diff options
author | Marco Varlese <marco.varlese@suse.com> | 2018-02-27 09:38:31 +0100 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2018-02-28 05:54:43 +0000 |
commit | 8c5f67f2b883ad9dcb489ab0eb16e1acbe478926 (patch) | |
tree | 6fe63e6814e812f79b07950e29ef8a425b579b88 /src/vnet | |
parent | ac0932d26c17b8d82af1a7d033e1abdccb6f7209 (diff) |
SCTP: handle COOKIE while in SHUTDOWN phase
This patch address the requirement to handle a COOKIE chunk whilst in
SHUTDOWN phase. The COOKIE shouldn't just be dropped but an OPERATION
ERROR chunk shall be sent to the peer to inform about the current
situation.
Change-Id: I1a47652402d49cfee3b0c810304d7902f3a62f40
Signed-off-by: Marco Varlese <marco.varlese@suse.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/sctp/sctp.h | 4 | ||||
-rw-r--r-- | src/vnet/sctp/sctp_input.c | 29 | ||||
-rw-r--r-- | src/vnet/sctp/sctp_output.c | 27 |
3 files changed, 40 insertions, 20 deletions
diff --git a/src/vnet/sctp/sctp.h b/src/vnet/sctp/sctp.h index de5eb8f6685..815ca172adb 100644 --- a/src/vnet/sctp/sctp.h +++ b/src/vnet/sctp/sctp.h @@ -292,7 +292,9 @@ void sctp_prepare_abort_for_collision (sctp_connection_t * sctp_conn, u8 idx, vlib_buffer_t * b, ip4_address_t * ip4_addr, ip6_address_t * ip6_addr); - +void +sctp_prepare_operation_error (sctp_connection_t * sctp_conn, u8 idx, + vlib_buffer_t * b, u8 err_cause); void sctp_prepare_cookie_echo_chunk (sctp_connection_t * sctp_conn, u8 idx, vlib_buffer_t * b, sctp_state_cookie_param_t * sc); diff --git a/src/vnet/sctp/sctp_input.c b/src/vnet/sctp/sctp_input.c index 1863c89ef45..46a2100cc07 100644 --- a/src/vnet/sctp/sctp_input.c +++ b/src/vnet/sctp/sctp_input.c @@ -295,7 +295,8 @@ sctp_handle_operation_err (sctp_header_t * sctp_hdr, return SCTP_ERROR_INVALID_TAG; } - if (op_err->err_causes[0].cause_info == STALE_COOKIE_ERROR) + if (clib_net_to_host_u16 (op_err->err_causes[0].param_hdr.type) == + STALE_COOKIE_ERROR) { if (sctp_conn->state != SCTP_STATE_COOKIE_ECHOED) *next0 = sctp_next_drop (sctp_conn->sub_conn[idx].c_is_ip4); @@ -1350,6 +1351,12 @@ sctp46_shutdown_phase_inline (vlib_main_t * vm, &next0); break; + case COOKIE_ECHO: /* Cookie Received While Shutting Down */ + sctp_prepare_operation_error (sctp_conn, idx, b0, + COOKIE_RECEIVED_WHILE_SHUTTING_DOWN); + error0 = SCTP_ERROR_NONE; + next0 = sctp_next_output (is_ip4); + break; /* All UNEXPECTED scenarios (wrong chunk received per state-machine) * are handled by the input-dispatcher function using the table-lookup * hence we should never get to the "default" case below. @@ -2132,9 +2139,13 @@ sctp46_input_dispatcher (vlib_main_t * vm, vlib_node_runtime_t * node, if (chunk_type >= UNKNOWN) { clib_warning - ("Received an unrecognized chunk... something is really bad."); + ("Received an unrecognized chunk; sending back OPERATION_ERROR chunk"); + + sctp_prepare_operation_error (sctp_conn, MAIN_SCTP_SUB_CONN_IDX, + b0, UNRECOGNIZED_CHUNK_TYPE); + error0 = SCTP_ERROR_UNKOWN_CHUNK; - next0 = SCTP_INPUT_NEXT_DROP; + next0 = sctp_next_output (is_ip4); goto done; } @@ -2387,7 +2398,8 @@ do { \ SCTP_ERROR_NONE); _(SHUTDOWN_PENDING, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ _(SHUTDOWN_PENDING, OPERATION_ERROR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_OPERATION_ERROR_VIOLATION); /* UNEXPECTED OPERATION_ERROR chunk */ - _(SHUTDOWN_PENDING, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_PENDING, COOKIE_ECHO, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); _(SHUTDOWN_PENDING, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ _(SHUTDOWN_PENDING, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ _(SHUTDOWN_PENDING, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ @@ -2405,7 +2417,8 @@ do { \ _(SHUTDOWN_SENT, SHUTDOWN, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); _(SHUTDOWN_SENT, SHUTDOWN_ACK, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); - _(SHUTDOWN_SENT, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_SENT, COOKIE_ECHO, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); _(SHUTDOWN_SENT, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ _(SHUTDOWN_SENT, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ _(SHUTDOWN_SENT, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ @@ -2423,7 +2436,8 @@ do { \ _(SHUTDOWN_RECEIVED, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ _(SHUTDOWN_RECEIVED, SHUTDOWN_ACK, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, SCTP_ERROR_NONE); - _(SHUTDOWN_RECEIVED, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_RECEIVED, COOKIE_ECHO, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); _(SHUTDOWN_RECEIVED, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ _(SHUTDOWN_RECEIVED, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ _(SHUTDOWN_RECEIVED, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ @@ -2440,7 +2454,8 @@ do { \ _(SHUTDOWN_ACK_SENT, ABORT, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ABORT_CHUNK_VIOLATION); /* UNEXPECTED ABORT chunk */ _(SHUTDOWN_ACK_SENT, SHUTDOWN, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN chunk */ _(SHUTDOWN_ACK_SENT, SHUTDOWN_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_SHUTDOWN_ACK_CHUNK_VIOLATION); /* UNEXPECTED SHUTDOWN_ACK chunk */ - _(SHUTDOWN_ACK_SENT, COOKIE_ECHO, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_COOKIE_ECHO_VIOLATION); /* UNEXPECTED COOKIE_ECHO chunk */ + _(SHUTDOWN_ACK_SENT, COOKIE_ECHO, SCTP_INPUT_NEXT_SHUTDOWN_PHASE, + SCTP_ERROR_NONE); _(SHUTDOWN_ACK_SENT, COOKIE_ACK, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ACK_DUP); /* UNEXPECTED COOKIE_ACK chunk */ _(SHUTDOWN_ACK_SENT, ECNE, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_ECNE_VIOLATION); /* UNEXPECTED ECNE chunk */ _(SHUTDOWN_ACK_SENT, CWR, SCTP_INPUT_NEXT_DROP, SCTP_ERROR_CWR_VIOLATION); /* UNEXPECTED CWR chunk */ diff --git a/src/vnet/sctp/sctp_output.c b/src/vnet/sctp/sctp_output.c index b7351275486..0c2fee1bb69 100644 --- a/src/vnet/sctp/sctp_output.c +++ b/src/vnet/sctp/sctp_output.c @@ -589,24 +589,23 @@ sctp_prepare_cookie_echo_chunk (sctp_connection_t * sctp_conn, u8 idx, } /** - * Convert buffer to ABORT + * Convert buffer to ERROR */ -/* void sctp_prepare_operation_error (sctp_connection_t * sctp_conn, u8 idx, - vlib_buffer_t * b, ip4_address_t * ip4_addr, - ip6_address_t * ip6_addr) + vlib_buffer_t * b, u8 err_cause) { vlib_main_t *vm = vlib_get_main (); sctp_reuse_buffer (vm, b); - // The minimum size of the message is given by the sctp_operation_error_t - u16 alloc_bytes = sizeof (sctp_operation_error_t); + /* The minimum size of the message is given by the sctp_operation_error_t */ + u16 alloc_bytes = + sizeof (sctp_operation_error_t) + sizeof (sctp_err_cause_param_t); - // As per RFC 4960 the chunk_length value does NOT contemplate - // the size of the first header (see sctp_header_t) and any padding - // + /* As per RFC 4960 the chunk_length value does NOT contemplate + * the size of the first header (see sctp_header_t) and any padding + */ u16 chunk_len = alloc_bytes - sizeof (sctp_header_t); alloc_bytes += vnet_sctp_calculate_padding (alloc_bytes); @@ -614,13 +613,18 @@ sctp_prepare_operation_error (sctp_connection_t * sctp_conn, u8 idx, sctp_operation_error_t *err_chunk = vlib_buffer_push_uninit (b, alloc_bytes); - // src_port & dst_port are already in network byte-order + /* src_port & dst_port are already in network byte-order */ err_chunk->sctp_hdr.checksum = 0; err_chunk->sctp_hdr.src_port = sctp_conn->sub_conn[idx].connection.lcl_port; err_chunk->sctp_hdr.dst_port = sctp_conn->sub_conn[idx].connection.rmt_port; - // As per RFC4960 Section 5.2.2: copy the INITIATE_TAG into the VERIFICATION_TAG of the ABORT chunk + /* As per RFC4960 Section 5.2.2: copy the INITIATE_TAG into the VERIFICATION_TAG of the ABORT chunk */ err_chunk->sctp_hdr.verification_tag = sctp_conn->local_tag; + err_chunk->err_causes[0].param_hdr.length = + clib_host_to_net_u16 (sizeof (err_chunk->err_causes[0].param_hdr.type) + + sizeof (err_chunk->err_causes[0].param_hdr.length)); + err_chunk->err_causes[0].param_hdr.type = clib_host_to_net_u16 (err_cause); + vnet_sctp_set_chunk_type (&err_chunk->chunk_hdr, OPERATION_ERROR); vnet_sctp_set_chunk_length (&err_chunk->chunk_hdr, chunk_len); @@ -628,7 +632,6 @@ sctp_prepare_operation_error (sctp_connection_t * sctp_conn, u8 idx, sctp_conn->sub_conn[idx].connection.c_index; vnet_buffer (b)->sctp.subconn_idx = idx; } -*/ /** * Convert buffer to ABORT |