netinet

Michael Tuexen Sun, 07 Jul 2013 09:12:07 -0700

Author: tuexen
Date: Sun Jul  7 16:11:13 2013
New Revision: 252964
URL: http://svnweb.freebsd.org/changeset/base/252964


Log:
  MFC r246674:
  Don't send kernel provided information in the User Initiated
  ABORT cause, since the user can also provide this kind of
  information. So the receiver doesn't know who provided the
  information.
  While there: Fix a bug where the stack would send a malformed
  ABORT chunk when using a send() call with SCTP_ABORT|SCT_SENDALL
  flags.

Modified:
  stable/9/sys/netinet/sctp_indata.c
  stable/9/sys/netinet/sctp_output.c
  stable/9/sys/netinet/sctp_pcb.c
  stable/9/sys/netinet/sctp_usrreq.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/netinet/sctp_indata.c
==============================================================================
--- stable/9/sys/netinet/sctp_indata.c  Sun Jul  7 16:08:34 2013        
(r252963)
+++ stable/9/sys/netinet/sctp_indata.c  Sun Jul  7 16:11:13 2013        
(r252964)
@@ -4221,19 +4221,15 @@ again:
                abort_out_now:
                                *abort_now = 1;
                                /* XXX */
-                               oper = sctp_get_mbuf_for_msg((sizeof(struct 
sctp_paramhdr) + sizeof(uint32_t)),
+                               oper = sctp_get_mbuf_for_msg(sizeof(struct 
sctp_paramhdr),
                                    0, M_DONTWAIT, 1, MT_DATA);
                                if (oper) {
                                        struct sctp_paramhdr *ph;
-                                       uint32_t *ippp;
 
-                                       SCTP_BUF_LEN(oper) = sizeof(struct 
sctp_paramhdr) +
-                                           sizeof(uint32_t);
+                                       SCTP_BUF_LEN(oper) = sizeof(struct 
sctp_paramhdr);
                                        ph = mtod(oper, struct sctp_paramhdr *);
                                        ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                        ph->param_length = 
htons(SCTP_BUF_LEN(oper));
-                                       ippp = (uint32_t *) (ph + 1);
-                                       *ippp = htonl(SCTP_FROM_SCTP_INDATA + 
SCTP_LOC_24);
                                }
                                stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
                                sctp_abort_an_association(stcb->sctp_ep, stcb, 
oper, SCTP_SO_NOT_LOCKED);
@@ -4953,19 +4949,15 @@ sctp_handle_sack(struct mbuf *m, int off
                abort_out_now:
                                *abort_now = 1;
                                /* XXX */
-                               oper = sctp_get_mbuf_for_msg((sizeof(struct 
sctp_paramhdr) + sizeof(uint32_t)),
+                               oper = sctp_get_mbuf_for_msg(sizeof(struct 
sctp_paramhdr),
                                    0, M_DONTWAIT, 1, MT_DATA);
                                if (oper) {
                                        struct sctp_paramhdr *ph;
-                                       uint32_t *ippp;
 
-                                       SCTP_BUF_LEN(oper) = sizeof(struct 
sctp_paramhdr) +
-                                           sizeof(uint32_t);
+                                       SCTP_BUF_LEN(oper) = sizeof(struct 
sctp_paramhdr);
                                        ph = mtod(oper, struct sctp_paramhdr *);
                                        ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                        ph->param_length = 
htons(SCTP_BUF_LEN(oper));
-                                       ippp = (uint32_t *) (ph + 1);
-                                       *ippp = htonl(SCTP_FROM_SCTP_INDATA + 
SCTP_LOC_31);
                                }
                                stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
                                sctp_abort_an_association(stcb->sctp_ep, stcb, 
oper, SCTP_SO_NOT_LOCKED);

Modified: stable/9/sys/netinet/sctp_output.c
==============================================================================
--- stable/9/sys/netinet/sctp_output.c  Sun Jul  7 16:08:34 2013        
(r252963)
+++ stable/9/sys/netinet/sctp_output.c  Sun Jul  7 16:11:13 2013        
(r252964)
@@ -6442,7 +6442,7 @@ sctp_sendall_iterator(struct sctp_inpcb 
                        if (m) {
                                ph = mtod(m, struct sctp_paramhdr *);
                                ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
-                               ph->param_length = htons(ca->sndlen);
+                               ph->param_length = htons(sizeof(struct 
sctp_paramhdr) + ca->sndlen);
                        }
                        /*
                         * We add one here to keep the assoc from
@@ -12498,7 +12498,7 @@ sctp_lower_sosend(struct socket *so,
                        /* now move forward the data pointer */
                        ph = mtod(mm, struct sctp_paramhdr *);
                        ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
-                       ph->param_length = htons((sizeof(struct sctp_paramhdr) 
+ tot_out));
+                       ph->param_length = htons(sizeof(struct sctp_paramhdr) + 
tot_out);
                        ph++;
                        SCTP_BUF_LEN(mm) = tot_out + sizeof(struct 
sctp_paramhdr);
                        if (top == NULL) {

