summaryrefslogtreecommitdiffstats
path: root/net/sctp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* [SCTP]: Fix kernel panic while received AUTH chunk with BAD shared key ↵Wei Yongjun2008-02-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | identifier If SCTP-AUTH is enabled, received AUTH chunk with BAD shared key identifier will cause kernel panic. Test as following: step1: enabled /proc/sys/net/sctp/auth_enable step 2: connect to SCTP server with auth capable. Association is established between endpoints. Then send a AUTH chunk with a bad shareid, SCTP server will kernel panic after received that AUTH chunk. SCTP client SCTP server INIT ----------> (with auth capable) <---------- INIT-ACK (with auth capable) COOKIE-ECHO ----------> <---------- COOKIE-ACK AUTH ----------> AUTH chunk is like this: AUTH chunk Chunk type: AUTH (15) Chunk flags: 0x00 Chunk length: 28 Shared key identifier: 10 HMAC identifier: SHA-1 (1) HMAC: 0000000000000000000000000000000000000000 The assignment of NULL to key can safely be removed, since key_for_each (which is just list_for_each_entry under the covers does an initial assignment to key anyway). If the endpoint_shared_keys list is empty, or if the key_id being requested does not exist, the function as it currently stands returns the actuall list_head (in this case endpoint_shared_keys. Since that list_head isn't surrounded by an actuall data structure, the last iteration through list_for_each_entry will do a container_of on key, and we wind up returning a bogus pointer, instead of NULL, as we should. > Neil Horman wrote: >> On Tue, Jan 22, 2008 at 05:29:20PM +0900, Wei Yongjun wrote: >> >> FWIW, Ack from me. The assignment of NULL to key can safely be >> removed, since >> key_for_each (which is just list_for_each_entry under the covers does >> an initial >> assignment to key anyway). >> If the endpoint_shared_keys list is empty, or if the key_id being >> requested does >> not exist, the function as it currently stands returns the actuall >> list_head (in >> this case endpoint_shared_keys. Since that list_head isn't >> surrounded by an >> actuall data structure, the last iteration through >> list_for_each_entry will do a >> container_of on key, and we wind up returning a bogus pointer, >> instead of NULL, >> as we should. Wei's patch corrects that. >> >> Regards >> Neil >> >> Acked-by: Neil Horman <nhorman@tuxdriver.com> >> > > Yep, the patch is correct. > > Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> > > -vlad > Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Fix kernel panic while received AUTH chunk while enabled authWei Yongjun2008-02-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If STCP is started while /proc/sys/net/sctp/auth_enable is set 0 and association is established between endpoints. Then if /proc/sys/net/sctp/auth_enable is set 1, a received AUTH chunk will cause kernel panic. Test as following: step 1: echo 0> /proc/sys/net/sctp/auth_enable step 2: SCTP client SCTP server INIT ---------> <--------- INIT-ACK COOKIE-ECHO ---------> <--------- COOKIE-ACK step 3: echo 1> /proc/sys/net/sctp/auth_enable step 4: SCTP client SCTP server AUTH -----------> Kernel Panic This patch fix this probleam to treat AUTH chunk as unknow chunk if peer has initialized with no auth capable. > Sorry for the delay. Was on vacation without net access. > > Wei Yongjun wrote: >> >> >> This patch fix this probleam to treat AUTH chunk as unknow chunk if >> peer has initialized with no auth capable. >> >> Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> > > Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> > >> Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* typo fixes in net/sctp/sm_statefuns.cOliver Pinter2008-02-031-2/+2
| | | | | Signed-off-by: Oliver Pinter <oliver.pntr@gmail.com> Signed-off-by: Adrian Bunk <bunk@kernel.org>
* [SCTP]: Fix miss of report unrecognized HMAC Algorithm parameterWei Yongjun2008-02-011-1/+1
| | | | | | | | | | | This patch fix miss of check for report unrecognized HMAC Algorithm parameter. When AUTH is disabled, goto fall through path to report unrecognized parameter, else, just break Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Add namespace parameter to ip_route_output_key.Denis V. Lunev2008-01-291-2/+2
| | | | | | | Needed to propagate it down to the ip_route_output_flow. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Correctly initialize error when parameter validation failed.Vlad Yasevich2008-01-291-3/+2
| | | | | | | | | | When parameter validation fails, there should be error causes that specify what type of failure we've encountered. If the causes are not there, we lacked memory to allocated them. Thus make that the default value for the error. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Fix build warning in sctp_sf_do_5_1C_ack().David S. Miller2008-01-291-1/+1
