From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 19/78] netfilter: conntrack: allow sctp hearbeat after connection re-use
Date: Tue, 15 Sep 2020 16:12:44 +0200 [thread overview]
Message-ID: <20200915140634.526206757@linuxfoundation.org> (raw)
In-Reply-To: <20200915140633.552502750@linuxfoundation.org>
From: Florian Westphal <fw@strlen.de>
[ Upstream commit cc5453a5b7e90c39f713091a7ebc53c1f87d1700 ]
If an sctp connection gets re-used, heartbeats are flagged as invalid
because their vtag doesn't match.
Handle this in a similar way as TCP conntrack when it suspects that the
endpoints and conntrack are out-of-sync.
When a HEARTBEAT request fails its vtag validation, flag this in the
conntrack state and accept the packet.
When a HEARTBEAT_ACK is received with an invalid vtag in the reverse
direction after we allowed such a HEARTBEAT through, assume we are
out-of-sync and re-set the vtag info.
v2: remove left-over snippet from an older incarnation that moved
new_state/old_state assignments, thats not needed so keep that
as-is.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netfilter/nf_conntrack_sctp.h | 2 ++
net/netfilter/nf_conntrack_proto_sctp.c | 39 ++++++++++++++++++---
2 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h
index 9a33f171aa822..625f491b95de8 100644
--- a/include/linux/netfilter/nf_conntrack_sctp.h
+++ b/include/linux/netfilter/nf_conntrack_sctp.h
@@ -9,6 +9,8 @@ struct ip_ct_sctp {
enum sctp_conntrack state;
__be32 vtag[IP_CT_DIR_MAX];
+ u8 last_dir;
+ u8 flags;
};
#endif /* _NF_CONNTRACK_SCTP_H */
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 7d7e30ea0ecf9..a937d4f75613f 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -65,6 +65,8 @@ static const unsigned int sctp_timeouts[SCTP_CONNTRACK_MAX] = {
[SCTP_CONNTRACK_HEARTBEAT_ACKED] = 210 SECS,
};
+#define SCTP_FLAG_HEARTBEAT_VTAG_FAILED 1
+
#define sNO SCTP_CONNTRACK_NONE
#define sCL SCTP_CONNTRACK_CLOSED
#define sCW SCTP_CONNTRACK_COOKIE_WAIT
@@ -288,6 +290,7 @@ static int sctp_packet(struct nf_conn *ct,
u_int32_t offset, count;
unsigned int *timeouts;
unsigned long map[256 / sizeof(unsigned long)] = { 0 };
+ bool ignore = false;
sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
if (sh == NULL)
@@ -332,15 +335,39 @@ static int sctp_packet(struct nf_conn *ct,
/* Sec 8.5.1 (D) */
if (sh->vtag != ct->proto.sctp.vtag[dir])
goto out_unlock;
- } else if (sch->type == SCTP_CID_HEARTBEAT ||
- sch->type == SCTP_CID_HEARTBEAT_ACK) {
+ } else if (sch->type == SCTP_CID_HEARTBEAT) {
+ if (ct->proto.sctp.vtag[dir] == 0) {
+ pr_debug("Setting %d vtag %x for dir %d\n", sch->type, sh->vtag, dir);
+ ct->proto.sctp.vtag[dir] = sh->vtag;
+ } else if (sh->vtag != ct->proto.sctp.vtag[dir]) {
+ if (test_bit(SCTP_CID_DATA, map) || ignore)
+ goto out_unlock;
+
+ ct->proto.sctp.flags |= SCTP_FLAG_HEARTBEAT_VTAG_FAILED;
+ ct->proto.sctp.last_dir = dir;
+ ignore = true;
+ continue;
+ } else if (ct->proto.sctp.flags & SCTP_FLAG_HEARTBEAT_VTAG_FAILED) {
+ ct->proto.sctp.flags &= ~SCTP_FLAG_HEARTBEAT_VTAG_FAILED;
+ }
+ } else if (sch->type == SCTP_CID_HEARTBEAT_ACK) {
if (ct->proto.sctp.vtag[dir] == 0) {
pr_debug("Setting vtag %x for dir %d\n",
sh->vtag, dir);
ct->proto.sctp.vtag[dir] = sh->vtag;
} else if (sh->vtag != ct->proto.sctp.vtag[dir]) {
- pr_debug("Verification tag check failed\n");
- goto out_unlock;
+ if (test_bit(SCTP_CID_DATA, map) || ignore)
+ goto out_unlock;
+
+ if ((ct->proto.sctp.flags & SCTP_FLAG_HEARTBEAT_VTAG_FAILED) == 0 ||
+ ct->proto.sctp.last_dir == dir)
+ goto out_unlock;
+
+ ct->proto.sctp.flags &= ~SCTP_FLAG_HEARTBEAT_VTAG_FAILED;
+ ct->proto.sctp.vtag[dir] = sh->vtag;
+ ct->proto.sctp.vtag[!dir] = 0;
+ } else if (ct->proto.sctp.flags & SCTP_FLAG_HEARTBEAT_VTAG_FAILED) {
+ ct->proto.sctp.flags &= ~SCTP_FLAG_HEARTBEAT_VTAG_FAILED;
}
}
@@ -375,6 +402,10 @@ static int sctp_packet(struct nf_conn *ct,
}
spin_unlock_bh(&ct->lock);
+ /* allow but do not refresh timeout */
+ if (ignore)
+ return NF_ACCEPT;
+
timeouts = nf_ct_timeout_lookup(ct);
if (!timeouts)
timeouts = sctp_pernet(nf_ct_net(ct))->timeouts;
--
2.25.1
