2008-01-11 14:57:09 +00:00
|
|
|
/* SCTP kernel implementation
|
2005-04-16 22:20:36 +00:00
|
|
|
* (C) Copyright IBM Corp. 2001, 2004
|
|
|
|
|
* Copyright (c) 1999-2000 Cisco, Inc.
|
|
|
|
|
* Copyright (c) 1999-2001 Motorola, Inc.
|
|
|
|
|
* Copyright (c) 2001 Intel Corp.
|
|
|
|
|
* Copyright (c) 2001 La Monte H.P. Yarroll
|
|
|
|
|
*
|
2008-01-11 14:57:09 +00:00
|
|
|
* This file is part of the SCTP kernel implementation
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
|
* This module provides the abstraction for an SCTP association.
|
|
|
|
|
*
|
2008-01-11 14:57:09 +00:00
|
|
|
* This SCTP implementation is free software;
|
2005-04-16 22:20:36 +00:00
|
|
|
* you can redistribute it and/or modify it under the terms of
|
|
|
|
|
* the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
|
* any later version.
|
|
|
|
|
*
|
2008-01-11 14:57:09 +00:00
|
|
|
* This SCTP implementation is distributed in the hope that it
|
2005-04-16 22:20:36 +00:00
|
|
|
* will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
|
|
|
* ************************
|
|
|
|
|
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
|
* See the GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with GNU CC; see the file COPYING. If not, write to
|
|
|
|
|
* the Free Software Foundation, 59 Temple Place - Suite 330,
|
|
|
|
|
* Boston, MA 02111-1307, USA.
|
|
|
|
|
*
|
|
|
|
|
* Please send any bug reports or fixes you make to the
|
|
|
|
|
* email address(es):
|
|
|
|
|
* lksctp developers <lksctp-developers@lists.sourceforge.net>
|
|
|
|
|
*
|
|
|
|
|
* Or submit a bug report through the following website:
|
|
|
|
|
* http://www.sf.net/projects/lksctp
|
|
|
|
|
*
|
|
|
|
|
* Written or modified by:
|
|
|
|
|
* La Monte H.P. Yarroll <piggy@acm.org>
|
|
|
|
|
* Karl Knutson <karl@athena.chicago.il.us>
|
|
|
|
|
* Jon Grimm <jgrimm@us.ibm.com>
|
|
|
|
|
* Xingang Guo <xingang.guo@intel.com>
|
|
|
|
|
* Hui Huang <hui.huang@nokia.com>
|
|
|
|
|
* Sridhar Samudrala <sri@us.ibm.com>
|
|
|
|
|
* Daisy Chang <daisyc@us.ibm.com>
|
|
|
|
|
* Ryan Layer <rmlayer@us.ibm.com>
|
|
|
|
|
* Kevin Gao <kevin.gao@intel.com>
|
|
|
|
|
*
|
|
|
|
|
* Any bugs reported given to us we will try to fix... any fixes shared will
|
|
|
|
|
* be incorporated into the next SCTP release.
|
|
|
|
|
*/
|
|
|
|
|
|
2010-08-24 13:21:08 +00:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/fcntl.h>
|
|
|
|
|
#include <linux/poll.h>
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
|
|
|
|
|
|
#include <linux/slab.h>
|
|
|
|
|
#include <linux/in.h>
|
|
|
|
|
#include <net/ipv6.h>
|
|
|
|
|
#include <net/sctp/sctp.h>
|
|
|
|
|
#include <net/sctp/sm.h>
|
|
|
|
|
|
|
|
|
|
/* Forward declarations for internal functions. */
|
2006-11-22 14:57:56 +00:00
|
|
|
static void sctp_assoc_bh_rcv(struct work_struct *work);
|
2007-12-20 22:11:47 +00:00
|
|
|
static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc);
|
2011-05-24 21:48:02 +00:00
|
|
|
static void sctp_assoc_free_asconf_queue(struct sctp_association *asoc);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* 1st Level Abstractions. */
|
|
|
|
|
|
|
|
|
|
/* Initialize a new association from provided memory. */
|
|
|
|
|
static struct sctp_association *sctp_association_init(struct sctp_association *asoc,
|
|
|
|
|
const struct sctp_endpoint *ep,
|
|
|
|
|
const struct sock *sk,
|
|
|
|
|
sctp_scope_t scope,
|
2005-10-07 06:46:04 +00:00
|
|
|
gfp_t gfp)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2012-08-07 07:29:57 +00:00
|
|
|
struct net *net = sock_net(sk);
|
2005-04-16 22:20:36 +00:00
|
|
|
struct sctp_sock *sp;
|
|
|
|
|
int i;
|
2007-09-17 02:31:35 +00:00
|
|
|
sctp_paramhdr_t *p;
|
|
|
|
|
int err;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Retrieve the SCTP per socket area. */
|
|
|
|
|
sp = sctp_sk((struct sock *)sk);
|
|
|
|
|
|
|
|
|
|
/* Discarding const is appropriate here. */
|
|
|
|
|
asoc->ep = (struct sctp_endpoint *)ep;
|
|
|
|
|
sctp_endpoint_hold(asoc->ep);
|
|
|
|
|
|
|
|
|
|
/* Hold the sock. */
|
|
|
|
|
asoc->base.sk = (struct sock *)sk;
|
|
|
|
|
sock_hold(asoc->base.sk);
|
|
|
|
|
|
|
|
|
|
/* Initialize the common base substructure. */
|
|
|
|
|
asoc->base.type = SCTP_EP_TYPE_ASSOCIATION;
|
|
|
|
|
|
|
|
|
|
/* Initialize the object handling fields. */
|
|
|
|
|
atomic_set(&asoc->base.refcnt, 1);
|
2013-04-15 03:27:18 +00:00
|
|
|
asoc->base.dead = false;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Initialize the bind addr area. */
|
|
|
|
|
sctp_bind_addr_init(&asoc->base.bind_addr, ep->base.bind_addr.port);
|
|
|
|
|
|
|
|
|
|
asoc->state = SCTP_STATE_CLOSED;
|
|
|
|
|
|
|
|
|
|
/* Set these values from the socket values, a conversion between
|
|
|
|
|
* millsecons to seconds/microseconds must also be done.
|
|
|
|
|
*/
|
|
|
|
|
asoc->cookie_life.tv_sec = sp->assocparams.sasoc_cookie_life / 1000;
|
|
|
|
|
asoc->cookie_life.tv_usec = (sp->assocparams.sasoc_cookie_life % 1000)
|
|
|
|
|
* 1000;
|
|
|
|
|
asoc->frag_point = 0;
|
2009-09-04 22:21:00 +00:00
|
|
|
asoc->user_frag = sp->user_frag;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Set the association max_retrans and RTO values from the
|
|
|
|
|
* socket values.
|
|
|
|
|
*/
|
|
|
|
|
asoc->max_retrans = sp->assocparams.sasoc_asocmaxrxt;
|
2012-08-07 07:29:57 +00:00
|
|
|
asoc->pf_retrans = net->sctp.pf_retrans;
|
2012-07-21 07:56:07 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->rto_initial = msecs_to_jiffies(sp->rtoinfo.srto_initial);
|
|
|
|
|
asoc->rto_max = msecs_to_jiffies(sp->rtoinfo.srto_max);
|
|
|
|
|
asoc->rto_min = msecs_to_jiffies(sp->rtoinfo.srto_min);
|
|
|
|
|
|
|
|
|
|
asoc->overall_error_count = 0;
|
|
|
|
|
|
2005-12-22 19:36:46 +00:00
|
|
|
/* Initialize the association's heartbeat interval based on the
|
|
|
|
|
* sock configured value.
|
|
|
|
|
*/
|
|
|
|
|
asoc->hbinterval = msecs_to_jiffies(sp->hbinterval);
|
|
|
|
|
|
|
|
|
|
/* Initialize path max retrans value. */
|
|
|
|
|
asoc->pathmaxrxt = sp->pathmaxrxt;
|
|
|
|
|
|
|
|
|
|
/* Initialize default path MTU. */
|
|
|
|
|
asoc->pathmtu = sp->pathmtu;
|
|
|
|
|
|
|
|
|
|
/* Set association default SACK delay */
|
|
|
|
|
asoc->sackdelay = msecs_to_jiffies(sp->sackdelay);
|
2008-05-09 22:13:26 +00:00
|
|
|
asoc->sackfreq = sp->sackfreq;
|
2005-12-22 19:36:46 +00:00
|
|
|
|
|
|
|
|
/* Set the association default flags controlling
|
|
|
|
|
* Heartbeat, SACK delay, and Path MTU Discovery.
|
|
|
|
|
*/
|
|
|
|
|
asoc->param_flags = sp->param_flags;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Initialize the maximum mumber of new data packets that can be sent
|
|
|
|
|
* in a burst.
|
|
|
|
|
*/
|
2007-03-23 18:34:36 +00:00
|
|
|
asoc->max_burst = sp->max_burst;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2005-11-12 00:06:16 +00:00
|
|
|
/* initialize association timers */
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_NONE] = 0;
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_COOKIE] = asoc->rto_initial;
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_T1_INIT] = asoc->rto_initial;
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_T2_SHUTDOWN] = asoc->rto_initial;
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_T3_RTX] = 0;
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_T4_RTO] = 0;
|
|
|
|
|
|
|
|
|
|
/* sctpimpguide Section 2.12.2
|
|
|
|
|
* If the 'T5-shutdown-guard' timer is used, it SHOULD be set to the
|
|
|
|
|
* recommended value of 5 times 'RTO.Max'.
|
|
|
|
|
*/
|
2007-02-09 14:25:18 +00:00
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD]
|
2005-11-12 00:06:16 +00:00
|
|
|
= 5 * asoc->rto_max;
|
|
|
|
|
|
|
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_HEARTBEAT] = 0;
|
2005-12-22 19:36:46 +00:00
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = asoc->sackdelay;
|
2005-11-12 00:06:16 +00:00
|
|
|
asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] =
|
2012-08-07 07:29:57 +00:00
|
|
|
min_t(unsigned long, sp->autoclose, net->sctp.max_autoclose) * HZ;
|
2007-02-09 14:25:18 +00:00
|
|
|
|
2010-06-11 10:17:00 +00:00
|
|
|
/* Initializes the timers */
|
2008-01-24 05:20:07 +00:00
|
|
|
for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i)
|
|
|
|
|
setup_timer(&asoc->timers[i], sctp_timer_events[i],
|
|
|
|
|
(unsigned long)asoc);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Pull default initialization values from the sock options.
|
|
|
|
|
* Note: This assumes that the values have already been
|
|
|
|
|
* validated in the sock.
|
|
|
|
|
*/
|
|
|
|
|
asoc->c.sinit_max_instreams = sp->initmsg.sinit_max_instreams;
|
|
|
|
|
asoc->c.sinit_num_ostreams = sp->initmsg.sinit_num_ostreams;
|
|
|
|
|
asoc->max_init_attempts = sp->initmsg.sinit_max_attempts;
|
|
|
|
|
|
|
|
|
|
asoc->max_init_timeo =
|
|
|
|
|
msecs_to_jiffies(sp->initmsg.sinit_max_init_timeo);
|
|
|
|
|
|
|
|
|
|
/* Allocate storage for the ssnmap after the inbound and outbound
|
|
|
|
|
* streams have been negotiated during Init.
|
|
|
|
|
*/
|
|
|
|
|
asoc->ssnmap = NULL;
|
|
|
|
|
|
|
|
|
|
/* Set the local window size for receive.
|
|
|
|
|
* This is also the rcvbuf space per association.
|
|
|
|
|
* RFC 6 - A SCTP receiver MUST be able to receive a minimum of
|
|
|
|
|
* 1500 bytes in one SCTP packet.
|
|
|
|
|
*/
|
2005-11-12 00:08:24 +00:00
|
|
|
if ((sk->sk_rcvbuf/2) < SCTP_DEFAULT_MINWINDOW)
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->rwnd = SCTP_DEFAULT_MINWINDOW;
|
|
|
|
|
else
|
2005-11-12 00:08:24 +00:00
|
|
|
asoc->rwnd = sk->sk_rcvbuf/2;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
asoc->a_rwnd = asoc->rwnd;
|
|
|
|
|
|
|
|
|
|
asoc->rwnd_over = 0;
|
2009-09-04 22:20:59 +00:00
|
|
|
asoc->rwnd_press = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Use my own max window until I learn something better. */
|
|
|
|
|
asoc->peer.rwnd = SCTP_DEFAULT_MAXWINDOW;
|
|
|
|
|
|
|
|
|
|
/* Set the sndbuf size for transmit. */
|
|
|
|
|
asoc->sndbuf_used = 0;
|
|
|
|
|
|
2005-11-12 00:08:24 +00:00
|
|
|
/* Initialize the receive memory counter */
|
|
|
|
|
atomic_set(&asoc->rmem_alloc, 0);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
init_waitqueue_head(&asoc->wait);
|
|
|
|
|
|
|
|
|
|
asoc->c.my_vtag = sctp_generate_tag(ep);
|
|
|
|
|
asoc->peer.i.init_tag = 0; /* INIT needs a vtag of 0. */
|
|
|
|
|
asoc->c.peer_vtag = 0;
|
|
|
|
|
asoc->c.my_ttag = 0;
|
|
|
|
|
asoc->c.peer_ttag = 0;
|
|
|
|
|
asoc->c.my_port = ep->base.bind_addr.port;
|
|
|
|
|
|
|
|
|
|
asoc->c.initial_tsn = sctp_generate_tsn(ep);
|
|
|
|
|
|
|
|
|
|
asoc->next_tsn = asoc->c.initial_tsn;
|
|
|
|
|
|
|
|
|
|
asoc->ctsn_ack_point = asoc->next_tsn - 1;
|
|
|
|
|
asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
|
|
|
|
|
asoc->highest_sacked = asoc->ctsn_ack_point;
|
|
|
|
|
asoc->last_cwr_tsn = asoc->ctsn_ack_point;
|
|
|
|
|
asoc->unack_data = 0;
|
|
|
|
|
|
|
|
|
|
/* ADDIP Section 4.1 Asconf Chunk Procedures
|
|
|
|
|
*
|
|
|
|
|
* When an endpoint has an ASCONF signaled change to be sent to the
|
|
|
|
|
* remote endpoint it should do the following:
|
|
|
|
|
* ...
