01 Feb, 2008
1 commit
-
This patch fix miss of check for report unrecognized HMAC Algorithm
parameter. When AUTH is disabled, goto fall through path to report
unrecognized parameter, else, just breakSigned-off-by: Wei Yongjun
Acked-by: Neil Horman
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
29 Jan, 2008
20 commits
-
Needed to propagate it down to the ip_route_output_flow.
Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
When parameter validation fails, there should be error causes that
specify what type of failure we've encountered. If the causes are not
there, we lacked memory to allocated them. Thus make that the default
value for the error.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
Reported by Andrew Morton.
net/sctp/sm_statefuns.c: In function 'sctp_sf_do_5_1C_ack':
net/sctp/sm_statefuns.c:484: warning: 'error' may be used uninitialized in this functionSigned-off-by: David S. Miller
-
When a new address is added, we must check if the new address does not
already exists. This patch makes this check to be aware of a network
namespace, so the check will look if the address already exists for
the specified network namespace. While the addresses are browsed, the
addresses which do not belong to the namespace are discarded.Signed-off-by: Daniel Lezcano
Signed-off-by: Benjamin Thery
Signed-off-by: David S. Miller -
The patch extends the inet_addr_type and inet_dev_addr_type with the
network namespace pointer. That allows to access the different tables
relatively to the network namespace.The modification of the signature function is reported in all the
callers of the inet_addr_type using the pointer to the well known
init_net.Acked-by: Benjamin Thery
Acked-by: Daniel Lezcano
Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller -
This patch includes many places, that only required
replacing the ctl_table-s with appropriate ctl_paths
and call register_sysctl_paths().Nothing special was done with them.
Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This patch introduces new memory accounting functions for each network
protocol. Most of them are renamed from memory accounting functions
for stream protocols. At the same time, some stream memory accounting
functions are removed since other functions do same thing.Renaming:
sk_stream_free_skb() -> sk_wmem_free_skb()
__sk_stream_mem_reclaim() -> __sk_mem_reclaim()
sk_stream_mem_reclaim() -> sk_mem_reclaim()
sk_stream_mem_schedule -> __sk_mem_schedule()
sk_stream_pages() -> sk_mem_pages()
sk_stream_rmem_schedule() -> sk_rmem_schedule()
sk_stream_wmem_schedule() -> sk_wmem_schedule()
sk_charge_skb() -> sk_mem_charge()Removeing
sk_stream_rfree(): consolidates into sock_rfree()
sk_stream_set_owner_r(): consolidates into skb_set_owner_r()
sk_stream_mem_schedule()The following functions are added.
sk_has_account(): check if the protocol supports accounting
sk_mem_uncharge(): do the opposite of sk_mem_charge()In addition, to achieve consolidation, updating sk_wmem_queued is
removed from sk_mem_charge().Next, to consolidate memory accounting functions, this patch adds
memory accounting calls to network core functions. Moreover, present
memory accounting call is renamed to new accounting call.Finally we replace present memory accounting calls with new interface
in TCP and SCTP.Signed-off-by: Takahiro Yasui
Signed-off-by: Hideo Aoki
Signed-off-by: David S. Miller -
The Security Considerations section of RFC 5061 has the following
text:If an SCTP endpoint that supports this extension receives an INIT
that indicates that the peer supports the ASCONF extension but does
NOT support the [RFC4895] extension, the receiver of such an INIT
MUST send an ABORT in response. Note that an implementation is
allowed to silently discard such an INIT as an option as well, but
under NO circumstance is an implementation allowed to proceed with
the association setup by sending an INIT-ACK in response.An implementation that receives an INIT-ACK that indicates that the
peer does not support the [RFC4895] extension MUST NOT send the
COOKIE-ECHO to establish the association. Instead, the
implementation MUST discard the INIT-ACK and report to the upper-
layer user that an association cannot be established destroying the
Transmission Control Block (TCB).Follow the recomendations.
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
ADD-IP spec has a special case for processing ABORTs:
F4) ... One special consideration is that ABORT
Chunks arriving destined to the IP address being deleted MUST be
ignored (see Section 5.3.1 for further details).Check if the address we received on is in the DEL state, and if
so, ignore the ABORT.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
The processing of the ASCONF chunks has changed a lot in the
spec. New items are:
1. A list of ASCONF-ACK chunks is now cached
2. The source of the packet is used in response.
3. New handling for unexpect ASCONF chunks.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
C4) Both ASCONF and ASCONF-ACK Chunks MUST NOT be sent in any SCTP
state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED,
and SHUTDOWN-SENT.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
ADD-IP draft section 5.2 specifies that if an association can not
be found using the source and destination of the IP packet,
then, if the packet contains ASCONF chunks, the Address Parameter
TLV should be used to lookup an association.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
The ADD-IP "Set Primary IP Address" parameter is allowed in the
INIT/INIT-ACK exchange. Allow processing of this parameter during
the INIT/INIT-ACK.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
The Address Parameter in the parameter list of the ASCONF chunk
may be a wildcard address. In this case special processing
is required. For the 'add' case, the source IP of the packet is
added. In the 'del' case, all addresses except the source IP
of packet are removed. In the "mark primary" case, the source
address is marked as primary.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
Now that we support AUTH, discard unauthenticated ASCONF and ASCONF ACK
chunks as mandated in the ADD-IP spec.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
The crc32c library used an identical table and algorithm
as SCTP. Switch to using the library instead of carrying
our own table. Using crypto layer proved to have too
much overhead compared to using the library directly.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
Signed-off-by: Joe Perches
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller -
The sock_wake_async() performs a bit different actions
depending on "how" argument. Unfortunately this argument
ony has numerical magic values.I propose to give names to their constants to help people
reading this function callers understand what's going on
without looking into this function all the time.I suppose this is 2.6.25 material, but if it's not (or the
naming seems poor/bad/awful), I can rework it against the
current net-2.6 tree.Signed-off-by: Pavel Emelyanov
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller -
Many-many code in the kernel initialized the timer->function
and timer->data together with calling init_timer(timer). There
is already a helper for this. Use it for networking code.The patch is HUGE, but makes the code 130 lines shorter
(98 insertions(+), 228 deletions(-)).Signed-off-by: Pavel Emelyanov
Acked-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
09 Jan, 2008
3 commits
-
Some recent changes completely removed accounting for the FORWARD_TSN
parameter length in the INIT and INIT-ACK chunk. This is wrong and
should be restored.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
When processing an unexpected INIT chunk, we do not need to
do any preservation of the old AUTH parameters. In fact,
doing such preservations will nullify AUTH and allow connection
stealing.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
The even should be called SCTP_AUTHENTICATION_INDICATION.
Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
21 Dec, 2007
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
17 Dec, 2007
1 commit
-
At the end of partial delivery, we may have complete messages
sitting on the fragment queue. These messages are stuck there
until a new fragment arrives. This can comletely stall a
given association. When clearing partial delivery state, flush
any complete messages from the fragment queue and send them on
their way up.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
07 Dec, 2007
2 commits
-
During accept/migrate the code attempts to copy the addresses from
the parent endpoint to the new endpoint. However, if the parent
was bound to a wildcard address, then we end up pointlessly copying
all of the current addresses on the system.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller -
SCTP accept code tries to add a newliy created socket
to a bind bucket without holding a lock. On a really
busy system, that can causes slab corruptions.
Add a lock around this code.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
29 Nov, 2007
5 commits
-
SCTP-AUTH requires selection of CRYPTO, HMAC and SHA1 since
SHA1 is a MUST requirement for AUTH. We also support SHA256,
but that's optional, so fix the code to treat it as such.Signed-off-by: Vlad Yasevich
-
In the case where no autheticated chunks were specified, we were still
trying to verify that a given chunk needs authentication and doing so
incorrectly. Add a check for parameter length to make sure we don't
try to use an empty auth_chunks parameter to verify against.Signed-off-by: Vlad Yasevich
-
Supported extensions parameter was not coded right and ended up
over-writing memory or causing skb overflows. First, remove
the FWD_TSN support from as it shouldn't be there and also fix
the paramter encoding.Signed-off-by: Vlad Yasevich
-
There was a typo that cleared the HMACS parameters when no
authenticated chunks were specified. We whould be clearing
the chunks pointer instead of the hmacs.Signed-off-by: Vlad Yasevich
-
Our treatment of Heartbeats is special in that the inital HB chunk
counts against the error count for the association, where as for
other chunks, only retransmissions or timeouts count against us.
As a result, we had an off-by-1 situation with a number of
Heartbeats we could send.Signed-off-by: Vlad Yasevich
20 Nov, 2007
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
12 Nov, 2007
1 commit
-
In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak
the storage allocated for 'abort' by returning from the function
without using or freeing it. This happens in case
"sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to
the 'discard' label.
Spotted by the Coverity checker.The simple fix is to simply move the creation of the "abort chunk"
to after the possible jump to the 'discard' label. This way we don't
even have to allocate the memory at all in the problem case.Signed-off-by: Jesper Juhl
Signed-off-by: Vlad Yasevich
10 Nov, 2007
5 commits
-
When the code calls uncork, trigger a queue flush, even
if the queue was not corked. Most callers that explicitely
cork the queue will have additinal checks to see if they
corked it. Callers who do not cork the queue expect packets
to flow when they call uncork.The scneario that showcased this bug happend when we were not
able to bundle DATA with outgoing COOKIE-ECHO. As a result
the data just sat in the outqueue and did not get transmitted.
The application expected a response, but nothing happened.Signed-off-by: Vlad Yasevich
-
There is a small bug when we process a FWD-TSN. We'll deliver
anything upto the current next expected SSN. However, if the
next expected is already in the queue, it will take another
chunk to trigger its delivery. The fix is to simply check
the current queued SSN is the next expected one.Signed-off-by: Vlad Yasevich
-
SCTP-AUTH and future ADD-IP updates have a requirement to
do additional verification of parameters and an ability to
ABORT the association if verification fails. So, introduce
additional return code so that we can clear signal a required
action.Signed-off-by: Vlad Yasevich
-
Convert the custom hash list traversals to use hlist functions.
Signed-off-by: Vlad Yasevich
-
A SCTP endpoint may have a lot of associations on them and walking
the list is fairly inefficient. Instead, use a hashed lookup,
and filter out the hash list based on the endopoing we already have.Signed-off-by: Vlad Yasevich