| | | | | | | | | Reported by Andrew Morton. net/sctp/sm_statefuns.c: In function 'sctp_sf_do_5_1C_ack': net/sctp/sm_statefuns.c:484: warning: 'error' may be used uninitialized in this function Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS][IPV6]: inet6_addr - check ipv6 address per namespaceDaniel Lezcano2008-01-291-2/+3
| | | | | | | | | | | | When a new address is added, we must check if the new address does not already exists. This patch makes this check to be aware of a network namespace, so the check will look if the address already exists for the specified network namespace. While the addresses are browsed, the addresses which do not belong to the namespace are discarded. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Benjamin Thery <benjamin.thery@bull.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETNS]: Add netns parameter to inet_(dev_)add_type.Eric W. Biederman2008-01-291-1/+1
| | | | | | | | | | | | | | | The patch extends the inet_addr_type and inet_dev_addr_type with the network namespace pointer. That allows to access the different tables relatively to the network namespace. The modification of the signature function is reported in all the callers of the inet_addr_type using the pointer to the well known init_net. Acked-by: Benjamin Thery <benjamin.thery@bull.net> Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Simple ctl_table to ctl_path conversions.Pavel Emelyanov2008-01-291-19/+5
| | | | | | | | | | | This patch includes many places, that only required replacing the ctl_table-s with appropriate ctl_paths and call register_sysctl_paths(). Nothing special was done with them. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET] CORE: Introducing new memory accounting interface.Hideo Aoki2008-01-295-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch introduces new memory accounting functions for each network protocol. Most of them are renamed from memory accounting functions for stream protocols. At the same time, some stream memory accounting functions are removed since other functions do same thing. Renaming: sk_stream_free_skb() -> sk_wmem_free_skb() __sk_stream_mem_reclaim() -> __sk_mem_reclaim() sk_stream_mem_reclaim() -> sk_mem_reclaim() sk_stream_mem_schedule -> __sk_mem_schedule() sk_stream_pages() -> sk_mem_pages() sk_stream_rmem_schedule() -> sk_rmem_schedule() sk_stream_wmem_schedule() -> sk_wmem_schedule() sk_charge_skb() -> sk_mem_charge() Removeing sk_stream_rfree(): consolidates into sock_rfree() sk_stream_set_owner_r(): consolidates into skb_set_owner_r() sk_stream_mem_schedule() The following functions are added. sk_has_account(): check if the protocol supports accounting sk_mem_uncharge(): do the opposite of sk_mem_charge() In addition, to achieve consolidation, updating sk_wmem_queued is removed from sk_mem_charge(). Next, to consolidate memory accounting functions, this patch adds memory accounting calls to network core functions. Moreover, present memory accounting call is renamed to new accounting call. Finally we replace present memory accounting calls with new interface in TCP and SCTP. Signed-off-by: Takahiro Yasui <tyasui@redhat.com> Signed-off-by: Hideo Aoki <haoki@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Follow Add-IP security consideratiosn wrt INIT/INIT-ACKVlad Yasevich2008-01-282-8/+46
| | | | | | | | | | | | | | | | | | | | | | | | | The Security Considerations section of RFC 5061 has the following text: If an SCTP endpoint that supports this extension receives an INIT that indicates that the peer supports the ASCONF extension but does NOT support the [RFC4895] extension, the receiver of such an INIT MUST send an ABORT in response. Note that an implementation is allowed to silently discard such an INIT as an option as well, but under NO circumstance is an implementation allowed to proceed with the association setup by sending an INIT-ACK in response. An implementation that receives an INIT-ACK that indicates that the peer does not support the [RFC4895] extension MUST NOT send the COOKIE-ECHO to establish the association. Instead, the implementation MUST discard the INIT-ACK and report to the upper- layer user that an association cannot be established destroying the Transmission Control Block (TCB). Follow the recomendations. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Implement ADD-IP special case processing for ABORT chunkVlad Yasevich2008-01-282-4/+74