|
|
|
|
|
* A2) a serial number should be assigned to the chunk. The serial
|
|
|
|
|
* number SHOULD be a monotonically increasing number. The serial
|
|
|
|
|
* numbers SHOULD be initialized at the start of the
|
|
|
|
|
* association to the same value as the initial TSN.
|
|
|
|
|
*/
|
|
|
|
|
asoc->addip_serial = asoc->c.initial_tsn;
|
|
|
|
|
|
2005-07-09 04:47:49 +00:00
|
|
|
INIT_LIST_HEAD(&asoc->addip_chunk_list);
|
2007-12-20 22:11:47 +00:00
|
|
|
INIT_LIST_HEAD(&asoc->asconf_ack_list);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Make an empty list of remote transport addresses. */
|
|
|
|
|
INIT_LIST_HEAD(&asoc->peer.transport_addr_list);
|
2005-06-20 20:14:57 +00:00
|
|
|
asoc->peer.transport_count = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* RFC 2960 5.1 Normal Establishment of an Association
|
|
|
|
|
*
|
|
|
|
|
* After the reception of the first data chunk in an
|
|
|
|
|
* association the endpoint must immediately respond with a
|
|
|
|
|
* sack to acknowledge the data chunk. Subsequent
|
|
|
|
|
* acknowledgements should be done as described in Section
|
|
|
|
|
* 6.2.
|
|
|
|
|
*
|
|
|
|
|
* [We implement this by telling a new association that it
|
|
|
|
|
* already received one packet.]
|
|
|
|
|
*/
|
|
|
|
|
asoc->peer.sack_needed = 1;
|
2008-05-09 22:13:26 +00:00
|
|
|
asoc->peer.sack_cnt = 0;
|
2012-06-30 03:04:26 +00:00
|
|
|
asoc->peer.sack_generation = 1;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2007-10-24 21:24:26 +00:00
|
|
|
/* Assume that the peer will tell us if he recognizes ASCONF
|
|
|
|
|
* as part of INIT exchange.
|
|
|
|
|
* The sctp_addip_noauth option is there for backward compatibilty
|
|
|
|
|
* and will revert old behavior.
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
2007-10-24 21:24:23 +00:00
|
|
|
asoc->peer.asconf_capable = 0;
|
2012-08-07 07:29:57 +00:00
|
|
|
if (net->sctp.addip_noauth)
|
2007-10-24 21:24:26 +00:00
|
|
|
asoc->peer.asconf_capable = 1;
|
2011-04-26 11:19:36 +00:00
|
|
|
asoc->asconf_addr_del_pending = NULL;
|
|
|
|
|
asoc->src_out_of_asoc_ok = 0;
|
2011-06-16 08:14:34 +00:00
|
|
|
asoc->new_transport = NULL;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Create an input queue. */
|
|
|
|
|
sctp_inq_init(&asoc->base.inqueue);
|
2006-11-22 14:57:56 +00:00
|
|
|
sctp_inq_set_th_handler(&asoc->base.inqueue, sctp_assoc_bh_rcv);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Create an output queue. */
|
|
|
|
|
sctp_outq_init(asoc, &asoc->outqueue);
|
|
|
|
|
|
|
|
|
|
if (!sctp_ulpq_init(&asoc->ulpq, asoc))
|
|
|
|
|
goto fail_init;
|
|
|
|
|
|
2008-10-08 21:18:39 +00:00
|
|
|
memset(&asoc->peer.tsn_map, 0, sizeof(struct sctp_tsnmap));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
asoc->need_ecne = 0;
|
|
|
|
|
|
|
|
|
|
asoc->assoc_id = 0;
|
|
|
|
|
|
|
|
|
|
/* Assume that peer would support both address types unless we are
|
|
|
|
|
* told otherwise.
|
|
|
|
|
*/
|
|
|
|
|
asoc->peer.ipv4_address = 1;
|
2009-04-07 08:35:11 +00:00
|
|
|
if (asoc->base.sk->sk_family == PF_INET6)
|
|
|
|
|
asoc->peer.ipv6_address = 1;
|
2005-04-16 22:20:36 +00:00
|
|
|
INIT_LIST_HEAD(&asoc->asocs);
|
|
|
|
|
|
|
|
|
|
asoc->autoclose = sp->autoclose;
|
|
|
|
|
|
|
|
|
|
asoc->default_stream = sp->default_stream;
|
|
|
|
|
asoc->default_ppid = sp->default_ppid;
|
|
|
|
|
asoc->default_flags = sp->default_flags;
|
|
|
|
|
asoc->default_context = sp->default_context;
|
|
|
|
|
asoc->default_timetolive = sp->default_timetolive;
|
2006-12-14 00:34:22 +00:00
|
|
|
asoc->default_rcv_context = sp->default_rcv_context;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2012-12-01 04:49:42 +00:00
|
|
|
/* SCTP_GET_ASSOC_STATS COUNTERS */
|
|
|
|
|
memset(&asoc->stats, 0, sizeof(struct sctp_priv_assoc_stats));
|
|
|
|
|
|
2007-09-17 02:31:35 +00:00
|
|
|
/* AUTH related initializations */
|
|
|
|
|
INIT_LIST_HEAD(&asoc->endpoint_shared_keys);
|
|
|
|
|
err = sctp_auth_asoc_copy_shkeys(ep, asoc, gfp);
|
|
|
|
|
if (err)
|
|
|
|
|
goto fail_init;
|
|
|
|
|
|
|
|
|
|
asoc->active_key_id = ep->active_key_id;
|
|
|
|
|
asoc->asoc_shared_key = NULL;
|
|
|
|
|
|
|
|
|
|
asoc->default_hmac_id = 0;
|
|
|
|
|
/* Save the hmacs and chunks list into this association */
|
|
|
|
|
if (ep->auth_hmacs_list)
|
|
|
|
|
memcpy(asoc->c.auth_hmacs, ep->auth_hmacs_list,
|
|
|
|
|
ntohs(ep->auth_hmacs_list->param_hdr.length));
|
|
|
|
|
if (ep->auth_chunk_list)
|
|
|
|
|
memcpy(asoc->c.auth_chunks, ep->auth_chunk_list,
|
|
|
|
|
ntohs(ep->auth_chunk_list->param_hdr.length));
|
|
|
|
|
|
|
|
|
|
/* Get the AUTH random number for this association */
|
|
|
|
|
p = (sctp_paramhdr_t *)asoc->c.auth_random;
|
|
|
|
|
p->type = SCTP_PARAM_RANDOM;
|
|
|
|
|
p->length = htons(sizeof(sctp_paramhdr_t) + SCTP_AUTH_RANDOM_LENGTH);
|
|
|
|
|
get_random_bytes(p+1, SCTP_AUTH_RANDOM_LENGTH);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return asoc;
|
|
|
|
|
|
|
|
|
|
fail_init:
|
|
|
|
|
sctp_endpoint_put(asoc->ep);
|
|
|
|
|
sock_put(asoc->base.sk);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Allocate and initialize a new association */
|
|
|
|
|
struct sctp_association *sctp_association_new(const struct sctp_endpoint *ep,
|
|
|
|
|
const struct sock *sk,
|
2005-07-12 03:57:47 +00:00
|
|
|
sctp_scope_t scope,
|
2005-10-07 06:46:04 +00:00
|
|
|
gfp_t gfp)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
struct sctp_association *asoc;
|
|
|
|
|
|
|
|
|
|
asoc = t_new(struct sctp_association, gfp);
|
|
|
|
|
if (!asoc)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
if (!sctp_association_init(asoc, ep, sk, scope, gfp))
|
|
|
|
|
goto fail_init;
|
|
|
|
|
|
|
|
|
|
SCTP_DBG_OBJCNT_INC(assoc);
|
2005-06-20 20:14:57 +00:00
|
|
|
SCTP_DEBUG_PRINTK("Created asoc %p\n", asoc);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
return asoc;
|
|
|
|
|
|
|
|
|
|
fail_init:
|
|
|
|
|
kfree(asoc);
|
|
|
|
|
fail:
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free this association if possible. There may still be users, so
|
|
|
|
|
* the actual deallocation may be delayed.
|
|
|
|
|
*/
|
|
|
|
|
void sctp_association_free(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
struct sock *sk = asoc->base.sk;
|
|
|
|
|
struct sctp_transport *transport;
|
|
|
|
|
struct list_head *pos, *temp;
|
|
|
|
|
int i;
|
|
|
|
|
|
2006-10-31 02:55:11 +00:00
|
|
|
/* Only real associations count against the endpoint, so
|
|
|
|
|
* don't bother for if this is a temporary association.
|
|
|
|
|
*/
|
sctp: Fix sk_ack_backlog wrap-around problem
[ Upstream commit d3217b15a19a4779c39b212358a5c71d725822ee ]
Consider the scenario:
For a TCP-style socket, while processing the COOKIE_ECHO chunk in
sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check,
a new association would be created in sctp_unpack_cookie(), but afterwards,
some processing maybe failed, and sctp_association_free() will be called to
free the previously allocated association, in sctp_association_free(),
sk_ack_backlog value is decremented for this socket, since the initial
value for sk_ack_backlog is 0, after the decrement, it will be 65535,
a wrap-around problem happens, and if we want to establish new associations
afterward in the same socket, ABORT would be triggered since sctp deem the
accept queue as full.
Fix this issue by only decrementing sk_ack_backlog for associations in
the endpoint's list.
Fix-suggested-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-06-12 02:53:36 +00:00
|
|
|
if (!list_empty(&asoc->asocs)) {
|
2006-10-31 02:55:11 +00:00
|
|
|
list_del(&asoc->asocs);
|
|
|
|
|
|
|
|
|
|
/* Decrement the backlog value for a TCP-style listening
|
|
|
|
|
* socket.
|
|
|
|
|
*/
|
|
|
|
|
if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))
|
|
|
|
|
sk->sk_ack_backlog--;
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Mark as dead, so other users can know this structure is
|
|
|
|
|
* going away.
|
|
|
|
|
*/
|
2013-04-15 03:27:18 +00:00
|
|
|
asoc->base.dead = true;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Dispose of any data lying around in the outqueue. */
|
|
|
|
|
sctp_outq_free(&asoc->outqueue);
|
|
|
|
|
|
|
|
|
|
/* Dispose of any pending messages for the upper layer. */
|
|
|
|
|
sctp_ulpq_free(&asoc->ulpq);
|
|
|
|
|
|
|
|
|
|
/* Dispose of any pending chunks on the inqueue. */
|
|
|
|
|
sctp_inq_free(&asoc->base.inqueue);
|
|
|
|
|
|
2008-10-08 21:18:39 +00:00
|
|
|
sctp_tsnmap_free(&asoc->peer.tsn_map);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Free ssnmap storage. */
|
|
|
|
|
sctp_ssnmap_free(asoc->ssnmap);
|
|
|
|
|
|
|
|
|
|
/* Clean up the bound address list. */
|
|
|
|
|
sctp_bind_addr_free(&asoc->base.bind_addr);
|
|
|
|
|
|
|
|
|
|
/* Do we need to go through all of our timers and
|
|
|
|
|
* delete them? To be safe we will try to delete all, but we
|
|
|
|
|
* should be able to go through and make a guess based
|
|
|
|
|
* on our state.
