• LUU Duc Canh's avatar
    tipc: ignore STATE_MSG on wrong link session · d949cfed
    LUU Duc Canh authored
    The initial session number when a link is created is based on a random
    value, taken from struct tipc_net->random. It is then incremented for
    each link reset to avoid mixing protocol messages from different link
    sessions.
    
    However, when a bearer is reset all its links are deleted, and will
    later be re-created using the same random value as the first time.
    This means that if the link never went down between creation and
    deletion we will still sometimes have two subsequent sessions with
    the same session number. In virtual environments with potentially
    long transmission times this has turned out to be a real problem.
    
    We now fix this by randomizing the session number each time a link
    is created.
    
    With a session number size of 16 bits this gives a risk of session
    collision of 1/64k. To reduce this further, we also introduce a sanity
    check on the very first STATE message arriving at a link. If this has
    an acknowledge value differing from 0, which is logically impossible,
    we ignore the message. The final risk for session collision is hence
    reduced to 1/4G, which should be sufficient.
    Signed-off-by: default avatarLUU Duc Canh <canh.d.luu@dektech.com.au>
    Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    d949cfed
link.c 59.7 KB