• G
    [DCCP]: Twice the wrong reset code in receiving connection-Requests · 4a5409a5
    Gerrit Renker 提交于
    This fixes two bugs in processing of connection-Requests in
    v{4,6}_conn_request:
    
     1. Due to using the variable `reset_code', the Reset code generated
        internally by dccp_parse_options() is overwritten with the
        initialised value ("Too Busy") of reset_code, which is not what is
        intended.
    
     2. When receiving a connection-Request on a multicast or broadcast
        address, no Reset should be generated, to avoid storms of such
        packets. Instead of jumping to the `drop' label, the
        v{4,6}_conn_request functions now return 0. Below is why in my
        understanding this is correct:
    
        When the conn_request function returns < 0, then the caller,
        dccp_rcv_state_process(), returns 1. In all instances where
        dccp_rcv_state_process is called (dccp_v4_do_rcv, dccp_v6_do_rcv,
        and dccp_child_process), a return value of != 0 from
        dccp_rcv_state_process() means that a Reset is generated.
    
        If on the other hand the conn_request function returns 0, the
        packet is discarded and no Reset is generated.
    
    Note: There may be a related problem when sending the Response, due to
    the following.
    
    	if (dccp_v6_send_response(sk, req, NULL))
    		goto drop_and_free;
    	/* ... */
    	drop_and_free:
    		return -1;
    
    In this case, if send_response fails due to transmission errors, the
    next thing that is generated is a Reset with a code "Too Busy". I
    haven't been able to conjure up such a condition, but it might be good
    to change the behaviour here also (not done by this patch).
    Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk>
    Signed-off-by: NIan McDonald <ian.mcdonald@jandi.co.nz>
    Signed-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    4a5409a5
ipv4.c 27.2 KB