• V
    [SCTP]: Follow Add-IP security consideratiosn wrt INIT/INIT-ACK · d6701191
    Vlad Yasevich 提交于
    The Security Considerations section of RFC 5061 has the following
    text:
    
       If an SCTP endpoint that supports this extension receives an INIT
       that indicates that the peer supports the ASCONF extension but does
       NOT support the [RFC4895] extension, the receiver of such an INIT
       MUST send an ABORT in response.  Note that an implementation is
       allowed to silently discard such an INIT as an option as well, but
       under NO circumstance is an implementation allowed to proceed with
       the association setup by sending an INIT-ACK in response.
    
       An implementation that receives an INIT-ACK that indicates that the
       peer does not support the [RFC4895] extension MUST NOT send the
       COOKIE-ECHO to establish the association.  Instead, the
       implementation MUST discard the INIT-ACK and report to the upper-
       layer user that an association cannot be established destroying the
       Transmission Control Block (TCB).
    
    Follow the recomendations.
    Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    d6701191
sm_statefuns.c 185.3 KB