05 Oct, 2015
1 commit
-
We want to avoid using time_t in the kernel because of the y2038
overflow problem. The use in sctp is not for storing seconds at
all, but instead uses microseconds and is passed as 32-bit
on all machines.This patch changes the type to u32, which better fits the use.
Signed-off-by: Arnd Bergmann
Cc: Vlad Yasevich
Cc: Neil Horman
Cc: linux-sctp@vger.kernel.org
Acked-by: Neil Horman
Acked-by: Marcelo Ricardo Leitner
Signed-off-by: David S. Miller
29 Aug, 2015
1 commit
-
RFC 5061:
This is an opaque integer assigned by the sender to identify each
request parameter. The receiver of the ASCONF Chunk will copy this
32-bit value into the ASCONF Response Correlation ID field of the
ASCONF-ACK response parameter. The sender of the ASCONF can use this
same value in the ASCONF-ACK to find which request the response is
for. Note that the receiver MUST NOT change this 32-bit value.Address Parameter: TLV
This field contains an IPv4 or IPv6 address parameter, as described
in Section 3.3.2.1 of [RFC4960].ASCONF chunk with Error Cause Indication Parameter (Unresolvable Address)
should be sent if the Delete IP Address is not part of the association.Endpoint A Endpoint B
(ESTABLISHED) (ESTABLISHED)ASCONF ----------------->
(Delete IP Address)
Acked-by: Vlad Yasevich
Acked-by: Marcelo Ricardo Leitner
Signed-off-by: David S. Miller
28 Aug, 2015
1 commit
-
in sctp_process_asconf(), we get address parameter from the beginning of
the addip params. but we never check if it's really there. if the addr
param is not there, it still can pass sctp_verify_asconf(), then to be
handled by sctp_process_asconf(), it will not be safe.so add a code in sctp_verify_asconf() to check the address parameter is in
the beginning, or return false to send abort.note that this can also detect multiple address parameters, and reject it.
Signed-off-by: Xin Long
Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
31 Jan, 2015
1 commit
-
When making use of RFC5061, section 4.2.4. for setting the primary IP
address, we're passing a wrong parameter header to param_type2af(),
resulting always in NULL being returned.At this point, param.p points to a sctp_addip_param struct, containing
a sctp_paramhdr (type = 0xc004, length = var), and crr_id as a correlation
id. Followed by that, as also presented in RFC5061 section 4.2.4., comes
the actual sctp_addr_param, which also contains a sctp_paramhdr, but
this time with the correct type SCTP_PARAM_IPV{4,6}_ADDRESS that
param_type2af() can make use of. Since we already hold a pointer to
addr_param from previous line, just reuse it for param_type2af().Fixes: d6de3097592b ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT")
Signed-off-by: Saran Maruti Ramanara
Signed-off-by: Daniel Borkmann
Acked-by: Vlad Yasevich
Acked-by: Neil Horman
Signed-off-by: David S. Miller
24 Nov, 2014
2 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
12 Nov, 2014
1 commit
-
An SCTP server doing ASCONF will panic on malformed INIT ping-of-death
in the form of:------------ INIT[PARAM: SET_PRIMARY_IP] ------------>
While the INIT chunk parameter verification dissects through many things
in order to detect malformed input, it misses to actually check parameters
inside of parameters. E.g. RFC5061, section 4.2.4 proposes a 'set primary
IP address' parameter in ASCONF, which has as a subparameter an address
parameter.So an attacker may send a parameter type other than SCTP_PARAM_IPV4_ADDRESS
or SCTP_PARAM_IPV6_ADDRESS, param_type2af() will subsequently return 0
and thus sctp_get_af_specific() returns NULL, too, which we then happily
dereference unconditionally through af->from_addr_param().The trace for the log:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
IP: [] sctp_process_init+0x492/0x990 [sctp]
PGD 0
Oops: 0000 [#1] SMP
[...]
Pid: 0, comm: swapper Not tainted 2.6.32-504.el6.x86_64 #1 Bochs Bochs
RIP: 0010:[] [] sctp_process_init+0x492/0x990 [sctp]
[...]
