On Wed, Mar 14, 2018 at 07:05:34PM +0800, Xin Long wrote:
> This patch is to add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT,
> as described in section 6.1.8 of RFC6458.
>
> SCTP_AUTH_NO_AUTH: This report indicates that the peer does not
> support SCTP authentication as defined in [RFC4895].
>
> Note that the implementation is quite similar as that of
> SCTP_ADAPTATION_INDICATION.
>
> Signed-off-by: Xin Long <lucien....@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com>
> ---
> include/net/sctp/command.h | 1 +
> include/uapi/linux/sctp.h | 1 +
> net/sctp/sm_sideeffect.c | 13 +++++++++++++
> net/sctp/sm_statefuns.c | 43 +++++++++++++++++++++++++++++++++++++++++--
> 4 files changed, 56 insertions(+), 2 deletions(-)
>
> diff --git a/include/net/sctp/command.h b/include/net/sctp/command.h
> index b55c6a4..6640f84 100644
> --- a/include/net/sctp/command.h
> +++ b/include/net/sctp/command.h
> @@ -100,6 +100,7 @@ enum sctp_verb {
> SCTP_CMD_SET_SK_ERR, /* Set sk_err */
> SCTP_CMD_ASSOC_CHANGE, /* generate and send assoc_change event */
> SCTP_CMD_ADAPTATION_IND, /* generate and send adaptation event */
> + SCTP_CMD_PEER_NO_AUTH, /* generate and send authentication event */
> SCTP_CMD_ASSOC_SHKEY, /* generate the association shared keys */
> SCTP_CMD_T1_RETRAN, /* Mark for retransmission after T1 timeout */
> SCTP_CMD_UPDATE_INITTAG, /* Update peer inittag */
> diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h
> index 18ebbfe..afd4346 100644
> --- a/include/uapi/linux/sctp.h
> +++ b/include/uapi/linux/sctp.h
> @@ -522,6 +522,7 @@ enum {
> SCTP_AUTH_NEW_KEY,
> #define SCTP_AUTH_NEWKEY SCTP_AUTH_NEW_KEY /* compatible with
> before */
> SCTP_AUTH_FREE_KEY,
> + SCTP_AUTH_NO_AUTH,
> };
>
> /*
> diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
> index b71e7fb..298112c 100644
> --- a/net/sctp/sm_sideeffect.c
> +++ b/net/sctp/sm_sideeffect.c
> @@ -1049,6 +1049,16 @@ static void sctp_cmd_assoc_change(struct sctp_cmd_seq
> *commands,
> asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
> }
>
> +static void sctp_cmd_peer_no_auth(struct sctp_cmd_seq *commands,
> + struct sctp_association *asoc)
> +{
> + struct sctp_ulpevent *ev;
> +
> + ev = sctp_ulpevent_make_authkey(asoc, 0, SCTP_AUTH_NO_AUTH, GFP_ATOMIC);
> + if (ev)
> + asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
> +}
> +
> /* Helper function to generate an adaptation indication event */
> static void sctp_cmd_adaptation_ind(struct sctp_cmd_seq *commands,
> struct sctp_association *asoc)
> @@ -1755,6 +1765,9 @@ static int sctp_cmd_interpreter(enum sctp_event
> event_type,
> case SCTP_CMD_ADAPTATION_IND:
> sctp_cmd_adaptation_ind(commands, asoc);
> break;
> + case SCTP_CMD_PEER_NO_AUTH:
> + sctp_cmd_peer_no_auth(commands, asoc);
> + break;
>
> case SCTP_CMD_ASSOC_SHKEY:
> error = sctp_auth_asoc_init_active_key(asoc,
> diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
> index 1e41dee..cc56a67 100644
> --- a/net/sctp/sm_statefuns.c
> +++ b/net/sctp/sm_statefuns.c
> @@ -659,7 +659,7 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net,
