being >> requested does >> not exist, the function as it currently stands returns the actuall >> list_head (in >> this case endpoint_shared_keys. Since that list_head isn't >> surrounded by an >> actuall data structure, the last iteration through >> list_for_each_entry will do a >> container_of on key, and we wind up returning a bogus pointer, >> instead of NULL, >> as we should. Wei's patch corrects that. >> >> Regards >> Neil >> >> Acked-by: Neil Horman <nhorman@tuxdriver.com> >> > > Yep, the patch is correct. > > Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> > > -vlad > Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-05[SCTP]: Fix kernel panic while received AUTH chunk while enabled authWei Yongjun
If STCP is started while /proc/sys/net/sctp/auth_enable is set 0 and association is established between endpoints. Then if /proc/sys/net/sctp/auth_enable is set 1, a received AUTH chunk will cause kernel panic. Test as following: step 1: echo 0> /proc/sys/net/sctp/auth_enable step 2: SCTP client SCTP server INIT ---------> <--------- INIT-ACK COOKIE-ECHO ---------> <--------- COOKIE-ACK step 3: echo 1> /proc/sys/net/sctp/auth_enable step 4: SCTP client SCTP server AUTH -----------> Kernel Panic This patch fix this probleam to treat AUTH chunk as unknow chunk if peer has initialized with no auth capable. > Sorry for the delay. Was on vacation without net access. > > Wei Yongjun wrote: >> >> >> This patch fix this probleam to treat AUTH chunk as unknow chunk if >> peer has initialized with no auth capable. >> >> Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> > > Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> > >> Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-03typo fixes in net/sctp/sm_statefuns.cOliver Pinter
Signed-off-by: Oliver Pinter <oliver.pntr@gmail.com> Signed-off-by: Adrian Bunk <bunk@kernel.org>
2008-01-31[SCTP]: Fix miss of report unrecognized HMAC Algorithm parameterWei Yongjun
This patch fix miss of check for report unrecognized HMAC Algorithm parameter. When AUTH is disabled, goto fall through path to report unrecognized parameter, else, just break Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS]: Add namespace parameter to ip_route_output_key.Denis V. Lunev
Needed to propagate it down to the ip_route_output_flow. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Correctly initialize error when parameter validation failed.Vlad Yasevich
When parameter validation fails, there should be error causes that specify what type of failure we've encountered. If the causes are not there, we lacked memory to allocated them. Thus make that the default value for the error. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Fix build warning in sctp_sf_do_5_1C_ack().David S. Miller
Reported by Andrew Morton. net/sctp/sm_statefuns.c: In function 'sctp_sf_do_5_1C_ack': net/sctp/sm_statefuns.c:484: warning: 'error' may be used uninitialized in this function Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS][IPV6]: inet6_addr - check ipv6 address per namespaceDaniel Lezcano
When a new address is added, we must check if the new address does not already exists. This patch makes this check to be aware of a network namespace, so the check will look if the address already exists for the specified network namespace. While the addresses are browsed, the addresses which do not belong to the namespace are discarded. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NETNS]: Add netns parameter to inet_(dev_)add_type.Eric W. Biederman
The patch extends the inet_addr_type and inet_dev_addr_type with the network namespace pointer. That allows to access the different tables relatively to the network namespace. The modification of the signature function is reported in all the callers of the inet_addr_type using the pointer to the well known init_net. Acked-by: Benjamin Thery <benjamin.thery@bull.net> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NET]: Simple ctl_table to ctl_path conversions.Pavel Emelyanov
This patch includes many places, that only required replacing the ctl_table-s with appropriate ctl_paths and call register_sysctl_paths(). Nothing special was done with them. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NET] CORE: Introducing new memory accounting interface.Hideo Aoki
This patch introduces new memory accounting functions for each network protocol. Most of them are renamed from memory accounting functions for stream protocols. At the same time, some stream memory accounting functions are removed since other functions do same thing. Renaming: sk_stream_free_skb() -> sk_wmem_free_skb() __sk_stream_mem_reclaim() -> __sk_mem_reclaim() sk_stream_mem_reclaim() -> sk_mem_reclaim() sk_stream_mem_schedule -> __sk_mem_schedule() sk_stream_pages() -> sk_mem_pages() sk_stream_rmem_schedule() -> sk_rmem_schedule() sk_stream_wmem_schedule() -> sk_wmem_schedule() sk_charge_skb() -> sk_mem_charge() Removeing sk_stream_rfree(): consolidates into sock_rfree() sk_stream_set_owner_r(): consolidates into skb_set_owner_r() sk_stream_mem_schedule() The following functions are added. sk_has_account(): check if the protocol supports accounting sk_mem_uncharge(): do the opposite of sk_mem_charge() In addition, to achieve consolidation, updating sk_wmem_queued is removed from sk_mem_charge(). Next, to consolidate memory accounting functions, this patch adds memory accounting calls to network core functions. Moreover, present memory accounting call is renamed to new accounting call. Finally we replace present memory accounting calls with new interface in TCP and SCTP. Signed-off-by: Takahiro Yasui <tyasui@redhat.com> Signed-off-by: Hideo Aoki <haoki@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Follow Add-IP security consideratiosn wrt INIT/INIT-ACKVlad Yasevich
