From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> To: netdev@vger.kernel.org Cc: Xin Long <lucien.xin@gmail.com>, Michael Tuexen <Michael.Tuexen@lurchi.franken.de>, Yasevich <vyasevich@gmail.com>, Neil Horman <nhorman@tuxdriver.com>, linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, Corey Minyard <cminyard@mvista.com> Subject: [PATCH net] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket Date: Wed, 24 Jun 2020 17:34:18 -0300 [thread overview] Message-ID: <991916791cdcc37456ccb061779d485063b97129.1593030427.git.marcelo.leitner@gmail.com> (raw) In-Reply-To: <20200623160417.12418-1-minyard@acm.org> If a socket is set ipv6only, it will still send IPv4 addresses in the INIT and INIT_ACK packets. This potentially misleads the peer into using them, which then would cause association termination. The fix is to not add IPv4 addresses to ipv6only sockets. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> --- include/net/sctp/constants.h | 8 +++++--- net/sctp/associola.c | 5 ++++- net/sctp/bind_addr.c | 1 + net/sctp/protocol.c | 3 ++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index 15b4d9aec7ff278e67a7183f10c14be237227d6b..122d9e2d8dfde33b787d575fc42d454732550698 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h @@ -353,11 +353,13 @@ enum { ipv4_is_anycast_6to4(a)) /* Flags used for the bind address copy functions. */ -#define SCTP_ADDR6_ALLOWED 0x00000001 /* IPv6 address is allowed by +#define SCTP_ADDR4_ALLOWED 0x00000001 /* IPv4 address is allowed by local sock family */ -#define SCTP_ADDR4_PEERSUPP 0x00000002 /* IPv4 address is supported by +#define SCTP_ADDR6_ALLOWED 0x00000002 /* IPv6 address is allowed by + local sock family */ +#define SCTP_ADDR4_PEERSUPP 0x00000004 /* IPv4 address is supported by peer */ -#define SCTP_ADDR6_PEERSUPP 0x00000004 /* IPv6 address is supported by +#define SCTP_ADDR6_PEERSUPP 0x00000008 /* IPv6 address is supported by peer */ /* Reasons to retransmit. */ diff --git a/net/sctp/associola.c b/net/sctp/associola.c index 72315137d7e7f20d5182291ef4b01102f030078b..8d735461fa196567ab19c583703aad098ef8e240 100644 --- a/net/sctp/associola.c +++ b/net/sctp/associola.c @@ -1565,12 +1565,15 @@ void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len) int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc, enum sctp_scope scope, gfp_t gfp) { + struct sock *sk = asoc->base.sk; int flags; /* Use scoping rules to determine the subset of addresses from * the endpoint. */ - flags = (PF_INET6 == asoc->base.sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; + flags = (PF_INET6 == sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; + if (!inet_v6_ipv6only(sk)) + flags |= SCTP_ADDR4_ALLOWED; if (asoc->peer.ipv4_address) flags |= SCTP_ADDR4_PEERSUPP; if (asoc->peer.ipv6_address) diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c index 53bc61537f44f4e766c417fcef72234df52ecd04..701c5a4e441d9c248df9472f22db5b78987f9e44 100644 --- a/net/sctp/bind_addr.c +++ b/net/sctp/bind_addr.c @@ -461,6 +461,7 @@ static int sctp_copy_one_addr(struct net *net, struct sctp_bind_addr *dest, * well as the remote peer. */ if ((((AF_INET == addr->sa.sa_family) && + (flags & SCTP_ADDR4_ALLOWED) && (flags & SCTP_ADDR4_PEERSUPP))) || (((AF_INET6 == addr->sa.sa_family) && (flags & SCTP_ADDR6_ALLOWED) && diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 092d1afdee0d23cd974210839310fbf406dd443f..cde29f3c7fb3c40ee117636fa3b4b7f0a03e4fba 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -148,7 +148,8 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, * sock as well as the remote peer. */ if (addr->a.sa.sa_family == AF_INET && - !(copy_flags & SCTP_ADDR4_PEERSUPP)) + (!(copy_flags & SCTP_ADDR4_ALLOWED) || + !(copy_flags & SCTP_ADDR4_PEERSUPP))) continue; if (addr->a.sa.sa_family == AF_INET6 && (!(copy_flags & SCTP_ADDR6_ALLOWED) || -- 2.25.4
