Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp921662ybt; Wed, 24 Jun 2020 14:55:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyKQuZ4XdKUto4cdb531o/j6dW4pCI7q0QAdbA0WlM89iJgsKHqOdrmIh+ln4yTQ92E9gC6 X-Received: by 2002:a50:fe0d:: with SMTP id f13mr29620606edt.204.1593035702512; Wed, 24 Jun 2020 14:55:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593035702; cv=none; d=google.com; s=arc-20160816; b=o74Ul55AIShAyH6/fWJq8QpSv8Qo1ToTCa6YtpE8dJ0SShyhsZMQp+gsA8JXksC+Rc GDIt267ZBcoHoyRFB6fone/Ufl+t0cYBkMJuldcO37lax/3pmlLngDZjdj83vHmaF3ZI qp9M4H2hGYZDiPQ9NGk41DX1JmxbQSzp2dlRJboERMr/F1MCBTff3ukFBXvqcaaGCVgI eiYlpmu8CzK4JAhFdMS9NTqu8gLHF9IOUZryRacImgA9Yf65T7PKrxaU1oD8ouIgIyyS x657czNwVHCFO3tKHd1x11NeUSVg3BDRIwdXF0RlIWZ99PRNHW+MW6Y0ocTc1XGHF3xo U4rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=qPg2nm0p2LJEb0R7qtNhU1AWPUuDqXO1JJw+ZdVHnzc=; b=e4k952bILpZ+oZip5+CxEnS7x0uimoZzyNrLUByzD0BMf/z4GlwkJ8sWUqOYklkGr3 A7OVK5mPcCLpchOdVBK6JSrC6382NcbYiuCW8YJ8tts2i7IGij4RAcouvX9EneVjdKTQ kA/gLN9DXGkTIeO/cNgVnieDGXNkdD++zK4JMiT2MUciONWaMn3GTY0FiLjs5mBEmR2S IxU4yQlQ2OjEm3vnqU/EwMcgh2zdxq5Lz6jVaZDWhQB1Yf0bjP+1ZwpHNgsGdG+iQji+ qLe6jzfJfmFFaw+kWZqNAMYlyj+ZeaLnXI4dA9pWciTLMlKnz+XBFFwDEC/l0iU3ZikP JVgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mvista-com.20150623.gappssmtp.com header.s=20150623 header.b=Vq+DLiSV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j8si9320892ejs.237.2020.06.24.14.54.39; Wed, 24 Jun 2020 14:55:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@mvista-com.20150623.gappssmtp.com header.s=20150623 header.b=Vq+DLiSV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387718AbgFXUxb (ORCPT + 99 others); Wed, 24 Jun 2020 16:53:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387735AbgFXUxa (ORCPT ); Wed, 24 Jun 2020 16:53:30 -0400 Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BA04C061795 for ; Wed, 24 Jun 2020 13:53:30 -0700 (PDT) Received: by mail-ot1-x342.google.com with SMTP id 72so3273403otc.3 for ; Wed, 24 Jun 2020 13:53:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mvista-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:reply-to:references:mime-version :content-disposition:in-reply-to:user-agent; bh=qPg2nm0p2LJEb0R7qtNhU1AWPUuDqXO1JJw+ZdVHnzc=; b=Vq+DLiSVnp2R+eWXBa8mX0P4to5wreqQRe0uV/MSjLKa8CEuNrl73jJgEarufgjtvl +60JLvnSEKvSZd8rVWarfWPS+TA7Zc5YXiGOXxPbbEe9WSaHZKZvP8LEAWC/a2dXCh57 bBB4Yld75nkFW/u+BxUNontB/5XPnqXk+peIwhnaZYsNCk5GaYBbnfRb/nrlp2QqMHky AByi/FjgCH99muKrioAO8smcNotJxESNG/+08NeaHhqMp05sJKv3u0HsSZThu96zZPvH kJxjJrg7x3oWe+UrKQOyPIYOgH2HUaKXs2X14giMsx2nxPTe/tdf7gnEuFCx8ar6Bxed HQug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:reply-to :references:mime-version:content-disposition:in-reply-to:user-agent; bh=qPg2nm0p2LJEb0R7qtNhU1AWPUuDqXO1JJw+ZdVHnzc=; b=dhrMFpPcIDUAwUeUD0CpVuLFBz6Gm2VLGxN0IEmjdctHXtEaqb9p494ZGu4Rw9r01d vYPKXaRT8M7U5bQ6FTlbztj4nlGShga24WhIDwt5m/Gl+dDfdCsbGfN2Xo0h00yLdo9I pRQfrYe/TLPdCvbgCII0NBPkbpXQ8KPMWKmpSBY4SfVf05wCHaEsjUtBYzt8DO/RAKow hTFvOp2BGN1FqC/Ogh/9CUsuAZSITJw6li5/lbIuRlWMI5gjlD7gMrO8Ruiq98Mi5SB9 41D0xsCO6bwaHKrUVcHRW6RKT59IWOKo3jgcvRFtLHM4CewzGefcOMQZt6RYyL/fw8fM ts2A== X-Gm-Message-State: AOAM5336wLWMdkP8xpLAnXUTb4vneuI3xQdlnSTDeFG86RxeyWJKIjZm ZNWTC2IYIfZgVVeDEUPW3Lb97A== X-Received: by 2002:a9d:6c8b:: with SMTP id c11mr24009320otr.275.1593032009336; Wed, 24 Jun 2020 13:53:29 -0700 (PDT) Received: from minyard.net ([2001:470:b8f6:1b:6d79:306:b4b0:35c1]) by smtp.gmail.com with ESMTPSA id p11sm4933468oip.56.2020.06.24.13.53.28 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 24 Jun 2020 13:53:28 -0700 (PDT) Date: Wed, 24 Jun 2020 15:53:27 -0500 From: Corey Minyard To: Marcelo Ricardo Leitner Cc: netdev@vger.kernel.org, Xin Long , Michael Tuexen , Yasevich , Neil Horman , linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH net] sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket Message-ID: <20200624205327.GK3258@minyard.net> Reply-To: cminyard@mvista.com References: <20200623160417.12418-1-minyard@acm.org> <991916791cdcc37456ccb061779d485063b97129.1593030427.git.marcelo.leitner@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <991916791cdcc37456ccb061779d485063b97129.1593030427.git.marcelo.leitner@gmail.