Call Trace:
[] ? sctp_bind_addr_copy+0x5d/0xe0 [sctp]
[] sctp_sf_do_5_1B_init+0x21b/0x340 [sctp]
[] sctp_do_sm+0x71/0x1210 [sctp]
[] ? sctp_endpoint_lookup_assoc+0xc9/0xf0 [sctp]
[] sctp_endpoint_bh_rcv+0x116/0x230 [sctp]
[] sctp_inq_push+0x56/0x80 [sctp]
[] sctp_rcv+0x982/0xa10 [sctp]
[] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
[] ? nf_iterate+0x69/0xb0
[] ? ip_local_deliver_finish+0x0/0x2d0
[] ? nf_hook_slow+0x76/0x120
[] ? ip_local_deliver_finish+0x0/0x2d0
[...]A minimal way to address this is to check for NULL as we do on all
other such occasions where we know sctp_get_af_specific() could
possibly return with NULL.Fixes: d6de3097592b ("[SCTP]: Add the handling of "Set Primary IP Address" parameter to INIT")
Signed-off-by: Daniel Borkmann
Cc: Vlad Yasevich
Acked-by: Neil Horman
Signed-off-by: David S. Miller
15 Oct, 2014
1 commit
-
Commit 6f4c618ddb0 ("SCTP : Add paramters validity check for
ASCONF chunk") added basic verification of ASCONF chunks, however,
it is still possible to remotely crash a server by sending a
special crafted ASCONF chunk, even up to pre 2.6.12 kernels:skb_over_panic: text:ffffffffa01ea1c3 len:31056 put:30768
head:ffff88011bd81800 data:ffff88011bd81800 tail:0x7950
end:0x440 dev:
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:129!
[...]
Call Trace:
[] skb_put+0x5c/0x70
[] sctp_addto_chunk+0x63/0xd0 [sctp]
[] sctp_process_asconf+0x1af/0x540 [sctp]
[] ? _read_unlock_bh+0x15/0x20
[] sctp_sf_do_asconf+0x168/0x240 [sctp]
[] sctp_do_sm+0x71/0x1210 [sctp]
[] ? fib_rules_lookup+0xad/0xf0
[] ? sctp_cmp_addr_exact+0x32/0x40 [sctp]
[] sctp_assoc_bh_rcv+0xd3/0x180 [sctp]
[] sctp_inq_push+0x56/0x80 [sctp]
[] sctp_rcv+0x982/0xa10 [sctp]
[] ? ipt_local_in_hook+0x23/0x28 [iptable_filter]
[] ? nf_iterate+0x69/0xb0
[] ? ip_local_deliver_finish+0x0/0x2d0
[] ? nf_hook_slow+0x76/0x120
[] ? ip_local_deliver_finish+0x0/0x2d0
[] ip_local_deliver_finish+0xdd/0x2d0
[] ip_local_deliver+0x98/0xa0
[] ip_rcv_finish+0x12d/0x440
[] ip_rcv+0x275/0x350
[] __netif_receive_skb+0x4ab/0x750
[] netif_receive_skb+0x58/0x60This can be triggered e.g., through a simple scripted nmap
connection scan injecting the chunk after the handshake, for
example, ...-------------- INIT[ASCONF; ASCONF_ACK] ------------->
... where ASCONF chunk of length 280 contains 2 parameters ...
1) Add IP address parameter (param length: 16)
2) Add/del IP address parameter (param length: 255)... followed by an UNKNOWN chunk of e.g. 4 bytes. Here, the
Address Parameter in the ASCONF chunk is even missing, too.
