Lines Matching +full:fan +full:- +full:stop +full:- +full:to +full:- +full:start +full:- +full:us
1 // SPDX-License-Identifier: GPL-2.0-or-later
4 * Copyright (c) 1999-2000 Cisco, Inc.
5 * Copyright (c) 1999-2001 Motorola, Inc.
6 * Copyright (c) 2001-2002 Intel Corp.
13 * Please send any bug reports or fixes you make to the
15 * lksctp developers <linux-sctp@vger.kernel.org>
19 * Karl Knutson <karl@athena.chicago.il.us>
21 * Sridhar Samudrala <samudrala@us.ibm.com>
22 * Jon Grimm <jgrimm@us.ibm.com>
25 * Daisy Chang <daisyc@us.ibm.com>
26 * Ardelle Fan <ardelle.fan@intel.com>
27 * Ryan Layer <rmlayer@us.ibm.com>
169 * is set to be the size of a specific chunk we are testing.
177 __u16 chunk_length = ntohs(chunk->chunk_hdr->length); in sctp_chunk_length_valid()
180 if (unlikely(chunk->pdiscard)) in sctp_chunk_length_valid()
193 sctp_walk_errors(err, chunk->chunk_hdr); in sctp_err_chunk_valid()
195 return (void *)err == (void *)chunk->chunk_end; in sctp_err_chunk_valid()
207 * that it is in SHUTDOWN-ACK-SENT state, if it is not the chunk should be
208 * discarded. If the endpoint is in the SHUTDOWN-ACK-SENT state the endpoint
209 * should stop the T2-shutdown timer and remove all knowledge of the
215 * - The receiver of a SHUTDOWN COMPLETE shall accept the packet
219 * it is set to its peer's tag and the T bit is set in the Chunk
223 * SHUTDOWN COMPLETE if it is not in the SHUTDOWN-ACK-SENT state.
250 if (!chunk->singleton) in sctp_sf_do_4_C()
258 /* RFC 2960 10.2 SCTP-to-ULP in sctp_sf_do_4_C()
263 * notification is passed to the upper layer. in sctp_sf_do_4_C()
272 * will verify that it is in SHUTDOWN-ACK-SENT state, if it is in sctp_sf_do_4_C()
274 * the SHUTDOWN-ACK-SENT state the endpoint should stop the in sctp_sf_do_4_C()
275 * T2-shutdown timer and remove all knowledge of the in sctp_sf_do_4_C()
297 * Respond to a normal INIT chunk.
302 * destination IP address of the INIT ACK MUST be set to the source
303 * IP address of the INIT to which this INIT ACK is responding. In
305 * Verification Tag field to Tag_A, and also provide its own
340 if (!chunk->singleton) in sctp_sf_do_5_1B_init()
354 if (ep == sctp_sk(net->sctp.ctl_sock)->ep) { in sctp_sf_do_5_1B_init()
362 if (chunk->sctp_hdr->vtag != 0) in sctp_sf_do_5_1B_init()
367 * backloged to the socket at the same time as the user issues close(). in sctp_sf_do_5_1B_init()
371 if (sctp_sstate(ep->base.sk, CLOSING)) in sctp_sf_do_5_1B_init()
376 if (!sctp_verify_init(net, ep, asoc, chunk->chunk_hdr->type, in sctp_sf_do_5_1B_init()
377 (struct sctp_init_chunk *)chunk->chunk_hdr, chunk, in sctp_sf_do_5_1B_init()
379 /* This chunk contains fatal error. It is to be discarded. in sctp_sf_do_5_1B_init()
384 (__u8 *)(err_chunk->chunk_hdr) + in sctp_sf_do_5_1B_init()
386 ntohs(err_chunk->chunk_hdr->length) - in sctp_sf_do_5_1B_init()
406 chunk->subh.init_hdr = (struct sctp_inithdr *)chunk->skb->data; in sctp_sf_do_5_1B_init()
409 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(struct sctp_inithdr)); in sctp_sf_do_5_1B_init()
416 if (security_sctp_assoc_request(new_asoc, chunk->skb)) { in sctp_sf_do_5_1B_init()
428 (struct sctp_init_chunk *)chunk->chunk_hdr, in sctp_sf_do_5_1B_init()
434 /* If there are errors need to be reported for unknown parameters, in sctp_sf_do_5_1B_init()
435 * make sure to reserve enough room in the INIT ACK for them. in sctp_sf_do_5_1B_init()
439 len = ntohs(err_chunk->chunk_hdr->length) - in sctp_sf_do_5_1B_init()
446 /* If there are errors need to be reported for unknown parameters, in sctp_sf_do_5_1B_init()
459 ((__u8 *)(err_chunk->chunk_hdr) + in sctp_sf_do_5_1B_init()
475 * new association. Otherwise, "Z" will be vulnerable to resource in sctp_sf_do_5_1B_init()
491 * Respond to a normal INIT ACK chunk.
