1. 06 Feb, 2019 2 commits
    • Xin Long's avatar
      sctp: improve the events for sctp stream reset · 556e554a
      Xin Long authored
      [ Upstream commit 2e6dc4d95110becfe0ff4c3d4749c33ea166e9e7 ]
      
      This patch is to improve sctp stream reset events in 4 places:
      
        1. In sctp_process_strreset_outreq(), the flag should always be set with
           SCTP_STREAM_RESET_INCOMING_SSN instead of OUTGOING, as receiver's in
           stream is reset here.
        2. In sctp_process_strreset_outreq(), move up SCTP_STRRESET_ERR_WRONG_SSN
           check, as the reset has to succeed after reconf_timer stops for the
           in stream reset request retransmission.
        3. In sctp_process_strreset_inreq(), no event should be sent, as no in
           or out stream is reset here.
        4. In sctp_process_strreset_resp(), SCTP_STREAM_RESET_INCOMING_SSN or
           OUTGOING event should always be sent for stream reset requests, no
           matter it fails or succeeds to process the request.
      
      Fixes: 81054476 ("sctp: implement receiver-side procedures for the Outgoing SSN Reset Request Parameter")
      Fixes: 16e1a919 ("sctp: implement receiver-side procedures for the Incoming SSN Reset Request Parameter")
      Fixes: 11ae76e6 ("sctp: implement receiver-side procedures for the Reconf Response Parameter")
      Reported-by: 's avatarYing Xu <yinxu@redhat.com>
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      556e554a
    • Xin Long's avatar
      sctp: improve the events for sctp stream adding · f97e7856
      Xin Long authored
      [ Upstream commit 8220c870cb0f4eaa4e335c9645dbd9a1c461c1dd ]
      
      This patch is to improve sctp stream adding events in 2 places:
      
        1. In sctp_process_strreset_addstrm_out(), move up SCTP_MAX_STREAM
           and in stream allocation failure checks, as the adding has to
           succeed after reconf_timer stops for the in stream adding
           request retransmission.
      
        3. In sctp_process_strreset_addstrm_in(), no event should be sent,
           as no in or out stream is added here.
      
      Fixes: 50a41591 ("sctp: implement receiver-side procedures for the Add Outgoing Streams Request Parameter")
      Fixes: c5c4ebb3 ("sctp: implement receiver-side procedures for the Add Incoming Streams Request Parameter")
      Reported-by: 's avatarYing Xu <yinxu@redhat.com>
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f97e7856
  2. 23 Nov, 2018 1 commit
  3. 03 Feb, 2018 3 commits
  4. 25 Dec, 2017 1 commit
  5. 29 Oct, 2017 1 commit
  6. 01 Jul, 2017 1 commit
  7. 02 Jun, 2017 2 commits
  8. 18 Apr, 2017 3 commits
    • Xin Long's avatar
      sctp: process duplicated strreset asoc request correctly · 6c801387
      Xin Long authored
      This patch is to fix the replay attack issue for strreset asoc requests.
      
      When a duplicated strreset asoc request is received, reply it with bad
      seqno if it's seqno < asoc->strreset_inseq - 2, and reply it with the
      result saved in asoc if it's seqno >= asoc->strreset_inseq - 2.
      
      But note that if the result saved in asoc is performed, the sender's next
      tsn and receiver's next tsn for the response chunk should be set. It's
      safe to get them from asoc. Because if it's changed, which means the peer
      has received the response already, the new response with wrong tsn won't
      be accepted by peer.
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      6c801387
    • Xin Long's avatar
      sctp: process duplicated strreset in and addstrm in requests correctly · d0f025e6
      Xin Long authored
      This patch is to fix the replay attack issue for strreset and addstrm in
      requests.
      
      When a duplicated strreset in or addstrm in request is received, reply it
      with bad seqno if it's seqno < asoc->strreset_inseq - 2, and reply it with
      the result saved in asoc if it's seqno >= asoc->strreset_inseq - 2.
      
      For strreset in or addstrm in request, if the receiver side processes it
      successfully, a strreset out or addstrm out request(as a response for that
      request) will be sent back to peer. reconf_time will retransmit the out
      request even if it's lost.
      
      So when receiving a duplicated strreset in or addstrm in request and it's
      result was performed, it shouldn't reply this request, but drop it instead.
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      d0f025e6
    • Xin Long's avatar
      sctp: process duplicated strreset out and addstrm out requests correctly · e4dc99c7
      Xin Long authored
      Now sctp stream reconf will process a request again even if it's seqno is
      less than asoc->strreset_inseq.
      
      If one request has been done successfully and some data chunks have been
      accepted and then a duplicated strreset out request comes, the streamin's
      ssn will be cleared. It will cause that stream will never receive chunks
      any more because of unsynchronized ssn. It allows a replay attack.
      
      A similar issue also exists when processing addstrm out requests. It will
      cause more extra streams being added.
      
      This patch is to fix it by saving the last 2 results into asoc. When a
      duplicated strreset out or addstrm out request is received, reply it with
      bad seqno if it's seqno < asoc->strreset_inseq - 2, and reply it with the
      result saved in asoc if it's seqno >= asoc->strreset_inseq - 2.
      
      Note that it saves last 2 results instead of only last 1 result, because
      two requests can be sent together in one chunk.
      
      And note that when receiving a duplicated request, the receiver side will
      still reply it even if the peer has received the response. It's safe, As
      the response will be dropped by the peer.
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      e4dc99c7
  9. 17 Apr, 2017 1 commit
  10. 30 Mar, 2017 1 commit
    • Xin Long's avatar
      sctp: alloc stream info when initializing asoc · 3dbcc105
      Xin Long authored
      When sending a msg without asoc established, sctp will send INIT packet
      first and then enqueue chunks.
      
      Before receiving INIT_ACK, stream info is not yet alloced. But enqueuing
      chunks needs to access stream info, like out stream state and out stream
      cnt.
      
      This patch is to fix it by allocing out stream info when initializing an
      asoc, allocing in stream and re-allocing out stream when processing init.
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      3dbcc105
  11. 13 Mar, 2017 4 commits
  12. 19 Feb, 2017 2 commits
  13. 09 Feb, 2017 3 commits
  14. 18 Jan, 2017 1 commit
  15. 07 Jan, 2017 1 commit
    • Xin Long's avatar
      sctp: prepare asoc stream for stream reconf · a8386317
      Xin Long authored
      sctp stream reconf, described in RFC 6525, needs a structure to
      save per stream information in assoc, like stream state.
      
      In the future, sctp stream scheduler also needs it to save some
      stream scheduler params and queues.
      
      This patchset is to prepare the stream array in assoc for stream
      reconf. It defines sctp_stream that includes stream arrays inside
      to replace ssnmap.
      
      Note that we use different structures for IN and OUT streams, as
      the members in per OUT stream will get more and more different
      from per IN stream.
      
      v1->v2:
        - put these patches into a smaller group.
      v2->v3:
        - define sctp_stream to contain stream arrays, and create stream.c
          to put stream-related functions.
        - merge 3 patches into 1, as new sctp_stream has the same name
          with before.
      Signed-off-by: 's avatarXin Long <lucien.xin@gmail.com>
      Reviewed-by: 's avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      a8386317