linux-sctp.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	Neil Horman <nhorman@tuxdriver.com>,
	Michael Tuexen <tuexen@fh-muenster.de>,
	davem@davemloft.net, gnault@redhat.com, pabeni@redhat.com,
	willemdebruijn.kernel@gmail.com
Subject: [PATCHv4 net-next 09/16] sctp: allow changing transport encap_port by peer packets
Date: Mon, 19 Oct 2020 20:25:26 +0800	[thread overview]
Message-ID: <fe0630fd48830058df1bfdd53a9e6b9fbf83b498.1603110316.git.lucien.xin@gmail.com> (raw)
Message-ID: <20201019122526.olFCv-DJBKs1Mqyjd0TJUU0XBWVsbx_Ajus4vjYG7yg@z> (raw)
In-Reply-To: <25013493737f5b488ce48c38667a077ca6573dd5.1603110316.git.lucien.xin@gmail.com>
In-Reply-To: <cover.1603110316.git.lucien.xin@gmail.com>

As rfc6951#section-5.4 says:

  "After finding the SCTP association (which
   includes checking the verification tag), the UDP source port MUST be
   stored as the encapsulation port for the destination address the SCTP
   packet is received from (see Section 5.1).

   When a non-encapsulated SCTP packet is received by the SCTP stack,
   the encapsulation of outgoing packets belonging to the same
   association and the corresponding destination address MUST be
   disabled."

transport encap_port should be updated by a validated incoming packet's
udp src port.

We save the udp src port in sctp_input_cb->encap_port, and then update
the transport in two places:

  1. right after vtag is verified, which is required by RFC, and this
     allows the existent transports to be updated by the chunks that
     can only be processed on an asoc.

  2. right before processing the 'init' where the transports are added,
     and this allows building a sctp over udp connection by client with
     the server not knowing the remote encap port.

  3. when processing ootb_pkt and creating the temporary transport for
     the reply pkt.

Note that sctp_input_cb->header is removed, as it's not used any more
in sctp.

v1->v2:
  - Change encap_port as __be16 for sctp_input_cb.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 include/net/sctp/sm.h      |  1 +
 include/net/sctp/structs.h |  7 +------
 net/sctp/ipv6.c            |  1 +
 net/sctp/protocol.c        | 11 ++++++++++-
 net/sctp/sm_make_chunk.c   |  1 +
 net/sctp/sm_statefuns.c    |  2 ++
 6 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
index 5c491a3..a499341 100644
--- a/include/net/sctp/sm.h
+++ b/include/net/sctp/sm.h
@@ -380,6 +380,7 @@ sctp_vtag_verify(const struct sctp_chunk *chunk,
         if (ntohl(chunk->sctp_hdr->vtag) == asoc->c.my_vtag)
                 return 1;
 
+	chunk->transport->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
 	return 0;
 }
 
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index aa98e7e..81464ae 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -1120,14 +1120,9 @@ static inline void sctp_outq_cork(struct sctp_outq *q)
  * sctp_input_cb is currently used on rx and sock rx queue
  */
 struct sctp_input_cb {
-	union {
-		struct inet_skb_parm	h4;
-#if IS_ENABLED(CONFIG_IPV6)
-		struct inet6_skb_parm	h6;
-#endif
-	} header;
 	struct sctp_chunk *chunk;
 	struct sctp_af *af;
+	__be16 encap_port;
 };
 #define SCTP_INPUT_CB(__skb)	((struct sctp_input_cb *)&((__skb)->cb[0]))
 
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 8a58f42..a064bf2 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -1053,6 +1053,7 @@ static struct inet_protosw sctpv6_stream_protosw = {
 
 static int sctp6_rcv(struct sk_buff *skb)
 {
+	memset(skb->cb, 0, sizeof(skb->cb));
 	return sctp_rcv(skb) ? -1 : 0;
 }
 
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 7c729d7..36f471d 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -843,6 +843,9 @@ static int sctp_ctl_sock_init(struct net *net)
 
 static int sctp_udp_rcv(struct sock *sk, struct sk_buff *skb)
 {
+	memset(skb->cb, 0, sizeof(skb->cb));
+	SCTP_INPUT_CB(skb)->encap_port = udp_hdr(skb)->source;
+
 	skb_set_transport_header(skb, sizeof(struct udphdr));
 	sctp_rcv(skb);
 	return 0;
@@ -1139,9 +1142,15 @@ static struct inet_protosw sctp_stream_protosw = {
 	.flags      = SCTP_PROTOSW_FLAG
 };
 
+static int sctp4_rcv(struct sk_buff *skb)
+{
+	memset(skb->cb, 0, sizeof(skb->cb));
+	return sctp_rcv(skb);
+}
+
 /* Register with IP layer.  */
 static const struct net_protocol sctp_protocol = {
-	.handler     = sctp_rcv,
+	.handler     = sctp4_rcv,
 	.err_handler = sctp_v4_err,
 	.no_policy   = 1,
 	.netns_ok    = 1,
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 9a56ae2..21d0ff1 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2321,6 +2321,7 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
 	 * added as the primary transport.  The source address seems to
 	 * be a better choice than any of the embedded addresses.
 	 */
+	asoc->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
 	if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
 		goto nomem;
 
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index c669f8b..8edab15 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -6268,6 +6268,8 @@ static struct sctp_packet *sctp_ootb_pkt_new(
 	if (!transport)
 		goto nomem;
 