The Security Considerations section of RFC 5061 has the following text: If an SCTP endpoint that supports this extension receives an INIT that indicates that the peer supports the ASCONF extension but does NOT support the [RFC4895] extension, the receiver of such an INIT MUST send an ABORT in response. Note that an implementation is allowed to silently discard such an INIT as an option as well, but under NO circumstance is an implementation allowed to proceed with the association setup by sending an INIT-ACK in response. An implementation that receives an INIT-ACK that indicates that the peer does not support the [RFC4895] extension MUST NOT send the COOKIE-ECHO to establish the association. Instead, the implementation MUST discard the INIT-ACK and report to the upper- layer user that an association cannot be established destroying the Transmission Control Block (TCB). Follow the recomendations. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Implement ADD-IP special case processing for ABORT chunkVlad Yasevich
ADD-IP spec has a special case for processing ABORTs: F4) ... One special consideration is that ABORT Chunks arriving destined to the IP address being deleted MUST be ignored (see Section 5.3.1 for further details). Check if the address we received on is in the DEL state, and if so, ignore the ABORT. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Change use_as_src into a full address stateVlad Yasevich
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Update ASCONF processing to conform to spec.Vlad Yasevich
The processing of the ASCONF chunks has changed a lot in the spec. New items are: 1. A list of ASCONF-ACK chunks is now cached 2. The source of the packet is used in response. 3. New handling for unexpect ASCONF chunks. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: ADD-IP updates the states where ASCONFs can be sentVlad Yasevich
C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED, and SHUTDOWN-SENT. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Update association lookup to look at ASCONF chunks as wellVlad Yasevich
ADD-IP draft section 5.2 specifies that if an association can not be found using the source and destination of the IP packet, then, if the packet contains ASCONF chunks, the Address Parameter TLV should be used to lookup an association. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Add the handling of "Set Primary IP Address" parameter to INITVlad Yasevich
The ADD-IP "Set Primary IP Address" parameter is allowed in the INIT/INIT-ACK exchange. Allow processing of this parameter during the INIT/INIT-ACK. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Handle the wildcard ADD-IP Address parameterVlad Yasevich
The Address Parameter in the parameter list of the ASCONF chunk may be a wildcard address. In this case special processing is required. For the 'add' case, the source IP of the packet is added. In the 'del' case, all addresses except the source IP of packet are removed. In the "mark primary" case, the source address is marked as primary. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Discard unauthenticated ASCONF and ASCONF ACK chunksVlad Yasevich
Now that we support AUTH, discard unauthenticated ASCONF and ASCONF ACK chunks as mandated in the ADD-IP spec. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[SCTP]: Use crc32c library for checksum calculations.Vlad Yasevich
The crc32c library used an identical table and algorithm as SCTP. Switch to using the library instead of carrying our own table. Using crypto layer proved to have too much overhead compared to using the library directly. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[IPV4] sctp: Use ipv4_is_<type>Joe Perches
Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NET]: Name magic constants in sock_wake_async()Pavel Emelyanov
The sock_wake_async() performs a bit different actions depending on "how" argument. Unfortunately this argument ony has numerical magic values. I propose to give names to their constants to help people reading this function callers understand what's going on without looking into this function all the time. I suppose this is 2.6.25 material, but if it's not (or the naming seems poor/bad/awful), I can rework it against the current net-2.6 tree. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28[NET]: Convert init_timer into setup_timerPavel Emelyanov
Many-many code in the kernel initialized the timer->function and timer->data together with calling init_timer(timer). There is already a helper for this. Use it for networking code. The patch is HUGE, but makes the code 130 lines shorter (98 insertions(+), 228 deletions(-)). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-08[SCTP]: Add back the code that accounted for FORWARD_TSN parameter in INIT.Vlad Yasevich
Some recent changes completely removed accounting for the FORWARD_TSN parameter length in the INIT and INIT-ACK chunk. This is wrong and should be restored. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-08[SCTP]: Correctly handle AUTH parameters in unexpected INITVlad Yasevich
When processing an unexpected INIT chunk, we do not need to do any preservation of the old AUTH parameters. In fact, doing such preservations will nullify AUTH and allow connection stealing. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-08[SCTP]: Fix the name of the authentication event.Vlad Yasevich
The even should be called SCTP_AUTHENTICATION_INDICATION. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-12-20[SCTP]: Spelling fixesJoe Perches
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-12-16[SCTP]: Flush fragment queue when exiting partial delivery.Vlad Yasevich
At the end of partial delivery, we may have complete messages sitting on the fragment queue. These messages are stuck there until a new fragment arrives. This can comletely stall a given association. When clearing partial delivery state, flush any complete messages from the fragment queue and send them on their way up. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-12-07[SCTP]: Fix the bind_addr info during migration.Vlad Yasevich
