summaryrefslogtreecommitdiffstats
path: root/net/sctp/chunk.c
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2007-09-17 04:32:45 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-11 01:51:31 +0200
commit4cd57c8078fae0a4b1bf421191e94626d0cba92a (patch)
treee17a54c65a7859b6283a341e0124d200da64ee3a /net/sctp/chunk.c
parent[SCTP]: Implete SCTP-AUTH parameter processing (diff)
downloadlinux-4cd57c8078fae0a4b1bf421191e94626d0cba92a.tar.xz
linux-4cd57c8078fae0a4b1bf421191e94626d0cba92a.zip
[SCTP]: Enable the sending of the AUTH chunk.
SCTP-AUTH, Section 6.2: Endpoints MUST send all requested chunks authenticated where this has been requested by the peer. The other chunks MAY be sent authenticated or not. If endpoint pair shared keys are used, one of them MUST be selected for authentication. To send chunks in an authenticated way, the sender MUST include these chunks after an AUTH chunk. This means that a sender MUST bundle chunks in order to authenticate them. If the endpoint has no endpoint pair shared key for the peer, it MUST use Shared Key Identifier 0 with an empty endpoint pair shared key. If there are multiple endpoint shared keys the sender selects one and uses the corresponding Shared Key Identifier Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/chunk.c')
-rw-r--r--net/sctp/chunk.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/net/sctp/chunk.c b/net/sctp/chunk.c
index 77fb7b06a9c4..619d0f2dee51 100644
--- a/net/sctp/chunk.c
+++ b/net/sctp/chunk.c
@@ -194,6 +194,18 @@ struct sctp_datamsg *sctp_datamsg_from_user(struct sctp_association *asoc,
max = asoc->frag_point;
+ /* If the the peer requested that we authenticate DATA chunks
+ * we need to accound for bundling of the AUTH chunks along with
+ * DATA.
+ */
+ if (sctp_auth_send_cid(SCTP_CID_DATA, asoc)) {
+ struct sctp_hmac *hmac_desc = sctp_auth_asoc_get_hmac(asoc);
+
+ if (hmac_desc)
+ max -= WORD_ROUND(sizeof(sctp_auth_chunk_t) +
+ hmac_desc->hmac_len);
+ }
+
whole = 0;
first_len = max;