From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCHv2 net] sctp: delay the authentication for the duplicated cookie-echo chunk Date: Mon, 07 May 2018 23:39:56 -0400 (EDT) Message-ID: <20180507.233956.1877940627262296985.davem@davemloft.net> References: <2a815adb308826967c84cd8dc371c3c9b054c8da.1525503587.git.lucien.xin@gmail.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, linux-sctp@vger.kernel.org, marcelo.leitner@gmail.com, nhorman@tuxdriver.com To: lucien.xin@gmail.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:52008 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753846AbeEHDj5 (ORCPT ); Mon, 7 May 2018 23:39:57 -0400 In-Reply-To: <2a815adb308826967c84cd8dc371c3c9b054c8da.1525503587.git.lucien.xin@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Xin Long Date: Sat, 5 May 2018 14:59:47 +0800 > Now sctp only delays the authentication for the normal cookie-echo > chunk by setting chunk->auth_chunk in sctp_endpoint_bh_rcv(). But > for the duplicated one with auth, in sctp_assoc_bh_rcv(), it does > authentication first based on the old asoc, which will definitely > fail due to the different auth info in the old asoc. > > The duplicated cookie-echo chunk will create a new asoc with the > auth info from this chunk, and the authentication should also be > done with the new asoc's auth info for all of the collision 'A', > 'B' and 'D'. Otherwise, the duplicated cookie-echo chunk with auth > will never pass the authentication and create the new connection. > > This issue exists since very beginning, and this fix is to make > sctp_assoc_bh_rcv() follow the way sctp_endpoint_bh_rcv() does > for the normal cookie-echo chunk to delay the authentication. > > While at it, remove the unused params from sctp_sf_authenticate() > and define sctp_auth_chunk_verify() used for all the places that > do the delayed authentication. > > v1->v2: > fix the typo in changelog as Marcelo noticed. > > Acked-by: Marcelo Ricardo Leitner > Signed-off-by: Xin Long Applied, thanks.