| | | | | | | | | | | | | ADD-IP spec has a special case for processing ABORTs: F4) ... One special consideration is that ABORT Chunks arriving destined to the IP address being deleted MUST be ignored (see Section 5.3.1 for further details). Check if the address we received on is in the DEL state, and if so, ignore the ABORT. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Change use_as_src into a full address stateVlad Yasevich2008-01-285-16/+17
| | | | | Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Update ASCONF processing to conform to spec.Vlad Yasevich2008-01-284-33/+130
| | | | | | | | | | | The processing of the ASCONF chunks has changed a lot in the spec. New items are: 1. A list of ASCONF-ACK chunks is now cached 2. The source of the packet is used in response. 3. New handling for unexpect ASCONF chunks. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: ADD-IP updates the states where ASCONFs can be sentVlad Yasevich2008-01-281-9/+9
| | | | | | | | | C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED, and SHUTDOWN-SENT. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Update association lookup to look at ASCONF chunks as wellVlad Yasevich2008-01-281-21/+103
| | | | | | | | | | ADD-IP draft section 5.2 specifies that if an association can not be found using the source and destination of the IP packet, then, if the packet contains ASCONF chunks, the Address Parameter TLV should be used to lookup an association. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Add the handling of "Set Primary IP Address" parameter to INITVlad Yasevich2008-01-281-0/+27
| | | | | | | | | The ADD-IP "Set Primary IP Address" parameter is allowed in the INIT/INIT-ACK exchange. Allow processing of this parameter during the INIT/INIT-ACK. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Handle the wildcard ADD-IP Address parameterVlad Yasevich2008-01-282-4/+53
| | | | | | | | | | | | The Address Parameter in the parameter list of the ASCONF chunk may be a wildcard address. In this case special processing is required. For the 'add' case, the source IP of the packet is added. In the 'del' case, all addresses except the source IP of packet are removed. In the "mark primary" case, the source address is marked as primary. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Discard unauthenticated ASCONF and ASCONF ACK chunksVlad Yasevich2008-01-281-0/+18
| | | | | | | | Now that we support AUTH, discard unauthenticated ASCONF and ASCONF ACK chunks as mandated in the ADD-IP spec. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Use crc32c library for checksum calculations.Vlad Yasevich2008-01-285-223/+4
| | | | | | | | | | The crc32c library used an identical table and algorithm as SCTP. Switch to using the library instead of carrying our own table. Using crypto layer proved to have too much overhead compared to using the library directly. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4] sctp: Use ipv4_is_<type>Joe Perches2008-01-281-5/+7
| | | | | | Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Name magic constants in sock_wake_async()Pavel Emelyanov2008-01-281-1/+2
| | | | | | | | | | | | | | | | | | The sock_wake_async() performs a bit different actions depending on "how" argument. Unfortunately this argument ony has numerical magic values. I propose to give names to their constants to help people reading this function callers understand what's going on without looking into this function all the time. I suppose this is 2.6.25 material, but if it's not (or the naming seems poor/bad/awful), I can rework it against the current net-2.6 tree. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Convert init_timer into setup_timerPavel Emelyanov2008-01-282-14/+7
| | | | | | | | | | | | | Many-many code in the kernel initialized the timer->function and timer->data together with calling init_timer(timer). There is already a helper for this. Use it for networking code. The patch is HUGE, but makes the code 130 lines shorter (98 insertions(+), 228 deletions(-)). Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Add back the code that accounted for FORWARD_TSN parameter in INIT.Vlad Yasevich2008-01-091-0/+6
| | | | | | | | | Some recent changes completely removed accounting for the FORWARD_TSN parameter length in the INIT and INIT-ACK chunk. This is wrong and should be restored. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Correctly handle AUTH parameters in unexpected INITVlad Yasevich2008-01-091-22/+0
| | | | | | | | | | When processing an unexpected INIT chunk, we do not need to do any preservation of the old AUTH parameters. In fact, doing such preservations will nullify AUTH and allow connection stealing. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Fix the name of the authentication event.Vlad Yasevich2008-01-091-1/+1