next prev parent reply other threads:[~2020-09-15 23:41 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 14:12 [PATCH 4.19 00/78] 4.19.146-rc1 review Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 01/78] ARM: dts: logicpd-torpedo-baseboard: Fix broken audio Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 02/78] ARM: dts: logicpd-som-lv-baseboard: " Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 03/78] ARM: dts: socfpga: fix register entry for timer3 on Arria10 Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 04/78] ARM: dts: ls1021a: fix QuadSPI-memory reg range Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 05/78] RDMA/rxe: Fix memleak in rxe_mem_init_user Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 06/78] RDMA/rxe: Drop pointless checks in rxe_init_ports Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 07/78] RDMA/bnxt_re: Do not report transparent vlan from QP1 Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 08/78] drm/sun4i: Fix dsi dcs long write function Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 09/78] iio: adc: mcp3422: fix locking on error path Greg Kroah-Hartman
2020-09-16 7:31 ` Pavel Machek
2020-09-17 1:41 ` Sasha Levin
2020-09-15 14:12 ` [PATCH 4.19 10/78] scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 11/78] RDMA/core: Fix reported speed and width Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 12/78] mmc: sdhci-msm: Add retries when all tuning phases are found valid Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 13/78] ARM: dts: bcm: HR2: Fixed QSPI compatible string Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 14/78] ARM: dts: NSP: " Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 15/78] ARM: dts: BCM5301X: " Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 16/78] arm64: dts: ns2: " Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 17/78] ARC: HSDK: wireup perf irq Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 18/78] dmaengine: acpi: Put the CSRT table after using it Greg Kroah-Hartman
2020-09-15 14:12 ` Greg Kroah-Hartman [this message]
2020-09-15 14:12 ` [PATCH 4.19 20/78] drivers/net/wan/lapbether: Added needed_tailroom Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 21/78] NFC: st95hf: Fix memleak in st95hf_in_send_cmd Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 22/78] firestream: Fix memleak in fs_open Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 23/78] ALSA: hda: Fix 2 channel swapping for Tegra Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 24/78] drivers/net/wan/lapbether: Set network_header before transmitting Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 25/78] xfs: initialize the shortform attr header padding entry Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 26/78] irqchip/eznps: Fix build error for !ARC700 builds Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 27/78] nvme-fabrics: dont check state NVME_CTRL_NEW for request acceptance Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 28/78] nvme: have nvme_wait_freeze_timeout return if it timed out Greg Kroah-Hartman
2020-09-16 7:34 ` Pavel Machek
2020-09-17 1:35 ` Sasha Levin
2020-09-15 14:12 ` [PATCH 4.19 29/78] nvme-rdma: serialize controller teardown sequences Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 30/78] HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 31/78] drivers/net/wan/hdlc_cisco: Add hard_header_len Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 32/78] HID: elan: Fix memleak in elan_input_configured Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 33/78] ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id Greg Kroah-Hartman
2020-09-15 14:12 ` [PATCH 4.19 34/78] cpufreq: intel_pstate: Refuse to turn off with HWP enabled Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 35/78] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 36/78] ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 37/78] drm/amdgpu: Fix bug in reporting voltage for CIK Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 38/78] iommu/amd: Do not use IOMMUv2 functionality when SME is active Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 39/78] gcov: Disable gcov build with GCC 10 Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 40/78] iio: adc: mcp3422: fix locking scope Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 41/78] iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 42/78] iio:light:ltr501 Fix timestamp alignment