Modified: stable/9/sys/netinet/sctp_pcb.c
==============================================================================
--- stable/9/sys/netinet/sctp_pcb.c     Sun Jul  7 16:08:34 2013        
(r252963)
+++ stable/9/sys/netinet/sctp_pcb.c     Sun Jul  7 16:11:13 2013        
(r252964)
@@ -3308,22 +3308,16 @@ sctp_inpcb_free(struct sctp_inpcb *inp, 
                                /* Left with Data unread */
                                struct mbuf *op_err;
 
-                               op_err = sctp_get_mbuf_for_msg((sizeof(struct 
sctp_paramhdr) + sizeof(uint32_t)),
+                               op_err = sctp_get_mbuf_for_msg(sizeof(struct 
sctp_paramhdr),
                                    0, M_DONTWAIT, 1, MT_DATA);
                                if (op_err) {
                                        /* Fill in the user initiated abort */
                                        struct sctp_paramhdr *ph;
-                                       uint32_t *ippp;
 
-                                       SCTP_BUF_LEN(op_err) =
-                                           sizeof(struct sctp_paramhdr) + 
sizeof(uint32_t);
-                                       ph = mtod(op_err,
-                                           struct sctp_paramhdr *);
-                                       ph->param_type = htons(
-                                           SCTP_CAUSE_USER_INITIATED_ABT);
+                                       SCTP_BUF_LEN(op_err) = sizeof(struct 
sctp_paramhdr);
+                                       ph = mtod(op_err, struct sctp_paramhdr 
*);
+                                       ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                        ph->param_length = 
htons(SCTP_BUF_LEN(op_err));
-                                       ippp = (uint32_t *) (ph + 1);
-                                       *ippp = htonl(SCTP_FROM_SCTP_PCB + 
SCTP_LOC_3);
                                }
                                asoc->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_PCB + SCTP_LOC_3;
                                sctp_send_abort_tcb(asoc, op_err, 
SCTP_SO_LOCKED);
@@ -3395,7 +3389,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp, 
                                        struct mbuf *op_err;
 
                        abort_anyway:
-                                       op_err = 
sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
+                                       op_err = 
sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
                                            0, M_DONTWAIT, 1, MT_DATA);
                                        if (op_err) {
                                                /*
@@ -3403,18 +3397,11 @@ sctp_inpcb_free(struct sctp_inpcb *inp, 
                                                 * initiated abort
                                                 */
                                                struct sctp_paramhdr *ph;
-                                               uint32_t *ippp;
 
-                                               SCTP_BUF_LEN(op_err) =
-                                                   (sizeof(struct 
sctp_paramhdr) +
-                                                   sizeof(uint32_t));
-                                               ph = mtod(op_err,
-                                                   struct sctp_paramhdr *);
-                                               ph->param_type = htons(
-                                                   
SCTP_CAUSE_USER_INITIATED_ABT);
+                                               SCTP_BUF_LEN(op_err) = 
sizeof(struct sctp_paramhdr);
+                                               ph = mtod(op_err, struct 
sctp_paramhdr *);
+                                               ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                                ph->param_length = 
htons(SCTP_BUF_LEN(op_err));
-                                               ippp = (uint32_t *) (ph + 1);
-                                               *ippp = 
htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_5);
                                        }
                                        asoc->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_PCB + SCTP_LOC_5;
                                        sctp_send_abort_tcb(asoc, op_err, 
SCTP_SO_LOCKED);
@@ -3478,23 +3465,17 @@ sctp_inpcb_free(struct sctp_inpcb *inp, 
                if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) &&
                    ((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
                        struct mbuf *op_err;
-                       uint32_t *ippp;
 
-                       op_err = sctp_get_mbuf_for_msg((sizeof(struct 
sctp_paramhdr) + sizeof(uint32_t)),
+                       op_err = sctp_get_mbuf_for_msg(sizeof(struct 
sctp_paramhdr),
                            0, M_DONTWAIT, 1, MT_DATA);
                        if (op_err) {
                                /* Fill in the user initiated abort */
                                struct sctp_paramhdr *ph;
 
