Re: [PATCH net-next 5/5] sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT
On Wed, Mar 14, 2018 at 07:05:34PM +0800, Xin Long wrote: > This patch is to add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT, > as described in section 6.1.8 of RFC6458. > > SCTP_AUTH_NO_AUTH: This report indicates that the peer does not > support SCTP authentication as defined in [RFC4895]. > > Note that the implementation is quite similar as that of > SCTP_ADAPTATION_INDICATION. > > Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner > --- > include/net/sctp/command.h | 1 + > include/uapi/linux/sctp.h | 1 + > net/sctp/sm_sideeffect.c | 13 + > net/sctp/sm_statefuns.c| 43 +-- > 4 files changed, 56 insertions(+), 2 deletions(-) > > diff --git a/include/net/sctp/command.h b/include/net/sctp/command.h > index b55c6a4..6640f84 100644 > --- a/include/net/sctp/command.h > +++ b/include/net/sctp/command.h > @@ -100,6 +100,7 @@ enum sctp_verb { > SCTP_CMD_SET_SK_ERR, /* Set sk_err */ > SCTP_CMD_ASSOC_CHANGE, /* generate and send assoc_change event */ > SCTP_CMD_ADAPTATION_IND, /* generate and send adaptation event */ > + SCTP_CMD_PEER_NO_AUTH, /* generate and send authentication event */ > SCTP_CMD_ASSOC_SHKEY,/* generate the association shared keys */ > SCTP_CMD_T1_RETRAN, /* Mark for retransmission after T1 timeout */ > SCTP_CMD_UPDATE_INITTAG, /* Update peer inittag */ > diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h > index 18ebbfe..afd4346 100644 > --- a/include/uapi/linux/sctp.h > +++ b/include/uapi/linux/sctp.h > @@ -522,6 +522,7 @@ enum { > SCTP_AUTH_NEW_KEY, > #define SCTP_AUTH_NEWKEYSCTP_AUTH_NEW_KEY /* compatible with > before */ > SCTP_AUTH_FREE_KEY, > + SCTP_AUTH_NO_AUTH, > }; > > /* > diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c > index b71e7fb..298112c 100644 > --- a/net/sctp/sm_sideeffect.c > +++ b/net/sctp/sm_sideeffect.c > @@ -1049,6 +1049,16 @@ static void sctp_cmd_assoc_change(struct sctp_cmd_seq > *commands, > asoc->stream.si->enqueue_event(&asoc->ulpq, ev); > } > > +static void sctp_cmd_peer_no_auth(struct sctp_cmd_seq *commands, > + struct sctp_association *asoc) > +{ > + struct sctp_ulpevent *ev; > + > + ev = sctp_ulpevent_make_authkey(asoc, 0, SCTP_AUTH_NO_AUTH, GFP_ATOMIC); > + if (ev) > + asoc->stream.si->enqueue_event(&asoc->ulpq, ev); > +} > + > /* Helper function to generate an adaptation indication event */ > static void sctp_cmd_adaptation_ind(struct sctp_cmd_seq *commands, > struct sctp_association *asoc) > @@ -1755,6 +1765,9 @@ static int sctp_cmd_interpreter(enum sctp_event > event_type, > case SCTP_CMD_ADAPTATION_IND: > sctp_cmd_adaptation_ind(commands, asoc); > break; > + case SCTP_CMD_PEER_NO_AUTH: > + sctp_cmd_peer_no_auth(commands, asoc); > + break; > > case SCTP_CMD_ASSOC_SHKEY: > error = sctp_auth_asoc_init_active_key(asoc, > diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c > index 1e41dee..cc56a67 100644 > --- a/net/sctp/sm_statefuns.c > +++ b/net/sctp/sm_statefuns.c > @@ -659,7 +659,7 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, >void *arg, >struct sctp_cmd_seq *commands) > { > - struct sctp_ulpevent *ev, *ai_ev = NULL; > + struct sctp_ulpevent *ev, *ai_ev = NULL, *auth_ev = NULL; > struct sctp_association *new_asoc; > struct sctp_init_chunk *peer_init; > struct sctp_chunk *chunk = arg; > @@ -820,6 +820,14 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, > goto nomem_aiev; > } > > + if (!new_asoc->peer.auth_capable) { > + auth_ev = sctp_ulpevent_make_authkey(new_asoc, 0, > + SCTP_AUTH_NO_AUTH, > + GFP_ATOMIC); > + if (!auth_ev) > + goto nomem_authev; > + } > + > /* Add all the state machine commands now since we've created >* everything. This way we don't introduce memory corruptions >* during side-effect processing and correclty count established > @@ -847,8 +855,14 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, > sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, > SCTP_ULPEVENT(ai_ev)); > > + if (auth_ev) > + sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, > + SCTP_ULPEVENT(auth_ev)); > + > return SCTP_DISPOSITION_CONSUME; > > +nomem_authev: > + sctp_ulpevent_free(ai_ev); > nomem_aiev: > sctp_ulpevent_free(ev); > nomem_ev: > @@