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 24, 2020 at 05:34:18PM -0300, Marcelo Ricardo Leitner wrote: > If a socket is set ipv6only, it will still send IPv4 addresses in the > INIT and INIT_ACK packets. This potentially misleads the peer into using > them, which then would cause association termination. > > The fix is to not add IPv4 addresses to ipv6only sockets. Fixes the issue for me. Tested-by: Corey Minyard Thanks a bunch. -corey > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Reported-by: Corey Minyard > Signed-off-by: Marcelo Ricardo Leitner > --- > include/net/sctp/constants.h | 8 +++++--- > net/sctp/associola.c | 5 ++++- > net/sctp/bind_addr.c | 1 + > net/sctp/protocol.c | 3 ++- > 4 files changed, 12 insertions(+), 5 deletions(-) > > diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h > index 15b4d9aec7ff278e67a7183f10c14be237227d6b..122d9e2d8dfde33b787d575fc42d454732550698 100644 > --- a/include/net/sctp/constants.h > +++ b/include/net/sctp/constants.h > @@ -353,11 +353,13 @@ enum { > ipv4_is_anycast_6to4(a)) > > /* Flags used for the bind address copy functions. */ > -#define SCTP_ADDR6_ALLOWED 0x00000001 /* IPv6 address is allowed by > +#define SCTP_ADDR4_ALLOWED 0x00000001 /* IPv4 address is allowed by > local sock family */ > -#define SCTP_ADDR4_PEERSUPP 0x00000002 /* IPv4 address is supported by > +#define SCTP_ADDR6_ALLOWED 0x00000002 /* IPv6 address is allowed by > + local sock family */ > +#define SCTP_ADDR4_PEERSUPP 0x00000004 /* IPv4 address is supported by > peer */ > -#define SCTP_ADDR6_PEERSUPP 0x00000004 /* IPv6 address is supported by > +#define SCTP_ADDR6_PEERSUPP 0x00000008 /* IPv6 address is supported by > peer */ > > /* Reasons to retransmit. */ > diff --git a/net/sctp/associola.c b/net/sctp/associola.c > index 72315137d7e7f20d5182291ef4b01102f030078b..8d735461fa196567ab19c583703aad098ef8e240 100644 > --- a/net/sctp/associola.c > +++ b/net/sctp/associola.c > @@ -1565,12 +1565,15 @@ void sctp_assoc_rwnd_decrease(struct sctp_association *asoc, unsigned int len) > int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *asoc, > enum sctp_scope scope, gfp_t gfp) > { > + struct sock *sk = asoc->base.sk; > int flags; > > /* Use scoping rules to determine the subset of addresses from > * the endpoint. > */ > - flags = (PF_INET6 == asoc->base.sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; > + flags = (PF_INET6 == sk->sk_family) ? SCTP_ADDR6_ALLOWED : 0; > + if (!inet_v6_ipv6only(sk)) > + flags |= SCTP_ADDR4_ALLOWED; > if (asoc->peer.ipv4_address) > flags |= SCTP_ADDR4_PEERSUPP; > if (asoc->peer.ipv6_address) > diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c > index 53bc61537f44f4e766c417fcef72234df52ecd04..701c5a4e441d9c248df9472f22db5b78987f9e44 100644 > --- a/net/sctp/bind_addr.c > +++ b/net/sctp/bind_addr.c > @@ -461,6 +461,7 @@ static int sctp_copy_one_addr(struct net *net, struct sctp_bind_addr *dest, > * well as the remote peer. > */ > if ((((AF_INET == addr->sa.sa_family) && > + (flags & SCTP_ADDR4_ALLOWED) && > (flags & SCTP_ADDR4_PEERSUPP))) || > (((AF_INET6 == addr->sa.sa_family) && > (flags & SCTP_ADDR6_ALLOWED) && > diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c > index 092d1afdee0d23cd974210839310fbf406dd443f..cde29f3c7fb3c40ee117636fa3b4b7f0a03e4fba 100644 > --- a/net/sctp/protocol.c > +++ b/net/sctp/protocol.c > @@ -148,7 +148,8 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, > * sock as well as the remote peer. > */ > if (addr->a.sa.sa_family == AF_INET && > - !(copy_flags & SCTP_ADDR4_PEERSUPP)) > + (!(copy_flags & SCTP_ADDR4_ALLOWED) || > + !(copy_flags & SCTP_ADDR4_PEERSUPP))) > continue; > if (addr->a.sa.sa_family == AF_INET6 && > (!(copy_flags & SCTP_ADDR6_ALLOWED) || > -- > 2.25.4 >