summaryrefslogtreecommitdiffstats
path: root/net/sctp
Commit message (Collapse)AuthorAgeFilesLines
* sctp: Fix another socket race during accept/peeloffVlad Yasevich2009-01-221-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | There is a race between sctp_rcv() and sctp_accept() where we have moved the association from the listening socket to the accepted socket, but sctp_rcv() processing cached the old socket and continues to use it. The easy solution is to check for the socket mismatch once we've grabed the socket lock. If we hit a mis-match, that means that were are currently holding the lock on the listening socket, but the association is refrencing a newly accepted socket. We need to drop the lock on the old socket and grab the lock on the new one. A more proper solution might be to create accepted sockets when the new association is established, similar to TCP. That would eliminate the race for 1-to-1 style sockets, but it would still existing for 1-to-many sockets where a user wished to peeloff an association. For now, we'll live with this easy solution as it addresses the problem. Reported-by: Michal Hocko <mhocko@suse.cz> Reported-by: Karsten Keil <kkeil@suse.de> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Properly timestamp outgoing data chunks for rtx purposesVlad Yasevich2009-01-221-3/+4
| | | | | | | | | | | | | | | | | | | Recent changes to the retransmit code exposed a long standing bug where it was possible for a chunk to be time stamped after the retransmit timer was reset. This caused a rare situation where the retrnamist timer has expired, but nothing was marked for retrnasmission because all of timesamps on data were less then 1 rto ago. As result, the timer was never restarted since nothing was retransmitted, and this resulted in a hung association that did couldn't complete the data transfer. The solution is to timestamp the chunk when it's added to the packet for transmission purposes. After the packet is trsnmitted the rtx timer is restarted. This guarantees that when the timer expires, there will be data to retransmit. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Correctly start rtx timer on new packet transmissions.Vlad Yasevich2009-01-221-2/+1
| | | | | | | | | | | | Commit 62aeaff5ccd96462b7077046357a6d7886175a57 (sctp: Start T3-RTX timer when fast retransmitting lowest TSN) introduced a regression where it was possible to forcibly restart the sctp retransmit timer at the transmission of any new chunk. This resulted in much longer timeout times and sometimes hung sctp connections. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* fix similar typos to successfullColy Li2009-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | When I review ocfs2 code, find there are 2 typos to "successfull". After doing grep "successfull " in kernel tree, 22 typos found totally -- great minds always think alike :) This patch fixes all the similar typos. Thanks for Randy's ack and comments. Signed-off-by: Coly Li <coyli@suse.de> Acked-by: Randy Dunlap <randy.dunlap@oracle.com> Acked-by: Roland Dreier <rolandd@cisco.com> Cc: Jeremy Kerr <jk@ozlabs.org> Cc: Jeff Garzik <jeff@garzik.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Theodore Ts'o <tytso@mit.edu> Cc: Mark Fasheh <mfasheh@suse.com> Cc: Vlad Yasevich <vladislav.yasevich@hp.com> Cc: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* trivial: fix then -> than typos in comments and documentationFrederik Schwarzer2009-01-064-7/+7
| | | | | | | - (better, more, bigger ...) then -> (...) than Signed-off-by: Frederik Schwarzer <schwarzerf@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* sctp: Add validity check for SCTP_PARTIAL_DELIVERY_POINT socket optionWei Yongjun2008-12-251-3/+16
| | | | | | | | | | | | | | | | The latest ietf socket extensions API draft said: 8.1.21. Set or Get the SCTP Partial Delivery Point Note also that the call will fail if the user attempts to set this value larger than the socket receive buffer size. This patch add this validity check for SCTP_PARTIAL_DELIVERY_POINT socket option. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream IDWei Yongjun2008-12-251-0/+14
| | | | | | | | | | | | | | | | | | | | | | | If FWD-TSN chunk is received with bad stream ID, the sctp will not do the validity check, this may cause memory overflow when overwrite the TSN of the stream ID. The FORWARD-TSN chunk is like this: FORWARD-TSN chunk Type = 192 Flags = 0 Length = 172 NewTSN = 99 Stream = 10000 StreamSequence = 0xFFFF This patch fix this problem by discard the chunk if stream ID is not less than MIS. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Implement socket option SCTP_GET_ASSOC_NUMBERWei Yongjun2008-12-251-0/+35
| | | | | | | | | | | | | | Implement socket option SCTP_GET_ASSOC_NUMBER of the latest ietf socket extensions API draft. 8.2.5. Get the Current Number of Associations (SCTP_GET_ASSOC_NUMBER) This option gets the current number of associations that are attached to a one-to-many style socket. The option value is an uint32_t. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Fix a typo in socket.cWei Yongjun2008-12-251-4/+4
