Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp878777ybt; Wed, 24 Jun 2020 13:36:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmsXUvhE5U4wrJvOx2PGzj0I7WVJVidn8dTxj8dzposus91LMDHpBE2duPm18K+i9i1H06 X-Received: by 2002:a17:907:42cb:: with SMTP id nz19mr21737176ejb.447.1593030992715; Wed, 24 Jun 2020 13:36:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593030992; cv=none; d=google.com; s=arc-20160816; b=tPtAaj96RlY2n+dsmiquqEdycMAk0s+6qjmLVJS/VuX35145unx1yU5psdwyVAmrD9 ZY6YngQQRaqpZexHlcHJy8fz6H3g/x/ytyDj1QBLmdOQNcaORwcqYwQsH+Aw4M2xFQ7+ qBV1HkeXZsAMwELxHyaSmfFuc8nw66IrEyrl24t7Q50kJS3r8PBou7EcHvdOJnfQ+MBJ Y9Viv7oK9xeg70wEBTEJFYdmYNJG4fIwvZNWPcFk5WzgUUM+OYx7DvCrPZru0YjPcq8a FyIpxvmxI0RGHNT3ZPjGEbHn3EP94r23Jdfmjnw3Bn9nIGmkKR0BGjpSt8vCAMuFz41V zB8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=c+1rdjNbNhNdSQ1AVA+fZ00uP3B7DPUsKONFybd/2Sg=; b=hkzuw0SoXzLimlcrLJ4FOKe+AOyKpsyHZJcGVH2mnrVnRXacO+XjbCtyPslbM4WBa9 kKiBThnfS7RPgsWsc8GuFzZEGYE4EGERuDO9pB85WUiY22a3KzikNOtREF4P+YMSSvwC t0EWIXEMdlAhYxsVFReGg38c4kKLyljfL2dimtIUwyr7C6Jhl/Xd7J7I3quAEdixtu+0 /nVyJ15fRU6/3yT5i51LbuB9yk+XGZ28bWpBbuNDZfrA28wsLTwIwV2VFamurCHsXtax OOE41t/slpgPb0+EE+qg1LxJduyb8Am2wELLp3F3UeNwDyz+iH17tKZL/kSMWgaIR6k1 mgyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DfmigqBI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h6si14425562edn.503.2020.06.24.13.36.09; Wed, 24 Jun 2020 13:36:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=DfmigqBI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406709AbgFXUen (ORCPT + 99 others); Wed, 24 Jun 2020 16:34:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2406695AbgFXUeh (ORCPT ); Wed, 24 Jun 2020 16:34:37 -0400 Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36BD6C061573; Wed, 24 Jun 2020 13:34:37 -0700 (PDT) Received: by mail-qk1-x742.google.com with SMTP id e11so3232136qkm.3; Wed, 24 Jun 2020 13:34:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=c+1rdjNbNhNdSQ1AVA+fZ00uP3B7DPUsKONFybd/2Sg=; b=DfmigqBIaoNQSbQtf1CVZ7JFr8EJ5NmREQnOiiz/pvkx6iSiiyrvkwGR3sn3hnpBNO CdKLfKuH8NNZinFpCy5RHwo2kcgSIyWJkfVAR+pebuwGQUv2ngMGrCnq5Efy0AHO4g1p sf3BUSWo/LdIAd2wIrYFzrcp4OsqJzrxVc4J6sB5PozGnSIn9JISk2ZdcY5DePnjWGtI C4mPMi3MnH4dqQhBVItzXR4prmjN+4/bKUoOxpRU9tc6yVLRQxjtSWVVVYkXoZEtZUSb iWLd+BP6HU49xzsf5GXM7H6qlIGaOVGG+bC1j8i88/NM+kI6oREDS4mtam5teVeEX8ui E07A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c+1rdjNbNhNdSQ1AVA+fZ00uP3B7DPUsKONFybd/2Sg=; b=NrASBKeg6IW8nz6Cd2wz4hOKepqXL/PmUZ0wKYfeKKHRIGkaEoMWFkJJAjNQ3wgizM b85SeXHR5RnqiS4ffMfmAXdkAnpSKDQ/RHTR7Qw+MfTSPNkRLEAJEhlidZMYK/O+I+cE /2RLtngRxdszf//Zpon/7FPpClOX7nN+Dqq8Qk96AkK+N34toqXkKsgVuAW1crkGCUuU Ns/WsdvV1fFKOoFhfZvOu5Esuui3xzAlwjc4hI9wTsH1E0TkGKBT8i6Eh+p2HVg4Bnj6 KagYhIWLwuxTEWGSTFDWSZ1c/g7pm7Db2ip8RodW3KG/EOsqwxUMao4wC6Re2Pwco3C6 dNsA== X-Gm-Message-State: AOAM533axYeVMN9kxSmgQjEhh/mbZ61x3v/hXf7H7Y1XFbNDWIOgNiLq x20C4Sx4udk2fee09/Qt3R4= X-Received: by 2002:a37:70d:: with SMTP id 13mr9285584qkh.366.1593030876192; Wed, 24 Jun 2020 13:34:36 -0700 (PDT) Received: from localhost.localdomain ([177.220.172.113]) by smtp.gmail.com with ESMTPSA id d186sm4006074qkb.110.2020.06.24.13.34.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jun 2020 13:34:35 -0700 (PDT) Received: by localhost.localdomain (Postfix, from userid 1000) id 5D0F3C3123; Wed, 24 Jun 2020 17:34:32 -0300 (-03) From: Marcelo Ricardo Leitner To: netdev@vger.kernel.org Cc: Xin Long , Michael Tuexen , Yasevich , Neil Horman , linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, Corey Minyard Subject: [PATCH net] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket Date: Wed, 24 Jun 2020 17:34:18 -0300 Message-Id: <991916791cdcc37456ccb061779d485063b97129.1593030427.git.marcelo.leitner@gmail.