+	transport->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
+
 	/* Cache a route for the transport with the chunk's destination as
 	 * the source address.
 	 */
-- 
2.1.0


  parent reply	other threads:[~2020-10-19 12:26 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-19 12:25 [PATCHv4 net-next 00/16] sctp: Implement RFC6951: UDP Encapsulation of SCTP Xin Long
2020-10-19 12:25 ` Xin Long
2020-10-19 12:25 ` [PATCHv4 net-next 01/16] udp: check udp sock encap_type in __udp_lib_err Xin Long
2020-10-19 12:25   ` Xin Long
2020-10-19 12:25   ` [PATCHv4 net-next 02/16] udp6: move the mss check after udp gso tunnel processing Xin Long
2020-10-19 12:25     ` Xin Long
2020-10-19 12:25     ` [PATCHv4 net-next 03/16] udp: support sctp over udp in skb_udp_tunnel_segment Xin Long
2020-10-19 12:25       ` Xin Long
2020-10-19 12:25       ` [PATCHv4 net-next 04/16] sctp: create udp4 sock and add its encap_rcv Xin Long
2020-10-19 12:25         ` Xin Long
2020-10-19 12:25         ` [PATCHv4 net-next 05/16] sctp: create udp6 sock and set " Xin Long
2020-10-19 12:25           ` Xin Long
2020-10-19 12:25           ` [PATCHv4 net-next 06/16] sctp: add encap_err_lookup for udp encap socks Xin Long
2020-10-19 12:25             ` Xin Long
2020-10-19 12:25             ` [PATCHv4 net-next 07/16] sctp: add encap_port for netns sock asoc and transport Xin Long
2020-10-19 12:25               ` Xin Long
2020-10-19 12:25               ` [PATCHv4 net-next 08/16] sctp: add SCTP_REMOTE_UDP_ENCAPS_PORT sockopt Xin Long
2020-10-19 12:25                 ` Xin Long
2020-10-19 12:25                 ` Xin Long [this message]
2020-10-19 12:25                   ` [PATCHv4 net-next 09/16] sctp: allow changing transport encap_port by peer packets Xin Long
2020-10-19 12:25                   ` [PATCHv4 net-next 10/16] sctp: add udphdr to overhead when udp_port is set Xin Long
2020-10-19 12:25                     ` Xin Long
2020-10-19 12:25                     ` [PATCHv4 net-next 11/16] sctp: call sk_setup_caps in sctp_packet_transmit instead Xin Long
2020-10-19 12:25                       ` Xin Long
2020-10-19 12:25                       ` [PATCHv4 net-next 12/16] sctp: support for sending packet over udp4 sock Xin Long
2020-10-19 12:25                         ` Xin Long
2020-10-19 12:25                         ` [PATCHv4 net-next 13/16] sctp: support for sending packet over udp6 sock Xin Long
2020-10-19 12:25                           ` Xin Long
2020-10-19 12:25                           ` [PATCHv4 net-next 14/16] sctp: add the error cause for new encapsulation port restart Xin Long
2020-10-19 12:25                             ` Xin Long
2020-10-19 12:25                             ` [PATCHv4 net-next 15/16] sctp: handle the init chunk matching an existing asoc Xin Long
2020-10-19 12:25                               ` Xin Long
2020-10-19 12:25                               ` [PATCHv4 net-next 16/16] sctp: enable udp tunneling socks Xin Long
2020-10-19 12:25                                 ` Xin Long
2020-10-19 22:15                                 ` Marcelo Ricardo Leitner
2020-10-19 22:15                                   ` Marcelo Ricardo Leitner
2020-10-19 22:29                                   ` Marcelo Ricardo Leitner
2020-10-19 22:29                                     ` Marcelo Ricardo Leitner
2020-10-20  9:12                                   ` Xin Long
2020-10-20  9:12                                     ` Xin Long
2020-10-20 21:11                                     ` Marcelo Ricardo Leitner
2020-10-20 21:11                                       ` Marcelo Ricardo Leitner
2020-10-20 21:15                                       ` Michael Tuexen
2020-10-20 21:15                                         ` Michael Tuexen
2020-10-20 21:23                                         ` Marcelo Ricardo Leitner
2020-10-20 21:23                                           ` Marcelo Ricardo Leitner
2020-10-20 22:08                                           ` David Laight
2020-10-20 22:13                                             ` 'Marcelo Ricardo Leitner'
2020-10-20 22:13                                               ` 'Marcelo Ricardo Leitner'
2020-10-21  4:16                                           ` Xin Long
2020-10-21  9:13                                             ` Michael Tuexen
2020-10-22  3:12                                               ` Xin Long
2020-10-22  8:47                                                 ` David Laight
2020-10-26  5:58                                                   ` Xin Long
2020-10-22 11:38                                                 ` Michael Tuexen
2020-10-19 22:14               ` [PATCHv4 net-next 07/16] sctp: add encap_port for netns sock asoc and transport Marcelo Ricardo Leitner
2020-10-19 22:14                 ` Marcelo Ricardo Leitner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fe0630fd48830058df1bfdd53a9e6b9fbf83b498.1603110316.git.lucien.xin@gmail.com \
    --to=lucien.xin@gmail.com \
    --cc=davem@davemloft.net \
    --cc=gnault@redhat.com \
    --cc=linux-sctp@vger.kernel.org \
    --cc=marcelo.leitner@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    --cc=pabeni@redhat.com \
    --cc=tuexen@fh-muenster.de \
    --cc=willemdebruijn.kernel@gmail.com \
    --subject='Re: [PATCHv4 net-next 09/16] sctp: allow changing transport encap_port by peer packets' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).