| | | | | | | | Just fix a typo in socket.c. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Bring SCTP_MAXSEG socket option into ietf API extension complianceWei Yongjun2008-12-251-23/+107
| | | | | | | | | Brings maxseg socket option set/get into line with the latest ietf socket extensions API draft, while maintaining backwards compatibility. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: fix missing label when PROC_FS=nRandy Dunlap2008-11-271-2/+3
| | | | | | | | | | | | Fix missing label when CONFIG_PROC_FS=n: net/sctp/protocol.c: In function 'sctp_proc_init': net/sctp/protocol.c:106: error: label 'out_nomem' used but not defined make[3]: *** [net/sctp/protocol.o] Error 1 Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Use a percpu_counter for sockets_allocatedEric Dumazet2008-11-252-4/+8
| | | | | | | | | | | | | Instead of using one atomic_t per protocol, use a percpu_counter for "sockets_allocated", to reduce cache line contention on heavy duty network servers. Note : We revert commit (248969ae31e1b3276fc4399d67ce29a5d81e6fd9 net: af_unix can make unix_nr_socks visbile in /proc), since it is not anymore used after sock_prot_inuse_add() addition Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Make sure BHs are disabled in sock_prot_inuse_add()Eric Dumazet2008-11-251-0/+2
| | | | | | | | | prot->destroy is not called with BH disabled. So we must add explicit BH disable around call to sock_prot_inuse_add() in sctp_destroy_sock() Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: Make sure BHs are disabled in sock_prot_inuse_add()David S. Miller2008-11-231-0/+4
| | | | | | | | | | The rule of calling sock_prot_inuse_add() is that BHs must be disabled. Some new calls were added where this was not true and this tiggers warnings as reported by Ilpo. Fix this by adding explicit BH disabling around those call sites. Signed-off-by: David S. Miller <davem@davemloft.net>
* net: sctp should update its inuse counterEric Dumazet2008-11-171-0/+2
| | | | | | | | | | | This patch is a preparation to namespace conversion of /proc/net/protocols In order to have relevant information for SCTP protocols, we should use sock_prot_inuse_add() to update a (percpu and pernamespace) counter of inuse sockets. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: '&' reduxAlexey Dobriyan2008-11-031-41/+41
| | | | | | | | | | | | | I want to compile out proc_* and sysctl_* handlers totally and stub them to NULL depending on config options, however usage of & will prevent this, since taking adress of NULL pointer will break compilation. So, drop & in front of every ->proc_handler and every ->strategy handler, it was never needed in fact. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: replace NIPQUAD() in net/*/Harvey Harrison2008-10-312-13/+10
| | | | | | | | Using NIPQUAD() with NIPQUAD_FMT, %d.%d.%d.%d or %u.%u.%u.%u can be replaced with %pI4 Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net: replace %p6 with %pI6Harvey Harrison2008-10-292-10/+10
| | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* net, misc: replace uses of NIP6_FMT with %p6Harvey Harrison2008-10-282-24/+16
| | | | | Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Fix to handle SHUTDOWN in SHUTDOWN_RECEIVED stateWei Yongjun2008-10-232-1/+46
| | | | | | | | | | | | | | Once an endpoint has reached the SHUTDOWN-RECEIVED state, it MUST NOT send a SHUTDOWN in response to a ULP request. The Cumulative TSN Ack of the received SHUTDOWN chunk MUST be processed. This patch fix to process Cumulative TSN Ack of the received SHUTDOWN chunk in SHUTDOWN_RECEIVED state. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Fix to handle SHUTDOWN in SHUTDOWN-PENDING stateWei Yongjun2008-10-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If SHUTDOWN is received in SHUTDOWN-PENDING state, enpoint should enter the SHUTDOWN-RECEIVED state and check the Cumulative TSN Ack field of the SHUTDOWN chunk (RFC 4960 Section 9.2). If the SHUTDOWN chunk can acknowledge all of the send DATA chunks, SHUTDOWN-ACK should be sent. But now endpoint just silently discarded the SHUTDOWN chunk. SHUTDOWN received in SHUTDOWN-PENDING state can happend when the last SACK is lost by network, or the SHUTDOWN chunk can acknowledge all of the received DATA chunks. The packet sequence(SACK lost) is like this: Endpoint A Endpoint B ULP (ESTABLISHED) (ESTABLISHED) <----------- DATA <--- shutdown Enter SHUTDOWN-PENDING state SACK ----lost----> SHUTDOWN(*1) ------------> <----------- SHUTDOWN-ACK (*1) silently discarded now. This patch fix to handle SHUTDOWN in SHUTDOWN-PENDING state as the same as ESTABLISHED state. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Add check for the TSN field of the SHUTDOWN chunkWei Yongjun2008-10-231-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If SHUTDOWN chunk is received Cumulative TSN Ack beyond the max tsn currently send, SHUTDOWN chunk be accepted and the association will be broken. New data is send, but after received SACK it will be drop because TSN in SACK is less than the Cumulative TSN, data will be retrans again and again even if correct SACK is received. The packet sequence is like this: Endpoint A Endpoint B ULP (ESTABLISHED) (ESTABLISHED) <----------- DATA (TSN=x-1) <----------- DATA (TSN=x) SHUTDOWN -----------> (Now Cumulative TSN=x+1000) (TSN=x+1000) <----------- DATA (TSN=x+1) SACK -----------> drop the SACK (TSN=x+1) <----------- DATA (TSN=x+1)(retrans) This patch fix this problem by terminating the association and respond to the sender with an ABORT. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Drop ICMP packet too big message with MTU larger than current PMTUWei Yongjun2008-10-231-1/+1
| | | | | | | | | | | | | | | | | | If ICMP packet too big message is received with MTU larger than current PMTU, SCTP will still accept this ICMP message and sync the PMTU of assoc with the wrong MTU. Endpoing A Endpoint B (ESTABLISHED) (ESTABLISHED) ICMP ---------> (packet too big, MTU too larger) sync PMTU This patch fixed the problem by drop that ICMP message. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: update SNMP statiscts when T5 timer expired.Vlad Yasevich2008-10-091-0/+3
| | | | | | | | | | The T5 timer is the timer for the over-all shutdown procedure. If this timer expires, then shutdown procedure has not completed and we ABORT the association. We should update SCTP_MIB_ABORTED and SCTP_MIB_CURRESTAB when aborting. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Fix SNMP number of SCTP_MIB_ABORTED during violation handling.Vlad Yasevich2008-10-091-6/+3
| | | | | | | | | If ABORT chunks require authentication and a protocol violation is triggered, we do not tear down the association. Subsequently, we should not increment SCTP_MIB_ABORTED. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Fix the SNMP number of SCTP_MIB_CURRESTABWei Yongjun2008-10-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | RFC3873 defined SCTP_MIB_CURRESTAB: sctpCurrEstab OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of associations for which the current state is either ESTABLISHED, SHUTDOWN-RECEIVED or SHUTDOWN-PENDING." REFERENCE "Section 4 in RFC2960 covers the SCTP Association state diagram." If the T4 RTO timer expires many times(timeout), the association will enter CLOSED state, so we should dec the number of SCTP_MIB_CURRESTAB, not inc the number of SCTP_MIB_CURRESTAB. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: shrink sctp_tsnmap some more by removing gabs arrayVlad Yasevich2008-10-082-9/+12
| | | | | | | | | | | | | The gabs array in the sctp_tsnmap structure is only used in one place, sctp_make_sack(). As such, carrying the array around in the sctp_tsnmap and thus directly in the sctp_association is rather pointless since most of the time it's just taking up space. Now, let sctp_make_sack create and populate it and then throw it away when it's done. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Rework the tsn map to use generic bitmap.Vlad Yasevich2008-10-085-192/+166
| | | | | | | | | | | | | | | | | | | The tsn map currently use is 4K large and is stuck inside the sctp_association structure making memory references REALLY expensive. What we really need is at most 4K worth of bits so the biggest map we would have is 512 bytes. Also, the map is only really usefull when we have gaps to store and report. As such, starting with minimal map of say 32 TSNs (bits) should be enough for normal low-loss operations. We can grow the map by some multiple of 32 along with some extra room any time we receive the TSN which would put us outside of the map boundry. As we close gaps, we can shift the map to rebase it on the latest TSN we've seen. This saves 4088 bytes per association just in the map alone along savings from the now unnecessary structure members. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: added net argument to ICMP6_INC_STATS_BHDenis V. Lunev2008-10-081-1/+1
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: correctly save sctp_adaptation from parameter.Vlad Yasevich2008-10-011-1/+1
| | | | | | | | The INIT perameter carries the adapatation value in network-byte order. We need to store it in host byte order as expected by data types and the user API. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: enable cookie-echo retransmission transport switchVlad Yasevich2008-10-012-34/+46