|
|
|
|
|
*/
|
|
|
|
|
for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) {
|
2013-02-03 20:32:57 +00:00
|
|
|
if (del_timer(&asoc->timers[i]))
|
2005-04-16 22:20:36 +00:00
|
|
|
sctp_association_put(asoc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Free peer's cached cookie. */
|
2005-11-08 17:41:34 +00:00
|
|
|
kfree(asoc->peer.cookie);
|
2007-09-17 02:32:11 +00:00
|
|
|
kfree(asoc->peer.peer_random);
|
|
|
|
|
kfree(asoc->peer.peer_chunks);
|
|
|
|
|
kfree(asoc->peer.peer_hmacs);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Release the transport structures. */
|
|
|
|
|
list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
|
|
|
|
|
transport = list_entry(pos, struct sctp_transport, transports);
|
2012-12-06 09:25:05 +00:00
|
|
|
list_del_rcu(pos);
|
2005-04-16 22:20:36 +00:00
|
|
|
sctp_transport_free(transport);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-20 20:14:57 +00:00
|
|
|
asoc->peer.transport_count = 0;
|
|
|
|
|
|
2011-05-29 23:23:36 +00:00
|
|
|
sctp_asconf_queue_teardown(asoc);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2011-04-26 11:19:36 +00:00
|
|
|
/* Free pending address space being deleted */
|
|
|
|
|
if (asoc->asconf_addr_del_pending != NULL)
|
|
|
|
|
kfree(asoc->asconf_addr_del_pending);
|
|
|
|
|
|
2007-09-17 02:31:35 +00:00
|
|
|
/* AUTH - Free the endpoint shared keys */
|
|
|
|
|
sctp_auth_destroy_keys(&asoc->endpoint_shared_keys);
|
|
|
|
|
|
|
|
|
|
/* AUTH - Free the association shared key */
|
|
|
|
|
sctp_auth_key_put(asoc->asoc_shared_key);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
sctp_association_put(asoc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Cleanup and free up an association. */
|
|
|
|
|
static void sctp_association_destroy(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
SCTP_ASSERT(asoc->base.dead, "Assoc is not dead", return);
|
|
|
|
|
|
|
|
|
|
sctp_endpoint_put(asoc->ep);
|
|
|
|
|
sock_put(asoc->base.sk);
|
|
|
|
|
|
|
|
|
|
if (asoc->assoc_id != 0) {
|
|
|
|
|
spin_lock_bh(&sctp_assocs_id_lock);
|
|
|
|
|
idr_remove(&sctp_assocs_id, asoc->assoc_id);
|
|
|
|
|
spin_unlock_bh(&sctp_assocs_id_lock);
|
|
|
|
|
}
|
|
|
|
|
|
2008-07-26 04:43:18 +00:00
|
|
|
WARN_ON(atomic_read(&asoc->rmem_alloc));
|
2005-11-12 00:08:24 +00:00
|
|
|
|
2013-04-15 03:27:17 +00:00
|
|
|
kfree(asoc);
|
|
|
|
|
SCTP_DBG_OBJCNT_DEC(assoc);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Change the primary destination address for the peer. */
|
|
|
|
|
void sctp_assoc_set_primary(struct sctp_association *asoc,
|
|
|
|
|
struct sctp_transport *transport)
|
|
|
|
|
{
|
2008-06-17 00:00:29 +00:00
|
|
|
int changeover = 0;
|
|
|
|
|
|
|
|
|
|
/* it's a changeover only if we already have a primary path
|
|
|
|
|
* that we are changing
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->peer.primary_path != NULL &&
|
|
|
|
|
asoc->peer.primary_path != transport)
|
|
|
|
|
changeover = 1 ;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->peer.primary_path = transport;
|
|
|
|
|
|
|
|
|
|
/* Set a default msg_name for events. */
|
|
|
|
|
memcpy(&asoc->peer.primary_addr, &transport->ipaddr,
|
|
|
|
|
sizeof(union sctp_addr));
|
|
|
|
|
|
|
|
|
|
/* If the primary path is changing, assume that the
|
|
|
|
|
* user wants to use this new path.
|
|
|
|
|
*/
|
2006-07-21 21:48:50 +00:00
|
|
|
if ((transport->state == SCTP_ACTIVE) ||
|
|
|
|
|
(transport->state == SCTP_UNKNOWN))
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->peer.active_path = transport;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* SFR-CACC algorithm:
|
|
|
|
|
* Upon the receipt of a request to change the primary
|
|
|
|
|
* destination address, on the data structure for the new
|
|
|
|
|
* primary destination, the sender MUST do the following:
|
|
|
|
|
*
|
|
|
|
|
* 1) If CHANGEOVER_ACTIVE is set, then there was a switch
|
|
|
|
|
* to this destination address earlier. The sender MUST set
|
|
|
|
|
* CYCLING_CHANGEOVER to indicate that this switch is a
|
|
|
|
|
* double switch to the same destination address.
|
2009-11-23 20:53:57 +00:00
|
|
|
*
|
|
|
|
|
* Really, only bother is we have data queued or outstanding on
|
|
|
|
|
* the association.
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
2009-11-23 20:53:57 +00:00
|
|
|
if (!asoc->outqueue.outstanding_bytes && !asoc->outqueue.out_qlen)
|
|
|
|
|
return;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (transport->cacc.changeover_active)
|
2008-06-17 00:00:29 +00:00
|
|
|
transport->cacc.cycling_changeover = changeover;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* 2) The sender MUST set CHANGEOVER_ACTIVE to indicate that
|
|
|
|
|
* a changeover has occurred.
|
|
|
|
|
*/
|
2008-06-17 00:00:29 +00:00
|
|
|
transport->cacc.changeover_active = changeover;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* 3) The sender MUST store the next TSN to be sent in
|
|
|
|
|
* next_tsn_at_change.
|
|
|
|
|
*/
|
|
|
|
|
transport->cacc.next_tsn_at_change = asoc->next_tsn;
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-20 20:14:57 +00:00
|
|
|
/* Remove a transport from an association. */
|
|
|
|
|
void sctp_assoc_rm_peer(struct sctp_association *asoc,
|
|
|
|
|
struct sctp_transport *peer)
|
|
|
|
|
{
|
|
|
|
|
struct list_head *pos;
|
|
|
|
|
struct sctp_transport *transport;
|
|
|
|
|
|
|
|
|
|
SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_rm_peer:association %p addr: ",
|
|
|
|
|
" port: %d\n",
|
|
|
|
|
asoc,
|
|
|
|
|
(&peer->ipaddr),
|
2006-11-21 01:22:43 +00:00
|
|
|
ntohs(peer->ipaddr.v4.sin_port));
|
2005-06-20 20:14:57 +00:00
|
|
|
|
|
|
|
|
/* If we are to remove the current retran_path, update it
|
|
|
|
|
* to the next peer before removing this peer from the list.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->peer.retran_path == peer)
|
|
|
|
|
sctp_assoc_update_retran_path(asoc);
|
|
|
|
|
|
|
|
|
|
/* Remove this peer from the list. */
|
2012-12-06 09:25:05 +00:00
|
|
|
list_del_rcu(&peer->transports);
|
2005-06-20 20:14:57 +00:00
|
|
|
|
|
|
|
|
/* Get the first transport of asoc. */
|
|
|
|
|
pos = asoc->peer.transport_addr_list.next;
|
|
|
|
|
transport = list_entry(pos, struct sctp_transport, transports);
|
|
|
|
|
|
|
|
|
|
/* Update any entries that match the peer to be deleted. */
|
|
|
|
|
if (asoc->peer.primary_path == peer)
|
|
|
|
|
sctp_assoc_set_primary(asoc, transport);
|
|
|
|
|
if (asoc->peer.active_path == peer)
|
|
|
|
|
asoc->peer.active_path = transport;
|
2011-04-12 15:22:22 +00:00
|
|
|
if (asoc->peer.retran_path == peer)
|
|
|
|
|
asoc->peer.retran_path = transport;
|
2005-06-20 20:14:57 +00:00
|
|
|
if (asoc->peer.last_data_from == peer)
|
|
|
|
|
asoc->peer.last_data_from = transport;
|
|
|
|
|
|
|
|
|
|
/* If we remove the transport an INIT was last sent to, set it to
|
|
|
|
|
* NULL. Combined with the update of the retran path above, this
|
|
|
|
|
* will cause the next INIT to be sent to the next available
|
|
|
|
|
* transport, maintaining the cycle.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->init_last_sent_to == peer)
|
|
|
|
|
asoc->init_last_sent_to = NULL;
|
|
|
|
|
|
2009-04-26 15:13:35 +00:00
|
|
|
/* If we remove the transport an SHUTDOWN was last sent to, set it
|
|
|
|
|
* to NULL. Combined with the update of the retran path above, this
|
|
|
|
|
* will cause the next SHUTDOWN to be sent to the next available
|
|
|
|
|
* transport, maintaining the cycle.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->shutdown_last_sent_to == peer)
|
|
|
|
|
asoc->shutdown_last_sent_to = NULL;
|
|
|
|
|
|
2009-04-26 15:14:42 +00:00
|
|
|
/* If we remove the transport an ASCONF was last sent to, set it to
|
|
|
|
|
* NULL.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->addip_last_asconf &&
|
|
|
|
|
asoc->addip_last_asconf->transport == peer)
|
|
|
|
|
asoc->addip_last_asconf->transport = NULL;
|
|
|
|
|
|
2009-09-04 22:21:00 +00:00
|
|
|
/* If we have something on the transmitted list, we have to
|
|
|
|
|
* save it off. The best place is the active path.
|
|
|
|
|
*/
|
|
|
|
|
if (!list_empty(&peer->transmitted)) {
|
|
|
|
|
struct sctp_transport *active = asoc->peer.active_path;
|
|
|
|
|
struct sctp_chunk *ch;
|
|
|
|
|
|
|
|
|
|
/* Reset the transport of each chunk on this list */
|
|
|
|
|
list_for_each_entry(ch, &peer->transmitted,
|
|
|
|
|
transmitted_list) {
|
|
|
|
|
ch->transport = NULL;
|
|
|
|
|
ch->rtt_in_progress = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
list_splice_tail_init(&peer->transmitted,
|
|
|
|
|
&active->transmitted);
|
|
|
|
|
|
|
|
|
|
/* Start a T3 timer here in case it wasn't running so
|
|
|
|
|
* that these migrated packets have a chance to get
|
|
|
|
|
* retrnasmitted.
|
|
|
|
|
*/
|
|
|
|
|
if (!timer_pending(&active->T3_rtx_timer))
|
|
|
|
|
if (!mod_timer(&active->T3_rtx_timer,
|
|
|
|
|
jiffies + active->rto))
|
|
|
|
|
sctp_transport_hold(active);
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-20 20:14:57 +00:00
|
|
|
asoc->peer.transport_count--;
|
|
|
|
|
|
|
|
|
|
sctp_transport_free(peer);
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Add a transport address to an association. */
|
|
|
|
|
struct sctp_transport *sctp_assoc_add_peer(struct sctp_association *asoc,
|
|
|
|
|
const union sctp_addr *addr,
|
2005-10-07 06:46:04 +00:00
|
|
|
const gfp_t gfp,
|
2005-06-20 20:14:57 +00:00
|
|
|
const int peer_state)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2012-08-07 07:26:14 +00:00
|
|
|
struct net *net = sock_net(asoc->base.sk);
|
2005-04-16 22:20:36 +00:00
|
|
|
struct sctp_transport *peer;
|
|
|
|
|
struct sctp_sock *sp;
|
|
|
|
|
unsigned short port;
|
|
|
|
|
|
|
|
|
|
sp = sctp_sk(asoc->base.sk);
|
|
|
|
|
|
|
|
|
|
/* AF_INET and AF_INET6 share common port field. */
|
2006-11-21 01:10:20 +00:00
|
|
|
port = ntohs(addr->v4.sin_port);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2005-06-20 20:14:57 +00:00
|
|
|
SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_add_peer:association %p addr: ",
|
2006-07-21 21:48:50 +00:00
|
|
|
" port: %d state:%d\n",
|
2005-06-20 20:14:57 +00:00
|
|
|
asoc,
|
|
|
|
|
addr,
|
2006-11-21 01:10:20 +00:00
|
|
|
port,
|
2006-07-21 21:48:50 +00:00
|
|
|
peer_state);
|
2005-06-20 20:14:57 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Set the port if it has not been set yet. */
|
|
|
|
|
if (0 == asoc->peer.port)
|
|
|
|
|
asoc->peer.port = port;
|
|
|
|
|
|
|
|
|
|
/* Check to see if this is a duplicate. */
|
|
|
|
|
peer = sctp_assoc_lookup_paddr(asoc, addr);
|
2005-06-20 20:14:57 +00:00
|
|
|
if (peer) {
|
2008-09-18 23:28:27 +00:00
|
|
|
/* An UNKNOWN state is only set on transports added by
|
|
|
|
|
* user in sctp_connectx() call. Such transports should be
|
|
|
|
|
* considered CONFIRMED per RFC 4960, Section 5.4.
|
|
|
|
|
*/
|
2006-07-21 21:48:50 +00:00
|
|
|
if (peer->state == SCTP_UNKNOWN) {
|
2008-09-18 23:28:27 +00:00
|
|
|
peer->state = SCTP_ACTIVE;
|
2006-07-21 21:48:50 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
return peer;
|
2005-06-20 20:14:57 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2012-08-07 07:26:14 +00:00
|
|
|
peer = sctp_transport_new(net, addr, gfp);
|
2005-04-16 22:20:36 +00:00
|
|
|
if (!peer)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
sctp_transport_set_owner(peer, asoc);
|
|
|
|
|
|
2005-12-22 19:36:46 +00:00
|
|
|
/* Initialize the peer's heartbeat interval based on the
|
|
|
|
|
* association configured value.
|
|
|
|
|
*/
|
|
|
|
|
peer->hbinterval = asoc->hbinterval;
|
|
|
|
|
|
|
|
|
|
/* Set the path max_retrans. */
|
|
|
|
|
peer->pathmaxrxt = asoc->pathmaxrxt;
|
|
|
|
|
|
2012-07-21 07:56:07 +00:00
|
|
|
/* And the partial failure retrnas threshold */
|
|
|
|
|
peer->pf_retrans = asoc->pf_retrans;
|
|
|
|
|
|
2005-12-22 19:36:46 +00:00
|
|
|
/* Initialize the peer's SACK delay timeout based on the
|
|
|
|
|
* association configured value.
