Author: tuexen
Date: Mon Feb 11 13:57:03 2013
New Revision: 246674
URL: http://svnweb.freebsd.org/changeset/base/246674
Log:
Don't send kernel provided information in the User Initiated
ABORT cause, since the user can also provide this kind of
information. So the receiver doesn't know who provided the
information.
While there: Fix a bug where the stack would send a malformed
ABORT chunk when using a send() call with SCTP_ABORT|SCT_SENDALL
flags.
MFC after: 3 days
Modified:
head/sys/netinet/sctp_indata.c
head/sys/netinet/sctp_output.c
head/sys/netinet/sctp_pcb.c
head/sys/netinet/sctp_usrreq.c
Modified: head/sys/netinet/sctp_indata.c
==============================================================================
--- head/sys/netinet/sctp_indata.c Mon Feb 11 13:42:11 2013
(r246673)
+++ head/sys/netinet/sctp_indata.c Mon Feb 11 13:57:03 2013
(r246674)
@@ -4221,19 +4221,15 @@ again:
abort_out_now:
*abort_now = 1;
/* XXX */
- oper = sctp_get_mbuf_for_msg((sizeof(struct
sctp_paramhdr) + sizeof(uint32_t)),
+ oper = sctp_get_mbuf_for_msg(sizeof(struct
sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (oper) {
struct sctp_paramhdr *ph;
- uint32_t *ippp;
- SCTP_BUF_LEN(oper) = sizeof(struct
sctp_paramhdr) +
- sizeof(uint32_t);
+ SCTP_BUF_LEN(oper) = sizeof(struct
sctp_paramhdr);
ph = mtod(oper, struct sctp_paramhdr *);
ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length =
htons(SCTP_BUF_LEN(oper));
- ippp = (uint32_t *) (ph + 1);
- *ippp = htonl(SCTP_FROM_SCTP_INDATA +
SCTP_LOC_24);
}
stcb->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_INDATA + SCTP_LOC_24;
sctp_abort_an_association(stcb->sctp_ep, stcb,
oper, SCTP_SO_NOT_LOCKED);
@@ -4953,19 +4949,15 @@ sctp_handle_sack(struct mbuf *m, int off
abort_out_now:
*abort_now = 1;
/* XXX */
- oper = sctp_get_mbuf_for_msg((sizeof(struct
sctp_paramhdr) + sizeof(uint32_t)),
+ oper = sctp_get_mbuf_for_msg(sizeof(struct
sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (oper) {
struct sctp_paramhdr *ph;
- uint32_t *ippp;
- SCTP_BUF_LEN(oper) = sizeof(struct
sctp_paramhdr) +
- sizeof(uint32_t);
+ SCTP_BUF_LEN(oper) = sizeof(struct
sctp_paramhdr);
ph = mtod(oper, struct sctp_paramhdr *);
ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length =
htons(SCTP_BUF_LEN(oper));
- ippp = (uint32_t *) (ph + 1);
- *ippp = htonl(SCTP_FROM_SCTP_INDATA +
SCTP_LOC_31);
}
stcb->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_INDATA + SCTP_LOC_31;
sctp_abort_an_association(stcb->sctp_ep, stcb,
oper, SCTP_SO_NOT_LOCKED);
Modified: head/sys/netinet/sctp_output.c
==============================================================================
--- head/sys/netinet/sctp_output.c Mon Feb 11 13:42:11 2013
(r246673)
+++ head/sys/netinet/sctp_output.c Mon Feb 11 13:57:03 2013
(r246674)
@@ -6442,7 +6442,7 @@ sctp_sendall_iterator(struct sctp_inpcb
if (m) {
ph = mtod(m, struct sctp_paramhdr *);
ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
- ph->param_length = htons(ca->sndlen);
+ ph->param_length = htons(sizeof(struct