This is just an example and similarly-crafted ASCONF chunks
could be used just as well.The ASCONF chunk passes through sctp_verify_asconf() as all
parameters passed sanity checks, and after walking, we ended
up successfully at the chunk end boundary, and thus may invoke
sctp_process_asconf(). Parameter walking is done with
WORD_ROUND() to take padding into account.In sctp_process_asconf()'s TLV processing, we may fail in
sctp_process_asconf_param() e.g., due to removal of the IP
address that is also the source address of the packet containing
the ASCONF chunk, and thus we need to add all TLVs after the
failure to our ASCONF response to remote via helper function
sctp_add_asconf_response(), which basically invokes a
sctp_addto_chunk() adding the error parameters to the given
skb.When walking to the next parameter this time, we proceed
with ...length = ntohs(asconf_param->param_hdr.length);
asconf_param = (void *)asconf_param + length;... instead of the WORD_ROUND()'ed length, thus resulting here
in an off-by-one that leads to reading the follow-up garbage
parameter length of 12336, and thus throwing an skb_over_panic
for the reply when trying to sctp_addto_chunk() next time,
which implicitly calls the skb_put() with that length.Fix it by using sctp_walk_params() [ which is also used in
INIT parameter processing ] macro in the verification *and*
in ASCONF processing: it will make sure we don't spill over,
that we walk parameters WORD_ROUND()'ed. Moreover, we're being
more defensive and guard against unknown parameter types and
missized addresses.Joint work with Vlad Yasevich.
Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK chunks.")
Signed-off-by: Daniel Borkmann
Signed-off-by: Vlad Yasevich
Acked-by: Neil Horman
Signed-off-by: David S. Miller
12 Jun, 2014
1 commit
-
Add two minimal helper functions analogous to time_before() and
time_after() that will later on both be needed by SCTP code.Signed-off-by: Daniel Borkmann
Signed-off-by: David S. Miller
19 Apr, 2014
1 commit
-
Currently, it is possible to create an SCTP socket, then switch
auth_enable via sysctl setting to 1 and crash the system on connect:Oops[#1]:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.14.1-mipsgit-20140415 #1
task: ffffffff8056ce80 ti: ffffffff8055c000 task.ti: ffffffff8055c000
[...]
Call Trace:
[] sctp_auth_asoc_set_default_hmac+0x68/0x80
[] sctp_process_init+0x5e0/0x8a4
[] sctp_sf_do_5_1B_init+0x234/0x34c
[] sctp_do_sm+0xb4/0x1e8
[] sctp_endpoint_bh_rcv+0x1c4/0x214
[] sctp_rcv+0x588/0x630
[] sctp6_rcv+0x10/0x24
[] ip6_input+0x2c0/0x440
[] __netif_receive_skb_core+0x4a8/0x564
[] process_backlog+0xb4/0x18c
[] net_rx_action+0x12c/0x210
[] __do_softirq+0x17c/0x2ac
[] irq_exit+0x54/0xb0
[] ret_from_irq+0x0/0x4
[] rm7k_wait_irqoff+0x24/0x48
[] cpu_startup_entry+0xc0/0x148
[] start_kernel+0x37c/0x398
Code: dd0900b8 000330f8 0126302d 50c0fff1 0047182a a48306a0
03e00008 00000000
---[ end trace b530b0551467f2fd ]---
Kernel panic - not syncing: Fatal exception in interruptWhat happens while auth_enable=0 in that case is, that
ep->auth_hmacs is initialized to NULL in sctp_auth_init_hmacs()
when endpoint is being created.After that point, if an admin switches over to auth_enable=1,
the machine can crash due to NULL pointer dereference during
reception of an INIT chunk. When we enter sctp_process_init()
via sctp_sf_do_5_1B_init() in order to respond to an INIT chunk,
the INIT verification succeeds and while we walk and process
all INIT params via sctp_process_param() we find that
net->sctp.auth_enable is set, therefore do not fall through,
but invoke sctp_auth_asoc_set_default_hmac() instead, and thus,
dereference what we have set to NULL during endpoint
initialization phase.The fix is to make auth_enable immutable by caching its value
during endpoint initialization, so that its original value is
being carried along until destruction. The bug seems to originate
from the very first days.Fix in joint work with Daniel Borkmann.
