[DCCP]: Ignore feature negotiation on Data packets
authorGerrit Renker <gerrit@erg.abdn.ac.uk>
Thu, 13 Dec 2007 14:48:19 +0000 (12:48 -0200)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:57:54 +0000 (14:57 -0800)
This implements [RFC 4340, p. 32]: "any feature negotiation options received
on DCCP-Data packets MUST be ignored".

Also added a FIXME for further processing, since the code currently (wrongly)
classifies empty Confirm options as invalid - this needs to be resolved in
a separate patch.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/options.c

index bedb5daaa3c5da7188e2362a42f8950d55643a16..d2a84a2fecee6eaf663b4a23d8eabda76e6d08c7 100644 (file)
@@ -132,6 +132,8 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
                case DCCPO_CHANGE_L:
                        /* fall through */
                case DCCPO_CHANGE_R:
+                       if (pkt_type == DCCP_PKT_DATA)
+                               break;
                        if (len < 2)
                                goto out_invalid_option;
                        rc = dccp_feat_change_recv(sk, opt, *value, value + 1,
@@ -148,7 +150,9 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
                case DCCPO_CONFIRM_L:
                        /* fall through */
                case DCCPO_CONFIRM_R:
-                       if (len < 2)
+                       if (pkt_type == DCCP_PKT_DATA)
+                               break;
+                       if (len < 2)    /* FIXME this disallows empty confirm */
                                goto out_invalid_option;
                        if (dccp_feat_confirm_recv(sk, opt, *value,
                                                   value + 1, len - 1))