During accept/migrate the code attempts to copy the addresses from the parent endpoint to the new endpoint. However, if the parent was bound to a wildcard address, then we end up pointlessly copying all of the current addresses on the system. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-12-07[SCTP]: Add bind hash locking to the migrate codeVlad Yasevich
SCTP accept code tries to add a newliy created socket to a bind bucket without holding a lock. On a really busy system, that can causes slab corruptions. Add a lock around this code. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-29SCTP: Fix build issues with SCTP AUTH.Vlad Yasevich
SCTP-AUTH requires selection of CRYPTO, HMAC and SHA1 since SHA1 is a MUST requirement for AUTH. We also support SHA256, but that's optional, so fix the code to treat it as such. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-29SCTP: Fix chunk acceptance when no authenticated chunks were listed.Vlad Yasevich
In the case where no autheticated chunks were specified, we were still trying to verify that a given chunk needs authentication and doing so incorrectly. Add a check for parameter length to make sure we don't try to use an empty auth_chunks parameter to verify against. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-29SCTP: Fix the supported extensions paramterVlad Yasevich
Supported extensions parameter was not coded right and ended up over-writing memory or causing skb overflows. First, remove the FWD_TSN support from as it shouldn't be there and also fix the paramter encoding. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-29SCTP: Fix SCTP-AUTH to correctly add HMACS paramter.Vlad Yasevich
There was a typo that cleared the HMACS parameters when no authenticated chunks were specified. We whould be clearing the chunks pointer instead of the hmacs. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-29SCTP: Fix the number of HB transmissions.Vlad Yasevich
Our treatment of Heartbeats is special in that the inital HB chunk counts against the error count for the association, where as for other chunks, only retransmissions or timeouts count against us. As a result, we had an off-by-1 situation with a number of Heartbeats we could send. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-19[SCTP]: Add missing "space"Joe Perches
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-12Fix memory leak in discard case of sctp_sf_abort_violation()Jesper Juhl
In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak the storage allocated for 'abort' by returning from the function without using or freeing it. This happens in case "sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to the 'discard' label. Spotted by the Coverity checker. The simple fix is to simply move the creation of the "abort chunk" to after the possible jump to the 'discard' label. This way we don't even have to allocate the memory at all in the problem case. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-09SCTP: Always flush the queue when uncorcking.Vlad Yasevich
When the code calls uncork, trigger a queue flush, even if the queue was not corked. Most callers that explicitely cork the queue will have additinal checks to see if they corked it. Callers who do not cork the queue expect packets to flow when they call uncork. The scneario that showcased this bug happend when we were not able to bundle DATA with outgoing COOKIE-ECHO. As a result the data just sat in the outqueue and did not get transmitted. The application expected a response, but nothing happened. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-09SCTP: Fix PR-SCTP to deliver all the accumulated ordered chunksVlad Yasevich
There is a small bug when we process a FWD-TSN. We'll deliver anything upto the current next expected SSN. However, if the next expected is already in the queue, it will take another chunk to trigger its delivery. The fix is to simply check the current queued SSN is the next expected one. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-09SCTP: Make sctp_verify_param return multiple indications.Vlad Yasevich
SCTP-AUTH and future ADD-IP updates have a requirement to do additional verification of parameters and an ability to ABORT the association if verification fails. So, introduce additional return code so that we can clear signal a required action. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-09SCTP: Convert custom hash lists to use hlist.Vlad Yasevich
Convert the custom hash list traversals to use hlist functions. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-09SCTP: Use hashed lookup when looking for an association.Vlad Yasevich
A SCTP endpoint may have a lot of associations on them and walking the list is fairly inefficient. Instead, use a hashed lookup, and filter out the hash list based on the endopoing we already have. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-07SCTP: Fix a potential race between timers and receive path.Vlad Yasevich
There is a possible race condition where the timer code will free the association and the next packet in the queue will also attempt to free the same association. The example is, when we receive an ABORT at about the same time as the retransmission timer fires. If the timer wins the race, it will free the association. Once it releases the lock, the queue processing will recieve the ABORT and will try to free the association again. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
2007-11-07SCTP: Allow ADD_IP to work with AUTH for backward compatibility.Vlad Yasevich
This patch adds a tunable that will allow ADD_IP to work without AUTH for backward compatibility. The default value is off since the default value for ADD_IP is off as well. People who need to use ADD-IP with older implementations take risks of connection hijacking and should consider upgrading or turning this tunable on. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>