Reported-by: Joshua Kinard
Signed-off-by: Vlad Yasevich
Signed-off-by: Daniel Borkmann
Acked-by: Neil Horman
Tested-by: Joshua Kinard
Signed-off-by: David S. Miller
06 Mar, 2014
1 commit
-
While working on ec0223ec48a9 ("net: sctp: fix sctp_sf_do_5_1D_ce to
verify if we/peer is AUTH capable"), we noticed that there's a skb
memory leakage in the error path.Running the same reproducer as in ec0223ec48a9 and by unconditionally
jumping to the error label (to simulate an error condition) in
sctp_sf_do_5_1D_ce() receive path lets kmemleak detector bark about
the unfreed chunk->auth_chunk skb clone:Unreferenced object 0xffff8800b8f3a000 (size 256):
comm "softirq", pid 0, jiffies 4294769856 (age 110.757s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
89 ab 75 5e d4 01 58 13 00 00 00 00 00 00 00 00 ..u^..X.........
backtrace:
[] kmemleak_alloc+0x4e/0xb0
[] kmem_cache_alloc+0xc8/0x210
[] skb_clone+0x49/0xb0
[] sctp_endpoint_bh_rcv+0x1d9/0x230 [sctp]
[] sctp_inq_push+0x4c/0x70 [sctp]
[] sctp_rcv+0x82e/0x9a0 [sctp]
[] ip_local_deliver_finish+0xa8/0x210
[] nf_reinject+0xbf/0x180
[] nfqnl_recv_verdict+0x1d2/0x2b0 [nfnetlink_queue]
[] nfnetlink_rcv_msg+0x14b/0x250 [nfnetlink]
[] netlink_rcv_skb+0xa9/0xc0
[] nfnetlink_rcv+0x23f/0x408 [nfnetlink]
[] netlink_unicast+0x168/0x250
[] netlink_sendmsg+0x2e1/0x3f0
[] sock_sendmsg+0x8b/0xc0
[] ___sys_sendmsg+0x369/0x380What happens is that commit bbd0d59809f9 clones the skb containing
the AUTH chunk in sctp_endpoint_bh_rcv() when having the edge case
that an endpoint requires COOKIE-ECHO chunks to be authenticated:---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
auth_chunk, we could hit the "goto nomem_init" path from
an error condition and thus leave the cloned skb around w/o
freeing it.The fix is to centrally free such clones in sctp_chunk_destroy()
handler that is invoked from sctp_chunk_free() after all refs have
dropped; and also move both kfree_skb(chunk->auth_chunk) there,
so that chunk->auth_chunk is either NULL (since sctp_chunkify()
allocs new chunks through kmem_cache_zalloc()) or non-NULL with
a valid skb pointer. chunk->skb and chunk->auth_chunk are the
only skbs in the sctp_chunk structure that need to be handeled.While at it, we should use consume_skb() for both. It is the same
as dev_kfree_skb() but more appropriately named as we are not
a device but a protocol. Also, this effectively replaces the
kfree_skb() from both invocations into consume_skb(). Functions
are the same only that kfree_skb() assumes that the frame was
being dropped after a failure (e.g. for tools like drop monitor),
usage of consume_skb() seems more appropriate in function
sctp_chunk_destroy() though.Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
Signed-off-by: Daniel Borkmann
Cc: Vlad Yasevich
Cc: Neil Horman
Acked-by: Vlad Yasevich
Acked-by: Neil Horman
Signed-off-by: David S. Miller
14 Jan, 2014
1 commit
-
Signed-off-by: Stephen Hemminger
Acked-by: Neil Horman
Signed-off-by: David S. Miller
27 Dec, 2013
3 commits
-
fix checkpatch errors below:
ERROR: switch and case should be at the same inden
ERROR: code indent should use tabs where possibleAcked-by: Neil Horman
Signed-off-by: Wang Weidong
Signed-off-by: David S. Miller -
fix checkpatch errors below:
ERROR: "(foo*)" should be "(foo *)"
ERROR: "foo * bar" should be "foo *bar"
ERROR: "foo* bar" should be "foo *bar"Signed-off-by: Wang Weidong
Signed-off-by: David S. Miller -
fix checkpatch errors while the space is required or prohibited
to the "=,()++..."Acked-by: Neil Horman
Signed-off-by: Wang Weidong
Signed-off-by: David S. Miller
07 Dec, 2013
1 commit
-
Several files refer to an old address for the Free Software Foundation
in the file header comment. Resolve by replacing the address with
the URL so that we do not have to keep
updating the header comments anytime the address changes.CC: Vlad Yasevich
CC: Neil Horman
Signed-off-by: Jeff Kirsher
Signed-off-by: David S. Miller
28 Oct, 2013
1 commit
-
kmem_cache_zalloc had set the allocated memory to zero. I think no need
to initialize with 0. And move the comments to the function begin.Acked-by: Vlad Yasevich
Signed-off-by: Wang Weidong
Signed-off-by: David S. Miller
30 Aug, 2013
1 commit
-
Add a comment related to RFC4960 explaning why we do not check for initial
TSN, and while at it, remove yoda notation checks and clean up code from
checks of mandatory conditions. That's probably just really minor, but makes
reviewing easier.Signed-off-by: Daniel Borkmann
Acked-by: Neil Horman
Signed-off-by: David S. Miller
14 Aug, 2013
1 commit
-
This patch adds a base infrastructure that allows SCTP to do
memory accounting for control chunks. Real accounting code will
follow.This patch alos fixes the following triggered bug ...