495 * C) Upon reception of the INIT ACK from "Z", "A" shall stop the T1-init
496 * timer and leave COOKIE-WAIT state. "A" shall then send the State
497 * Cookie received in the INIT ACK chunk in a COOKIE ECHO chunk, start
498 * the T1-cookie timer, and enter the COOKIE-ECHOED state.
503 * other packets to the peer.
507 * found to be 0, the receiver MUST treat it as an error and close the
537 if (!chunk->singleton) in sctp_sf_do_5_1C_ack()
540 /* Make sure that the INIT-ACK chunk has a valid length */ in sctp_sf_do_5_1C_ack()
545 chunk->subh.init_hdr = (struct sctp_inithdr *)chunk->skb->data; in sctp_sf_do_5_1C_ack()
549 if (!sctp_verify_init(net, ep, asoc, chunk->chunk_hdr->type, in sctp_sf_do_5_1C_ack()
550 (struct sctp_init_chunk *)chunk->chunk_hdr, chunk, in sctp_sf_do_5_1C_ack()
555 /* This chunk contains fatal error. It is to be discarded. in sctp_sf_do_5_1C_ack()
562 (__u8 *)(err_chunk->chunk_hdr) + in sctp_sf_do_5_1C_ack()
564 ntohs(err_chunk->chunk_hdr->length) - in sctp_sf_do_5_1C_ack()
577 /* SCTP-AUTH, Section 6.3: in sctp_sf_do_5_1C_ack()
578 * It should be noted that if the receiver wants to tear in sctp_sf_do_5_1C_ack()
583 * This means that if we only want to abort associations in sctp_sf_do_5_1C_ack()
593 asoc, chunk->transport); in sctp_sf_do_5_1C_ack()
599 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(struct sctp_inithdr)); in sctp_sf_do_5_1C_ack()
601 initchunk = (struct sctp_init_chunk *)chunk->chunk_hdr; in sctp_sf_do_5_1C_ack()
606 /* Reset init error count upon receipt of INIT-ACK. */ in sctp_sf_do_5_1C_ack()
609 /* 5.1 C) "A" shall stop the T1-init timer and leave in sctp_sf_do_5_1C_ack()
610 * COOKIE-WAIT state. "A" shall then ... start the T1-cookie in sctp_sf_do_5_1C_ack()
611 * timer, and enter the COOKIE-ECHOED state. in sctp_sf_do_5_1C_ack()
620 /* SCTP-AUTH: generate the association shared keys so that in sctp_sf_do_5_1C_ack()
621 * we can potentially sign the COOKIE-ECHO. in sctp_sf_do_5_1C_ack()
628 /* If there is any errors to report, send the ERROR chunk generated in sctp_sf_do_5_1C_ack()
642 if (!chunk->auth_chunk) in sctp_auth_chunk_verify()
645 /* SCTP-AUTH: auth_chunk pointer is only set when the cookie-echo in sctp_auth_chunk_verify()
646 * is supposed to be authenticated and we have to do delayed in sctp_auth_chunk_verify()
648 * the information in the cookie and now it's much easier to in sctp_auth_chunk_verify()
653 if (!net->sctp.auth_enable || !asoc->peer.auth_capable) in sctp_auth_chunk_verify()
656 /* set-up our fake chunk so that we can process it */ in sctp_auth_chunk_verify()
657 auth.skb = chunk->auth_chunk; in sctp_auth_chunk_verify()
658 auth.asoc = chunk->asoc; in sctp_auth_chunk_verify()
659 auth.sctp_hdr = chunk->sctp_hdr; in sctp_auth_chunk_verify()
661 skb_push(chunk->auth_chunk, in sctp_auth_chunk_verify()
663 skb_pull(chunk->auth_chunk, sizeof(struct sctp_chunkhdr)); in sctp_auth_chunk_verify()
664 auth.transport = chunk->transport; in sctp_auth_chunk_verify()
670 * Respond to a normal COOKIE ECHO chunk.
