sctp: allow changing transport encap_port by peer packets

As rfc6951#section-5.4 says:

  "After finding the SCTP association (which
   includes checking the verification tag), the UDP source port MUST be
   stored as the encapsulation port for the destination address the SCTP
   packet is received from (see Section 5.1).

   When a non-encapsulated SCTP packet is received by the SCTP stack,
   the encapsulation of outgoing packets belonging to the same
   association and the corresponding destination address MUST be
   disabled."

transport encap_port should be updated by a validated incoming packet's
udp src port.

We save the udp src port in sctp_input_cb->encap_port, and then update
the transport in two places:

  1. right after vtag is verified, which is required by RFC, and this
     allows the existent transports to be updated by the chunks that
     can only be processed on an asoc.

  2. right before processing the 'init' where the transports are added,
     and this allows building a sctp over udp connection by client with
     the server not knowing the remote encap port.

  3. when processing ootb_pkt and creating the temporary transport for
     the reply pkt.

Note that sctp_input_cb->header is removed, as it's not used any more
in sctp.

v1->v2:
  - Change encap_port as __be16 for sctp_input_cb.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
index 5c491a3bc27e4ddeaec70de31845cdf95a4d47ff..a499341472add5ee0230f94b62fc63ac59190aeb 100644 (file)
--- a/include/net/sctp/sm.h
+++ b/include/net/sctp/sm.h
@@ -380,6 +380,7 @@ sctp_vtag_verify(const struct sctp_chunk *chunk,
         if (ntohl(chunk->sctp_hdr->vtag) == asoc->c.my_vtag)
                 return 1;
 
+       chunk->transport->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
        return 0;
 }
 

diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index aa98e7e659ac3d00e7c6cf70360b68a79e7ea070..81464ae2b1378de9d7c11e8e7e94ae850eef627f 100644 (file)
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -1120,14 +1120,9 @@ static inline void sctp_outq_cork(struct sctp_outq *q)
  * sctp_input_cb is currently used on rx and sock rx queue
  */
 struct sctp_input_cb {
-       union {
-               struct inet_skb_parm    h4;
-#if IS_ENABLED(CONFIG_IPV6)
-               struct inet6_skb_parm   h6;
-#endif
-       } header;
        struct sctp_chunk *chunk;
        struct sctp_af *af;
+       __be16 encap_port;
 };
 #define SCTP_INPUT_CB(__skb)   ((struct sctp_input_cb *)&((__skb)->cb[0]))
 

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 8a58f42d6d1954996b8b8c1ac6925b57100e792b..a064bf252b170ccc027934de532fcb144f429b28 100644 (file)
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -1053,6 +1053,7 @@ static struct inet_protosw sctpv6_stream_protosw = {
 
 static int sctp6_rcv(struct sk_buff *skb)
 {
+       memset(skb->cb, 0, sizeof(skb->cb));
        return sctp_rcv(skb) ? -1 : 0;
 }
 

diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 89dfd313e1136b5b4876feb46a79da5af2f14655..f3de8c03a15e71888255ad75ed1e2f5784914935 100644 (file)
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -843,6 +843,9 @@ static int sctp_ctl_sock_init(struct net *net)
 
 static int sctp_udp_rcv(struct sock *sk, struct sk_buff *skb)
 {
+       memset(skb->cb, 0, sizeof(skb->cb));
+       SCTP_INPUT_CB(skb)->encap_port = udp_hdr(skb)->source;
+
        skb_set_transport_header(skb, sizeof(struct udphdr));
        sctp_rcv(skb);
        return 0;
@@ -1139,9 +1142,15 @@ static struct inet_protosw sctp_stream_protosw = {
        .flags      = SCTP_PROTOSW_FLAG
 };
 
+static int sctp4_rcv(struct sk_buff *skb)
+{
+       memset(skb->cb, 0, sizeof(skb->cb));
+       return sctp_rcv(skb);
+}
+
 /* Register with IP layer.  */
 static const struct net_protocol sctp_protocol = {
-       .handler     = sctp_rcv,
+       .handler     = sctp4_rcv,
        .err_handler = sctp_v4_err,
        .no_policy   = 1,
        .netns_ok    = 1,

diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 9a56ae2f3651567954e14ca91e7a5e4a151404f3..21d0ff1c6ab9d9a0f0475dda67f9ea32687798ee 100644 (file)
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2321,6 +2321,7 @@ int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
         * added as the primary transport.  The source address seems to
         * be a better choice than any of the embedded addresses.
         */
+       asoc->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
        if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
                goto nomem;
 

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index c669f8bd1eab2f629bd4bf26a041921d2dcabb44..8edab1533057fcfc99e783ad51b70bd0fb73a068 100644 (file)
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -6268,6 +6268,8 @@ static struct sctp_packet *sctp_ootb_pkt_new(
        if (!transport)
                goto nomem;
 
+       transport->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port;
+
        /* Cache a route for the transport with the chunk's destination as
         * the source address.
         */