-                               SCTP_BUF_LEN(op_err) = (sizeof(struct 
sctp_paramhdr) +
-                                   sizeof(uint32_t));
+                               SCTP_BUF_LEN(op_err) = sizeof(struct 
sctp_paramhdr);
                                ph = mtod(op_err, struct sctp_paramhdr *);
-                               ph->param_type = htons(
-                                   SCTP_CAUSE_USER_INITIATED_ABT);
+                               ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                ph->param_length = htons(SCTP_BUF_LEN(op_err));
-                               ippp = (uint32_t *) (ph + 1);
-                               *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_7);
-
                        }
                        asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB + 
SCTP_LOC_7;
                        sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);

Modified: stable/9/sys/netinet/sctp_usrreq.c
==============================================================================
--- stable/9/sys/netinet/sctp_usrreq.c  Sun Jul  7 16:08:34 2013        
(r252963)
+++ stable/9/sys/netinet/sctp_usrreq.c  Sun Jul  7 16:11:13 2013        
(r252964)
@@ -854,7 +854,7 @@ sctp_disconnect(struct socket *so)
                                        struct mbuf *op_err;
 
                        abort_anyway:
-                                       op_err = 
sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
+                                       op_err = 
sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
                                            0, M_DONTWAIT, 1, MT_DATA);
                                        if (op_err) {
                                                /*
@@ -862,17 +862,11 @@ sctp_disconnect(struct socket *so)
                                                 * initiated abort
                                                 */
                                                struct sctp_paramhdr *ph;
-                                               uint32_t *ippp;
 
-                                               SCTP_BUF_LEN(op_err) =
-                                                   (sizeof(struct 
sctp_paramhdr) + sizeof(uint32_t));
-                                               ph = mtod(op_err,
-                                                   struct sctp_paramhdr *);
-                                               ph->param_type = htons(
-                                                   
SCTP_CAUSE_USER_INITIATED_ABT);
+                                               SCTP_BUF_LEN(op_err) = 
sizeof(struct sctp_paramhdr);
+                                               ph = mtod(op_err, struct 
sctp_paramhdr *);
+                                               ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                                ph->param_length = 
htons(SCTP_BUF_LEN(op_err));
-                                               ippp = (uint32_t *) (ph + 1);
-                                               *ippp = 
htonl(SCTP_FROM_SCTP_USRREQ + SCTP_LOC_4);
                                        }
                                        stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_USRREQ + SCTP_LOC_4;
                                        sctp_send_abort_tcb(stcb, op_err, 
SCTP_SO_LOCKED);
@@ -1069,22 +1063,16 @@ sctp_shutdown(struct socket *so)
                                struct mbuf *op_err;
 
                abort_anyway:
-                               op_err = sctp_get_mbuf_for_msg((sizeof(struct 
sctp_paramhdr) + sizeof(uint32_t)),
+                               op_err = sctp_get_mbuf_for_msg(sizeof(struct 
sctp_paramhdr),
                                    0, M_DONTWAIT, 1, MT_DATA);
                                if (op_err) {
                                        /* Fill in the user initiated abort */
                                        struct sctp_paramhdr *ph;
-                                       uint32_t *ippp;
 
-                                       SCTP_BUF_LEN(op_err) =
-                                           sizeof(struct sctp_paramhdr) + 
sizeof(uint32_t);
-                                       ph = mtod(op_err,
-                                           struct sctp_paramhdr *);
-                                       ph->param_type = htons(
-                                           SCTP_CAUSE_USER_INITIATED_ABT);
+                                       SCTP_BUF_LEN(op_err) = sizeof(struct 
sctp_paramhdr);
+                                       ph = mtod(op_err, struct sctp_paramhdr 
*);
+                                       ph->param_type = 
htons(SCTP_CAUSE_USER_INITIATED_ABT);
                                        ph->param_length = 
htons(SCTP_BUF_LEN(op_err));
-                                       ippp = (uint32_t *) (ph + 1);
-                                       *ippp = htonl(SCTP_FROM_SCTP_USRREQ + 
SCTP_LOC_6);
                                }
                                stcb->sctp_ep->last_abort_code = 
SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6;
                                sctp_abort_an_association(stcb->sctp_ep, stcb,
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "[email protected]"

svn commit: r252964 - stable/9/sys/netinet

Reply via email to