|
|
|
|
|
*/
|
|
|
|
|
peer->sackdelay = asoc->sackdelay;
|
2008-05-09 22:13:26 +00:00
|
|
|
peer->sackfreq = asoc->sackfreq;
|
2005-12-22 19:36:46 +00:00
|
|
|
|
|
|
|
|
/* Enable/disable heartbeat, SACK delay, and path MTU discovery
|
|
|
|
|
* based on association setting.
|
|
|
|
|
*/
|
|
|
|
|
peer->param_flags = asoc->param_flags;
|
|
|
|
|
|
2009-09-04 22:21:01 +00:00
|
|
|
sctp_transport_route(peer, NULL, sp);
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Initialize the pmtu of the transport. */
|
2009-09-04 22:21:01 +00:00
|
|
|
if (peer->param_flags & SPP_PMTUD_DISABLE) {
|
|
|
|
|
if (asoc->pathmtu)
|
|
|
|
|
peer->pathmtu = asoc->pathmtu;
|
|
|
|
|
else
|
|
|
|
|
peer->pathmtu = SCTP_DEFAULT_MAXSEGMENT;
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* If this is the first transport addr on this association,
|
|
|
|
|
* initialize the association PMTU to the peer's PMTU.
|
|
|
|
|
* If not and the current association PMTU is higher than the new
|
|
|
|
|
* peer's PMTU, reset the association PMTU to the new peer's PMTU.
|
|
|
|
|
*/
|
2005-12-22 19:36:46 +00:00
|
|
|
if (asoc->pathmtu)
|
|
|
|
|
asoc->pathmtu = min_t(int, peer->pathmtu, asoc->pathmtu);
|
2005-04-16 22:20:36 +00:00
|
|
|
else
|
2005-12-22 19:36:46 +00:00
|
|
|
asoc->pathmtu = peer->pathmtu;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
SCTP_DEBUG_PRINTK("sctp_assoc_add_peer:association %p PMTU set to "
|
2005-12-22 19:36:46 +00:00
|
|
|
"%d\n", asoc, asoc->pathmtu);
|
2008-07-19 06:04:39 +00:00
|
|
|
peer->pmtu_pending = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2009-09-04 22:21:00 +00:00
|
|
|
asoc->frag_point = sctp_frag_point(asoc, asoc->pathmtu);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* The asoc->peer.port might not be meaningful yet, but
|
|
|
|
|
* initialize the packet structure anyway.
|
|
|
|
|
*/
|
|
|
|
|
sctp_packet_init(&peer->packet, peer, asoc->base.bind_addr.port,
|
|
|
|
|
asoc->peer.port);
|
|
|
|
|
|
|
|
|
|
/* 7.2.1 Slow-Start
|
|
|
|
|
*
|
|
|
|
|
* o The initial cwnd before DATA transmission or after a sufficiently
|
|
|
|
|
* long idle period MUST be set to
|
|
|
|
|
* min(4*MTU, max(2*MTU, 4380 bytes))
|
|
|
|
|
*
|
|
|
|
|
* o The initial value of ssthresh MAY be arbitrarily high
|
|
|
|
|
* (for example, implementations MAY use the size of the
|
|
|
|
|
* receiver advertised window).
|
|
|
|
|
*/
|
2005-12-22 19:36:46 +00:00
|
|
|
peer->cwnd = min(4*asoc->pathmtu, max_t(__u32, 2*asoc->pathmtu, 4380));
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* At this point, we may not have the receiver's advertised window,
|
|
|
|
|
* so initialize ssthresh to the default value and it will be set
|
|
|
|
|
* later when we process the INIT.
|
|
|
|
|
*/
|
|
|
|
|
peer->ssthresh = SCTP_DEFAULT_MAXWINDOW;
|
|
|
|
|
|
|
|
|
|
peer->partial_bytes_acked = 0;
|
|
|
|
|
peer->flight_size = 0;
|
2009-11-23 20:54:00 +00:00
|
|
|
peer->burst_limited = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Set the transport's RTO.initial value */
|
|
|
|
|
peer->rto = asoc->rto_initial;
|
2012-12-01 04:49:42 +00:00
|
|
|
sctp_max_rto(asoc, peer);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2005-06-20 20:14:57 +00:00
|
|
|
/* Set the peer's active state. */
|
|
|
|
|
peer->state = peer_state;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Attach the remote transport to our asoc. */
|
2012-12-06 09:25:05 +00:00
|
|
|
list_add_tail_rcu(&peer->transports, &asoc->peer.transport_addr_list);
|
2005-06-20 20:14:57 +00:00
|
|
|
asoc->peer.transport_count++;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* If we do not yet have a primary path, set one. */
|
|
|
|
|
if (!asoc->peer.primary_path) {
|
|
|
|
|
sctp_assoc_set_primary(asoc, peer);
|
|
|
|
|
asoc->peer.retran_path = peer;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-01 02:39:26 +00:00
|
|
|
if (asoc->peer.active_path == asoc->peer.retran_path &&
|
|
|
|
|
peer->state != SCTP_UNCONFIRMED) {
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->peer.retran_path = peer;
|
2005-06-20 20:14:57 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
return peer;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Delete a transport address from an association. */
|
|
|
|
|
void sctp_assoc_del_peer(struct sctp_association *asoc,
|
|
|
|
|
const union sctp_addr *addr)
|
|
|
|
|
{
|
|
|
|
|
struct list_head *pos;
|
|
|
|
|
struct list_head *temp;
|
|
|
|
|
struct sctp_transport *transport;
|
|
|
|
|
|
|
|
|
|
list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
|
|
|
|
|
transport = list_entry(pos, struct sctp_transport, transports);
|
|
|
|
|
if (sctp_cmp_addr_exact(addr, &transport->ipaddr)) {
|
2005-06-20 20:14:57 +00:00
|
|
|
/* Do book keeping for removing the peer and free it. */
|
|
|
|
|
sctp_assoc_rm_peer(asoc, transport);
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Lookup a transport by address. */
|
|
|
|
|
struct sctp_transport *sctp_assoc_lookup_paddr(
|
|
|
|
|
const struct sctp_association *asoc,
|
|
|
|
|
const union sctp_addr *address)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *t;
|
|
|
|
|
|
|
|
|
|
/* Cycle through all transports searching for a peer address. */
|
|
|
|
|
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(t, &asoc->peer.transport_addr_list,
|
|
|
|
|
transports) {
|
2005-04-16 22:20:36 +00:00
|
|
|
if (sctp_cmp_addr_exact(address, &t->ipaddr))
|
|
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-20 22:08:56 +00:00
|
|
|
/* Remove all transports except a give one */
|
|
|
|
|
void sctp_assoc_del_nonprimary_peers(struct sctp_association *asoc,
|
|
|
|
|
struct sctp_transport *primary)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *temp;
|
|
|
|
|
struct sctp_transport *t;
|
|
|
|
|
|
|
|
|
|
list_for_each_entry_safe(t, temp, &asoc->peer.transport_addr_list,
|
|
|
|
|
transports) {
|
|
|
|
|
/* if the current transport is not the primary one, delete it */
|
|
|
|
|
if (t != primary)
|
|
|
|
|
sctp_assoc_rm_peer(asoc, t);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Engage in transport control operations.
|
|
|
|
|
* Mark the transport up or down and send a notification to the user.
|
|
|
|
|
* Select and update the new active and retran paths.
|
|
|
|
|
*/
|
|
|
|
|
void sctp_assoc_control_transport(struct sctp_association *asoc,
|
|
|
|
|
struct sctp_transport *transport,
|
|
|
|
|
sctp_transport_cmd_t command,
|
|
|
|
|
sctp_sn_error_t error)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *t = NULL;
|
|
|
|
|
struct sctp_transport *first;
|
|
|
|
|
struct sctp_transport *second;
|
|
|
|
|
struct sctp_ulpevent *event;
|
2006-11-21 01:03:01 +00:00
|
|
|
struct sockaddr_storage addr;
|
2005-04-16 22:20:36 +00:00
|
|
|
int spc_state = 0;
|
2012-07-21 07:56:07 +00:00
|
|
|
bool ulp_notify = true;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Record the transition on the transport. */
|
|
|
|
|
switch (command) {
|
|
|
|
|
case SCTP_TRANSPORT_UP:
|
2007-03-23 18:32:26 +00:00
|
|
|
/* If we are moving from UNCONFIRMED state due
|
|
|
|
|
* to heartbeat success, report the SCTP_ADDR_CONFIRMED
|
|
|
|
|
* state to the user, otherwise report SCTP_ADDR_AVAILABLE.
|
|
|
|
|
*/
|
|
|
|
|
if (SCTP_UNCONFIRMED == transport->state &&
|
|
|
|
|
SCTP_HEARTBEAT_SUCCESS == error)
|
|
|
|
|
spc_state = SCTP_ADDR_CONFIRMED;
|
|
|
|
|
else
|
|
|
|
|
spc_state = SCTP_ADDR_AVAILABLE;
|
2012-07-21 07:56:07 +00:00
|
|
|
/* Don't inform ULP about transition from PF to
|
|
|
|
|
* active state and set cwnd to 1, see SCTP
|
|
|
|
|
* Quick failover draft section 5.1, point 5
|
|
|
|
|
*/
|
|
|
|
|
if (transport->state == SCTP_PF) {
|
|
|
|
|
ulp_notify = false;
|
|
|
|
|
transport->cwnd = 1;
|
|
|
|
|
}
|
2005-06-20 20:14:57 +00:00
|
|
|
transport->state = SCTP_ACTIVE;
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SCTP_TRANSPORT_DOWN:
|
2009-06-23 15:28:05 +00:00
|
|
|
/* If the transport was never confirmed, do not transition it
|
|
|
|
|
* to inactive state. Also, release the cached route since
|
|
|
|
|
* there may be a better route next time.
|
2007-08-24 10:30:25 +00:00
|
|
|
*/
|
|
|
|
|
if (transport->state != SCTP_UNCONFIRMED)
|
|
|
|
|
transport->state = SCTP_INACTIVE;
|
2009-06-23 15:28:05 +00:00
|
|
|
else {
|
|
|
|
|
dst_release(transport->dst);
|
|
|
|
|
transport->dst = NULL;
|
|
|
|
|
}
|
2007-08-24 10:30:25 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
spc_state = SCTP_ADDR_UNREACHABLE;
|
|
|
|
|
break;
|
|
|
|
|
|
2012-07-21 07:56:07 +00:00
|
|
|
case SCTP_TRANSPORT_PF:
|
|
|
|
|
transport->state = SCTP_PF;
|
|
|
|
|
ulp_notify = false;
|
|
|
|
|
break;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
default:
|
|
|
|
|
return;
|
2007-04-21 00:09:22 +00:00
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Generate and send a SCTP_PEER_ADDR_CHANGE notification to the
|
|
|
|
|
* user.
|
|
|
|
|
*/
|
2012-07-21 07:56:07 +00:00
|
|
|
if (ulp_notify) {
|
|
|
|
|
memset(&addr, 0, sizeof(struct sockaddr_storage));
|
|
|
|
|
memcpy(&addr, &transport->ipaddr,
|
|
|
|
|
transport->af_specific->sockaddr_len);
|
|
|
|
|
event = sctp_ulpevent_make_peer_addr_change(asoc, &addr,
|
|
|
|
|
0, spc_state, error, GFP_ATOMIC);
|
|
|
|
|
if (event)
|
|
|
|
|
sctp_ulpq_tail_event(&asoc->ulpq, event);
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Select new active and retran paths. */
|
|
|
|
|
|
|
|
|
|
/* Look for the two most recently used active transports.
|
|
|
|
|
*
|
|
|
|
|
* This code produces the wrong ordering whenever jiffies
|
|
|
|
|
* rolls over, but we still get usable transports, so we don't
|
|
|
|
|
* worry about it.
|
|
|
|
|
*/
|
|
|
|
|
first = NULL; second = NULL;
|
|
|
|
|
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(t, &asoc->peer.transport_addr_list,
|
|
|
|
|
transports) {
|
2005-04-16 22:20:36 +00:00
|
|
|
|
2006-07-21 21:48:50 +00:00
|
|
|
if ((t->state == SCTP_INACTIVE) ||
|
2012-07-21 07:56:07 +00:00
|
|
|
(t->state == SCTP_UNCONFIRMED) ||
|
|
|
|
|
(t->state == SCTP_PF))
|
2005-04-16 22:20:36 +00:00
|
|
|
continue;
|
|
|
|
|
if (!first || t->last_time_heard > first->last_time_heard) {
|
|
|
|
|
second = first;
|
|
|
|
|
first = t;
|
|
|
|
|
}
|
|
|
|
|
if (!second || t->last_time_heard > second->last_time_heard)
|
|
|
|
|
second = t;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* RFC 2960 6.4 Multi-Homed SCTP Endpoints
|
|
|
|
|
*
|
|
|
|
|
* By default, an endpoint should always transmit to the
|
|
|
|
|
* primary path, unless the SCTP user explicitly specifies the
|
|
|
|
|
* destination transport address (and possibly source
|
|
|
|
|
* transport address) to use.