675 * with a COOKIE ACK chunk after building a TCB and moving to
680 * IMPLEMENTATION NOTE: An implementation may choose to send the
681 * Communication Up notification to the SCTP user upon reception
687 * - When sending a COOKIE ECHO, the endpoint MUST use the value of the
690 * - The receiver of a COOKIE ECHO follows the procedures in Section 5.
722 if (ep == sctp_sk(net->sctp.ctl_sock)->ep) { in sctp_sf_do_5_1D_ce()
737 * on the TCP-style socket exceed the max backlog, respond with an in sctp_sf_do_5_1D_ce()
740 sk = ep->base.sk; in sctp_sf_do_5_1D_ce()
748 chunk->subh.cookie_hdr = in sctp_sf_do_5_1D_ce()
749 (struct sctp_signed_cookie *)chunk->skb->data; in sctp_sf_do_5_1D_ce()
750 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - in sctp_sf_do_5_1D_ce()
756 * and moving to the ESTABLISHED state. in sctp_sf_do_5_1D_ce()
762 * If the re-build failed, what is the proper error path in sctp_sf_do_5_1D_ce()
765 * [We should abort the association. --piggy] in sctp_sf_do_5_1D_ce()
772 case -SCTP_IERROR_NOMEM: in sctp_sf_do_5_1D_ce()
775 case -SCTP_IERROR_STALE_COOKIE: in sctp_sf_do_5_1D_ce()
780 case -SCTP_IERROR_BAD_SIG: in sctp_sf_do_5_1D_ce()
786 if (security_sctp_assoc_request(new_asoc, chunk->head_skb ?: chunk->skb)) { in sctp_sf_do_5_1D_ce()
793 * Re-build the bind address for the association is done in in sctp_sf_do_5_1D_ce()
796 /* This is a brand-new association, so these are not yet side in sctp_sf_do_5_1D_ce()
797 * effects--it is safe to run them here. in sctp_sf_do_5_1D_ce()
799 peer_init = (struct sctp_init_chunk *)(chunk->subh.cookie_hdr + 1); in sctp_sf_do_5_1D_ce()
801 &chunk->subh.cookie_hdr->c.peer_addr, in sctp_sf_do_5_1D_ce()
805 /* SCTP-AUTH: Now that we've populate required fields in in sctp_sf_do_5_1D_ce()
824 * D) IMPLEMENTATION NOTE: An implementation may choose to in sctp_sf_do_5_1D_ce()
825 * send the Communication Up notification to the SCTP user in sctp_sf_do_5_1D_ce()
829 new_asoc->c.sinit_num_ostreams, in sctp_sf_do_5_1D_ce()
830 new_asoc->c.sinit_max_instreams, in sctp_sf_do_5_1D_ce()
837 * delivers this notification to inform the application that of the in sctp_sf_do_5_1D_ce()
840 if (new_asoc->peer.adaptation_ind) { in sctp_sf_do_5_1D_ce()
847 if (!new_asoc->peer.auth_capable) { in sctp_sf_do_5_1D_ce()
857 * during side-effect processing and correctly count established in sctp_sf_do_5_1D_ce()
867 if (new_asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE]) in sctp_sf_do_5_1D_ce()
902 * Respond to a normal COOKIE ACK chunk.