issue Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 43/78] iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 44/78] iio:adc:ti-adc084s021 Fix alignment and data leak issues Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 45/78] iio:adc:ina2xx Fix timestamp alignment issue Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 46/78] iio:adc:max1118 Fix alignment of timestamp and data leak issues Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 47/78] iio:adc:ti-adc081c Fix alignment " Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 48/78] iio:magnetometer:ak8975 " Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 49/78] iio:light:max44000 Fix timestamp alignment and prevent data leak Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 50/78] iio:chemical:ccs811: " Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 51/78] iio: accel: kxsd9: Fix alignment of local buffer Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 52/78] iio:accel:mma7455: Fix timestamp alignment and prevent data leak Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 53/78] iio:accel:mma8452: " Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 54/78] staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 55/78] btrfs: require only sector size alignment for parent eb bytenr Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 56/78] btrfs: fix lockdep splat in add_missing_dev Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 57/78] btrfs: fix wrong address when faulting in pages in the search ioctl Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 58/78] regulator: push allocation in set_consumer_device_supply() out of lock Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 59/78] scsi: target: iscsi: Fix data digest calculation Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 60/78] scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 61/78] drm/tve200: Stabilize enable/disable Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 62/78] drm/msm: Disable preemption on all 5xx targets Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 63/78] rbd: require global CAP_SYS_ADMIN for mapping and unmapping Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 64/78] RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 65/78] vgacon: remove software scrollback support Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 66/78] fbcon: remove soft scrollback code Greg Kroah-Hartman
2020-09-16 7:57 ` Pavel Machek
2020-09-16 8:25 ` Greg Kroah-Hartman
2020-09-16 9:07 ` Pavel Machek
2020-09-16 9:14 ` Willy Tarreau
2020-09-23 8:44 ` Pavel Machek
2020-09-23 18:19 ` Linus Torvalds
2020-09-23 18:57 ` Daniel Vetter
2020-09-15 14:13 ` [PATCH 4.19 67/78] fbcon: remove now unusued softback_lines cursor() argument Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 68/78] KVM: VMX: Dont freeze guest when event delivery causes an APIC-access exit Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 69/78] ARM: dts: vfxxx: Add syscon compatible with OCOTP Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 70/78] video: fbdev: fix OOB read in vga_8planes_imageblit() Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 71/78] staging: greybus: audio: fix uninitialized value issue Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 72/78] phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 73/78] usb: core: fix slab-out-of-bounds Read in read_descriptors Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 74/78] USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 75/78] USB: serial: option: support dynamic Quectel USB compositions Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 76/78] USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 77/78] usb: Fix out of sync data toggle if a configured device is reconfigured Greg Kroah-Hartman
2020-09-15 14:13 ` [PATCH 4.19 78/78] usb: typec: ucsi: acpi: Check the _DEP dependencies Greg Kroah-Hartman
2020-09-16 0:00 ` [PATCH 4.19 00/78] 4.19.146-rc1 review Shuah Khan
2020-09-16 8:20 ` Pavel Machek
2020-09-17 14:31 ` Greg Kroah-Hartman
2020-09-16 10:49 ` Naresh Kamboju
2020-09-16 17:05 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200915140634.526206757@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=fw@strlen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox