Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 19 Apr 2014 19:21:06 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r264679 - head/sys/netinet
Message-ID:  <201404191921.s3JJL6L2003512@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tuexen
Date: Sat Apr 19 19:21:06 2014
New Revision: 264679
URL: http://svnweb.freebsd.org/changeset/base/264679

Log:
  Send the correct error cause, when a DATA chunk with no user data
  is received. This bug was reported by Irene Ruengeler.
  
  MFC after: 3 days

Modified:
  head/sys/netinet/sctp.h
  head/sys/netinet/sctp_indata.c
  head/sys/netinet/sctputil.c
  head/sys/netinet/sctputil.h

Modified: head/sys/netinet/sctp.h
==============================================================================
--- head/sys/netinet/sctp.h	Sat Apr 19 19:08:08 2014	(r264678)
+++ head/sys/netinet/sctp.h	Sat Apr 19 19:21:06 2014	(r264679)
@@ -408,6 +408,11 @@ struct sctp_error_unrecognized_chunk {
 	struct sctp_chunkhdr ch;/* header from chunk in error */
 }                             SCTP_PACKED;
 
+struct sctp_error_no_user_data {
+	struct sctp_error_cause cause;	/* code=SCTP_CAUSE_NO_USER_DATA */
+	uint32_t tsn;		/* TSN of the empty data chunk */
+}                       SCTP_PACKED;
+
 /*
  * Main SCTP chunk types we place these here so natd and f/w's in user land
  * can find them.

Modified: head/sys/netinet/sctp_indata.c
==============================================================================
--- head/sys/netinet/sctp_indata.c	Sat Apr 19 19:08:08 2014	(r264678)
+++ head/sys/netinet/sctp_indata.c	Sat Apr 19 19:21:06 2014	(r264679)
@@ -2323,7 +2323,7 @@ sctp_process_data(struct mbuf **mm, int 
 			continue;
 		}
 		if (ch->ch.chunk_type == SCTP_DATA) {
-			if ((size_t)chk_length < sizeof(struct sctp_data_chunk) + 1) {
+			if ((size_t)chk_length < sizeof(struct sctp_data_chunk)) {
 				/*
 				 * Need to send an abort since we had a
 				 * invalid data chunk.
@@ -2341,6 +2341,21 @@ sctp_process_data(struct mbuf **mm, int 
 				    vrf_id, port);
 				return (2);
 			}
+			if ((size_t)chk_length == sizeof(struct sctp_data_chunk)) {
+				/*
+				 * Need to send an abort since we had an
+				 * empty data chunk.
+				 */
+				struct mbuf *op_err;
+
+				op_err = sctp_generate_no_user_data_cause(ch->dp.tsn);
+				stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_19;
+				sctp_abort_association(inp, stcb, m, iphlen,
+				    src, dst, sh, op_err,
+				    use_mflowid, mflowid,
+				    vrf_id, port);
+				return (2);
+			}
 #ifdef SCTP_AUDITING_ENABLED
 			sctp_audit_log(0xB1, 0);
 #endif

Modified: head/sys/netinet/sctputil.c
==============================================================================
--- head/sys/netinet/sctputil.c	Sat Apr 19 19:08:08 2014	(r264678)
+++ head/sys/netinet/sctputil.c	Sat Apr 19 19:21:06 2014	(r264679)
@@ -4654,6 +4654,25 @@ sctp_generate_cause(uint16_t code, char 
 	return (m);
 }
 
+struct mbuf *
+sctp_generate_no_user_data_cause(uint32_t tsn)
+{
+	struct mbuf *m;
+	struct sctp_error_no_user_data *no_user_data_cause;
+	size_t len;
+
+	len = sizeof(struct sctp_error_no_user_data);
+	m = sctp_get_mbuf_for_msg(len, 0, M_NOWAIT, 1, MT_DATA);
+	if (m != NULL) {
+		SCTP_BUF_LEN(m) = len;
+		no_user_data_cause = mtod(m, struct sctp_error_no_user_data *);
+		no_user_data_cause->cause.code = htons(SCTP_CAUSE_NO_USER_DATA);
+		no_user_data_cause->cause.length = htons((uint16_t) len);
+		no_user_data_cause->tsn = tsn;	/* tsn is passed in as NBO */
+	}
+	return (m);
+}
+
 #ifdef SCTP_MBCNT_LOGGING
 void
 sctp_free_bufspace(struct sctp_tcb *stcb, struct sctp_association *asoc,

Modified: head/sys/netinet/sctputil.h
==============================================================================
--- head/sys/netinet/sctputil.h	Sat Apr 19 19:08:08 2014	(r264678)
+++ head/sys/netinet/sctputil.h	Sat Apr 19 19:21:06 2014	(r264679)
@@ -254,6 +254,7 @@ sctp_release_pr_sctp_chunk(struct sctp_t
 );
 
 struct mbuf *sctp_generate_cause(uint16_t, char *);
+struct mbuf *sctp_generate_no_user_data_cause(uint32_t);
 
 void 
 sctp_bindx_add_address(struct socket *so, struct sctp_inpcb *inp,



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404191921.s3JJL6L2003512>