[PATCH net-next 5/5] sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT
This patch is to add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT, as described in section 6.1.8 of RFC6458. SCTP_AUTH_NO_AUTH: This report indicates that the peer does not support SCTP authentication as defined in [RFC4895]. Note that the implementation is quite similar as that of SCTP_ADAPTATION_INDICATION. Signed-off-by: Xin Long --- include/net/sctp/command.h | 1 + include/uapi/linux/sctp.h | 1 + net/sctp/sm_sideeffect.c | 13 + net/sctp/sm_statefuns.c| 43 +-- 4 files changed, 56 insertions(+), 2 deletions(-) diff --git a/include/net/sctp/command.h b/include/net/sctp/command.h index b55c6a4..6640f84 100644 --- a/include/net/sctp/command.h +++ b/include/net/sctp/command.h @@ -100,6 +100,7 @@ enum sctp_verb { SCTP_CMD_SET_SK_ERR, /* Set sk_err */ SCTP_CMD_ASSOC_CHANGE, /* generate and send assoc_change event */ SCTP_CMD_ADAPTATION_IND, /* generate and send adaptation event */ + SCTP_CMD_PEER_NO_AUTH, /* generate and send authentication event */ SCTP_CMD_ASSOC_SHKEY,/* generate the association shared keys */ SCTP_CMD_T1_RETRAN, /* Mark for retransmission after T1 timeout */ SCTP_CMD_UPDATE_INITTAG, /* Update peer inittag */ diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h index 18ebbfe..afd4346 100644 --- a/include/uapi/linux/sctp.h +++ b/include/uapi/linux/sctp.h @@ -522,6 +522,7 @@ enum { SCTP_AUTH_NEW_KEY, #defineSCTP_AUTH_NEWKEYSCTP_AUTH_NEW_KEY /* compatible with before */ SCTP_AUTH_FREE_KEY, + SCTP_AUTH_NO_AUTH, }; /* diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c index b71e7fb..298112c 100644 --- a/net/sctp/sm_sideeffect.c +++ b/net/sctp/sm_sideeffect.c @@ -1049,6 +1049,16 @@ static void sctp_cmd_assoc_change(struct sctp_cmd_seq *commands, asoc->stream.si->enqueue_event(&asoc->ulpq, ev); } +static void sctp_cmd_peer_no_auth(struct sctp_cmd_seq *commands, + struct sctp_association *asoc) +{ + struct sctp_ulpevent *ev; + + ev = sctp_ulpevent_make_authkey(asoc, 0, SCTP_AUTH_NO_AUTH, GFP_ATOMIC); + if (ev) + asoc->stream.si->enqueue_event(&asoc->ulpq, ev); +} + /* Helper function to generate an adaptation indication event */ static void sctp_cmd_adaptation_ind(struct sctp_cmd_seq *commands, struct sctp_association *asoc) @@ -1755,6 +1765,9 @@ static int sctp_cmd_interpreter(enum sctp_event event_type, case SCTP_CMD_ADAPTATION_IND: sctp_cmd_adaptation_ind(commands, asoc); break; + case SCTP_CMD_PEER_NO_AUTH: + sctp_cmd_peer_no_auth(commands, asoc); + break; case SCTP_CMD_ASSOC_SHKEY: error = sctp_auth_asoc_init_active_key(asoc, diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c index 1e41dee..cc56a67 100644 --- a/net/sctp/sm_statefuns.c +++ b/net/sctp/sm_statefuns.c @@ -659,7 +659,7 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, void *arg, struct sctp_cmd_seq *commands) { - struct sctp_ulpevent *ev, *ai_ev = NULL; + struct sctp_ulpevent *ev, *ai_ev = NULL, *auth_ev = NULL; struct sctp_association *new_asoc; struct sctp_init_chunk *peer_init; struct sctp_chunk *chunk = arg; @@ -820,6 +820,14 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, goto nomem_aiev; } + if (!new_asoc->peer.auth_capable) { + auth_ev = sctp_ulpevent_make_authkey(new_asoc, 0, +SCTP_AUTH_NO_AUTH, +GFP_ATOMIC); + if (!auth_ev) + goto nomem_authev; + } + /* Add all the state machine commands now since we've created * everything. This way we don't introduce memory corruptions * during side-effect processing and correclty count established @@ -847,8 +855,14 @@ enum sctp_disposition sctp_sf_do_5_1D_ce(struct net *net, sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ai_ev)); + if (auth_ev) + sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, + SCTP_ULPEVENT(auth_ev)); + return SCTP_DISPOSITION_CONSUME; +nomem_authev: + sctp_ulpevent_free(ai_ev); nomem_aiev: sctp_ulpevent_free(ev); nomem_ev: @@ -953,6 +967,15 @@ enum sctp_disposition sctp_sf_do_5_1E_ca(struct net *net, SCTP_ULPEVENT(ev)); } + if (!asoc->peer.auth_capable) { + ev = sctp_ulpevent_make_authke