| | | | | | | The even should be called SCTP_AUTHENTICATION_INDICATION. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Spelling fixesJoe Perches2007-12-201-4/+4
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Flush fragment queue when exiting partial delivery.Vlad Yasevich2007-12-161-0/+33
| | | | | | | | | | | | At the end of partial delivery, we may have complete messages sitting on the fragment queue. These messages are stuck there until a new fragment arrives. This can comletely stall a given association. When clearing partial delivery state, flush any complete messages from the fragment queue and send them on their way up. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Fix the bind_addr info during migration.Vlad Yasevich2007-12-072-10/+28
| | | | | | | | | | During accept/migrate the code attempts to copy the addresses from the parent endpoint to the new endpoint. However, if the parent was bound to a wildcard address, then we end up pointlessly copying all of the current addresses on the system. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SCTP]: Add bind hash locking to the migrate codeVlad Yasevich2007-12-071-0/+6
| | | | | | | | | | SCTP accept code tries to add a newliy created socket to a bind bucket without holding a lock. On a really busy system, that can causes slab corruptions. Add a lock around this code. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* SCTP: Fix build issues with SCTP AUTH.Vlad Yasevich2007-11-292-3/+5
| | | | | | | | SCTP-AUTH requires selection of CRYPTO, HMAC and SHA1 since SHA1 is a MUST requirement for AUTH. We also support SHA256, but that's optional, so fix the code to treat it as such. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix chunk acceptance when no authenticated chunks were listed.Vlad Yasevich2007-11-291-1/+1
| | | | | | | | | In the case where no autheticated chunks were specified, we were still trying to verify that a given chunk needs authentication and doing so incorrectly. Add a check for parameter length to make sure we don't try to use an empty auth_chunks parameter to verify against. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix the supported extensions paramterVlad Yasevich2007-11-291-15/+8
| | | | | | | | | Supported extensions parameter was not coded right and ended up over-writing memory or causing skb overflows. First, remove the FWD_TSN support from as it shouldn't be there and also fix the paramter encoding. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix SCTP-AUTH to correctly add HMACS paramter.Vlad Yasevich2007-11-291-1/+1
| | | | | | | | There was a typo that cleared the HMACS parameters when no authenticated chunks were specified. We whould be clearing the chunks pointer instead of the hmacs. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix the number of HB transmissions.Vlad Yasevich2007-11-291-1/+1
| | | | | | | | | | Our treatment of Heartbeats is special in that the inital HB chunk counts against the error count for the association, where as for other chunks, only retransmissions or timeouts count against us. As a result, we had an off-by-1 situation with a number of Heartbeats we could send. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* [SCTP]: Add missing "space"Joe Perches2007-11-201-1/+1
| | | | | Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Fix memory leak in discard case of sctp_sf_abort_violation()Jesper Juhl2007-11-121-5/+5
| | | | | | | | | | | | | | | | In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak the storage allocated for 'abort' by returning from the function without using or freeing it. This happens in case "sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to the 'discard' label. Spotted by the Coverity checker. The simple fix is to simply move the creation of the "abort chunk" to after the possible jump to the 'discard' label. This way we don't even have to allocate the memory at all in the problem case. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Always flush the queue when uncorcking.Vlad Yasevich2007-11-091-3/+2
| | | | | | | | | | | | | | | When the code calls uncork, trigger a queue flush, even if the queue was not corked. Most callers that explicitely cork the queue will have additinal checks to see if they corked it. Callers who do not cork the queue expect packets to flow when they call uncork. The scneario that showcased this bug happend when we were not able to bundle DATA with outgoing COOKIE-ECHO. As a result the data just sat in the outqueue and did not get transmitted. The application expected a response, but nothing happened. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix PR-SCTP to deliver all the accumulated ordered chunksVlad Yasevich2007-11-091-1/+1