sctp_paramhdr) + ca->sndlen);
}
/*
* We add one here to keep the assoc from
@@ -12498,7 +12498,7 @@ sctp_lower_sosend(struct socket *so,
/* now move forward the data pointer */
ph = mtod(mm, struct sctp_paramhdr *);
ph->param_type = htons(SCTP_CAUSE_USER_INITIATED_ABT);
- ph->param_length = htons((sizeof(struct sctp_paramhdr)
+ tot_out));
+ ph->param_length = htons(sizeof(struct sctp_paramhdr) +
tot_out);
ph++;
SCTP_BUF_LEN(mm) = tot_out + sizeof(struct
sctp_paramhdr);
if (top == NULL) {
Modified: head/sys/netinet/sctp_pcb.c
==============================================================================
--- head/sys/netinet/sctp_pcb.c Mon Feb 11 13:42:11 2013 (r246673)
+++ head/sys/netinet/sctp_pcb.c Mon Feb 11 13:57:03 2013 (r246674)
@@ -3308,22 +3308,16 @@ sctp_inpcb_free(struct sctp_inpcb *inp,
/* Left with Data unread */
struct mbuf *op_err;
- op_err = sctp_get_mbuf_for_msg((sizeof(struct
sctp_paramhdr) + sizeof(uint32_t)),
+ op_err = sctp_get_mbuf_for_msg(sizeof(struct
sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (op_err) {
/* Fill in the user initiated abort */
struct sctp_paramhdr *ph;
- uint32_t *ippp;
- SCTP_BUF_LEN(op_err) =
- sizeof(struct sctp_paramhdr) +
sizeof(uint32_t);
- ph = mtod(op_err,
- struct sctp_paramhdr *);
- ph->param_type = htons(
- SCTP_CAUSE_USER_INITIATED_ABT);
+ SCTP_BUF_LEN(op_err) = sizeof(struct
sctp_paramhdr);
+ ph = mtod(op_err, struct sctp_paramhdr
*);
+ ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length =
htons(SCTP_BUF_LEN(op_err));
- ippp = (uint32_t *) (ph + 1);
- *ippp = htonl(SCTP_FROM_SCTP_PCB +
SCTP_LOC_3);
}
asoc->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_PCB + SCTP_LOC_3;
sctp_send_abort_tcb(asoc, op_err,
SCTP_SO_LOCKED);
@@ -3395,7 +3389,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp,
struct mbuf *op_err;
abort_anyway:
- op_err =
sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
+ op_err =
sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (op_err) {
/*
@@ -3403,18 +3397,11 @@ sctp_inpcb_free(struct sctp_inpcb *inp,
* initiated abort
*/
struct sctp_paramhdr *ph;
- uint32_t *ippp;
- SCTP_BUF_LEN(op_err) =
- (sizeof(struct
sctp_paramhdr) +
- sizeof(uint32_t));
- ph = mtod(op_err,
- struct sctp_paramhdr *);
- ph->param_type = htons(
-
SCTP_CAUSE_USER_INITIATED_ABT);
+ SCTP_BUF_LEN(op_err) =
sizeof(struct sctp_paramhdr);
+ ph = mtod(op_err, struct
sctp_paramhdr *);
+ ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length =
htons(SCTP_BUF_LEN(op_err));
- ippp = (uint32_t *) (ph + 1);
- *ippp =
htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_5);
}
asoc->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_PCB + SCTP_LOC_5;
sctp_send_abort_tcb(asoc, op_err,
SCTP_SO_LOCKED);
@@ -3478,23 +3465,17 @@ sctp_inpcb_free(struct sctp_inpcb *inp,
if ((SCTP_GET_STATE(&asoc->asoc) != SCTP_STATE_COOKIE_WAIT) &&
((asoc->asoc.state & SCTP_STATE_ABOUT_TO_BE_FREED) == 0)) {
struct mbuf *op_err;
- uint32_t *ippp;
- op_err = sctp_get_mbuf_for_msg((sizeof(struct
sctp_paramhdr) + sizeof(uint32_t)),
+ op_err = sctp_get_mbuf_for_msg(sizeof(struct
sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (op_err) {
/* Fill in the user initiated abort */
struct sctp_paramhdr *ph;
- SCTP_BUF_LEN(op_err) = (sizeof(struct
sctp_paramhdr) +
- sizeof(uint32_t));
+ SCTP_BUF_LEN(op_err) = sizeof(struct
sctp_paramhdr);
ph = mtod(op_err, struct sctp_paramhdr *);
- ph->param_type = htons(
- SCTP_CAUSE_USER_INITIATED_ABT);
+ ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length = htons(SCTP_BUF_LEN(op_err));
- ippp = (uint32_t *) (ph + 1);
- *ippp = htonl(SCTP_FROM_SCTP_PCB + SCTP_LOC_7);
-
}
asoc->sctp_ep->last_abort_code = SCTP_FROM_SCTP_PCB +
SCTP_LOC_7;
sctp_send_abort_tcb(asoc, op_err, SCTP_SO_LOCKED);
Modified: head/sys/netinet/sctp_usrreq.c
==============================================================================
--- head/sys/netinet/sctp_usrreq.c Mon Feb 11 13:42:11 2013
(r246673)
+++ head/sys/netinet/sctp_usrreq.c Mon Feb 11 13:57:03 2013
(r246674)
@@ -854,7 +854,7 @@ sctp_disconnect(struct socket *so)
struct mbuf *op_err;
abort_anyway:
- op_err =
sctp_get_mbuf_for_msg((sizeof(struct sctp_paramhdr) + sizeof(uint32_t)),
+ op_err =
sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (op_err) {
/*
@@ -862,17 +862,11 @@ sctp_disconnect(struct socket *so)
* initiated abort
*/
struct sctp_paramhdr *ph;
- uint32_t *ippp;
- SCTP_BUF_LEN(op_err) =
- (sizeof(struct
sctp_paramhdr) + sizeof(uint32_t));
- ph = mtod(op_err,
- struct sctp_paramhdr *);
- ph->param_type = htons(
-
SCTP_CAUSE_USER_INITIATED_ABT);
+ SCTP_BUF_LEN(op_err) =
sizeof(struct sctp_paramhdr);
+ ph = mtod(op_err, struct
sctp_paramhdr *);
+ ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length =
htons(SCTP_BUF_LEN(op_err));
- ippp = (uint32_t *) (ph + 1);
- *ippp =
htonl(SCTP_FROM_SCTP_USRREQ + SCTP_LOC_4);
}
stcb->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_USRREQ + SCTP_LOC_4;
sctp_send_abort_tcb(stcb, op_err,
SCTP_SO_LOCKED);
@@ -1069,22 +1063,16 @@ sctp_shutdown(struct socket *so)
struct mbuf *op_err;
abort_anyway:
- op_err = sctp_get_mbuf_for_msg((sizeof(struct
sctp_paramhdr) + sizeof(uint32_t)),
+ op_err = sctp_get_mbuf_for_msg(sizeof(struct
sctp_paramhdr),
0, M_NOWAIT, 1, MT_DATA);
if (op_err) {
/* Fill in the user initiated abort */
struct sctp_paramhdr *ph;
- uint32_t *ippp;
- SCTP_BUF_LEN(op_err) =
- sizeof(struct sctp_paramhdr) +
sizeof(uint32_t);
- ph = mtod(op_err,
- struct sctp_paramhdr *);
- ph->param_type = htons(
- SCTP_CAUSE_USER_INITIATED_ABT);
+ SCTP_BUF_LEN(op_err) = sizeof(struct
sctp_paramhdr);
+ ph = mtod(op_err, struct sctp_paramhdr
*);
+ ph->param_type =
htons(SCTP_CAUSE_USER_INITIATED_ABT);
ph->param_length =
htons(SCTP_BUF_LEN(op_err));
- ippp = (uint32_t *) (ph + 1);
- *ippp = htonl(SCTP_FROM_SCTP_USRREQ +
SCTP_LOC_6);
}
stcb->sctp_ep->last_abort_code =
SCTP_FROM_SCTP_USRREQ + SCTP_LOC_6;
sctp_abort_an_association(stcb->sctp_ep, stcb,
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