|
|
|
|
|
*
|
|
|
|
|
* [If the primary is active but not most recent, bump the most
|
|
|
|
|
* recently used transport.]
|
|
|
|
|
*/
|
2006-07-21 21:48:50 +00:00
|
|
|
if (((asoc->peer.primary_path->state == SCTP_ACTIVE) ||
|
|
|
|
|
(asoc->peer.primary_path->state == SCTP_UNKNOWN)) &&
|
2005-04-16 22:20:36 +00:00
|
|
|
first != asoc->peer.primary_path) {
|
|
|
|
|
second = first;
|
|
|
|
|
first = asoc->peer.primary_path;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If we failed to find a usable transport, just camp on the
|
|
|
|
|
* primary, even if it is inactive.
|
|
|
|
|
*/
|
|
|
|
|
if (!first) {
|
|
|
|
|
first = asoc->peer.primary_path;
|
|
|
|
|
second = asoc->peer.primary_path;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Set the active and retran transports. */
|
|
|
|
|
asoc->peer.active_path = first;
|
|
|
|
|
asoc->peer.retran_path = second;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Hold a reference to an association. */
|
|
|
|
|
void sctp_association_hold(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
atomic_inc(&asoc->base.refcnt);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Release a reference to an association and cleanup
|
|
|
|
|
* if there are no more references.
|
|
|
|
|
*/
|
|
|
|
|
void sctp_association_put(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
if (atomic_dec_and_test(&asoc->base.refcnt))
|
|
|
|
|
sctp_association_destroy(asoc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Allocate the next TSN, Transmission Sequence Number, for the given
|
|
|
|
|
* association.
|
|
|
|
|
*/
|
|
|
|
|
__u32 sctp_association_get_next_tsn(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
/* From Section 1.6 Serial Number Arithmetic:
|
|
|
|
|
* Transmission Sequence Numbers wrap around when they reach
|
|
|
|
|
* 2**32 - 1. That is, the next TSN a DATA chunk MUST use
|
|
|
|
|
* after transmitting TSN = 2*32 - 1 is TSN = 0.
|
|
|
|
|
*/
|
|
|
|
|
__u32 retval = asoc->next_tsn;
|
|
|
|
|
asoc->next_tsn++;
|
|
|
|
|
asoc->unack_data++;
|
|
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Compare two addresses to see if they match. Wildcard addresses
|
|
|
|
|
* only match themselves.
|
|
|
|
|
*/
|
|
|
|
|
int sctp_cmp_addr_exact(const union sctp_addr *ss1,
|
|
|
|
|
const union sctp_addr *ss2)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_af *af;
|
|
|
|
|
|
|
|
|
|
af = sctp_get_af_specific(ss1->sa.sa_family);
|
|
|
|
|
if (unlikely(!af))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
return af->cmp_addr(ss1, ss2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Return an ecne chunk to get prepended to a packet.
|
|
|
|
|
* Note: We are sly and return a shared, prealloced chunk. FIXME:
|
|
|
|
|
* No we don't, but we could/should.
|
|
|
|
|
*/
|
|
|
|
|
struct sctp_chunk *sctp_get_ecne_prepend(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_chunk *chunk;
|
|
|
|
|
|
|
|
|
|
/* Send ECNE if needed.
|
|
|
|
|
* Not being able to allocate a chunk here is not deadly.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->need_ecne)
|
|
|
|
|
chunk = sctp_make_ecne(asoc, asoc->last_ecne_tsn);
|
|
|
|
|
else
|
|
|
|
|
chunk = NULL;
|
|
|
|
|
|
|
|
|
|
return chunk;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Find which transport this TSN was sent on.
|
|
|
|
|
*/
|
|
|
|
|
struct sctp_transport *sctp_assoc_lookup_tsn(struct sctp_association *asoc,
|
|
|
|
|
__u32 tsn)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *active;
|
|
|
|
|
struct sctp_transport *match;
|
|
|
|
|
struct sctp_transport *transport;
|
|
|
|
|
struct sctp_chunk *chunk;
|
2006-11-21 01:01:42 +00:00
|
|
|
__be32 key = htonl(tsn);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
match = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* FIXME: In general, find a more efficient data structure for
|
|
|
|
|
* searching.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The general strategy is to search each transport's transmitted
|
|
|
|
|
* list. Return which transport this TSN lives on.
|
|
|
|
|
*
|
|
|
|
|
* Let's be hopeful and check the active_path first.
|
|
|
|
|
* Another optimization would be to know if there is only one
|
|
|
|
|
* outbound path and not have to look for the TSN at all.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
active = asoc->peer.active_path;
|
|
|
|
|
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(chunk, &active->transmitted,
|
|
|
|
|
transmitted_list) {
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (key == chunk->subh.data_hdr->tsn) {
|
|
|
|
|
match = active;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If not found, go search all the other transports. */
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(transport, &asoc->peer.transport_addr_list,
|
|
|
|
|
transports) {
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (transport == active)
|
2013-03-07 21:39:37 +00:00
|
|
|
continue;
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(chunk, &transport->transmitted,
|
|
|
|
|
transmitted_list) {
|
2005-04-16 22:20:36 +00:00
|
|
|
if (key == chunk->subh.data_hdr->tsn) {
|
|
|
|
|
match = transport;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
out:
|
|
|
|
|
return match;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Is this the association we are looking for? */
|
|
|
|
|
struct sctp_transport *sctp_assoc_is_match(struct sctp_association *asoc,
|
2012-08-06 08:41:13 +00:00
|
|
|
struct net *net,
|
2005-04-16 22:20:36 +00:00
|
|
|
const union sctp_addr *laddr,
|
|
|
|
|
const union sctp_addr *paddr)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *transport;
|
|
|
|
|
|
2006-11-21 01:08:41 +00:00
|
|
|
if ((htons(asoc->base.bind_addr.port) == laddr->v4.sin_port) &&
|
2012-08-06 08:41:13 +00:00
|
|
|
(htons(asoc->peer.port) == paddr->v4.sin_port) &&
|
|
|
|
|
net_eq(sock_net(asoc->base.sk), net)) {
|
2005-04-16 22:20:36 +00:00
|
|
|
transport = sctp_assoc_lookup_paddr(asoc, paddr);
|
|
|
|
|
if (!transport)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
if (sctp_bind_addr_match(&asoc->base.bind_addr, laddr,
|
|
|
|
|
sctp_sk(asoc->base.sk)))
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
transport = NULL;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return transport;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Do delayed input processing. This is scheduled by sctp_rcv(). */
|
2006-11-22 14:57:56 +00:00
|
|
|
static void sctp_assoc_bh_rcv(struct work_struct *work)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2006-11-22 14:57:56 +00:00
|
|
|
struct sctp_association *asoc =
|
|
|
|
|
container_of(work, struct sctp_association,
|
|
|
|
|
base.inqueue.immediate);
|
2012-08-07 07:25:24 +00:00
|
|
|
struct net *net = sock_net(asoc->base.sk);
|
2005-04-16 22:20:36 +00:00
|
|
|
struct sctp_endpoint *ep;
|
|
|
|
|
struct sctp_chunk *chunk;
|
|
|
|
|
struct sctp_inq *inqueue;
|
|
|
|
|
int state;
|
|
|
|
|
sctp_subtype_t subtype;
|
|
|
|
|
int error = 0;
|
|
|
|
|
|
|
|
|
|
/* The association should be held so we should be safe. */
|
|
|
|
|
ep = asoc->ep;
|
|
|
|
|
|
|
|
|
|
inqueue = &asoc->base.inqueue;
|
|
|
|
|
sctp_association_hold(asoc);
|
|
|
|
|
while (NULL != (chunk = sctp_inq_pop(inqueue))) {
|
|
|
|
|
state = asoc->state;
|
|
|
|
|
subtype = SCTP_ST_CHUNK(chunk->chunk_hdr->type);
|
|
|
|
|
|
2007-10-04 00:51:34 +00:00
|
|
|
/* SCTP-AUTH, Section 6.3:
|
|
|
|
|
* The receiver has a list of chunk types which it expects
|
|
|
|
|
* to be received only after an AUTH-chunk. This list has
|
|
|
|
|
* been sent to the peer during the association setup. It
|
|
|
|
|
* MUST silently discard these chunks if they are not placed
|
|
|
|
|
* after an AUTH chunk in the packet.
|
|
|
|
|
*/
|
|
|
|
|
if (sctp_auth_recv_cid(subtype.chunk, asoc) && !chunk->auth)
|
|
|
|
|
continue;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
/* Remember where the last DATA chunk came from so we
|
|
|
|
|
* know where to send the SACK.
|
|
|
|
|
*/
|
|
|
|
|
if (sctp_chunk_is_data(chunk))
|
|
|
|
|
asoc->peer.last_data_from = chunk->transport;
|
2012-12-01 04:49:42 +00:00
|
|
|
else {
|
2012-08-07 07:25:24 +00:00
|
|
|
SCTP_INC_STATS(net, SCTP_MIB_INCTRLCHUNKS);
|
2012-12-01 04:49:42 +00:00
|
|
|
asoc->stats.ictrlchunks++;
|
|
|
|
|
if (chunk->chunk_hdr->type == SCTP_CID_SACK)
|
|
|
|
|
asoc->stats.isacks++;
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if (chunk->transport)
|
|
|
|
|
chunk->transport->last_time_heard = jiffies;
|
|
|
|
|
|
|
|
|
|
/* Run through the state machine. */
|
2012-08-07 07:25:24 +00:00
|
|
|
error = sctp_do_sm(net, SCTP_EVENT_T_CHUNK, subtype,
|
2005-04-16 22:20:36 +00:00
|
|
|
state, ep, asoc, chunk, GFP_ATOMIC);
|
|
|
|
|
|
|
|
|
|
/* Check to see if the association is freed in response to
|
|
|
|
|
* the incoming chunk. If so, get out of the while loop.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->base.dead)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* If there is an error on chunk, discard this packet. */
|
|
|
|
|
if (error && chunk)
|
|
|
|
|
chunk->pdiscard = 1;
|
|
|
|
|
}
|
|
|
|
|
sctp_association_put(asoc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This routine moves an association from its old sk to a new sk. */
|
|
|
|
|
void sctp_assoc_migrate(struct sctp_association *assoc, struct sock *newsk)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_sock *newsp = sctp_sk(newsk);
|
|
|
|
|
struct sock *oldsk = assoc->base.sk;
|
|
|
|
|
|
|
|
|
|
/* Delete the association from the old endpoint's list of
|
|
|
|
|
* associations.
|
|
|
|
|
*/
|
|
|
|
|
list_del_init(&assoc->asocs);
|
|
|
|
|
|
|
|
|
|
/* Decrement the backlog value for a TCP-style socket. */
|
|
|
|
|
if (sctp_style(oldsk, TCP))
|
|
|
|
|
oldsk->sk_ack_backlog--;
|
|
|
|
|
|
|
|
|
|
/* Release references to the old endpoint and the sock. */
|
|
|
|
|
sctp_endpoint_put(assoc->ep);
|
|
|
|
|
sock_put(assoc->base.sk);
|
|
|
|
|
|
|
|
|
|
/* Get a reference to the new endpoint. */
|
|
|
|
|
assoc->ep = newsp->ep;
|
|
|
|
|
sctp_endpoint_hold(assoc->ep);
|
|
|
|
|
|
|
|
|
|
/* Get a reference to the new sock. */
|
|
|
|
|
assoc->base.sk = newsk;
|
|
|
|
|
sock_hold(assoc->base.sk);
|
|
|
|
|
|
|
|
|
|
/* Add the association to the new endpoint's list of associations. */
|
|
|
|
|
sctp_endpoint_add_asoc(newsp->ep, assoc);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update an association (possibly from unexpected COOKIE-ECHO processing). */
|
|
|
|
|
void sctp_assoc_update(struct sctp_association *asoc,
|
|
|
|
|
struct sctp_association *new)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *trans;
|
|
|
|
|
struct list_head *pos, *temp;
|
|
|
|
|
|
|
|
|
|
/* Copy in new parameters of peer. */
|
|
|
|
|
asoc->c = new->c;
|
|
|
|
|
asoc->peer.rwnd = new->peer.rwnd;
|
|
|
|
|
asoc->peer.sack_needed = new->peer.sack_needed;
|
net: sctp: inherit auth_capable on INIT collisions
[ Upstream commit 1be9a950c646c9092fb3618197f7b6bfb50e82aa ]
Jason reported an oops caused by SCTP on his ARM machine with
SCTP authentication enabled:
Internal error: Oops: 17 [#1] ARM
CPU: 0 PID: 104 Comm: sctp-test Not tainted 3.13.0-68744-g3632f30c9b20-dirty #1
task: c6eefa40 ti: c6f52000 task.ti: c6f52000
PC is at sctp_auth_calculate_hmac+0xc4/0x10c
LR is at sg_init_table+0x20/0x38
pc : [<c024bb80>] lr : [<c00f32dc>] psr: 40000013
sp : c6f538e8 ip : 00000000 fp : c6f53924
r10: c6f50d80 r9 : 00000000 r8 : 00010000
r7 : 00000000 r6 : c7be4000 r5 : 00000000 r4 : c6f56254
r3 : c00c8170 r2 : 00000001 r1 : 00000008 r0 : c6f1e660
Flags: nZcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 0005397f Table: 06f28000 DAC: 00000015
Process sctp-test (pid: 104, stack limit = 0xc6f521c0)
Stack: (0xc6f538e8 to 0xc6f54000)
[...]
