sctp: allow authenticating DATA chunks that are bundled with COOKIE_ECHO
authorMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Thu, 11 Jun 2015 17:49:46 +0000 (14:49 -0300)
committerDavid S. Miller <davem@davemloft.net>
Fri, 12 Jun 2015 21:18:20 +0000 (14:18 -0700)
commitae36806a622aea5ac79f279cfccc82144967b6e7
tree7e3cfacb5c43d0394875be466098c387e33357ba
parentfb05e7a89f500cfc06ae277bdc911b281928995d
sctp: allow authenticating DATA chunks that are bundled with COOKIE_ECHO

Currently, we can ask to authenticate DATA chunks and we can send DATA
chunks on the same packet as COOKIE_ECHO, but if you try to combine
both, the DATA chunk will be sent unauthenticated and peer won't accept
it, leading to a communication failure.

This happens because even though the data was queued after it was
requested to authenticate DATA chunks, it was also queued before we
could know that remote peer can handle authenticating, so
sctp_auth_send_cid() returns false.

The fix is whenever we set up an active key, re-check send queue for
chunks that now should be authenticated. As a result, such packet will
now contain COOKIE_ECHO + AUTH + DATA chunks, in that order.

Reported-by: Liu Wei <weliu@redhat.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sctp/auth.c