Dave Johnson wrote:
> An accept() call on a SCTPv6 socket that returns due to connection of
> a IPv4 mapped peer will fill out the 'struct sockaddr' with a zero
> IPv6 address instead of the IPv4 mapped address of the peer.
>
> This is due to the v4mapped flag not getting copied into the new
> socket on accept() as well as a missing check for INET6 socket type in
> sctp_v4_to_sk_*addr().
>
> Signed-off-by: Dave Johnson <[email protected]>
> Cc: Srinivas Akkipeddi <[email protected]>
>
> ===== net/sctp/ipv6.c 1.108 vs edited =====
> --- 1.108/net/sctp/ipv6.c 2007-07-05 20:40:15 -04:00
> +++ edited/net/sctp/ipv6.c 2007-07-25 16:30:41 -04:00
> @@ -641,6 +641,8 @@
> newsctp6sk = (struct sctp6_sock *)newsk;
> inet_sk(newsk)->pinet6 = &newsctp6sk->inet6;
>
> + sctp_sk(newsk)->v4mapped = sctp_sk(sk)->v4mapped;
> +
> newinet = inet_sk(newsk);
> newnp = inet6_sk(newsk);
>
> ===== net/sctp/protocol.c 1.130 vs edited =====
> --- 1.130/net/sctp/protocol.c 2007-05-04 16:36:30 -04:00
> +++ edited/net/sctp/protocol.c 2007-07-25 16:28:21 -04:00
> @@ -257,13 +257,28 @@
> /* Initialize sk->sk_rcv_saddr from sctp_addr. */
> static void sctp_v4_to_sk_saddr(union sctp_addr *addr, struct sock *sk)
> {
> - inet_sk(sk)->rcv_saddr = addr->v4.sin_addr.s_addr;
> + if ((sk->sk_family == PF_INET6) && (sctp_sk(sk)->v4mapped)) {
> + inet6_sk(sk)->rcv_saddr.s6_addr32[0] = 0;
> + inet6_sk(sk)->rcv_saddr.s6_addr32[1] = 0;
> + inet6_sk(sk)->rcv_saddr.s6_addr32[2] = htonl(0x0000ffff);
> + inet6_sk(sk)->rcv_saddr.s6_addr32[3] =
> + addr->v4.sin_addr.s_addr;
> + } else {
> + inet_sk(sk)->rcv_saddr = addr->v4.sin_addr.s_addr;
> + }
> }
>
> /* Initialize sk->sk_daddr from sctp_addr. */
> static void sctp_v4_to_sk_daddr(union sctp_addr *addr, struct sock *sk)
> {
> - inet_sk(sk)->daddr = addr->v4.sin_addr.s_addr;
> + if ((sk->sk_family == PF_INET6) && (sctp_sk(sk)->v4mapped)) {
> + inet6_sk(sk)->daddr.s6_addr32[0] = 0;
> + inet6_sk(sk)->daddr.s6_addr32[1] = 0;
> + inet6_sk(sk)->daddr.s6_addr32[2] = htonl(0x0000ffff);
> + inet6_sk(sk)->daddr.s6_addr32[3] = addr->v4.sin_addr.s_addr;
> + } else {
> + inet_sk(sk)->daddr = addr->v4.sin_addr.s_addr;
> + }
> }
>
> /* Initialize a sctp_addr from an address parameter. */
> @@ -557,6 +572,8 @@
> newsk->sk_protocol = IPPROTO_SCTP;
> newsk->sk_backlog_rcv = sk->sk_prot->backlog_rcv;
> sock_reset_flag(newsk, SOCK_ZAPPED);
> +
> + sctp_sk(newsk)->v4mapped = sctp_sk(sk)->v4mapped;
>
> newinet = inet_sk(newsk);
>
>
Can you explain why the sctp_v4 changes are need for the this case?
I don't see how the code in sctp/protocol.c comes into play for this
particular bug.
Thanks
-vlad
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