[ 553.109742] kernel BUG at include/linux/skbuff.h:1813!
[ 553.109766] invalid opcode: 0000 [#1] SMP
[ 553.109789] Modules linked in: sctp libcrc32c rfcomm [...]
[ 553.110259] uinput i915 i2c_algo_bit drm_kms_helper e1000e drm ptp
pps_core i2c_core wmi video sunrpc
[ 553.110320] CPU: 0 PID: 1636 Comm: lt-test_1_to_1_ Not tainted
3.11.0-rc3+ #2
[ 553.110350] Hardware name: LENOVO 74597D6/74597D6, BIOS 6DET60WW
(3.10 ) 09/17/2009
[ 553.110381] task: ffff88020a01dd40 ti: ffff880204ed0000 task.ti:
ffff880204ed0000
[ 553.110411] RIP: 0010:[] []
skb_orphan.part.9+0x4/0x6 [sctp]
[ 553.110459] RSP: 0018:ffff880204ed1bb8 EFLAGS: 00010286
[ 553.110483] RAX: ffff8802086f5a40 RBX: ffff880204303300 RCX:
0000000000000000
[ 553.110487] RDX: ffff880204303c28 RSI: ffff8802086f5a40 RDI:
ffff880202158000
[ 553.110487] RBP: ffff880204ed1bb8 R08: 0000000000000000 R09:
0000000000000000
[ 553.110487] R10: ffff88022f2d9a04 R11: ffff880233001600 R12:
0000000000000000
[ 553.110487] R13: ffff880204303c00 R14: ffff8802293d0000 R15:
ffff880202158000
[ 553.110487] FS: 00007f31b31fe740(0000) GS:ffff88023bc00000(0000)
knlGS:0000000000000000
[ 553.110487] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 553.110487] CR2: 000000379980e3e0 CR3: 000000020d225000 CR4:
00000000000407f0
[ 553.110487] Stack:
[ 553.110487] ffff880204ed1ca8 ffffffffa068d7fc 0000000000000000
0000000000000000
[ 553.110487] 0000000000000000 ffff8802293d0000 ffff880202158000
ffffffff81cb7900
[ 553.110487] 0000000000000000 0000400000001c68 ffff8802086f5a40
000000000000000f
[ 553.110487] Call Trace:
[ 553.110487] [] sctp_sendmsg+0x6bc/0xc80 [sctp]
[ 553.110487] [] ? sock_has_perm+0x75/0x90
[ 553.110487] [] inet_sendmsg+0x63/0xb0
[ 553.110487] [] ? selinux_socket_sendmsg+0x23/0x30
[ 553.110487] [] sock_sendmsg+0xa6/0xd0
[ 553.110487] [] ? _raw_spin_unlock_bh+0x15/0x20
[ 553.110487] [] SYSC_sendto+0x128/0x180
[ 553.110487] [] ? SYSC_connect+0xdb/0x100
[ 553.110487] [] ? sctp_inet_listen+0x71/0x1f0
[sctp]
[ 553.110487] [] SyS_sendto+0xe/0x10
[ 553.110487] [] system_call_fastpath+0x16/0x1b
[ 553.110487] Code: e0 48 c7 c7 00 22 6a a0 e8 67 a3 f0 e0 48 c7 [...]
