net-next-2.6 [PATCH 0/3] dccp: several sequence-number validation fixes

net-next-2.6 [PATCH 0/3] dccp: several sequence-number validation fixes

[Gerrit Renker]

Hi Dave,

please find attached 3 bug fixes which recently came up on dccp@vger.

 Patch #1: fixes a bug which wrongly classified sequence-invalid packets. 
 Patch #2: fixes a bug in updating the Greatest Sequence number Received (GSR).
 Patch #3: fixes an inconsistency in setting the sequence window on 32/64 bit.

I have also placed this in into a fresh (today's) copy of net-next-2.6, on

    git://eden-feed.erg.abdn.ac.uk/net-next-2.6        [subtree 'dccp']

---
 Documentation/networking/dccp.txt |    1 +
 net/dccp/dccp.h                   |    3 ++-
 net/dccp/input.c                  |    2 +-
 net/dccp/sysctl.c                 |    4 +++-
 4 files changed, 7 insertions(+), 3 deletions(-)

[PATCH 1/3] dccp: fix return value for sequence-invalid packets

[Gerrit Renker]

From: Samuel Jero <sj323707@ohio.edu>

Currently dccp_check_seqno returns 0 (indicating a valid packet) if the
acknowledgment number is out of bounds and the sync that RFC 4340 mandates at
this point is currently being rate-limited. This function should return -1,
indicating an invalid packet.

Signed-off-by: Samuel Jero <sj323707@ohio.edu>
Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
---
 net/dccp/input.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -260,7 +260,7 @@ static int dccp_check_seqno(struct sock *sk, struct sk_buff *skb)
 		 */
 		if (time_before(now, (dp->dccps_rate_last +
 				      sysctl_dccp_sync_ratelimit)))
-			return 0;
+			return -1;
 
 		DCCP_WARN("Step 6 failed for %s packet, "
 			  "(LSWL(%llu) <= P.seqno(%llu) <= S.SWH(%llu)) and "

[PATCH 2/3] dccp: fix bug in updating the GSR

[Gerrit Renker]

From: Samuel Jero <sj323707@ohio.edu>

Currently dccp_check_seqno allows any valid packet to update the Greatest
Sequence Number Received, even if that packet's sequence number is less than
the current GSR. This patch adds a check to make sure that the new packet's
sequence number is greater than GSR.

Signed-off-by: Samuel Jero <sj323707@ohio.edu>
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
---
 net/dccp/dccp.h |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -426,7 +426,8 @@ static inline void dccp_update_gsr(struct sock *sk, u64 seq)
 {
 	struct dccp_sock *dp = dccp_sk(sk);
 
-	dp->dccps_gsr = seq;
+	if (after48(seq, dp->dccps_gsr))
+		dp->dccps_gsr = seq;
 	/* Sequence validity window depends on remote Sequence Window (7.5.1) */
 	dp->dccps_swl = SUB48(ADD48(dp->dccps_gsr, 1), dp->dccps_r_seq_win / 4);
 	/*

[PATCH 3/3] dccp: make upper bound for seq_window consistent on 32/64 bit

[Gerrit Renker]

The 'seq_window' sysctl sets the initial value for the DCCP Sequence Window,
which may range from 32..2^46-1 (RFC 4340, 7.5.2). The patch sets the upper
bound consistently to 2^32-1 on both 32 and 64 bit systems, which should be
sufficient - with a RTT of 1sec and 1-byte packets, a seq_window of 2^32-1
corresponds to a link speed of 34 Gbps.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
---
 Documentation/networking/dccp.txt |    1 +
 net/dccp/sysctl.c                 |    4 +++-
 2 files changed, 4 insertions(+), 1 deletions(-)

--- a/Documentation/networking/dccp.txt
+++ b/Documentation/networking/dccp.txt
@@ -167,6 +167,7 @@ rx_ccid = 2
 seq_window = 100
 	The initial sequence window (sec. 7.5.2) of the sender. This influences
 	the local ackno validity and the remote seqno validity windows (7.5.1).
+	Values in the range Wmin = 32 (RFC 4340, 7.5.2) up to 2^32-1 can be set.
 
 tx_qlen = 5
 	The size of the transmit buffer in packets. A value of 0 corresponds
--- a/net/dccp/sysctl.c
+++ b/net/dccp/sysctl.c
@@ -21,7 +21,8 @@
 /* Boundary values */
 static int		zero     = 0,
 			u8_max   = 0xFF;
-static unsigned long	seqw_min = 32;
+static unsigned long	seqw_min = DCCPF_SEQ_WMIN,
+			seqw_max = 0xFFFFFFFF;		/* maximum on 32 bit */
 
 static struct ctl_table dccp_default_table[] = {
 	{
@@ -31,6 +32,7 @@ static struct ctl_table dccp_default_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
 		.extra1		= &seqw_min,		/* RFC 4340, 7.5.2 */
+		.extra2		= &seqw_max,
 	},
 	{
 		.procname	= "rx_ccid",

Re: net-next-2.6 [PATCH 0/3] dccp: several sequence-number validation fixes

[David Miller]

From: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Date: Fri,  7 Jan 2011 12:35:27 +0100

> Hi Dave,
> 
> please find attached 3 bug fixes which recently came up on dccp@vger.
> 
>  Patch #1: fixes a bug which wrongly classified sequence-invalid packets. 
>  Patch #2: fixes a bug in updating the Greatest Sequence number Received (GSR).
>  Patch #3: fixes an inconsistency in setting the sequence window on 32/64 bit.
> 
> I have also placed this in into a fresh (today's) copy of net-next-2.6, on
> 
>     git://eden-feed.erg.abdn.ac.uk/net-next-2.6        [subtree 'dccp']

Pulled, thanks a lot Gerrit.