On Thu, Jun 11, 2015 at 05:27:45PM -0700, David Miller wrote: > From: mleitner@xxxxxxxxxx > Date: Thu, 11 Jun 2015 14:49:46 -0300 > > > From: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> > > > > Currently, we can ask to authenticate DATA chunks and we can send DATA > > chunks on the same packet as COOKIE_ECHO, but if you try to combine > > both, the DATA chunk will be sent unauthenticated and peer won't accept > > it, leading to a communication failure. > > > > This happens because even though the data was queued after it was > > requested to authenticate DATA chunks, it was also queued before we > > could know that remote peer can handle authenticating, so > > sctp_auth_send_cid() returns false. > > > > The fix is whenever we set up an active key, re-check send queue for > > chunks that now should be authenticated. As a result, such packet will > > now contain COOKIE_ECHO + AUTH + DATA chunks, in that order. > > > > Reported-by: Liu Wei <weliu@xxxxxxxxxx> > > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> > > Vlad/Neil, please review. > sorry Dave, though I had sent email on that already. I had an initial concern that there could be a race in which a previous iteration of sctp_outq_flush would move some chunks to a packet, but not flush it to the network layer yet (due to not being full), and that would result in the same condition. But since this only happens with a COOKIE_ECHO chunk (which is a control chunk), we should be ok, as those are sent immediately. Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