Backtrace:
[<c024babc>] (sctp_auth_calculate_hmac+0x0/0x10c) from [<c0249af8>] (sctp_packet_transmit+0x33c/0x5c8)
[<c02497bc>] (sctp_packet_transmit+0x0/0x5c8) from [<c023e96c>] (sctp_outq_flush+0x7fc/0x844)
[<c023e170>] (sctp_outq_flush+0x0/0x844) from [<c023ef78>] (sctp_outq_uncork+0x24/0x28)
[<c023ef54>] (sctp_outq_uncork+0x0/0x28) from [<c0234364>] (sctp_side_effects+0x1134/0x1220)
[<c0233230>] (sctp_side_effects+0x0/0x1220) from [<c02330b0>] (sctp_do_sm+0xac/0xd4)
[<c0233004>] (sctp_do_sm+0x0/0xd4) from [<c023675c>] (sctp_assoc_bh_rcv+0x118/0x160)
[<c0236644>] (sctp_assoc_bh_rcv+0x0/0x160) from [<c023d5bc>] (sctp_inq_push+0x6c/0x74)
[<c023d550>] (sctp_inq_push+0x0/0x74) from [<c024a6b0>] (sctp_rcv+0x7d8/0x888)
While we already had various kind of bugs in that area
ec0223ec48a9 ("net: sctp: fix sctp_sf_do_5_1D_ce to verify if
we/peer is AUTH capable") and b14878ccb7fa ("net: sctp: cache
auth_enable per endpoint"), this one is a bit of a different
kind.
Giving a bit more background on why SCTP authentication is
needed can be found in RFC4895:
SCTP uses 32-bit verification tags to protect itself against
blind attackers. These values are not changed during the
lifetime of an SCTP association.
Looking at new SCTP extensions, there is the need to have a
method of proving that an SCTP chunk(s) was really sent by
the original peer that started the association and not by a
malicious attacker.
To cause this bug, we're triggering an INIT collision between
peers; normal SCTP handshake where both sides intent to
authenticate packets contains RANDOM; CHUNKS; HMAC-ALGO
parameters that are being negotiated among peers:
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
-------------------- COOKIE-ECHO -------------------->
<-------------------- COOKIE-ACK ---------------------
RFC4895 says that each endpoint therefore knows its own random
number and the peer's random number *after* the association
has been established. The local and peer's random number along
with the shared key are then part of the secret used for
calculating the HMAC in the AUTH chunk.
Now, in our scenario, we have 2 threads with 1 non-blocking
SEQ_PACKET socket each, setting up common shared SCTP_AUTH_KEY
and SCTP_AUTH_ACTIVE_KEY properly, and each of them calling
sctp_bindx(3), listen(2) and connect(2) against each other,
thus the handshake looks similar to this, e.g.:
---------- INIT[RANDOM; CHUNKS; HMAC-ALGO] ---------->
<------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] ---------
<--------- INIT[RANDOM; CHUNKS; HMAC-ALGO] -----------
-------- INIT-ACK[RANDOM; CHUNKS; HMAC-ALGO] -------->
...
Since such collisions can also happen with verification tags,
the RFC4895 for AUTH rather vaguely says under section 6.1:
In case of INIT collision, the rules governing the handling
of this Random Number follow the same pattern as those for
the Verification Tag, as explained in Section 5.2.4 of
RFC 2960 [5]. Therefore, each endpoint knows its own Random
Number and the peer's Random Number after the association
has been established.
In RFC2960, section 5.2.4, we're eventually hitting Action B:
B) In this case, both sides may be attempting to start an
association at about the same time but the peer endpoint
started its INIT after responding to the local endpoint's
INIT. Thus it may have picked a new Verification Tag not
being aware of the previous Tag it had sent this endpoint.
The endpoint should stay in or enter the ESTABLISHED
state but it MUST update its peer's Verification Tag from
the State Cookie, stop any init or cookie timers that may
running and send a COOKIE ACK.
In other words, the handling of the Random parameter is the
same as behavior for the Verification Tag as described in
Action B of section 5.2.4.
Looking at the code, we exactly hit the sctp_sf_do_dupcook_b()
case which triggers an SCTP_CMD_UPDATE_ASSOC command to the
side effect interpreter, and in fact it properly copies over
peer_{random, hmacs, chunks} parameters from the newly created
association to update the existing one.
Also, the old asoc_shared_key is being released and based on
the new params, sctp_auth_asoc_init_active_key() updated.
However, the issue observed in this case is that the previous
asoc->peer.auth_capable was 0, and has *not* been updated, so
that instead of creating a new secret, we're doing an early
return from the function sctp_auth_asoc_init_active_key()
leaving asoc->asoc_shared_key as NULL. However, we now have to
authenticate chunks from the updated chunk list (e.g. COOKIE-ACK).
That in fact causes the server side when responding with ...
<------------------ AUTH; COOKIE-ACK -----------------
... to trigger a NULL pointer dereference, since in
sctp_packet_transmit(), it discovers that an AUTH chunk is
being queued for xmit, and thus it calls sctp_auth_calculate_hmac().
Since the asoc->active_key_id is still inherited from the
endpoint, and the same as encoded into the chunk, it uses
asoc->asoc_shared_key, which is still NULL, as an asoc_key
and dereferences it in ...
crypto_hash_setkey(desc.tfm, &asoc_key->data[0], asoc_key->len)
... causing an oops. All this happens because sctp_make_cookie_ack()
called with the *new* association has the peer.auth_capable=1
and therefore marks the chunk with auth=1 after checking
sctp_auth_send_cid(), but it is *actually* sent later on over
the then *updated* association's transport that didn't initialize
its shared key due to peer.auth_capable=0. Since control chunks
in that case are not sent by the temporary association which
are scheduled for deletion, they are issued for xmit via
SCTP_CMD_REPLY in the interpreter with the context of the
*updated* association. peer.auth_capable was 0 in the updated
association (which went from COOKIE_WAIT into ESTABLISHED state),
since all previous processing that performed sctp_process_init()
was being done on temporary associations, that we eventually
throw away each time.
The correct fix is to update to the new peer.auth_capable
value as well in the collision case via sctp_assoc_update(),
so that in case the collision migrated from 0 -> 1,
sctp_auth_asoc_init_active_key() can properly recalculate
the secret. This therefore fixes the observed server panic.
Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Tested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-07-22 13:22:45 +00:00
|
|
|
asoc->peer.auth_capable = new->peer.auth_capable;
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->peer.i = new->peer.i;
|
2008-10-08 21:18:39 +00:00
|
|
|
sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
|
|
|
|
|
asoc->peer.i.initial_tsn, GFP_ATOMIC);
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
/* Remove any peer addresses not present in the new association. */
|
|
|
|
|
list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
|
|
|
|
|
trans = list_entry(pos, struct sctp_transport, transports);
|
2010-04-28 08:47:19 +00:00
|
|
|
if (!sctp_assoc_lookup_paddr(new, &trans->ipaddr)) {
|
|
|
|
|
sctp_assoc_rm_peer(asoc, trans);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2007-03-20 00:02:30 +00:00
|
|
|
|
|
|
|
|
if (asoc->state >= SCTP_STATE_ESTABLISHED)
|
|
|
|
|
sctp_transport_reset(trans);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If the case is A (association restart), use
|
|
|
|
|
* initial_tsn as next_tsn. If the case is B, use
|
|
|
|
|
* current next_tsn in case data sent to peer
|
|
|
|
|
* has been discarded and needs retransmission.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->state >= SCTP_STATE_ESTABLISHED) {
|
|
|
|
|
asoc->next_tsn = new->next_tsn;
|
|
|
|
|
asoc->ctsn_ack_point = new->ctsn_ack_point;
|
|
|
|
|
asoc->adv_peer_ack_point = new->adv_peer_ack_point;
|
|
|
|
|
|
|
|
|
|
/* Reinitialize SSN for both local streams
|
|
|
|
|
* and peer's streams.
|
|
|
|
|
*/
|
|
|
|
|
sctp_ssnmap_clear(asoc->ssnmap);
|
|
|
|
|
|
2007-03-20 00:01:17 +00:00
|
|
|
/* Flush the ULP reassembly and ordered queue.
|
|
|
|
|
* Any data there will now be stale and will
|
|
|
|
|
* cause problems.
|
|
|
|
|
*/
|
|
|
|
|
sctp_ulpq_flush(&asoc->ulpq);
|
|
|
|
|
|
2007-03-20 00:02:30 +00:00
|
|
|
/* reset the overall association error count so
|
|
|
|
|
* that the restarted association doesn't get torn
|
|
|
|
|
* down on the next retransmission timer.
|
|
|
|
|
*/
|
|
|
|
|
asoc->overall_error_count = 0;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
} else {
|
|
|
|
|
/* Add any peer addresses from the new association. */
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(trans, &new->peer.transport_addr_list,
|
|
|
|
|
transports) {
|
2005-04-16 22:20:36 +00:00
|
|
|
if (!sctp_assoc_lookup_paddr(asoc, &trans->ipaddr))
|
|
|
|
|
sctp_assoc_add_peer(asoc, &trans->ipaddr,
|
2006-07-21 21:48:50 +00:00
|
|
|
GFP_ATOMIC, trans->state);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
asoc->ctsn_ack_point = asoc->next_tsn - 1;
|
|
|
|
|
asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
|
|
|
|
|
if (!asoc->ssnmap) {
|
|
|
|
|
/* Move the ssnmap. */
|
|
|
|
|
asoc->ssnmap = new->ssnmap;
|
|
|
|
|
new->ssnmap = NULL;
|
|
|
|
|
}
|
2007-05-04 20:55:27 +00:00
|
|
|
|
|
|
|
|
if (!asoc->assoc_id) {
|
|
|
|
|
/* get a new association id since we don't have one
|
|
|
|
|
* yet.
|
|
|
|
|
*/
|
|
|
|
|
sctp_assoc_set_id(asoc, GFP_ATOMIC);
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
2007-09-17 02:31:35 +00:00
|
|
|
|
2007-09-17 02:32:11 +00:00
|
|
|
/* SCTP-AUTH: Save the peer parameters from the new assocaitions
|
|
|
|
|
* and also move the association shared keys over
|
|
|
|
|
*/
|
|
|
|
|
kfree(asoc->peer.peer_random);
|
|
|
|
|
asoc->peer.peer_random = new->peer.peer_random;
|
|
|
|
|
new->peer.peer_random = NULL;
|
|
|
|
|
|
|
|
|
|
kfree(asoc->peer.peer_chunks);
|
|
|
|
|
asoc->peer.peer_chunks = new->peer.peer_chunks;
|
|
|
|
|
new->peer.peer_chunks = NULL;
|
|
|
|
|
|
|
|
|
|
kfree(asoc->peer.peer_hmacs);
|
|
|
|
|
asoc->peer.peer_hmacs = new->peer.peer_hmacs;
|
|
|
|
|
new->peer.peer_hmacs = NULL;
|
|
|
|
|
|
|
|
|
|
sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update the retran path for sending a retransmitted packet.
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
* See also RFC4960, 6.4. Multi-Homed SCTP Endpoints:
|
|
|
|
|
*
|
|
|
|
|
* When there is outbound data to send and the primary path
|
|
|
|
|
* becomes inactive (e.g., due to failures), or where the
|
|
|
|
|
* SCTP user explicitly requests to send data to an
|
|
|
|
|
* inactive destination transport address, before reporting
|
|
|
|
|
* an error to its ULP, the SCTP endpoint should try to send
|
|
|
|
|
* the data to an alternate active destination transport
|
|
|
|
|
* address if one exists.
|
|
|
|
|
*
|
|
|
|
|
* When retransmitting data that timed out, if the endpoint
|
|
|
|
|
* is multihomed, it should consider each source-destination
|
|
|
|
|
* address pair in its retransmission selection policy.
|
|
|
|
|
* When retransmitting timed-out data, the endpoint should
|
|
|
|
|
* attempt to pick the most divergent source-destination
|
|
|
|
|
* pair from the original source-destination pair to which
|
|
|
|
|
* the packet was transmitted.
|
|
|
|
|
*
|
|
|
|
|
* Note: Rules for picking the most divergent source-destination
|
|
|
|
|
* pair are an implementation decision and are not specified
|
|
|
|
|
* within this document.
|
|
|
|
|
*
|
|
|
|
|
* Our basic strategy is to round-robin transports in priorities
|
|
|
|
|
* according to sctp_state_prio_map[] e.g., if no such
|
|
|
|
|
* transport with state SCTP_ACTIVE exists, round-robin through
|
|
|
|
|
* SCTP_UNKNOWN, etc. You get the picture.