| | | | | | | | | | There is a small bug when we process a FWD-TSN. We'll deliver anything upto the current next expected SSN. However, if the next expected is already in the queue, it will take another chunk to trigger its delivery. The fix is to simply check the current queued SSN is the next expected one. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Make sctp_verify_param return multiple indications.Vlad Yasevich2007-11-091-74/+75
| | | | | | | | | | SCTP-AUTH and future ADD-IP updates have a requirement to do additional verification of parameters and an ability to ABORT the association if verification fails. So, introduce additional return code so that we can clear signal a required action. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Convert custom hash lists to use hlist.Vlad Yasevich2007-11-095-47/+25
| | | | | | Convert the custom hash list traversals to use hlist functions. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Use hashed lookup when looking for an association.Vlad Yasevich2007-11-091-12/+22
| | | | | | | | A SCTP endpoint may have a lot of associations on them and walking the list is fairly inefficient. Instead, use a hashed lookup, and filter out the hash list based on the endopoing we already have. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix a potential race between timers and receive path.Vlad Yasevich2007-11-071-0/+4
| | | | | | | | | | | | | | There is a possible race condition where the timer code will free the association and the next packet in the queue will also attempt to free the same association. The example is, when we receive an ABORT at about the same time as the retransmission timer fires. If the timer wins the race, it will free the association. Once it releases the lock, the queue processing will recieve the ABORT and will try to free the association again. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Allow ADD_IP to work with AUTH for backward compatibility.Vlad Yasevich2007-11-074-3/+19
| | | | | | | | | | This patch adds a tunable that will allow ADD_IP to work without AUTH for backward compatibility. The default value is off since the default value for ADD_IP is off as well. People who need to use ADD-IP with older implementations take risks of connection hijacking and should consider upgrading or turning this tunable on. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Correctly disable ADD-IP when AUTH is not supported.Vlad Yasevich2007-11-072-3/+4
| | | | Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Update RCU handling during the ADD-IP caseVlad Yasevich2007-11-073-12/+9
| | | | | | | | | | After learning more about rcu, it looks like the ADD-IP hadling doesn't need to call call_rcu_bh. All the rcu critical sections use rcu_read_lock, so using call_rcu_bh is wrong here. Now, restore the local_bh_disable() code blocks and use normal call_rcu() calls. Also restore the missing return statement. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP: Fix difference cases of retransmit.Vlad Yasevich2007-11-074-20/+30
| | | | | | | | | | | | | | | | | | | | | Commit d0ce92910bc04e107b2f3f2048f07e94f570035d broke several retransmit cases including fast retransmit. The reason is that we should only delay by rto while doing retranmists as a result of a timeout. Retransmit as a result of path mtu discover, fast retransmit, or other evernts that should trigger immidiate retransmissions got broken. Also, since rto is doubled prior to marking of packets elegable for retransmission, we never marked correct chunks anyway. The fix is provide a reason for a given retransmission so that we can mark chunks appropriately and to save the old rto value to do comparisons against. All regressions tests passed with this code. Spotted by Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP : Fix to process bundled ASCONF chunk correctlyWei Yongjun2007-11-071-2/+6
| | | | | | | | | | | | | | If ASCONF chunk is bundled with other chunks as the first chunk, when process the ASCONF parameters, full packet data will be process as the parameters of the ASCONF chunk, not only the real parameters. So if you send a ASCONF chunk bundled with other chunks, you will get an unexpect result. This problem also exists when ASCONF-ACK chunk is bundled with other chunks. This patch fix this problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* SCTP : Fix bad formatted comment in outqueue.cWei Yongjun2007-11-071-1/+2
| | | | | | | Just fix the bad format of the comment in outqueue.c. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>