SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Vlad Yasevich <vladislav.yasevich@hp.com>
	Thu, 20 Dec 2007 22:13:31 +0000 (14:13 -0800)
committer	David S. Miller <davem@davemloft.net>
	Mon, 28 Jan 2008 22:59:25 +0000 (14:59 -0800)
commit	d6701191329b51793bc56724548f0863d2149c29
tree	2833f850724af85622b844d27f42e285176e2f7f	tree \| snapshot
parent	75205f478331cc64ce729ea72d3c8c1837fb59cb	commit \| diff

[SCTP]: Follow Add-IP security consideratiosn wrt INIT/INIT-ACK

The Security Considerations section of RFC 5061 has the following
text:

   If an SCTP endpoint that supports this extension receives an INIT
   that indicates that the peer supports the ASCONF extension but does
   NOT support the [RFC4895] extension, the receiver of such an INIT
   MUST send an ABORT in response.  Note that an implementation is
   allowed to silently discard such an INIT as an option as well, but
   under NO circumstance is an implementation allowed to proceed with
   the association setup by sending an INIT-ACK in response.

   An implementation that receives an INIT-ACK that indicates that the
   peer does not support the [RFC4895] extension MUST NOT send the
   COOKIE-ECHO to establish the association.  Instead, the
   implementation MUST discard the INIT-ACK and report to the upper-
   layer user that an association cannot be established destroying the
   Transmission Control Block (TCB).

Follow the recomendations.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/sctp/sm_make_chunk.c		diff \| blob \| history
net/sctp/sm_statefuns.c		diff \| blob \| history