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200623160417.12418-1-minyard@acm.org> References: <20200623160417.12418-1-minyard@acm.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If a socket is set ipv6only, it will still send IPv4 addresses in the INIT and INIT_ACK packets. This potentially misleads the peer into using them, which then would cause association termination. The fix is to not add IPv4 addresses to ipv6only sockets. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Corey Minyard Signed-off-by: Marcelo Ricardo Leitner --- include/net/sctp/constants.h | 8 +++++--- net/sctp/associola.c | 5 ++++- net/sctp/bind_addr.c | 1 + net/sctp/protocol.c | 3 ++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h index 15b4d9aec7ff278e67a7183f10c14be237227d6b..122d9e2d8dfde33b787d575fc42d454732550698 100644 --- a/include/net/sctp/constants.h +++ b/include/net/sctp/constants.h @@ -353,11 +353,13 @@ enum { ipv4_is_anycast_6to4(a)) /* Flags used for the bind address copy functions. */ -#define SCTP_ADDR6_ALLOWED 0x00000001 /* IPv6 address is allowed by +#define SCTP_ADDR4_ALLOWED 0x00000001 /* IPv4 address is allowed by local sock family */ -#define SCTP_ADDR4_PEERSUPP 0x00000002 /* IPv4 address is supported by +#define SCTP_ADDR6_ALLOWED 0x00000002 /* IPv6 address is allowed by + local sock family */ +#define SCTP_ADDR4_PEERSUPP 0x00000004 /* IPv4 address is supported by peer */ -#define SCTP_ADDR6_PEERSUPP 0x00000004 /* IPv6 address is supported by +#define SCTP_ADDR6_PEERSUPP 0x00000008 /* IPv6 address is supported by peer */ /* Reasons to retransmit. */ diff --git a/net/sctp/associola.c b/net/sctp/associola.c index 72315137d7e7f20d5182291ef4b01102f030078b..8d735461fa196567ab19c583703aad098ef8e240 100644 --- a/net/sctp/associola.c +++ b/net/sctp/associola.c @@ -1565,12 +1565,15 @@ void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len) int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc, enum sctp_scope scope, gfp_t gfp) { + struct sock *sk = asoc->base.sk; int flags; /* Use scoping rules to determine the subset of addresses from * the endpoint. */ - flags = (PF_INET6 == asoc->base.sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; + flags = (PF_INET6 == sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; + if (!inet_v6_ipv6only(sk)) + flags |= SCTP_ADDR4_ALLOWED; if (asoc->peer.ipv4_address) flags |= SCTP_ADDR4_PEERSUPP; if (asoc->peer.ipv6_address) diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c index 53bc61537f44f4e766c417fcef72234df52ecd04..701c5a4e441d9c248df9472f22db5b78987f9e44 100644 --- a/net/sctp/bind_addr.c +++ b/net/sctp/bind_addr.c @@ -461,6 +461,7 @@ static int sctp_copy_one_addr(struct net *net, struct sctp_bind_addr *dest, * well as the remote peer. */ if ((((AF_INET == addr->sa.sa_family) && + (flags & SCTP_ADDR4_ALLOWED) && (flags & SCTP_ADDR4_PEERSUPP))) || (((AF_INET6 == addr->sa.sa_family) && (flags & SCTP_ADDR6_ALLOWED) && diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 092d1afdee0d23cd974210839310fbf406dd443f..cde29f3c7fb3c40ee117636fa3b4b7f0a03e4fba 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -148,7 +148,8 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, * sock as well as the remote peer. */ if (addr->a.sa.sa_family == AF_INET && - !(copy_flags & SCTP_ADDR4_PEERSUPP)) + (!(copy_flags & SCTP_ADDR4_ALLOWED) || + !(copy_flags & SCTP_ADDR4_PEERSUPP))) continue; if (addr->a.sa.sa_family == AF_INET6 && (!(copy_flags & SCTP_ADDR6_ALLOWED) || -- 2.25.4