[ 553.110487] RIP [] skb_orphan.part.9+0x4/0x6
[sctp]
[ 553.110487] RSP
[ 553.121578] ---[ end trace 46c20c5903ef5be2 ]---The approach taken here is to split data and control chunks
creation a bit. Data chunks already have memory accounting
so noting needs to happen. For control chunks, add stubs handlers.Signed-off-by: Vlad Yasevich
Signed-off-by: David S. Miller
10 Aug, 2013
1 commit
-
With the restructuring of the lksctp.org site, we only allow bug
reports through the SCTP mailing list linux-sctp@vger.kernel.org,
not via SF, as SF is only used for web hosting and nothing more.
While at it, also remove the obvious statement that bugs will be
fixed and incooperated into the kernel.Signed-off-by: Daniel Borkmann
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
25 Jul, 2013
1 commit
-
The SCTP mailing list address to send patches or questions
to is linux-sctp@vger.kernel.org and not
lksctp-developers@lists.sourceforge.net anymore. Therefore,
update all occurences.Signed-off-by: Daniel Borkmann
Acked-by: Neil Horman
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
02 Jul, 2013
1 commit
-
We should get rid of all own SCTP debug printk macros and use the ones
that the kernel offers anyway instead. This makes the code more readable
and conform to the kernel code, and offers all the features of dynamic
debbuging that pr_debug() et al has, such as only turning on/off portions
of debug messages at runtime through debugfs. The runtime cost of having
CONFIG_DYNAMIC_DEBUG enabled, but none of the debug statements printing,
is negligible [1]. If kernel debugging is completly turned off, then these
statements will also compile into "empty" functions.While we're at it, we also need to change the Kconfig option as it /now/
only refers to the ifdef'ed code portions in outqueue.c that enable further
debugging/tracing of SCTP transaction fields. Also, since SCTP_ASSERT code
was enabled with this Kconfig option and has now been removed, we
transform those code parts into WARNs resp. where appropriate BUG_ONs so
that those bugs can be more easily detected as probably not many people
have SCTP debugging permanently turned on.To turn on all SCTP debugging, the following steps are needed:
# mount -t debugfs none /sys/kernel/debug
# echo -n 'module sctp +p' > /sys/kernel/debug/dynamic_debug/controlThis can be done more fine-grained on a per file, per line basis and others
as described in [2].[1] https://www.kernel.org/doc/ols/2009/ols2009-pages-39-46.pdf
[2] Documentation/dynamic-debug-howto.txtSigned-off-by: Daniel Borkmann
Signed-off-by: David S. Miller
26 Jun, 2013
1 commit
-
Currently, SCTP code defines its own timeval functions (since timeval
is rarely used inside the kernel by others), namely tv_lt() and
TIMEVAL_ADD() macros, that operate on SCTP cookie expiration.We might as well remove all those, and operate directly on ktime
structures for a couple of reasons: ktime is available on all archs;
complexity of ktime calculations depending on the arch is less than
(reduces to a simple arithmetic operations on archs with
BITS_PER_LONG == 64 or CONFIG_KTIME_SCALAR) or equal to timeval
functions (other archs); code becomes more readable; macros can be
thrown out.Signed-off-by: Daniel Borkmann
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
18 Jun, 2013
1 commit
-
SCTP_STATIC is just another define for the static keyword. It's use
is inconsistent in the SCTP code anyway and it was introduced in the
initial implementation of SCTP in 2.5. We have a regression suite in
lksctp-tools, but this is for user space only, so noone makes use of
this macro anymore. The kernel test suite for 2.5 is incompatible with
the current SCTP code anyway.So simply Remove it, to be more consistent with the rest of the kernel
code.Signed-off-by: Daniel Borkmann
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
22 Feb, 2013
1 commit
-
Pull trivial tree from Jiri Kosina:
"Assorted tiny fixes queued in trivial tree"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (22 commits)
DocBook: update EXPORT_SYMBOL entry to point at export.h
Documentation: update top level 00-INDEX file with new additions
ARM: at91/ide: remove unsused at91-ide Kconfig entry
percpu_counter.h: comment code for better readability
x86, efi: fix comment typo in head_32.S
IB: cxgb3: delay freeing mem untill entirely done with it
net: mvneta: remove unneeded version.h include
time: x86: report_lost_ticks doesn't exist any more
pcmcia: avoid static analysis complaint about use-after-free
fs/jfs: Fix typo in comment : 'how may' -> 'how many'
of: add missing documentation for of_platform_populate()
btrfs: remove unnecessary cur_trans set before goto loop in join_transaction
sound: soc: Fix typo in sound/codecs
treewide: Fix typo in various drivers
btrfs: fix comment typos
Update ibmvscsi module name in Kconfig.
