linux-sctp.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	Neil Horman <nhorman@tuxdriver.com>,
	Michael Tuexen <tuexen@fh-muenster.de>,
	davem@davemloft.net, gnault@redhat.com, pabeni@redhat.com,
	willemdebruijn.kernel@gmail.com
Subject: [PATCHv4 net-next 06/16] sctp: add encap_err_lookup for udp encap socks
Date: Mon, 19 Oct 2020 12:25:23 +0000	[thread overview]
Message-ID: <7cfd72e42b8b1cde268ad4062c96c08a56c4b14f.1603110316.git.lucien.xin@gmail.com> (raw)
In-Reply-To: <7a2f5792c1a428c16962fff08b7bcfedc21bd5e2.1603110316.git.lucien.xin@gmail.com>

As it says in rfc6951#section-5.5:

  "When receiving ICMP or ICMPv6 response packets, there might not be
   enough bytes in the payload to identify the SCTP association that the
   SCTP packet triggering the ICMP or ICMPv6 packet belongs to.  If a
   received ICMP or ICMPv6 packet cannot be related to a specific SCTP
   association or the verification tag cannot be verified, it MUST be
   discarded silently.  In particular, this means that the SCTP stack
   MUST NOT rely on receiving ICMP or ICMPv6 messages.  Implementation
   constraints could prevent processing received ICMP or ICMPv6
   messages."

ICMP or ICMPv6 packets need to be handled, and this is implemented by
udp encap sock .encap_err_lookup function.

The .encap_err_lookup function is called in __udp(6)_lib_err_encap()
to confirm this path does need to be updated. For sctp, what we can
do here is check if the corresponding asoc and transport exist.

Note that icmp packet process for sctp over udp is done by udp sock
.encap_err_lookup(), and it means for now we can't do as much as
sctp_v4/6_err() does. Also we can't do the two mappings mentioned
in rfc6951#section-5.5.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/sctp/protocol.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index e1501e7..aa8e5b2 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -848,6 +848,23 @@ static int sctp_udp_rcv(struct sock *sk, struct sk_buff *skb)
 	return 0;
 }
 
+static int sctp_udp_err_lookup(struct sock *sk, struct sk_buff *skb)
+{
+	struct sctp_association *asoc;
+	struct sctp_transport *t;
+	int family;
+
+	skb->transport_header += sizeof(struct udphdr);
+	family = (ip_hdr(skb)->version = 4) ? AF_INET : AF_INET6;
+	sk = sctp_err_lookup(dev_net(skb->dev), family, skb, sctp_hdr(skb),
+			     &asoc, &t);
+	if (!sk)
+		return -ENOENT;
+
+	sctp_err_finish(sk, t);
+	return 0;
+}
+
 int sctp_udp_sock_start(struct net *net)
 {
 	struct udp_tunnel_sock_cfg tuncfg = {NULL};
@@ -866,6 +883,7 @@ int sctp_udp_sock_start(struct net *net)
 
 	tuncfg.encap_type = 1;
 	tuncfg.encap_rcv = sctp_udp_rcv;
+	tuncfg.encap_err_lookup = sctp_udp_err_lookup;
 	setup_udp_tunnel_sock(net, sock, &tuncfg);
 	net->sctp.udp4_sock = sock->sk;
 
@@ -887,6 +905,7 @@ int sctp_udp_sock_start(struct net *net)
 
 	tuncfg.encap_type = 1;
 	tuncfg.encap_rcv = sctp_udp_rcv;
+	tuncfg.encap_err_lookup = sctp_udp_err_lookup;
 	setup_udp_tunnel_sock(net, sock, &tuncfg);
 	net->sctp.udp6_sock = sock->sk;
 #endif
-- 
2.1.0

WARNING: multiple messages have this Message-ID
From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>, linux-sctp@vger.kernel.org
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
	Neil Horman <nhorman@tuxdriver.com>,
	Michael Tuexen <tuexen@fh-muenster.de>,
	davem@davemloft.net, gnault@redhat.com, pabeni@redhat.com,
	willemdebruijn.kernel@gmail.com
Subject: [PATCHv4 net-next 06/16] sctp: add encap_err_lookup for udp encap socks
Date: Mon, 19 Oct 2020 20:25:23 +0800	[thread overview]
Message-ID: <7cfd72e42b8b1cde268ad4062c96c08a56c4b14f.1603110316.git.lucien.xin@gmail.com> (raw)
Message-ID: <20201019122523.kBbnSf3C9xhRRzhnABp7I5_YWwLlf0eMoPUkzEk_pqY@z> (raw)
In-Reply-To: <7a2f5792c1a428c16962fff08b7bcfedc21bd5e2.1603110316.git.lucien.xin@gmail.com>
In-Reply-To: <cover.1603110316.git.lucien.xin@gmail.com>