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
static const u8 sctp_trans_state_to_prio_map[] = {
|
|
|
|
|
[SCTP_ACTIVE] = 3, /* best case */
|
|
|
|
|
[SCTP_UNKNOWN] = 2,
|
|
|
|
|
[SCTP_PF] = 1,
|
|
|
|
|
[SCTP_INACTIVE] = 0, /* worst case */
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static u8 sctp_trans_score(const struct sctp_transport *trans)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
return sctp_trans_state_to_prio_map[trans->state];
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
static struct sctp_transport *sctp_trans_elect_best(struct sctp_transport *curr,
|
|
|
|
|
struct sctp_transport *best)
|
|
|
|
|
{
|
|
|
|
|
if (best == NULL)
|
|
|
|
|
return curr;
|
2008-06-04 19:37:33 +00:00
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
return sctp_trans_score(curr) > sctp_trans_score(best) ? curr : best;
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
void sctp_assoc_update_retran_path(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_transport *trans = asoc->peer.retran_path;
|
|
|
|
|
struct sctp_transport *trans_next = NULL;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
/* We're done as we only have the one and only path. */
|
|
|
|
|
if (asoc->peer.transport_count == 1)
|
|
|
|
|
return;
|
|
|
|
|
/* If active_path and retran_path are the same and active,
|
|
|
|
|
* then this is the only active path. Use it.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->peer.active_path == asoc->peer.retran_path &&
|
|
|
|
|
asoc->peer.active_path->state == SCTP_ACTIVE)
|
|
|
|
|
return;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
/* Iterate from retran_path's successor back to retran_path. */
|
|
|
|
|
for (trans = list_next_entry(trans, transports); 1;
|
|
|
|
|
trans = list_next_entry(trans, transports)) {
|
|
|
|
|
/* Manually skip the head element. */
|
|
|
|
|
if (&trans->transports == &asoc->peer.transport_addr_list)
|
|
|
|
|
continue;
|
|
|
|
|
if (trans->state == SCTP_UNCONFIRMED)
|
|
|
|
|
continue;
|
|
|
|
|
trans_next = sctp_trans_elect_best(trans, trans_next);
|
|
|
|
|
/* Active is good enough for immediate return. */
|
|
|
|
|
if (trans_next->state == SCTP_ACTIVE)
|
2008-06-04 19:37:33 +00:00
|
|
|
break;
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
/* We've reached the end, time to update path. */
|
|
|
|
|
if (trans == asoc->peer.retran_path)
|
2005-04-16 22:20:36 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
if (trans_next != NULL)
|
|
|
|
|
asoc->peer.retran_path = trans_next;
|
2005-06-20 20:14:57 +00:00
|
|
|
|
|
|
|
|
SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
" %p updated new path to addr: ",
|
2005-06-20 20:14:57 +00:00
|
|
|
" port: %d\n",
|
|
|
|
|
asoc,
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
(&asoc->peer.retran_path->ipaddr),
|
|
|
|
|
ntohs(asoc->peer.retran_path->ipaddr.v4.sin_port));
|
2005-06-20 20:14:57 +00:00
|
|
|
}
|
|
|
|
|
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
struct sctp_transport *
|
|
|
|
|
sctp_assoc_choose_alter_transport(struct sctp_association *asoc,
|
|
|
|
|
struct sctp_transport *last_sent_to)
|
2005-06-20 20:14:57 +00:00
|
|
|
{
|
2009-05-12 13:52:51 +00:00
|
|
|
/* If this is the first time packet is sent, use the active path,
|
|
|
|
|
* else use the retran path. If the last packet was sent over the
|
2005-06-20 20:14:57 +00:00
|
|
|
* retran path, update the retran path and use it.
|
|
|
|
|
*/
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
if (last_sent_to == NULL) {
|
2005-04-16 22:20:36 +00:00
|
|
|
return asoc->peer.active_path;
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
} else {
|
2009-05-12 13:52:51 +00:00
|
|
|
if (last_sent_to == asoc->peer.retran_path)
|
2005-04-16 22:20:36 +00:00
|
|
|
sctp_assoc_update_retran_path(asoc);
|
net: sctp: rework multihoming retransmission path selection to rfc4960
commit 4c47af4d5eb2c2f78f886079a3920a7078a6f0a0 upstream.
Problem statement: 1) both paths (primary path1 and alternate
path2) are up after the association has been established i.e.,
HB packets are normally exchanged, 2) path2 gets inactive after
path_max_retrans * max_rto timed out (i.e. path2 is down completely),
3) now, if a transmission times out on the only surviving/active
path1 (any ~1sec network service impact could cause this like
a channel bonding failover), then the retransmitted packets are
sent over the inactive path2; this happens with partial failover
and without it.
Besides not being optimal in the above scenario, a small failure
or timeout in the only existing path has the potential to cause
long delays in the retransmission (depending on RTO_MAX) until
the still active path is reselected. Further, when the T3-timeout
occurs, we have active_patch == retrans_path, and even though the
timeout occurred on the initial transmission of data, not a
retransmit, we end up updating retransmit path.
RFC4960, section 6.4. "Multi-Homed SCTP Endpoints" states under
6.4.1. "Failover from an Inactive Destination Address" the
following:
Some of the transport addresses of a multi-homed SCTP endpoint
may become inactive due to either the occurrence of certain
error conditions (see Section 8.2) or adjustments from the
SCTP user.
When there is outbound data to send and the primary path
becomes inactive (e.g., due to failures), or where the SCTP
user explicitly requests to send data to an inactive
destination transport address, before reporting an error to
its ULP, the SCTP endpoint should try to send the data to an
alternate __active__ destination transport address if one
exists.
When retransmitting data that timed out, if the endpoint is
multihomed, it should consider each source-destination address
pair in its retransmission selection policy. When retransmitting
timed-out data, the endpoint should attempt to pick the most
divergent source-destination pair from the original
source-destination pair to which the packet was transmitted.
Note: Rules for picking the most divergent source-destination
pair are an implementation decision and are not specified
within this document.
So, we should first reconsider to take the current active
retransmission transport if we cannot find an alternative
active one. If all of that fails, we can still round robin
through unkown, partial failover, and inactive ones in the
hope to find something still suitable.
Commit 4141ddc02a92 ("sctp: retran_path update bug fix") broke
that behaviour by selecting the next inactive transport when
no other active transport was found besides the current assoc's
peer.retran_path. Before commit 4141ddc02a92, we would have
traversed through the list until we reach our peer.retran_path
again, and in case that is still in state SCTP_ACTIVE, we would
take it and return. Only if that is not the case either, we
take the next inactive transport.
Besides all that, another issue is that transports in state
SCTP_UNKNOWN could be preferred over transports in state
SCTP_ACTIVE in case a SCTP_ACTIVE transport appears after
SCTP_UNKNOWN in the transport list yielding a weaker transport
state to be used in retransmission.
This patch mostly reverts 4141ddc02a92, but also rewrites
this function to introduce more clarity and strictness into
the code. A strict priority of transport states is enforced
in this patch, hence selection is active > unkown > partial
failover > inactive.
Fixes: 4141ddc02a92 ("sctp: retran_path update bug fix")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
Acked-by: Vlad Yasevich <yasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: picked updated function from 3.12 except the debug statement]
Signed-off-by: Willy Tarreau <w@1wt.eu>
2014-02-20 19:51:06 +00:00
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
return asoc->peer.retran_path;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Update the association's pmtu and frag_point by going through all the
|
|
|
|
|
* transports. This routine is called when a transport's PMTU has changed.
|
|
|
|
|
*/
|
2012-07-16 10:57:14 +00:00
|
|
|
void sctp_assoc_sync_pmtu(struct sock *sk, struct sctp_association *asoc)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
struct sctp_transport *t;
|
|
|
|
|
__u32 pmtu = 0;
|
|
|
|
|
|
|
|
|
|
if (!asoc)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Get the lowest pmtu of all the transports. */
|
2008-04-13 01:54:24 +00:00
|
|
|
list_for_each_entry(t, &asoc->peer.transport_addr_list,
|
|
|
|
|
transports) {
|
2007-06-07 18:21:05 +00:00
|
|
|
if (t->pmtu_pending && t->dst) {
|
2012-07-16 10:57:14 +00:00
|
|
|
sctp_transport_update_pmtu(sk, t, dst_mtu(t->dst));
|
2007-06-07 18:21:05 +00:00
|
|
|
t->pmtu_pending = 0;
|
|
|
|
|
}
|
2005-12-22 19:36:46 +00:00
|
|
|
if (!pmtu || (t->pathmtu < pmtu))
|
|
|
|
|
pmtu = t->pathmtu;
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pmtu) {
|
2005-12-22 19:36:46 +00:00
|
|
|
asoc->pathmtu = pmtu;
|
2009-09-04 22:21:00 +00:00
|
|
|
asoc->frag_point = sctp_frag_point(asoc, pmtu);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SCTP_DEBUG_PRINTK("%s: asoc:%p, pmtu:%d, frag_point:%d\n",
|
2008-03-06 04:47:47 +00:00
|
|
|
__func__, asoc, asoc->pathmtu, asoc->frag_point);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Should we send a SACK to update our peer? */
|
|
|
|
|
static inline int sctp_peer_needs_update(struct sctp_association *asoc)
|
|
|
|
|
{
|
2012-08-07 07:29:57 +00:00
|
|
|
struct net *net = sock_net(asoc->base.sk);
|
2005-04-16 22:20:36 +00:00
|
|
|
switch (asoc->state) {
|
|
|
|
|
case SCTP_STATE_ESTABLISHED:
|
|
|
|
|
case SCTP_STATE_SHUTDOWN_PENDING:
|
|
|
|
|
case SCTP_STATE_SHUTDOWN_RECEIVED:
|
|
|
|
|
case SCTP_STATE_SHUTDOWN_SENT:
|
|
|
|
|
if ((asoc->rwnd > asoc->a_rwnd) &&
|
2009-11-23 20:53:57 +00:00
|
|
|
((asoc->rwnd - asoc->a_rwnd) >= max_t(__u32,
|
2012-08-07 07:29:57 +00:00
|
|
|
(asoc->base.sk->sk_rcvbuf >> net->sctp.rwnd_upd_shift),
|
2009-11-23 20:53:57 +00:00
|
|
|
asoc->pathmtu)))
|
2005-04-16 22:20:36 +00:00
|
|
|
return 1;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Increase asoc's rwnd by len and send any window update SACK if needed. */
|
2012-04-15 05:58:06 +00:00
|
|
|
void sctp_assoc_rwnd_increase(struct sctp_association *asoc, unsigned int len)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
struct sctp_chunk *sack;
|
|
|
|
|
struct timer_list *timer;
|
|
|
|
|
|
|
|
|
|
if (asoc->rwnd_over) {
|
|
|
|
|
if (asoc->rwnd_over >= len) {
|
|
|
|
|
asoc->rwnd_over -= len;
|
|
|
|
|
} else {
|
|
|
|
|
asoc->rwnd += (len - asoc->rwnd_over);
|
|
|
|
|
asoc->rwnd_over = 0;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
asoc->rwnd += len;
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-04 22:20:59 +00:00
|
|
|
/* If we had window pressure, start recovering it
|
|
|
|
|
* once our rwnd had reached the accumulated pressure
|
|
|
|
|
* threshold. The idea is to recover slowly, but up
|
|
|
|
|
* to the initial advertised window.
|
|
|
|
|
*/
|
|
|
|
|
if (asoc->rwnd_press && asoc->rwnd >= asoc->rwnd_press) {
|
|
|
|
|
int change = min(asoc->pathmtu, asoc->rwnd_press);
|
|
|
|
|
asoc->rwnd += change;
|
|
|
|
|
asoc->rwnd_press -= change;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
SCTP_DEBUG_PRINTK("%s: asoc %p rwnd increased by %d to (%u, %u) "
|
2008-03-06 04:47:47 +00:00
|
|
|
"- %u\n", __func__, asoc, len, asoc->rwnd,
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc->rwnd_over, asoc->a_rwnd);
|
|
|
|
|
|
|
|
|
|
/* Send a window update SACK if the rwnd has increased by at least the
|
|
|
|
|
* minimum of the association's PMTU and half of the receive buffer.
|
|
|
|
|
* The algorithm used is similar to the one described in
|
|
|
|
|
* Section 4.2.3.3 of RFC 1122.
|
|
|
|
|
*/
|
|
|
|
|
if (sctp_peer_needs_update(asoc)) {
|
|
|
|
|
asoc->a_rwnd = asoc->rwnd;
|
|
|
|
|
SCTP_DEBUG_PRINTK("%s: Sending window update SACK- asoc: %p "
|
2008-03-06 04:47:47 +00:00
|
|
|
"rwnd: %u a_rwnd: %u\n", __func__,
|
2005-04-16 22:20:36 +00:00
|
|
|
asoc, asoc->rwnd, asoc->a_rwnd);
|
|
|
|
|
sack = sctp_make_sack(asoc);
|
|
|
|
|
if (!sack)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
asoc->peer.sack_needed = 0;
|
|
|
|
|
|
|
|
|
|
sctp_outq_tail(&asoc->outqueue, sack);
|
|
|
|
|
|
|
|
|
|
/* Stop the SACK timer. */
|
|
|
|
|
timer = &asoc->timers[SCTP_EVENT_TIMEOUT_SACK];
|
2013-02-03 20:32:57 +00:00
|
|
|
if (del_timer(timer))
|
2005-04-16 22:20:36 +00:00
|
|
|
sctp_association_put(asoc);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Decrease asoc's rwnd by len. */
|
2012-04-15 05:58:06 +00:00
|
|
|
void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
2009-09-04 22:20:59 +00:00
|
|
|
int rx_count;
|
|
|
|
|
int over = 0;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
SCTP_ASSERT(asoc->rwnd, "rwnd zero", return);
|
|
|
|
|
SCTP_ASSERT(!asoc->rwnd_over, "rwnd_over not zero", return);
|
2009-09-04 22:20:59 +00:00
|
|
|
|
|
|
|
|
if (asoc->ep->rcvbuf_policy)
|
|
|
|
|
rx_count = atomic_read(&asoc->rmem_alloc);
|
|
|
|
|
else
|
|
|
|
|
rx_count = atomic_read(&asoc->base.sk->sk_rmem_alloc);
|
|
|
|
|
|
|
|
|
|
/* If we've reached or overflowed our receive buffer, announce
|
|
|
|
|
* a 0 rwnd if rwnd would still be positive. Store the
|
|
|
|
|
* the pottential pressure overflow so that the window can be restored
|
|
|
|
|
* back to original value.