powerpc: fix typo (utilties -> utilities)
of: fix spelling mistake in comment
h8300: Fix home page URL in h8300/README
xtensa: Fix home page URL in Kconfig
...
13 Feb, 2013
1 commit
-
Vlad says: The whole multiple cookie keys code is completely unused
and has been all this time. Noone uses anything other then the
secret_key[0] since there is no changeover support anywhere.Thus, for now clean up its left-over fragments.
Cc: Neil Horman
Cc: Vlad Yasevich
Signed-off-by: Daniel Borkmann
Acked-by: Neil Horman
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
29 Jan, 2013
1 commit
-
Conflicts:
drivers/devfreq/exynos4_bus.cSync with Linus' tree to be able to apply patches that are
against newer code (mvneta).
03 Jan, 2013
1 commit
-
Signed-off-by: Jorrit Schippers
Signed-off-by: Jiri Kosina
04 Dec, 2012
1 commit
-
The current SCTP stack is lacking a mechanism to have per association
statistics. This is an implementation modeled after OpenSolaris'
SCTP_GET_ASSOC_STATS.Userspace part will follow on lksctp if/when there is a general ACK on
this.
V4:
- Move ipackets++ before q->immediate.func() for consistency reasons
- Move sctp_max_rto() at the end of sctp_transport_update_rto() to avoid
returning bogus RTO values
- return asoc->rto_min when max_obs_rto value has not changedV3:
- Increase ictrlchunks in sctp_assoc_bh_rcv() as well
- Move ipackets++ to sctp_inq_push()
- return 0 when no rto updates took place since the last callV2:
- Implement partial retrieval of stat struct to cope for future expansion
- Kill the rtxpackets counter as it cannot be precise anyway
- Rename outseqtsns to outofseqtsns to make it clearer that these are out
of sequence unexpected TSNs
- Move asoc->ipackets++ under a lock to avoid potential miscounts
- Fold asoc->opackets++ into the already existing asoc check
- Kill unneeded (q->asoc) test when increasing rtxchunks
- Do not count octrlchunks if sending failed (SCTP_XMIT_OK != 0)
- Don't count SHUTDOWNs as SACKs
- Move SCTP_GET_ASSOC_STATS to the private space API
- Adjust the len check in sctp_getsockopt_assoc_stats() to allow for
future struct growth
- Move association statistics in their own struct
- Update idupchunks when we send a SACK with dup TSNs
- return min_rto in max_rto when RTO has not changed. Also return the
transport when max_rto last changed.Signed-off: Michele Baldessari
Acked-by: Vlad YasevichSigned-off-by: David S. Miller
21 Nov, 2012
1 commit
-
In the event that an association exceeds its max_retrans attempts, we should
send an ABORT chunk indicating that we are closing the assocation as a result.
