commit 4f31f3080943c7e3541f07df326f06d598a067d0

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
net: missing bits of net-namespace / sysctl
ipcomp: Fix warnings after ipcomp consolidation.
dccp: Add check for truncated ICMPv6 DCCP error packets
dccp: Fix incorrect length check for ICMPv4 packets
dccp: Add check for sequence number in ICMPv6 message
dccp: Fix sequence number check for ICMPv4 packets
dccp: Bug-Fix - AWL was never updated
dccp: Allow to distinguish original and retransmitted packets

Linus Torvalds 17 years ago 4f31f308 14863617

+58 -50

7 changed files

expand all

unified split

net

dccp

dccp.h

ipv4.c

ipv6.c

output.c

timer.c

ipv4

ipcomp.c

ipv6

ipcomp6.c

+1 -1

net/dccp/dccp.h

··· 226 227 extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb); 228 229 - extern int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb); 230 231 extern void dccp_send_ack(struct sock *sk); 232 extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk);

··· 226 227 extern void dccp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb); 228 229 + extern int dccp_retransmit_skb(struct sock *sk); 230 231 extern void dccp_send_ack(struct sock *sk); 232 extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk);

+5 -4

net/dccp/ipv4.c

··· 196 static void dccp_v4_err(struct sk_buff *skb, u32 info) 197 { 198 const struct iphdr *iph = (struct iphdr *)skb->data; 199 - const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + 200 - (iph->ihl << 2)); 201 struct dccp_sock *dp; 202 struct inet_sock *inet; 203 const int type = icmp_hdr(skb)->type; ··· 207 int err; 208 struct net *net = dev_net(skb->dev); 209 210 - if (skb->len < (iph->ihl << 2) + 8) { 211 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS); 212 return; 213 } ··· 239 dp = dccp_sk(sk); 240 seq = dccp_hdr_seq(dh); 241 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 242 - !between48(seq, dp->dccps_swl, dp->dccps_swh)) { 243 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 244 goto out; 245 }

··· 196 static void dccp_v4_err(struct sk_buff *skb, u32 info) 197 { 198 const struct iphdr *iph = (struct iphdr *)skb->data; 199 + const u8 offset = iph->ihl << 2; 200 + const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 201 struct dccp_sock *dp; 202 struct inet_sock *inet; 203 const int type = icmp_hdr(skb)->type; ··· 207 int err; 208 struct net *net = dev_net(skb->dev); 209 210 + if (skb->len < offset + sizeof(*dh) || 211 + skb->len < offset + __dccp_basic_hdr_len(dh)) { 212 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS); 213 return; 214 } ··· 238 dp = dccp_sk(sk); 239 seq = dccp_hdr_seq(dh); 240 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 241 + !between48(seq, dp->dccps_awl, dp->dccps_awh)) { 242 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 243 goto out; 244 }

+15 -1

net/dccp/ipv6.c

··· 89 { 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 92 struct ipv6_pinfo *np; 93 struct sock *sk; 94 int err; 95 __u64 seq; 96 struct net *net = dev_net(skb->dev); 97 98 sk = inet6_lookup(net, &dccp_hashinfo, 99 &hdr->daddr, dh->dccph_dport, ··· 122 123 if (sk->sk_state == DCCP_CLOSED) 124 goto out; 125 126 np = inet6_sk(sk); 127 ··· 183 184 icmpv6_err_convert(type, code, &err); 185 186 - seq = dccp_hdr_seq(dh); 187 /* Might be for an request_sock */ 188 switch (sk->sk_state) { 189 struct request_sock *req, **prev;

··· 89 { 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 92 + struct dccp_sock *dp; 93 struct ipv6_pinfo *np; 94 struct sock *sk; 95 int err; 96 __u64 seq; 97 struct net *net = dev_net(skb->dev); 98 + 99 + if (skb->len < offset + sizeof(*dh) || 100 + skb->len < offset + __dccp_basic_hdr_len(dh)) { 101 + ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 102 + return; 103 + } 104 105 sk = inet6_lookup(net, &dccp_hashinfo, 106 &hdr->daddr, dh->dccph_dport, ··· 115 116 if (sk->sk_state == DCCP_CLOSED) 117 goto out; 118 + 119 + dp = dccp_sk(sk); 120 + seq = dccp_hdr_seq(dh); 121 + if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 122 + !between48(seq, dp->dccps_awl, dp->dccps_awh)) { 123 + NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS); 124 + goto out; 125 + } 126 127 np = inet6_sk(sk); 128 ··· 168 169 icmpv6_err_convert(type, code, &err); 170 171 /* Might be for an request_sock */ 172 switch (sk->sk_state) { 173 struct request_sock *req, **prev;