| | | | | | | | | This patch enables cookie-echo retransmission transport switch feature. If COOKIE-ECHO retransmission happens, it will be sent to the address other than the one last sent to. Signed-off-by: Gui Jianfeng <guijianfeng@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: Fix the SNMP counter of SCTP_MIB_OUTOFBLUESWei Yongjun2008-10-011-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RFC3873 defined SCTP_MIB_OUTOFBLUES: sctpOutOfBlues OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of out of the blue packets received by the host. An out of the blue packet is an SCTP packet correctly formed, including the proper checksum, but for which the receiver was unable to identify an appropriate association." REFERENCE "Section 8.4 in RFC2960 deals with the Out-Of-The-Blue (OOTB) packet definition and procedures." But OOTB packet INIT, INIT-ACK and SHUTDOWN-ACK(COOKIE-WAIT or COOKIE-ECHOED state) are not counted by SCTP_MIB_OUTOFBLUES. Case 1(INIT): Endpoint A Endpoint B (CLOSED) (CLOSED) INIT ----------> <---------- ABORT Case 2(INIT-ACK): Endpoint A Endpoint B (CLOSED) (CLOSED) INIT-ACK ----------> <---------- ABORT Case 3(SHUTDOWN-ACK): Endpoint A Endpoint B (CLOSED) (CLOSED) <---------- INIT SHUTDOWN-ACK ----------> <---------- SHUTDOWN-COMPLETE Case 4(SHUTDOWN-ACK): Endpoint A Endpoint B (CLOSED) (COOKIE-ECHOED) SHUTDOWN-ACK ----------> <---------- SHUTDOWN-COMPLETE This patch fixed the problem. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: Fix to start T5-shutdown-guard timer while enter SHUTDOWN-SENT stateWei Yongjun2008-10-012-18/+8
| | | | | | | | | | | | | | | | | | | | | | RFC 4960: Section 9.2 The sender of the SHUTDOWN MAY also start an overall guard timer 'T5-shutdown-guard' to bound the overall time for the shutdown sequence. At the expiration of this timer, the sender SHOULD abort the association by sending an ABORT chunk. If the 'T5-shutdown- guard' timer is used, it SHOULD be set to the recommended value of 5 times 'RTO.Max'. The timer 'T5-shutdown-guard' is used to counter the overall time for shutdown sequence, and it's start by the sender of the SHUTDOWN. So timer 'T5-shutdown-guard' should be start when we send the first SHUTDOWN chunk and enter the SHUTDOWN-SENT state, not start when we receipt of the SHUTDOWN primitive and enter SHUTDOWN-PENDING state. If 'T5-shutdown-guard' timer is start at SHUTDOWN-PENDING state, the association may be ABORT while data is still transmitting. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: try harder to figure out address family when checking wildcardsVlad Yasevich2008-10-013-10/+21
| | | | | | | | | | | sctp_is_any() function that is used to check for wildcard addresses only looks at the address itself to determine the address family. This function is used in the API to check the address passed in from the user. If the user simply zerroes out the sockaddr_storage and pass that in, we'll end up failing. So, let's try harder to determine the address family by also checking the socket if it's possible. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: reduce memory footprint of sctp_chunk structureNeil Horman2008-10-013-9/+9
| | | | | | | | | sctp_chunks should be put on a diet. This is some of the low hanging fruit that we can strip out. Changes all the __s8/__u8 flags to bitfields. Saves 12 bytes per chunk. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: Retransmit list is ineligable for missing indicationsVlad Yasevich2008-10-011-2/+0
| | | | | | | | | | Chunks placed on the retransmit list are marked as inelegible for fast retrasnmission. Since missing indications determine when fast reransmission is done, there is not point in calling sctp_mark_missing() on the retransmit list since those chunks will not be marked. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: Optimize SFR-CACC transport list walking during SACK processingVlad Yasevich2008-10-011-15/+19
| | | | | | | | There is a possibility of walking the transport list twice during SACK processing when doing SFR-CACC algorithm. We can restructure the code to only do this once. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* sctp: Only mark chunks as missing when there are gapsVlad Yasevich2008-10-011-9/+12
| | | | | | | | Frist small step in optimizing SACK processing. Do not call sctp_mark_missing() when there are no gaps reported and thus not missing chunks. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
* Merge branch 'master' of ↵David S. Miller2008-10-014-35/+77
|\ | | | | | | | | | | | | | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Conflicts: drivers/net/wireless/ath9k/core.c drivers/net/wireless/ath9k/main.c net/core/dev.c
| * sctp: Fix kernel panic while process protocol violation parameterWei Yongjun2008-09-302-24/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since call to function sctp_sf_abort_violation() need paramter 'arg' with 'struct sctp_chunk' type, it will read the chunk type and chunk length from the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's parameter, it will be passed to sctp_sf_abort_violation(). This may cause kernel panic. sctp_sf_violation_paramlen() |-- sctp_sf_abort_violation() |-- sctp_make_abort_violation() This patch fixed this problem. This patch also fix two place which called sctp_sf_violation_paramlen() with wrong paramter type. Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTHVlad Yasevich2008-09-182-8/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If INIT-ACK is received with SupportedExtensions parameter which indicates that the peer does not support AUTH, the packet will be silently ignore, and sctp_process_init() do cleanup all of the transports in the association. When T1-Init timer is expires, OOPS happen while we try to choose a different init transport. The solution is to only clean up the non-active transports, i.e the ones that the peer added. However, that introduces a problem with sctp_connectx(), because we don't mark the proper state for the transports provided by the user. So, we'll simply mark user-provided transports as ACTIVE. That will allow INIT retransmissions to work properly in the sctp_connectx() context and prevent the crash. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * sctp: do not enable peer features if we can't do them.Vlad Yasevich2008-09-181-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | Do not enable peer features like addip and auth, if they are administratively disabled localy. If the peer resports that he supports something that we don't, neither end can use it so enabling it is pointless. This solves a problem when talking to a peer that has auth and addip enabled while we do not. Found by Andrei Pelinescu-Onciul <andrei@iptel.org>. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * sctp: set the skb->ip_summed correctly when sending over loopback.Vlad Yasevich2008-09-181-1/+2
| | | | | | | | | | | | | | | | | | | | Loopback used to clobber the ip_summed filed which sctp then used to figure out if it needed to do checksumming or not. Now that loopback doesn't do that any more, sctp needs to set the ip_summed field correctly. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net: Remove __skb_insert() calls outside of skbuff internals.David S. Miller2008-09-211-3/+2
|/ | | | | | | This minor cleanup simplifies later changes which will convert struct sk_buff and friends over to using struct list_head. Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: fix random memory dereference with SCTP_HMAC_IDENT option.Vlad Yasevich2008-08-272-2/+7
| | | | | | | | | The number of identifiers needs to be checked against the option length. Also, the identifier index provided needs to be verified to make sure that it doesn't exceed the bounds of the array. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: correct bounds check in sctp_setsockopt_auth_keyVlad Yasevich2008-08-271-1/+1
| | | | | | | | | | | | The bonds check to prevent buffer overlflow was not exactly right. It still allowed overflow of up to 8 bytes which is sizeof(struct sctp_authkey). Since optlen is already checked against the size of that struct, we are guaranteed not to cause interger overflow either. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: add verification checks to SCTP_AUTH_KEY optionVlad Yasevich2008-08-252-0/+9
| | | | | | | | | The structure used for SCTP_AUTH_KEY option contains a length that needs to be verfied to prevent buffer overflow conditions. Spoted by Eugene Teo <eteo@redhat.com>. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: fix potential panics in the SCTP-AUTH API.Vlad Yasevich2008-08-212-22/+67
| | | | | | | | | | | | | | | All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked. Additionally, there were some additional assumptions that certain pointers would always be valid which may not always be the case. This patch hardens the API and address all of the crash scenarios. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* netns: Add network namespace argument to rt6_fill_node() and ↵Brian Haley2008-08-141-1/+2
| | | | | | | | | | | ipv6_dev_get_saddr() ipv6_dev_get_saddr() blindly de-references dst_dev to get the network namespace, but some callers might pass NULL. Change callers to pass a namespace pointer instead. Signed-off-by: Brian Haley <brian.haley@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* sctp: Drop ipfargok in sctp_xmit functionHerbert Xu2008-08-033-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ipfragok flag controls whether the packet may be fragmented either on the local host on beyond. The latter is only valid on IPv4. In fact, we never want to do the latter even on IPv4 when PMTU is enabled. This is because even though we can't fragment packets within SCTP due to the prtocol's inherent faults, we can still fragment it at IP layer. By setting the DF bit we will improve the PMTU process. RFC 2960 only says that we SHOULD clear the DF bit in this case, so we're compliant even if we set the DF bit. In fact RFC 4960 no longer has this statement. Once we make this change, we only need to control the local fragmentation. There is already a bit in the skb which controls that, local_df. So this patch sets that instead of using the ipfragok argument. The only complication is that there isn't a struct sock object per transport, so for IPv4 we have to resort to changing the pmtudisc field for every packet. This should be safe though as the protocol is single-threaded. Note that after this patch we can remove ipfragok from the rest of the stack too. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>