Because of the nature of the error, its unlikely to be received, but its a nice
clean way to close the association if it does make it through, and it will give
anyone watching via tcpdump a clue as to what happened.Change notes:
v2)
* Removed erroneous changes from sctp_make_violation_parmlenSigned-off-by: Neil Horman
CC: Vlad Yasevich
CC: "David S. Miller"
CC: linux-sctp@vger.kernel.org
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
15 Aug, 2012
3 commits
-
Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller -
Add struct net as a parameter to sctp_verify_param so it can be passed
to sctp_verify_ext_param where struct net will be needed when the sctp
tunables become per net tunables.Add struct net as a parameter to sctp_verify_init so struct net can be
passed to sctp_verify_param.Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller -
struct net will be needed shortly when the tunables are made per network
namespace.Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
17 Jul, 2012
1 commit
-
Fix the following sparse warning:
* symbol 'sctp_init_cause_fixed' was not declared. Should it be
static?Signed-off-by: Ioan Orghici
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
01 Jul, 2012
1 commit
-
It was noticed recently that when we send data on a transport, its possible that
we might bundle a sack that arrived on a different transport. While this isn't
a major problem, it does go against the SHOULD requirement in section 6.4 of RFC
2960:An endpoint SHOULD transmit reply chunks (e.g., SACK, HEARTBEAT ACK,
etc.) to the same destination transport address from which it
received the DATA or control chunk to which it is replying. This
rule should also be followed if the endpoint is bundling DATA chunks
together with the reply chunk.This patch seeks to correct that. It restricts the bundling of sack operations
to only those transports which have moved the ctsn of the association forward
since the last sack. By doing this we guarantee that we only bundle outbound
saks on a transport that has received a chunk since the last sack. This brings
us into stricter compliance with the RFC.Vlad had initially suggested that we strictly allow only sack bundling on the
transport that last moved the ctsn forward. While this makes sense, I was
concerned that doing so prevented us from bundling in the case where we had
received chunks that moved the ctsn on multiple transports. In those cases, the
RFC allows us to select any of the transports having received chunks to bundle
the sack on. so I've modified the approach to allow for that, by adding a state
variable to each transport that tracks weather it has moved the ctsn since the
last sack. This I think keeps our behavior (and performance), close enough to
our current profile that I think we can do this without a sysctl knob to
enable/disable it.Signed-off-by: Neil Horman
CC: Vlad Yaseivch
CC: David S. Miller
CC: linux-sctp@vger.kernel.org
Reported-by: Michele Baldessari
Reported-by: sorin serban
Acked-by: Vlad Yasevich
Signed-off-by: David S. Miller
09 Nov, 2011
1 commit
-
Fast retransmission after changing the last address
with ASCONF negotiationSigned-off-by: Michio Honda
Signed-off-by: David S. Miller
25 Aug, 2011
1 commit
-
With this patch a HEARTBEAT chunk is bundled into the ASCONF-ACK
for ADD IP ADDRESS, confirming the new destination as quickly as
possible.Signed-off-by: Michio Honda
Signed-off-by: David S. Miller
17 Jun, 2011
1 commit
-
Unnecessary casts of void * clutter the code.
These are the remainder casts after several specific
patches to remove netdev_priv and dev_priv.Done via coccinelle script:
$ cat cast_void_pointer.cocci
@@
type T;
T *pt;
void *pv;
@@- pt = (T *)pv;
+ pt = pv;Signed-off-by: Joe Perches
Acked-by: Paul Moore
Signed-off-by: David S. Miller
02 Jun, 2011
2 commits
-
In this case, the SCTP association transmits an ASCONF packet
including addition of the new IP address and deletion of the old
address. This patch implements this functionality.
In this case, the ASCONF chunk is added to the beginning of the
queue, because the other chunks cannot be transmitted in this state.Signed-off-by: Michio Honda
Signed-off-by: YOSHIFUJI Hideaki
Acked-by: Wei Yongjun
Signed-off-by: David S. Miller -
This patch fixes the problem that the original code cannot delete
the remote address where the corresponding transport is currently
directed, even when the ASCONF is sent from the other address (this
situation happens when the single-homed sender transmits ASCONF
with ADD and DEL.)Signed-off-by: Michio Honda
Signed-off-by: YOSHIFUJI Hideaki
Acked-by: Wei Yongjun
Signed-off-by: David S. Miller