|
|
|
|
|
*/
|
|
|
|
|
if (rx_count >= asoc->base.sk->sk_rcvbuf)
|
|
|
|
|
over = 1;
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
if (asoc->rwnd >= len) {
|
|
|
|
|
asoc->rwnd -= len;
|
2009-09-04 22:20:59 +00:00
|
|
|
if (over) {
|
2010-05-01 02:41:10 +00:00
|
|
|
asoc->rwnd_press += asoc->rwnd;
|
2009-09-04 22:20:59 +00:00
|
|
|
asoc->rwnd = 0;
|
|
|
|
|
}
|
2005-04-16 22:20:36 +00:00
|
|
|
} else {
|
|
|
|
|
asoc->rwnd_over = len - asoc->rwnd;
|
|
|
|
|
asoc->rwnd = 0;
|
|
|
|
|
}
|
2009-09-04 22:20:59 +00:00
|
|
|
SCTP_DEBUG_PRINTK("%s: asoc %p rwnd decreased by %d to (%u, %u, %u)\n",
|
2008-03-06 04:47:47 +00:00
|
|
|
__func__, asoc, len, asoc->rwnd,
|
2009-09-04 22:20:59 +00:00
|
|
|
asoc->rwnd_over, asoc->rwnd_press);
|
2005-04-16 22:20:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Build the bind address list for the association based on info from the
|
|
|
|
|
* local endpoint and the remote peer.
|
|
|
|
|
*/
|
2005-07-12 03:57:47 +00:00
|
|
|
int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc,
|
2009-11-10 08:57:34 +00:00
|
|
|
sctp_scope_t scope, gfp_t gfp)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int flags;
|
|
|
|
|
|
|
|
|
|
/* Use scoping rules to determine the subset of addresses from
|
|
|
|
|
* the endpoint.
|
|
|
|
|
*/
|
|
|
|
|
flags = (PF_INET6 == asoc->base.sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0;
|
|
|
|
|
if (asoc->peer.ipv4_address)
|
|
|
|
|
flags |= SCTP_ADDR4_PEERSUPP;
|
|
|
|
|
if (asoc->peer.ipv6_address)
|
|
|
|
|
flags |= SCTP_ADDR6_PEERSUPP;
|
|
|
|
|
|
2012-08-06 08:42:04 +00:00
|
|
|
return sctp_bind_addr_copy(sock_net(asoc->base.sk),
|
|
|
|
|
&asoc->base.bind_addr,
|
2005-04-16 22:20:36 +00:00
|
|
|
&asoc->ep->base.bind_addr,
|
|
|
|
|
scope, gfp, flags);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Build the association's bind address list from the cookie. */
|
|
|
|
|
int sctp_assoc_set_bind_addr_from_cookie(struct sctp_association *asoc,
|
2005-07-12 03:57:47 +00:00
|
|
|
struct sctp_cookie *cookie,
|
2005-10-07 06:46:04 +00:00
|
|
|
gfp_t gfp)
|
2005-04-16 22:20:36 +00:00
|
|
|
{
|
|
|
|
|
int var_size2 = ntohs(cookie->peer_init->chunk_hdr.length);
|
|
|
|
|
int var_size3 = cookie->raw_addr_list_len;
|
|
|
|
|
__u8 *raw = (__u8 *)cookie->peer_init + var_size2;
|
|
|
|
|
|
|
|
|
|
return sctp_raw_to_bind_addrs(&asoc->base.bind_addr, raw, var_size3,
|
|
|
|
|
asoc->ep->base.bind_addr.port, gfp);
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-09 14:25:18 +00:00
|
|
|
/* Lookup laddr in the bind address list of an association. */
|
|
|
|
|
int sctp_assoc_lookup_laddr(struct sctp_association *asoc,
|
2005-04-16 22:20:36 +00:00
|
|
|
const union sctp_addr *laddr)
|
|
|
|
|
{
|
2007-09-16 23:03:28 +00:00
|
|
|
int found = 0;
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
if ((asoc->base.bind_addr.port == ntohs(laddr->v4.sin_port)) &&
|
|
|
|
|
sctp_bind_addr_match(&asoc->base.bind_addr, laddr,
|
2007-09-16 23:03:28 +00:00
|
|
|
sctp_sk(asoc->base.sk)))
|
2005-04-16 22:20:36 +00:00
|
|
|
found = 1;
|
|
|
|
|
|
|
|
|
|
return found;
|
|
|
|
|
}
|
2007-05-04 20:55:27 +00:00
|
|
|
|
|
|
|
|
/* Set an association id for a given association */
|
|
|
|
|
int sctp_assoc_set_id(struct sctp_association *asoc, gfp_t gfp)
|
|
|
|
|
{
|
2013-02-28 01:05:00 +00:00
|
|
|
bool preload = gfp & __GFP_WAIT;
|
|
|
|
|
int ret;
|
2009-06-01 16:41:15 +00:00
|
|
|
|
|
|
|
|
/* If the id is already assigned, keep it. */
|
|
|
|
|
if (asoc->assoc_id)
|
2013-02-28 01:05:00 +00:00
|
|
|
return 0;
|
2007-05-04 20:55:27 +00:00
|
|
|
|
2013-02-28 01:05:00 +00:00
|
|
|
if (preload)
|
|
|
|
|
idr_preload(gfp);
|
2007-05-04 20:55:27 +00:00
|
|
|
spin_lock_bh(&sctp_assocs_id_lock);
|
2013-04-29 23:21:22 +00:00
|
|
|
/* 0 is not a valid assoc_id, must be >= 1 */
|
|
|
|
|
ret = idr_alloc_cyclic(&sctp_assocs_id, asoc, 1, 0, GFP_NOWAIT);
|
2007-05-04 20:55:27 +00:00
|
|
|
spin_unlock_bh(&sctp_assocs_id_lock);
|
2013-02-28 01:05:00 +00:00
|
|
|
if (preload)
|
|
|
|
|
idr_preload_end();
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
2007-05-04 20:55:27 +00:00
|
|
|
|
2013-02-28 01:05:00 +00:00
|
|
|
asoc->assoc_id = (sctp_assoc_t)ret;
|
|
|
|
|
return 0;
|
2007-05-04 20:55:27 +00:00
|
|
|
}
|
2007-12-20 22:11:47 +00:00
|
|
|
|
2011-05-24 21:48:02 +00:00
|
|
|
/* Free the ASCONF queue */
|
|
|
|
|
static void sctp_assoc_free_asconf_queue(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_chunk *asconf;
|
|
|
|
|
struct sctp_chunk *tmp;
|
|
|
|
|
|
|
|
|
|
list_for_each_entry_safe(asconf, tmp, &asoc->addip_chunk_list, list) {
|
|
|
|
|
list_del_init(&asconf->list);
|
|
|
|
|
sctp_chunk_free(asconf);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-20 22:11:47 +00:00
|
|
|
/* Free asconf_ack cache */
|
|
|
|
|
static void sctp_assoc_free_asconf_acks(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_chunk *ack;
|
|
|
|
|
struct sctp_chunk *tmp;
|
|
|
|
|
|
|
|
|
|
list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list,
|
|
|
|
|
transmitted_list) {
|
|
|
|
|
list_del_init(&ack->transmitted_list);
|
|
|
|
|
sctp_chunk_free(ack);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Clean up the ASCONF_ACK queue */
|
|
|
|
|
void sctp_assoc_clean_asconf_ack_cache(const struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
struct sctp_chunk *ack;
|
|
|
|
|
struct sctp_chunk *tmp;
|
|
|
|
|
|
2011-03-31 01:57:33 +00:00
|
|
|
/* We can remove all the entries from the queue up to
|
2007-12-20 22:11:47 +00:00
|
|
|
* the "Peer-Sequence-Number".
|
|
|
|
|
*/
|
|
|
|
|
list_for_each_entry_safe(ack, tmp, &asoc->asconf_ack_list,
|
|
|
|
|
transmitted_list) {
|
|
|
|
|
if (ack->subh.addip_hdr->serial ==
|
|
|
|
|
htonl(asoc->peer.addip_serial))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
list_del_init(&ack->transmitted_list);
|
|
|
|
|
sctp_chunk_free(ack);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Find the ASCONF_ACK whose serial number matches ASCONF */
|
|
|
|
|
struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
|
|
|
|
|
const struct sctp_association *asoc,
|
|
|
|
|
__be32 serial)
|
|
|
|
|
{
|
2008-02-05 14:35:04 +00:00
|
|
|
struct sctp_chunk *ack;
|
2007-12-20 22:11:47 +00:00
|
|
|
|
|
|
|
|
/* Walk through the list of cached ASCONF-ACKs and find the
|
|
|
|
|
* ack chunk whose serial number matches that of the request.
|
|
|
|
|
*/
|
|
|
|
|
list_for_each_entry(ack, &asoc->asconf_ack_list, transmitted_list) {
|
net: sctp: fix panic on duplicate ASCONF chunks
commit b69040d8e39f20d5215a03502a8e8b4c6ab78395 upstream.
When receiving a e.g. semi-good formed connection scan in the
form of ...
-------------- INIT[ASCONF; ASCONF_ACK] ------------->
<----------- INIT-ACK[ASCONF; ASCONF_ACK] ------------
-------------------- COOKIE-ECHO -------------------->
<-------------------- COOKIE-ACK ---------------------
---------------- ASCONF_a; ASCONF_b ----------------->
... where ASCONF_a equals ASCONF_b chunk (at least both serials
need to be equal), we panic an SCTP server!
The problem is that good-formed ASCONF chunks that we reply with
ASCONF_ACK chunks are cached per serial. Thus, when we receive a
same ASCONF chunk twice (e.g. through a lost ASCONF_ACK), we do
not need to process them again on the server side (that was the
idea, also proposed in the RFC). Instead, we know it was cached
and we just resend the cached chunk instead. So far, so good.
Where things get nasty is in SCTP's side effect interpreter, that
is, sctp_cmd_interpreter():
While incoming ASCONF_a (chunk = event_arg) is being marked
!end_of_packet and !singleton, and we have an association context,
we do not flush the outqueue the first time after processing the
ASCONF_ACK singleton chunk via SCTP_CMD_REPLY. Instead, we keep it
queued up, although we set local_cork to 1. Commit 2e3216cd54b1
changed the precedence, so that as long as we get bundled, incoming
chunks we try possible bundling on outgoing queue as well. Before
this commit, we would just flush the output queue.
Now, while ASCONF_a's ASCONF_ACK sits in the corked outq, we
continue to process the same ASCONF_b chunk from the packet. As
we have cached the previous ASCONF_ACK, we find it, grab it and
do another SCTP_CMD_REPLY command on it. So, effectively, we rip
the chunk->list pointers and requeue the same ASCONF_ACK chunk
another time. Since we process ASCONF_b, it's correctly marked
with end_of_packet and we enforce an uncork, and thus flush, thus
crashing the kernel.
Fix it by testing if the ASCONF_ACK is currently pending and if
that is the case, do not requeue it. When flushing the output
queue we may relink the chunk for preparing an outgoing packet,
but eventually unlink it when it's copied into the skb right
before transmission.
Joint work with Vlad Yasevich.
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1 packet")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-10-09 20:55:32 +00:00
|
|
|
if (sctp_chunk_pending(ack))
|
|
|
|
|
continue;
|
2007-12-20 22:11:47 +00:00
|
|
|
if (ack->subh.addip_hdr->serial == serial) {
|
|
|
|
|
sctp_chunk_hold(ack);
|
2008-02-05 14:35:04 +00:00
|
|
|
return ack;
|
2007-12-20 22:11:47 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-05 14:35:04 +00:00
|
|
|
return NULL;
|
2007-12-20 22:11:47 +00:00
|
|
|
}
|
2011-05-29 23:23:36 +00:00
|
|
|
|
|
|
|
|
void sctp_asconf_queue_teardown(struct sctp_association *asoc)
|
|
|
|
|
{
|
|
|
|
|
/* Free any cached ASCONF_ACK chunk. */
|
|
|
|
|
sctp_assoc_free_asconf_acks(asoc);
|
|
|
|
|
|
|
|
|
|
/* Free the ASCONF queue. */
|
|
|
|
|
sctp_assoc_free_asconf_queue(asoc);
|
|
|
|
|
|
|
|
|
|
/* Free any cached ASCONF chunk. */
|
|
|
|
|
if (asoc->addip_last_asconf)
|
|
|
|
|
sctp_chunk_free(asoc->addip_last_asconf);
|
|
|
|
|
}
|
