summaryrefslogtreecommitdiff
path: root/net/sctp/output.c
diff options
context:
space:
mode:
authorVlad Yasevich <vladislav.yasevich@hp.com>2008-06-19 16:08:18 -0700
committerDavid S. Miller <davem@davemloft.net>2008-06-19 16:08:18 -0700
commit2e3216cd54b142ba605e87522e15f42e0c4e3996 (patch)
treeda4d7a6ff4811d9f38b81c70f08b221b575e1254 /net/sctp/output.c
parent7115e632f90952454ab6426e0d2151327162a30f (diff)
downloadlinux-stable-2e3216cd54b142ba605e87522e15f42e0c4e3996.tar.gz
linux-stable-2e3216cd54b142ba605e87522e15f42e0c4e3996.tar.bz2
linux-stable-2e3216cd54b142ba605e87522e15f42e0c4e3996.zip
sctp: Follow security requirement of responding with 1 packet
RFC 4960, Section 11.4. Protection of Non-SCTP-Capable Hosts When an SCTP stack receives a packet containing multiple control or DATA chunks and the processing of the packet requires the sending of multiple chunks in response, the sender of the response chunk(s) MUST NOT send more than one packet. If bundling is supported, multiple response chunks that fit into a single packet MAY be bundled together into one single response packet. If bundling is not supported, then the sender MUST NOT send more than one response chunk and MUST discard all other responses. Note that this rule does NOT apply to a SACK chunk, since a SACK chunk is, in itself, a response to DATA and a SACK does not require a response of more DATA. We implement this by not servicing our outqueue until we reach the end of the packet. This enables maximum bundling. We also identify 'response' chunks and make sure that we only send 1 packet when sending such chunks. Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sctp/output.c')
-rw-r--r--net/sctp/output.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/sctp/output.c b/net/sctp/output.c
index 6d45bae93b46..abcd00dc05eb 100644
--- a/net/sctp/output.c
+++ b/net/sctp/output.c
@@ -157,7 +157,8 @@ void sctp_packet_free(struct sctp_packet *packet)
* packet can be sent only after receiving the COOKIE_ACK.
*/
sctp_xmit_t sctp_packet_transmit_chunk(struct sctp_packet *packet,
- struct sctp_chunk *chunk)
+ struct sctp_chunk *chunk,
+ int one_packet)
{
sctp_xmit_t retval;
int error = 0;
@@ -175,7 +176,9 @@ sctp_xmit_t sctp_packet_transmit_chunk(struct sctp_packet *packet,
/* If we have an empty packet, then we can NOT ever
* return PMTU_FULL.
*/
- retval = sctp_packet_append_chunk(packet, chunk);
+ if (!one_packet)
+ retval = sctp_packet_append_chunk(packet,
+ chunk);
}
break;