908 * COOKIE-ECHOED state to the ESTABLISHED state, stopping the T1-cookie
937 chunk->head_skb ?: chunk->skb)) in sctp_sf_do_5_1E_ca()
940 /* Verify that the chunk length for the COOKIE-ACK is OK. in sctp_sf_do_5_1E_ca()
947 /* Reset init error count upon receipt of COOKIE-ACK, in sctp_sf_do_5_1E_ca()
948 * to avoid problems with the management of this in sctp_sf_do_5_1E_ca()
950 * from the COOKIE-ECHOED state to the COOKIE-WAIT in sctp_sf_do_5_1E_ca()
958 * from the COOKIE-ECHOED state to the ESTABLISHED state, in sctp_sf_do_5_1E_ca()
959 * stopping the T1-cookie timer. in sctp_sf_do_5_1E_ca()
968 if (asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE]) in sctp_sf_do_5_1E_ca()
977 0, asoc->c.sinit_num_ostreams, in sctp_sf_do_5_1E_ca()
978 asoc->c.sinit_max_instreams, in sctp_sf_do_5_1E_ca()
988 * delivers this notification to inform the application that of the in sctp_sf_do_5_1E_ca()
991 if (asoc->peer.adaptation_ind) { in sctp_sf_do_5_1E_ca()
1000 if (!asoc->peer.auth_capable) { in sctp_sf_do_5_1E_ca()
1025 /* Send a heartbeat to our peer. */ in sctp_sf_heartbeat()
1050 if (asoc->overall_error_count >= asoc->max_retrans) { in sctp_sf_sendbeat_8_3()
1062 * The Sender-specific Heartbeat Info field should normally include in sctp_sf_sendbeat_8_3()
1064 * chunk is sent and the destination transport address to which this in sctp_sf_sendbeat_8_3()
1068 if (transport->param_flags & SPP_HB_ENABLE) { in sctp_sf_sendbeat_8_3()
1098 if (asoc->overall_error_count >= asoc->max_retrans) { in sctp_sf_send_reconf()
1109 sctp_chunk_hold(asoc->strreset_chunk); in sctp_sf_send_reconf()
1111 SCTP_CHUNK(asoc->strreset_chunk)); in sctp_sf_send_reconf()
1132 reply = sctp_make_heartbeat(asoc, transport, transport->pl.probe_size); in sctp_sf_send_probe()
1190 chunk->subh.hb_hdr = (struct sctp_heartbeathdr *)chunk->skb->data; in sctp_sf_beat_8_3()
1191 param_hdr = (struct sctp_paramhdr *)chunk->subh.hb_hdr; in sctp_sf_beat_8_3()
1192 paylen = ntohs(chunk->chunk_hdr->length) - sizeof(struct sctp_chunkhdr); in sctp_sf_beat_8_3()
1194 if (ntohs(param_hdr->length) > paylen) in sctp_sf_beat_8_3()
1198 if (!pskb_pull(chunk->skb, paylen)) in sctp_sf_beat_8_3()
1218 * address to which the HEARTBEAT was sent, and mark the destination
1220 * optionally report to the upper layer when an inactive destination
1221 * address is marked as active due to the reception of the latest
1256 /* Make sure that the HEARTBEAT-ACK chunk has a valid length. */ in sctp_sf_backbeat_8_3()
1262 hbinfo = (struct sctp_sender_hb_info *)chunk->skb->data; in sctp_sf_backbeat_8_3()
1264 if (ntohs(hbinfo->param_hdr.length) != sizeof(*hbinfo)) in sctp_sf_backbeat_8_3()
1267 from_addr = hbinfo->daddr; in sctp_sf_backbeat_8_3()
1286 /* Validate the 64-bit random nonce. */ in sctp_sf_backbeat_8_3()
1287 if (hbinfo->hb_nonce != link->hb_nonce) in sctp_sf_backbeat_8_3()
1290 if (hbinfo->probe_size) { in sctp_sf_backbeat_8_3()
1291 if (hbinfo->probe_size != link->pl.probe_size || in sctp_sf_backbeat_8_3()
1301 max_interval = link->hbinterval + link->rto; in sctp_sf_backbeat_8_3()
1304 if (time_after(hbinfo->sent_at, jiffies) || in sctp_sf_backbeat_8_3()
1305 time_after(jiffies, hbinfo->sent_at + max_interval)) { in sctp_sf_backbeat_8_3()
1314 * destination transport address to which the HEARTBEAT was in sctp_sf_backbeat_8_3()
1323 /* Helper function to send out an abort for the restart
1330 struct sctp_af *af = sctp_get_af_specific(ssa->v4.sin_family); in sctp_sf_send_restart_abort()
1338 /* Build the error on the stack. We are way to malloc crazy in sctp_sf_send_restart_abort()
1345 len = af->to_addr_param(ssa, addrparm); in sctp_sf_send_restart_abort()
1348 errhdr->cause = SCTP_ERROR_RESTART; in sctp_sf_send_restart_abort()
1349 errhdr->length = htons(len); in sctp_sf_send_restart_abort()
1351 /* Assign to the control socket. */ in sctp_sf_send_restart_abort()
1352 ep = sctp_sk(net->sctp.ctl_sock)->ep; in sctp_sf_send_restart_abort()
1355 * want to send back the attacker's vtag. in sctp_sf_send_restart_abort()
1381 if (sctp_cmp_addr_exact(ipaddr, &addr->ipaddr)) in list_has_sctp_addr()
1387 /* A restart is occurring, check to make sure no new addresses
1395 struct net *net = new_asoc->base.net; in sctp_sf_check_restart_addrs()
1399 /* Implementor's Guide - Section 5.2.2 in sctp_sf_check_restart_addrs()
1401 * Before responding the endpoint MUST check to see if the in sctp_sf_check_restart_addrs()
1402 * unexpected INIT adds new addresses to the association. If new in sctp_sf_check_restart_addrs()
1403 * addresses are added to the association, the endpoint MUST respond in sctp_sf_check_restart_addrs()
1410 list_for_each_entry(new_addr, &new_asoc->peer.transport_addr_list, in sctp_sf_check_restart_addrs()
1412 if (!list_has_sctp_addr(&asoc->peer.transport_addr_list, in sctp_sf_check_restart_addrs()
1413 &new_addr->ipaddr)) { in sctp_sf_check_restart_addrs()
1414 sctp_sf_send_restart_abort(net, &new_addr->ipaddr, init, in sctp_sf_check_restart_addrs()
1428 * Note: Do not use in CLOSED or SHUTDOWN-ACK-SENT state.
1433 switch (asoc->state) { in sctp_tietags_populate()
1435 /* 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State */ in sctp_tietags_populate()
1438 new_asoc->c.my_vtag = asoc->c.my_vtag; in sctp_tietags_populate()
1439 new_asoc->c.my_ttag = asoc->c.my_vtag; in sctp_tietags_populate()
1440 new_asoc->c.peer_ttag = 0; in sctp_tietags_populate()
1444 new_asoc->c.my_vtag = asoc->c.my_vtag; in sctp_tietags_populate()
1445 new_asoc->c.my_ttag = asoc->c.my_vtag; in sctp_tietags_populate()
1446 new_asoc->c.peer_ttag = asoc->c.peer_vtag; in sctp_tietags_populate()
1449 /* 5.2.2 Unexpected INIT in States Other than CLOSED, COOKIE-ECHOED, in sctp_tietags_populate()
1450 * COOKIE-WAIT and SHUTDOWN-ACK-SENT in sctp_tietags_populate()
1453 new_asoc->c.my_ttag = asoc->c.my_vtag; in sctp_tietags_populate()
1454 new_asoc->c.peer_ttag = asoc->c.peer_vtag; in sctp_tietags_populate()
1462 new_asoc->rwnd = asoc->rwnd; in sctp_tietags_populate()
1463 new_asoc->c.sinit_num_ostreams = asoc->c.sinit_num_ostreams; in sctp_tietags_populate()
1464 new_asoc->c.sinit_max_instreams = asoc->c.sinit_max_instreams; in sctp_tietags_populate()
1465 new_asoc->c.initial_tsn = asoc->c.initial_tsn; in sctp_tietags_populate()
1469 * Compare vtag/tietag values to determine unexpected COOKIE-ECHO
1474 * Returns value representing action to be taken. These action values
1475 * correspond to Action/Description values in RFC 2960, Table 2.