As it says in rfc6951#section-5.5:

  "When receiving ICMP or ICMPv6 response packets, there might not be
   enough bytes in the payload to identify the SCTP association that the
   SCTP packet triggering the ICMP or ICMPv6 packet belongs to.  If a
   received ICMP or ICMPv6 packet cannot be related to a specific SCTP
   association or the verification tag cannot be verified, it MUST be
   discarded silently.  In particular, this means that the SCTP stack
   MUST NOT rely on receiving ICMP or ICMPv6 messages.  Implementation
   constraints could prevent processing received ICMP or ICMPv6
   messages."

ICMP or ICMPv6 packets need to be handled, and this is implemented by
udp encap sock .encap_err_lookup function.

The .encap_err_lookup function is called in __udp(6)_lib_err_encap()
to confirm this path does need to be updated. For sctp, what we can
do here is check if the corresponding asoc and transport exist.

Note that icmp packet process for sctp over udp is done by udp sock
.encap_err_lookup(), and it means for now we can't do as much as
sctp_v4/6_err() does. Also we can't do the two mappings mentioned
in rfc6951#section-5.5.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/sctp/protocol.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index e1501e7..aa8e5b2 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -848,6 +848,23 @@ static int sctp_udp_rcv(struct sock *sk, struct sk_buff *skb)
 	return 0;
 }
 
+static int sctp_udp_err_lookup(struct sock *sk, struct sk_buff *skb)
+{
+	struct sctp_association *asoc;
+	struct sctp_transport *t;
+	int family;
+
+	skb->transport_header += sizeof(struct udphdr);
+	family = (ip_hdr(skb)->version == 4) ? AF_INET : AF_INET6;
+	sk = sctp_err_lookup(dev_net(skb->dev), family, skb, sctp_hdr(skb),
+			     &asoc, &t);
+	if (!sk)
+		return -ENOENT;
+
+	sctp_err_finish(sk, t);
+	return 0;
+}
+
 int sctp_udp_sock_start(struct net *net)
 {
 	struct udp_tunnel_sock_cfg tuncfg = {NULL};
@@ -866,6 +883,7 @@ int sctp_udp_sock_start(struct net *net)
 
 	tuncfg.encap_type = 1;
 	tuncfg.encap_rcv = sctp_udp_rcv;
+	tuncfg.encap_err_lookup = sctp_udp_err_lookup;
 	setup_udp_tunnel_sock(net, sock, &tuncfg);
 	net->sctp.udp4_sock = sock->sk;
 
@@ -887,6 +905,7 @@ int sctp_udp_sock_start(struct net *net)
 
 	tuncfg.encap_type = 1;
 	tuncfg.encap_rcv = sctp_udp_rcv;
+	tuncfg.encap_err_lookup = sctp_udp_err_lookup;
 	setup_udp_tunnel_sock(net, sock, &tuncfg);
 	net->sctp.udp6_sock = sock->sk;
 #endif
-- 
2.1.0


