Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 2 Aug 2015 16:07:30 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r286206 - head/sys/netinet
Message-ID:  <201508021607.t72G7U1I019156@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Sun Aug  2 16:07:30 2015
New Revision: 286206
URL: https://svnweb.freebsd.org/changeset/base/286206

Log:
  Don't take the port numbers for packets containing ABORT chunks from
  a freed mbuf. Just use them from the stcb.
  
  MFC after: 3 days

Modified:
  head/sys/netinet/sctp_indata.c
  head/sys/netinet/sctp_indata.h
  head/sys/netinet/sctp_input.c

Modified: head/sys/netinet/sctp_indata.c
==============================================================================
--- head/sys/netinet/sctp_indata.c	Sun Aug  2 14:56:30 2015	(r286205)
+++ head/sys/netinet/sctp_indata.c	Sun Aug  2 16:07:30 2015	(r286206)
@@ -2312,11 +2312,8 @@ doit_again:
 
 int
 sctp_process_data(struct mbuf **mm, int iphlen, int *offset, int length,
-    struct sockaddr *src, struct sockaddr *dst,
-    struct sctphdr *sh, struct sctp_inpcb *inp,
-    struct sctp_tcb *stcb, struct sctp_nets *net, uint32_t * high_tsn,
-    uint8_t mflowtype, uint32_t mflowid,
-    uint32_t vrf_id, uint16_t port)
+    struct sctp_inpcb *inp, struct sctp_tcb *stcb,
+    struct sctp_nets *net, uint32_t * high_tsn)
 {
 	struct sctp_data_chunk *ch, chunk_buf;
 	struct sctp_association *asoc;
@@ -2408,10 +2405,7 @@ sctp_process_data(struct mbuf **mm, int 
 				    chk_length);
 				op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
 				stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21;
-				sctp_abort_association(inp, stcb, m, iphlen,
-				    src, dst, sh, op_err,
-				    mflowtype, mflowid,
-				    vrf_id, port);
+				sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
 				return (2);
 			}
 			if ((size_t)chk_length == sizeof(struct sctp_data_chunk)) {
@@ -2423,10 +2417,7 @@ sctp_process_data(struct mbuf **mm, int 
 
 				op_err = sctp_generate_no_user_data_cause(ch->dp.tsn);
 				stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22;
-				sctp_abort_association(inp, stcb, m, iphlen,
-				    src, dst, sh, op_err,
-				    mflowtype, mflowid,
-				    vrf_id, port);
+				sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
 				return (2);
 			}
 #ifdef SCTP_AUDITING_ENABLED
@@ -2493,12 +2484,7 @@ sctp_process_data(struct mbuf **mm, int 
 					snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x",
 					    ch->ch.chunk_type);
 					op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg);
-					sctp_abort_association(inp, stcb,
-					    m, iphlen,
-					    src, dst,
-					    sh, op_err,
-					    mflowtype, mflowid,
-					    vrf_id, port);
+					sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED);
 					return (2);
 				}
 				break;

Modified: head/sys/netinet/sctp_indata.h
==============================================================================
--- head/sys/netinet/sctp_indata.h	Sun Aug  2 14:56:30 2015	(r286205)
+++ head/sys/netinet/sctp_indata.h	Sun Aug  2 16:07:30 2015	(r286206)
@@ -112,12 +112,8 @@ void
 
 int
 sctp_process_data(struct mbuf **, int, int *, int,
-    struct sockaddr *src, struct sockaddr *dst,
-    struct sctphdr *,
     struct sctp_inpcb *, struct sctp_tcb *,
-    struct sctp_nets *, uint32_t *,
-    uint8_t, uint32_t,
-    uint32_t, uint16_t);
+    struct sctp_nets *, uint32_t *);
 
 void sctp_slide_mapping_arrays(struct sctp_tcb *stcb);
 

Modified: head/sys/netinet/sctp_input.c
==============================================================================
--- head/sys/netinet/sctp_input.c	Sun Aug  2 14:56:30 2015	(r286205)
+++ head/sys/netinet/sctp_input.c	Sun Aug  2 16:07:30 2015	(r286206)
@@ -5981,10 +5981,7 @@ sctp_common_input_processing(struct mbuf
 		}
 		/* plow through the data chunks while length > offset */
 		retval = sctp_process_data(mm, iphlen, &offset, length,
-		    src, dst, sh,
-		    inp, stcb, net, &high_tsn,
-		    mflowtype, mflowid,
-		    vrf_id, port);
+		    inp, stcb, net, &high_tsn);
 		if (retval == 2) {
 			/*
 			 * The association aborted, NO UNLOCK needed since

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201508021607.t72G7U1I019156>