lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jul 2012 11:02:47 +0800 From: xufeng zhang <xufeng.zhang@...driver.com> To: Vlad Yasevich <vyasevich@...il.com> CC: <sri@...ibm.com>, <davem@...emloft.net>, <xufengzhang.main@...il.com>, <linux-sctp@...r.kernel.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] sctp: Make "Invalid Stream Identifier" ERROR follows SACK when bundling On 07/24/2012 10:27 AM, Vlad Yasevich wrote: > xufeng zhang<xufeng.zhang@...driver.com> wrote: > > >> On 07/19/2012 01:57 PM, xufengzhang.main@...il.com wrote: >> >>> When "Invalid Stream Identifier" ERROR happens after process the >>> received DATA chunks, this ERROR chunk is enqueued into outqueue >>> before SACK chunk, so when bundling ERROR chunk with SACK chunk, >>> the ERROR chunk is always placed first in the packet because of >>> the chunk's position in the outqueue. >>> This violates sctp specification: >>> RFC 4960 6.5. Stream Identifier and Stream Sequence Number >>> ...The endpoint may bundle the ERROR chunk in the same >>> packet as the SACK as long as the ERROR follows the SACK. >>> So we must place SACK first when bundling "Invalid Stream Identifier" >>> ERROR and SACK in one packet. >>> Although we can do that by enqueue SACK chunk into outqueue before >>> ERROR chunk, it will violate the side-effect interpreter processing. >>> It's easy to do this job when dequeue chunks from the outqueue, >>> by this way, we introduce a flag 'has_isi_err' which indicate >>> whether or not the "Invalid Stream Identifier" ERROR happens. >>> >>> Signed-off-by: Xufeng Zhang<xufeng.zhang@...driver.com> >>> --- >>> include/net/sctp/structs.h | 2 ++ >>> net/sctp/output.c | 26 ++++++++++++++++++++++++++ >>> 2 files changed, 28 insertions(+), 0 deletions(-) >>> >>> diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h >>> index 88949a9..5adf4de 100644 >>> --- a/include/net/sctp/structs.h >>> +++ b/include/net/sctp/structs.h >>> @@ -842,6 +842,8 @@ struct sctp_packet { >>> has_sack:1, /* This packet contains a SACK chunk. */ >>> has_auth:1, /* This packet contains an AUTH chunk */ >>> has_data:1, /* This packet contains at least 1 DATA chunk */ >>> + has_isi_err:1, /* This packet contains a "Invalid Stream >>> + * Identifier" ERROR chunk */ >>> ipfragok:1, /* So let ip fragment this packet */ >>> malloced:1; /* Is it malloced? */ >>> }; >>> diff --git a/net/sctp/output.c b/net/sctp/output.c >>> index 817174e..77fb1ae 100644 >>> --- a/net/sctp/output.c >>> +++ b/net/sctp/output.c >>> @@ -79,6 +79,7 @@ static void sctp_packet_reset(struct sctp_packet >>> >> *packet) >> >>> packet->has_sack = 0; >>> packet->has_data = 0; >>> packet->has_auth = 0; >>> + packet->has_isi_err = 0; >>> packet->ipfragok = 0; >>> packet->auth = NULL; >>> } >>> @@ -267,6 +268,7 @@ static sctp_xmit_t sctp_packet_bundle_sack(struct >>> >> sctp_packet *pkt, >> >>> sctp_xmit_t sctp_packet_append_chunk(struct sctp_packet *packet, >>> struct sctp_chunk *chunk) >>> { >>> + struct sctp_chunk *lchunk; >>> sctp_xmit_t retval = SCTP_XMIT_OK; >>> __u16 chunk_len = WORD_ROUND(ntohs(chunk->chunk_hdr->length)); >>> >>> @@ -316,7 +318,31 @@ sctp_xmit_t sctp_packet_append_chunk(struct >>> >> sctp_packet *packet, >> >>> packet->has_cookie_echo = 1; >>> break; >>> >>> + case SCTP_CID_ERROR: >>> + if (chunk->subh.err_hdr->cause& SCTP_ERROR_INV_STRM) >>> + packet->has_isi_err = 1; >>> + break; >>> + >>> case SCTP_CID_SACK: >>> + /* RFC 4960 >>> + * 6.5 Stream Identifier and Stream Sequence Number >>> + * The endpoint may bundle the ERROR chunk in the same >>> + * packet as the SACK as long as the ERROR follows the SACK. >>> + */ >>> + if (packet->has_isi_err) { >>> + if (list_is_singular(&packet->chunk_list)) >>> + list_add(&chunk->list,&packet->chunk_list); >>> + else { >>> + lchunk = list_first_entry(&packet->chunk_list, >>> + struct sctp_chunk, list); >>> + list_add(&chunk->list,&lchunk->list); >>> + } >>> >>> >> And I should clarify the above judgment code. >> AFAIK, there should be two cases for the bundling when invalid stream >> identifier error happens: >> 1). COOKIE_ACK ERROR SACK >> 2). ERROR SACK >> So I need to deal with the two cases differently. >> >> > Sorry but I just don't buy that the above are the only 2 cases. What if there are addip chunks as well? What if there are some other extensions also. This code has to be generic enough to handle any condition. > Aha, you are right, this may happens. So I think the general solution is to fix this problem in the enqueue side. What do you think? any better suggestion! Thanks, Xufeng Zhang > - vlad > > >> Thanks, >> Xufeng Zhang >> >>> + packet->size += chunk_len; >>> + chunk->transport = packet->transport; >>> + packet->has_sack = 1; >>> + goto finish; >>> + } >>> + >>> packet->has_sack = 1; >>> break; >>> >>> >>> > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists