[PATCH 2/4] DCCP: Add check for sequence number in ICMPv6 message

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2/4] DCCP: Add check for sequence number in ICMPv6 message
@ 2008-07-24  8:48 Wei Yongjun
  2008-07-24 20:13 ` [PATCH 2/4] DCCP: Add check for sequence number in ICMPv6 Gerrit Renker
  0 siblings, 1 reply; 2+ messages in thread
From: Wei Yongjun @ 2008-07-24  8:48 UTC (permalink / raw)
  To: dccp

RFC4340 said:
  ICMP Datagram Too Big messages with incorrect or missing Sequence
Numbers may be ignored, or the DCCP implementation may lower the PMTU
only temporarily in response.

This patch add the check for sequence number in ICMPv6 message.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>

diff -Nurp a/net/dccp/ipv6.c b/net/dccp/ipv6.c
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -89,6 +89,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 {
 	struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data;
 	const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
+	struct dccp_sock *dp;
 	struct ipv6_pinfo *np;
 	struct sock *sk;
 	int err;
@@ -115,6 +116,14 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 	if (sk->sk_state = DCCP_CLOSED)
 		goto out;
 
+	dp = dccp_sk(sk);
+	seq = dccp_hdr_seq(dh);
+	if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
+	    !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
+		NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
+		goto out;
+	}
+
 	np = inet6_sk(sk);
 
 	if (type = ICMPV6_PKT_TOOBIG) {
@@ -167,7 +176,6 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 
 	icmpv6_err_convert(type, code, &err);
 
-	seq = dccp_hdr_seq(dh);
 	/* Might be for an request_sock */
 	switch (sk->sk_state) {
 		struct request_sock *req, **prev;




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 2/4] DCCP: Add check for sequence number in ICMPv6
  2008-07-24  8:48 [PATCH 2/4] DCCP: Add check for sequence number in ICMPv6 message Wei Yongjun
@ 2008-07-24 20:13 ` Gerrit Renker
  0 siblings, 0 replies; 2+ messages in thread
From: Gerrit Renker @ 2008-07-24 20:13 UTC (permalink / raw)
  To: dccp

> --- a/net/dccp/ipv6.c
> +++ b/net/dccp/ipv6.c
> @@ -115,6 +116,14 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
> 	if (sk->sk_state = DCCP_CLOSED)
> 		goto out;
>
> +	dp = dccp_sk(sk);
> +	seq = dccp_hdr_seq(dh);
> +	if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
> +	    !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
> +		NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
> +		goto out;
Here it should say
+		NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
 		goto out;
 	}
Please compile-test your patches.

Have looked at the others, will do some more testing and submit this set tomorrow.
 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-07-24 20:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-24  8:48 [PATCH 2/4] DCCP: Add check for sequence number in ICMPv6 message Wei Yongjun
2008-07-24 20:13 ` [PATCH 2/4] DCCP: Add check for sequence number in ICMPv6 Gerrit Renker

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.