+31 -22

net/dccp/output.c

··· 53 dccp_packet_hdr_len(dcb->dccpd_type); 54 int err, set_ack = 1; 55 u64 ackno = dp->dccps_gsr; 56 - 57 - dccp_inc_seqno(&dp->dccps_gss); 58 59 switch (dcb->dccpd_type) { 60 case DCCP_PKT_DATA: ··· 69 70 case DCCP_PKT_REQUEST: 71 set_ack = 0; 72 /* fall through */ 73 74 case DCCP_PKT_SYNC: ··· 90 break; 91 } 92 93 - dcb->dccpd_seq = dp->dccps_gss; 94 - 95 if (dccp_insert_options(sk, skb)) { 96 kfree_skb(skb); 97 return -EPROTO; ··· 107 /* XXX For now we're using only 48 bits sequence numbers */ 108 dh->dccph_x = 1; 109 110 - dp->dccps_awh = dp->dccps_gss; 111 dccp_hdr_set_seq(dh, dp->dccps_gss); 112 if (set_ack) 113 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno); ··· 116 case DCCP_PKT_REQUEST: 117 dccp_hdr_request(skb)->dccph_req_service = 118 dp->dccps_service; 119 break; 120 case DCCP_PKT_RESET: 121 dccp_hdr_reset(skb)->dccph_reset_code = ··· 293 } 294 } 295 296 - int dccp_retransmit_skb(struct sock *sk, struct sk_buff *skb) 297 { 298 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0) 299 return -EHOSTUNREACH; /* Routing failure or similar. */ 300 301 - return dccp_transmit_skb(sk, (skb_cloned(skb) ? 302 - pskb_copy(skb, GFP_ATOMIC): 303 - skb_clone(skb, GFP_ATOMIC))); 304 } 305 306 struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst, ··· 458 459 dccp_sync_mss(sk, dst_mtu(dst)); 460 461 - /* 462 - * SWL and AWL are initially adjusted so that they are not less than 463 - * the initial Sequence Numbers received and sent, respectively: 464 - * SWL := max(GSR + 1 - floor(W/4), ISR), 465 - * AWL := max(GSS - W' + 1, ISS). 466 - * These adjustments MUST be applied only at the beginning of the 467 - * connection. 468 - */ 469 - dccp_update_gss(sk, dp->dccps_iss); 470 - dccp_set_seqno(&dp->dccps_awl, max48(dp->dccps_awl, dp->dccps_iss)); 471 - 472 - /* S.GAR - greatest valid acknowledgement number received on a non-Sync; 473 - * initialized to S.ISS (sec. 8.5) */ 474 dp->dccps_gar = dp->dccps_iss; 475 476 icsk->icsk_retransmits = 0;

··· 53 dccp_packet_hdr_len(dcb->dccpd_type); 54 int err, set_ack = 1; 55 u64 ackno = dp->dccps_gsr; 56 + /* 57 + * Increment GSS here already in case the option code needs it. 58 + * Update GSS for real only if option processing below succeeds. 59 + */ 60 + dcb->dccpd_seq = ADD48(dp->dccps_gss, 1); 61 62 switch (dcb->dccpd_type) { 63 case DCCP_PKT_DATA: ··· 66 67 case DCCP_PKT_REQUEST: 68 set_ack = 0; 69 + /* Use ISS on the first (non-retransmitted) Request. */ 70 + if (icsk->icsk_retransmits == 0) 71 + dcb->dccpd_seq = dp->dccps_iss; 72 /* fall through */ 73 74 case DCCP_PKT_SYNC: ··· 84 break; 85 } 86 87 if (dccp_insert_options(sk, skb)) { 88 kfree_skb(skb); 89 return -EPROTO; ··· 103 /* XXX For now we're using only 48 bits sequence numbers */ 104 dh->dccph_x = 1; 105 106 + dccp_update_gss(sk, dcb->dccpd_seq); 107 dccp_hdr_set_seq(dh, dp->dccps_gss); 108 if (set_ack) 109 dccp_hdr_set_ack(dccp_hdr_ack_bits(skb), ackno); ··· 112 case DCCP_PKT_REQUEST: 113 dccp_hdr_request(skb)->dccph_req_service = 114 dp->dccps_service; 115 + /* 116 + * Limit Ack window to ISS <= P.ackno <= GSS, so that 117 + * only Responses to Requests we sent are considered. 118 + */ 119 + dp->dccps_awl = dp->dccps_iss; 120 break; 121 case DCCP_PKT_RESET: 122 dccp_hdr_reset(skb)->dccph_reset_code = ··· 284 } 285 } 286 287 + /** 288 + * dccp_retransmit_skb - Retransmit Request, Close, or CloseReq packets 289 + * There are only four retransmittable packet types in DCCP: 290 + * - Request in client-REQUEST state (sec. 8.1.1), 291 + * - CloseReq in server-CLOSEREQ state (sec. 8.3), 292 + * - Close in node-CLOSING state (sec. 8.3), 293 + * - Acks in client-PARTOPEN state (sec. 8.1.5, handled by dccp_delack_timer()). 294 + * This function expects sk->sk_send_head to contain the original skb. 295 + */ 296 + int dccp_retransmit_skb(struct sock *sk) 297 { 298 + WARN_ON(sk->sk_send_head == NULL); 299 + 300 if (inet_csk(sk)->icsk_af_ops->rebuild_header(sk) != 0) 301 return -EHOSTUNREACH; /* Routing failure or similar. */ 302 303 + /* this count is used to distinguish original and retransmitted skb */ 304 + inet_csk(sk)->icsk_retransmits++; 305 + 306 + return dccp_transmit_skb(sk, skb_clone(sk->sk_send_head, GFP_ATOMIC)); 307 } 308 309 struct sk_buff *dccp_make_response(struct sock *sk, struct dst_entry *dst, ··· 437 438 dccp_sync_mss(sk, dst_mtu(dst)); 439 440 + /* Initialise GAR as per 8.5; AWL/AWH are set in dccp_transmit_skb() */ 441 dp->dccps_gar = dp->dccps_iss; 442 443 icsk->icsk_retransmits = 0;