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> To: netdev@vger.kernel.org Cc: Xin Long <lucien.xin@gmail.com>, Michael Tuexen <Michael.Tuexen@lurchi.franken.de>, Yasevich <vyasevich@gmail.com>, Neil Horman <nhorman@tuxdriver.com>, linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, Corey Minyard <cminyard@mvista.com> Subject: [PATCH net] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket Date: Wed, 24 Jun 2020 20:34:18 +0000 [thread overview] Message-ID: <991916791cdcc37456ccb061779d485063b97129.1593030427.git.marcelo.leitner@gmail.com> (raw) In-Reply-To: <20200623160417.12418-1-minyard@acm.org> If a socket is set ipv6only, it will still send IPv4 addresses in the INIT and INIT_ACK packets. This potentially misleads the peer into using them, which then would cause association termination. The fix is to not add IPv4 addresses to ipv6only sockets. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> --- include/net/sctp/constants.h | 8 +++++--- net/sctp/associola.c | 5 ++++- net/sctp/bind_addr.c | 1 + net/sctp/protocol.c | 3 ++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index 15b4d9aec7ff278e67a7183f10c14be237227d6b..122d9e2d8dfde33b787d575fc42d454732550698 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h @@ -353,11 +353,13 @@ enum { ipv4_is_anycast_6to4(a)) /* Flags used for the bind address copy functions. */ -#define SCTP_ADDR6_ALLOWED 0x00000001 /* IPv6 address is allowed by +#define SCTP_ADDR4_ALLOWED 0x00000001 /* IPv4 address is allowed by local sock family */ -#define SCTP_ADDR4_PEERSUPP 0x00000002 /* IPv4 address is supported by +#define SCTP_ADDR6_ALLOWED 0x00000002 /* IPv6 address is allowed by + local sock family */ +#define SCTP_ADDR4_PEERSUPP 0x00000004 /* IPv4 address is supported by peer */ -#define SCTP_ADDR6_PEERSUPP 0x00000004 /* IPv6 address is supported by +#define SCTP_ADDR6_PEERSUPP 0x00000008 /* IPv6 address is supported by peer */ /* Reasons to retransmit. */ diff --git a/net/sctp/associola.c b/net/sctp/associola.c index 72315137d7e7f20d5182291ef4b01102f030078b..8d735461fa196567ab19c583703aad098ef8e240 100644 --- a/net/sctp/associola.c +++ b/net/sctp/associola.c @@ -1565,12 +1565,15 @@ void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len) int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc, enum sctp_scope scope, gfp_t gfp) { + struct sock *sk = asoc->base.sk; int flags; /* Use scoping rules to determine the subset of addresses from * the endpoint. */ - flags = (PF_INET6 = asoc->base.sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; + flags = (PF_INET6 = sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; + if (!inet_v6_ipv6only(sk)) + flags |= SCTP_ADDR4_ALLOWED; if (asoc->peer.ipv4_address) flags |= SCTP_ADDR4_PEERSUPP; if (asoc->peer.ipv6_address) diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c index 53bc61537f44f4e766c417fcef72234df52ecd04..701c5a4e441d9c248df9472f22db5b78987f9e44 100644 --- a/net/sctp/bind_addr.c +++ b/net/sctp/bind_addr.c @@ -461,6 +461,7 @@ static int sctp_copy_one_addr(struct net *net, struct sctp_bind_addr *dest, * well as the remote peer. */ if ((((AF_INET = addr->sa.sa_family) && + (flags & SCTP_ADDR4_ALLOWED) && (flags & SCTP_ADDR4_PEERSUPP))) || (((AF_INET6 = addr->sa.sa_family) && (flags & SCTP_ADDR6_ALLOWED) && diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 092d1afdee0d23cd974210839310fbf406dd443f..cde29f3c7fb3c40ee117636fa3b4b7f0a03e4fba 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -148,7 +148,8 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, * sock as well as the remote peer. */ if (addr->a.sa.sa_family = AF_INET && - !(copy_flags & SCTP_ADDR4_PEERSUPP)) + (!(copy_flags & SCTP_ADDR4_ALLOWED) || + !(copy_flags & SCTP_ADDR4_PEERSUPP))) continue; if (addr->a.sa.sa_family = AF_INET6 && (!(copy_flags & SCTP_ADDR6_ALLOWED) || -- 2.25.4
next prev parent reply other threads:[~2020-06-24 20:34 UTC|newest] Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-21 15:56 Strange problem with SCTP+IPv6 Corey Minyard 2020-06-21 15:56 ` Corey Minyard 2020-06-22 11:52 ` Xin Long 2020-06-22 12:01 ` Xin Long 2020-06-22 12:32 ` Michael Tuexen 2020-06-22 12:32 ` Michael Tuexen 2020-06-22 16:57 ` Corey Minyard 2020-06-22 16:57 ` Corey Minyard 2020-06-22 18:01 ` Michael Tuexen 2020-06-22 18:01 ` Michael Tuexen 2020-06-22 18:32 ` Marcelo Ricardo Leitner 2020-06-22 18:32 ` Marcelo Ricardo Leitner 2020-06-22 18:34 ` Michael Tuexen 2020-06-22 18:34 ` Michael Tuexen 2020-06-23 10:13 ` Xin Long 2020-06-23 10:13 ` Xin Long 2020-06-23 13:29 ` Corey Minyard 2020-06-23 13:29 ` Corey Minyard 2020-06-23 15:40 ` Xin Long 2020-06-23 15:40 ` Xin Long 2020-06-23 16:00 ` Corey Minyard 2020-06-23 16:00 ` Corey Minyard 2020-06-24 6:58 ` Xin Long 2020-06-24 6:58 ` Xin Long 2020-06-26 16:13 ` David Laight 2020-06-26 16:13 ` David Laight 2020-06-26 16:27 ` Michael Tuexen 2020-06-26 16:27 ` Michael Tuexen 2020-06-23 13:17 ` David Laight 2020-06-23 16:04 ` [PATCH] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket minyard 2020-06-23 16:04 ` minyard 2020-06-24 20:31 ` Marcelo Ricardo Leitner 2020-06-24 20:31 ` Marcelo Ricardo Leitner 2020-06-24 20:34 ` Marcelo Ricardo Leitner [this message] 2020-06-24 20:34 ` [PATCH net] " Marcelo Ricardo Leitner 2020-06-24 20:53 ` Corey Minyard 2020-06-24 20:53 ` Corey Minyard 2020-06-25 23:12 ` David Miller 2020-06-25 23:12 ` David Miller 2020-06-23 16:17 ` Strange problem with SCTP+IPv6 Corey Minyard 2020-06-23 16:17 ` Corey Minyard 2020-06-23 21:21 ` 'Marcelo Ricardo Leitner' 2020-06-23 21:21 ` 'Marcelo Ricardo Leitner' 2020-06-23 21:24 ` Michael Tuexen 2020-06-23 21:24 ` Michael Tuexen 2020-06-23 21:31 ` Marcelo Ricardo Leitner 2020-06-23 21:31 ` Marcelo Ricardo Leitner 2020-06-23 21:48 ` Michael Tuexen 2020-06-23 21:48 ` Michael Tuexen 2020-06-24 7:25 ` Xin Long 2020-06-24 7:25 ` Xin Long 2020-06-24 9:18 ` Michael Tuexen 2020-06-24 9:18 ` Michael Tuexen 2020-06-23 17:09 ` Michael Tuexen 2020-06-23 17:09 ` Michael Tuexen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=991916791cdcc37456ccb061779d485063b97129.1593030427.git.marcelo.leitner@gmail.com \ --to=marcelo.leitner@gmail.com \ --cc=Michael.Tuexen@lurchi.franken.de \ --cc=cminyard@mvista.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-sctp@vger.kernel.org \ --cc=lucien.xin@gmail.com \ --cc=netdev@vger.kernel.org \ --cc=nhorman@tuxdriver.com \ --cc=vyasevich@gmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.