From 1dededab5da0fca1176382ffdac8030a7ac3cbce Mon Sep 17 00:00:00 2001
From: tuexen <tuexen@FreeBSD.org>
Date: Sun, 17 Jan 2016 14:14:12 +0000
Subject: MFC r294057: Fix a bug in INIT handling on accepted 1-to-1 style
 sockets when the listener is closed. This fix allows the following
 packetdrill test to pass: // Setup a connected, blocking 1-to-1 style socket
 +0.0 socket(..., SOCK_STREAM, IPPROTO_SCTP) = 3 // Check the handshake with
 en empty(!) cookie +0.0 bind(3, ..., ...) = 0 +0.0 listen(3, 1) = 0 +0.0 <
 sctp: INIT[flgs=0, tag=1, a_rwnd=1500, os=1, is=1, tsn=1] +0.0 > sctp:
 INIT_ACK[flgs=0, tag=2, a_rwnd=..., os=..., is=..., tsn=1, ...] +0.0 < sctp:
 COOKIE_ECHO[flgs=0, len=..., val=...] +0.0 > sctp: COOKIE_ACK[flgs=0] +0.0
 accept(3, ..., ...) = 4 +0.0 close(3) = 0 // Inject an INIT chunk and expect
 an INIT-ACK +0.0 < sctp: INIT[flgs=0, tag=3, a_rwnd=1500, os=1, is=1, tsn=1]
 +0.0 > sctp: INIT_ACK[flgs=0, tag=..., a_rwnd=..., os=..., is=..., tsn=...,
 ...]

---
 sys/netinet/sctp_pcb.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'sys/netinet')

diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index 303a944..39872e4 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -2269,8 +2269,12 @@ sctp_findassociation_addr(struct mbuf *m, int offset,
 		}
 	}
 	find_tcp_pool = 0;
-	if ((ch->chunk_type != SCTP_INITIATION) &&
-	    (ch->chunk_type != SCTP_INITIATION_ACK) &&
+	/*
+	 * Don't consider INIT chunks since that breaks 1-to-1 sockets: When
+	 * a server closes the listener, incoming INIT chunks are not
+	 * responsed by an INIT-ACK chunk.
+	 */
+	if ((ch->chunk_type != SCTP_INITIATION_ACK) &&
 	    (ch->chunk_type != SCTP_COOKIE_ACK) &&
 	    (ch->chunk_type != SCTP_COOKIE_ECHO)) {
 		/* Other chunk types go to the tcp pool. */
-- 
cgit v1.1