+4 -16

net/dccp/timer.c

··· 99 } 100 101 /* 102 - * sk->sk_send_head has to have one skb with 103 - * DCCP_SKB_CB(skb)->dccpd_type set to one of the retransmittable DCCP 104 - * packet types. The only packets eligible for retransmission are: 105 - * -- Requests in client-REQUEST state (sec. 8.1.1) 106 - * -- Acks in client-PARTOPEN state (sec. 8.1.5) 107 - * -- CloseReq in server-CLOSEREQ state (sec. 8.3) 108 - * -- Close in node-CLOSING state (sec. 8.3) */ 109 - WARN_ON(sk->sk_send_head == NULL); 110 - 111 - /* 112 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was 113 * sent, no need to retransmit, this sock is dead. 114 */ 115 if (dccp_write_timeout(sk)) 116 - goto out; 117 118 /* 119 * We want to know the number of packets retransmitted, not the ··· 112 if (icsk->icsk_retransmits == 0) 113 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS); 114 115 - if (dccp_retransmit_skb(sk, sk->sk_send_head) < 0) { 116 /* 117 * Retransmission failed because of local congestion, 118 * do not backoff. 119 */ 120 - if (icsk->icsk_retransmits == 0) 121 icsk->icsk_retransmits = 1; 122 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 123 min(icsk->icsk_rto, 124 TCP_RESOURCE_PROBE_INTERVAL), 125 DCCP_RTO_MAX); 126 - goto out; 127 } 128 129 backoff: 130 icsk->icsk_backoff++; 131 - icsk->icsk_retransmits++; 132 133 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX); 134 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto, 135 DCCP_RTO_MAX); 136 if (icsk->icsk_retransmits > sysctl_dccp_retries1) 137 __sk_dst_reset(sk); 138 - out:; 139 } 140 141 static void dccp_write_timer(unsigned long data)

··· 99 } 100 101 /* 102 * More than than 4MSL (8 minutes) has passed, a RESET(aborted) was 103 * sent, no need to retransmit, this sock is dead. 104 */ 105 if (dccp_write_timeout(sk)) 106 + return; 107 108 /* 109 * We want to know the number of packets retransmitted, not the ··· 122 if (icsk->icsk_retransmits == 0) 123 DCCP_INC_STATS_BH(DCCP_MIB_TIMEOUTS); 124 125 + if (dccp_retransmit_skb(sk) != 0) { 126 /* 127 * Retransmission failed because of local congestion, 128 * do not backoff. 129 */ 130 + if (--icsk->icsk_retransmits == 0) 131 icsk->icsk_retransmits = 1; 132 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, 133 min(icsk->icsk_rto, 134 TCP_RESOURCE_PROBE_INTERVAL), 135 DCCP_RTO_MAX); 136 + return; 137 } 138 139 backoff: 140 icsk->icsk_backoff++; 141 142 icsk->icsk_rto = min(icsk->icsk_rto << 1, DCCP_RTO_MAX); 143 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS, icsk->icsk_rto, 144 DCCP_RTO_MAX); 145 if (icsk->icsk_retransmits > sysctl_dccp_retries1) 146 __sk_dst_reset(sk); 147 } 148 149 static void dccp_write_timer(unsigned long data)

+1 -3

net/ipv4/ipcomp.c

··· 104 105 static int ipcomp4_init_state(struct xfrm_state *x) 106 { 107 - int err; 108 - struct ipcomp_data *ipcd; 109 - struct xfrm_algo_desc *calg_desc; 110 111 x->props.header_len = 0; 112 switch (x->props.mode) {

··· 104 105 static int ipcomp4_init_state(struct xfrm_state *x) 106 { 107 + int err = -EINVAL; 108 109 x->props.header_len = 0; 110 switch (x->props.mode) {

+1 -3

net/ipv6/ipcomp6.c

··· 134 135 static int ipcomp6_init_state(struct xfrm_state *x) 136 { 137 - int err; 138 - struct ipcomp_data *ipcd; 139 - struct xfrm_algo_desc *calg_desc; 140 141 x->props.header_len = 0; 142 switch (x->props.mode) {

··· 134 135 static int ipcomp6_init_state(struct xfrm_state *x) 136 { 137 + int err = -EINVAL; 138 139 x->props.header_len = 0; 140 switch (x->props.mode) {