  parent reply	other threads:[~2020-10-19 12:25 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-19 12:25 [PATCHv4 net-next 00/16] sctp: Implement RFC6951: UDP Encapsulation of SCTP Xin Long
2020-10-19 12:25 ` Xin Long
2020-10-19 12:25 ` [PATCHv4 net-next 01/16] udp: check udp sock encap_type in __udp_lib_err Xin Long
2020-10-19 12:25   ` Xin Long
2020-10-19 12:25   ` [PATCHv4 net-next 02/16] udp6: move the mss check after udp gso tunnel processing Xin Long
2020-10-19 12:25     ` Xin Long
2020-10-19 12:25     ` [PATCHv4 net-next 03/16] udp: support sctp over udp in skb_udp_tunnel_segment Xin Long
2020-10-19 12:25       ` Xin Long
2020-10-19 12:25       ` [PATCHv4 net-next 04/16] sctp: create udp4 sock and add its encap_rcv Xin Long
2020-10-19 12:25         ` Xin Long
2020-10-19 12:25         ` [PATCHv4 net-next 05/16] sctp: create udp6 sock and set " Xin Long
2020-10-19 12:25           ` Xin Long
2020-10-19 12:25           ` Xin Long [this message]
2020-10-19 12:25             ` [PATCHv4 net-next 06/16] sctp: add encap_err_lookup for udp encap socks Xin Long
2020-10-19 12:25             ` [PATCHv4 net-next 07/16] sctp: add encap_port for netns sock asoc and transport Xin Long
2020-10-19 12:25               ` Xin Long
2020-10-19 12:25               ` [PATCHv4 net-next 08/16] sctp: add SCTP_REMOTE_UDP_ENCAPS_PORT sockopt Xin Long
2020-10-19 12:25                 ` Xin Long
2020-10-19 12:25                 ` [PATCHv4 net-next 09/16] sctp: allow changing transport encap_port by peer packets Xin Long
2020-10-19 12:25                   ` Xin Long
2020-10-19 12:25                   ` [PATCHv4 net-next 10/16] sctp: add udphdr to overhead when udp_port is set Xin Long
2020-10-19 12:25                     ` Xin Long
2020-10-19 12:25                     ` [PATCHv4 net-next 11/16] sctp: call sk_setup_caps in sctp_packet_transmit instead Xin Long
2020-10-19 12:25                       ` Xin Long
2020-10-19 12:25                       ` [PATCHv4 net-next 12/16] sctp: support for sending packet over udp4 sock Xin Long
2020-10-19 12:25                         ` Xin Long
2020-10-19 12:25                         ` [PATCHv4 net-next 13/16] sctp: support for sending packet over udp6 sock Xin Long
2020-10-19 12:25                           ` Xin Long
2020-10-19 12:25                           ` [PATCHv4 net-next 14/16] sctp: add the error cause for new encapsulation port restart Xin Long
2020-10-19 12:25                             ` Xin Long
2020-10-19 12:25                             ` [PATCHv4 net-next 15/16] sctp: handle the init chunk matching an existing asoc Xin Long
2020-10-19 12:25                               ` Xin Long
2020-10-19 12:25                               ` [PATCHv4 net-next 16/16] sctp: enable udp tunneling socks Xin Long
2020-10-19 12:25                                 ` Xin Long
2020-10-19 22:15                                 ` Marcelo Ricardo Leitner
2020-10-19 22:15                                   ` Marcelo Ricardo Leitner
2020-10-19 22:29                                   ` Marcelo Ricardo Leitner
2020-10-19 22:29                                     ` Marcelo Ricardo Leitner
2020-10-20  9:12                                   ` Xin Long
2020-10-20  9:12                                     ` Xin Long
2020-10-20 21:11                                     ` Marcelo Ricardo Leitner
2020-10-20 21:11                                       ` Marcelo Ricardo Leitner
2020-10-20 21:15                                       ` Michael Tuexen
2020-10-20 21:15                                         ` Michael Tuexen
2020-10-20 21:23                                         ` Marcelo Ricardo Leitner
2020-10-20 21:23                                           ` Marcelo Ricardo Leitner
2020-10-20 22:08                                           ` David Laight
2020-10-20 22:13                                             ` 'Marcelo Ricardo Leitner'
2020-10-20 22:13                                               ` 'Marcelo Ricardo Leitner'
2020-10-21  4:16                                           ` Xin Long
2020-10-21  9:13                                             ` Michael Tuexen
2020-10-22  3:12                                               ` Xin Long
2020-10-22  8:47                                                 ` David Laight
2020-10-26  5:58                                                   ` Xin Long
2020-10-22 11:38                                                 ` Michael Tuexen
2020-10-19 22:14               ` [PATCHv4 net-next 07/16] sctp: add encap_port for netns sock asoc and transport Marcelo Ricardo Leitner
2020-10-19 22:14                 ` Marcelo Ricardo Leitner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7cfd72e42b8b1cde268ad4062c96c08a56c4b14f.1603110316.git.lucien.xin@gmail.com \
    --to=lucien.xin@gmail.com \
    --cc=davem@davemloft.net \
    --cc=gnault@redhat.com \
    --cc=linux-sctp@vger.kernel.org \
    --cc=marcelo.leitner@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    --cc=pabeni@redhat.com \
    --cc=tuexen@fh-muenster.de \
    --cc=willemdebruijn.kernel@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).