> void *arg,
> struct sctp_cmd_seq *commands)
> {
> - struct sctp_ulpevent *ev, *ai_ev = NULL;
> + struct sctp_ulpevent *ev, *ai_ev = NULL, *auth_ev = NULL;
> struct sctp_association *new_asoc;
> struct sctp_init_chunk *peer_init;
> struct sctp_chunk *chunk = arg;
> @@ -820,6 +820,14 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net,
> goto nomem_aiev;
> }
>
> + if (!new_asoc->peer.auth_capable) {
> + auth_ev = sctp_ulpevent_make_authkey(new_asoc, 0,
> + SCTP_AUTH_NO_AUTH,
> + GFP_ATOMIC);
> + if (!auth_ev)
> + goto nomem_authev;
> + }
> +
> /* Add all the state machine commands now since we've created
> * everything. This way we don't introduce memory corruptions
> * during side-effect processing and correclty count established
> @@ -847,8 +855,14 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net,
> sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
> SCTP_ULPEVENT(ai_ev));
>
> + if (auth_ev)
> + sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
> + SCTP_ULPEVENT(auth_ev));
> +
> return SCTP_DISPOSITION_CONSUME;
>
> +nomem_authev:
> + sctp_ulpevent_free(ai_ev);
> nomem_aiev:
> sctp_ulpevent_free(ev);
> nomem_ev:
> @@ -953,6 +967,15 @@ enum sctp_disposition sctp_sf_do_5_1E_ca(struct net *net,
> SCTP_ULPEVENT(ev));
> }
>
> + if (!asoc->peer.auth_capable) {
> + ev = sctp_ulpevent_make_authkey(asoc, 0, SCTP_AUTH_NO_AUTH,
> + GFP_ATOMIC);
> + if (!ev)
> + goto nomem;
> + sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
> + SCTP_ULPEVENT(ev));
> + }
> +
> return SCTP_DISPOSITION_CONSUME;
> nomem:
> return SCTP_DISPOSITION_NOMEM;
> @@ -1908,6 +1931,9 @@ static enum sctp_disposition sctp_sf_do_dupcook_b(
> if (asoc->peer.adaptation_ind)
> sctp_add_cmd_sf(commands, SCTP_CMD_ADAPTATION_IND, SCTP_NULL());
>
> + if (!asoc->peer.auth_capable)
> + sctp_add_cmd_sf(commands, SCTP_CMD_PEER_NO_AUTH, SCTP_NULL());
> +
> return SCTP_DISPOSITION_CONSUME;
>
> nomem:
> @@ -1954,7 +1980,7 @@ static enum sctp_disposition sctp_sf_do_dupcook_d(
> struct sctp_cmd_seq *commands,
> struct sctp_association *new_asoc)
> {
> - struct sctp_ulpevent *ev = NULL, *ai_ev = NULL;
> + struct sctp_ulpevent *ev = NULL, *ai_ev = NULL, *auth_ev = NULL;
> struct sctp_chunk *repl;
>
> /* Clarification from Implementor's Guide:
> @@ -2001,6 +2027,14 @@ static enum sctp_disposition sctp_sf_do_dupcook_d(
> goto nomem;
>
> }
> +
> + if (!asoc->peer.auth_capable) {
> + auth_ev = sctp_ulpevent_make_authkey(asoc, 0,
> + SCTP_AUTH_NO_AUTH,
> + GFP_ATOMIC);
> + if (!auth_ev)
> + goto nomem;
> + }
> }
>
> repl = sctp_make_cookie_ack(new_asoc, chunk);
> @@ -2015,10 +2049,15 @@ static enum sctp_disposition sctp_sf_do_dupcook_d(
> if (ai_ev)
> sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
> SCTP_ULPEVENT(ai_ev));
> + if (auth_ev)
> + sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP,
> + SCTP_ULPEVENT(auth_ev));
>
> return SCTP_DISPOSITION_CONSUME;
>
> nomem:
> + if (auth_ev)
> + sctp_ulpevent_free(auth_ev);
> if (ai_ev)
> sctp_ulpevent_free(ai_ev);
> if (ev)
> --
> 2.1.0
>