1481 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) && in sctp_tietags_compare()
1482 (asoc->c.peer_vtag != new_asoc->c.peer_vtag) && in sctp_tietags_compare()
1483 (asoc->c.my_vtag == new_asoc->c.my_ttag) && in sctp_tietags_compare()
1484 (asoc->c.peer_vtag == new_asoc->c.peer_ttag)) in sctp_tietags_compare()
1488 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) && in sctp_tietags_compare()
1489 ((asoc->c.peer_vtag != new_asoc->c.peer_vtag) || in sctp_tietags_compare()
1490 (0 == asoc->c.peer_vtag))) { in sctp_tietags_compare()
1495 if ((asoc->c.my_vtag == new_asoc->c.my_vtag) && in sctp_tietags_compare()
1496 (asoc->c.peer_vtag == new_asoc->c.peer_vtag)) in sctp_tietags_compare()
1500 if ((asoc->c.my_vtag != new_asoc->c.my_vtag) && in sctp_tietags_compare()
1501 (asoc->c.peer_vtag == new_asoc->c.peer_vtag) && in sctp_tietags_compare()
1502 (0 == new_asoc->c.my_ttag) && in sctp_tietags_compare()
1503 (0 == new_asoc->c.peer_ttag)) in sctp_tietags_compare()
1506 /* No match to any of the special cases; discard this packet. */ in sctp_tietags_compare()
1537 if (!chunk->singleton) in sctp_sf_do_unexpected_init()
1547 if (chunk->sctp_hdr->vtag != 0) in sctp_sf_do_unexpected_init()
1550 if (SCTP_INPUT_CB(chunk->skb)->encap_port != chunk->transport->encap_port) in sctp_sf_do_unexpected_init()
1554 chunk->subh.init_hdr = (struct sctp_inithdr *)chunk->skb->data; in sctp_sf_do_unexpected_init()
1557 chunk->param_hdr.v = skb_pull(chunk->skb, sizeof(struct sctp_inithdr)); in sctp_sf_do_unexpected_init()
1561 if (!sctp_verify_init(net, ep, asoc, chunk->chunk_hdr->type, in sctp_sf_do_unexpected_init()
1562 (struct sctp_init_chunk *)chunk->chunk_hdr, chunk, in sctp_sf_do_unexpected_init()
1564 /* This chunk contains fatal error. It is to be discarded. in sctp_sf_do_unexpected_init()
1569 (__u8 *)(err_chunk->chunk_hdr) + in sctp_sf_do_unexpected_init()
1571 ntohs(err_chunk->chunk_hdr->length) - in sctp_sf_do_unexpected_init()
1601 if (security_sctp_assoc_request(new_asoc, chunk->skb)) { in sctp_sf_do_unexpected_init()
1612 * place (local tie-tag and per tie-tag) within the state cookie. in sctp_sf_do_unexpected_init()
1615 (struct sctp_init_chunk *)chunk->chunk_hdr, in sctp_sf_do_unexpected_init()
1620 * restart. Do not do this check for COOKIE-WAIT state, in sctp_sf_do_unexpected_init()
1621 * since there are no peer addresses to check against. in sctp_sf_do_unexpected_init()
1636 /* If there are errors need to be reported for unknown parameters, in sctp_sf_do_unexpected_init()
1637 * make sure to reserve enough room in the INIT ACK for them. in sctp_sf_do_unexpected_init()
1641 len = ntohs(err_chunk->chunk_hdr->length) - in sctp_sf_do_unexpected_init()
1649 /* If there are errors need to be reported for unknown parameters, in sctp_sf_do_unexpected_init()
1662 ((__u8 *)(err_chunk->chunk_hdr) + in sctp_sf_do_unexpected_init()
1676 * Otherwise, "Z" will be vulnerable to resource attacks. in sctp_sf_do_unexpected_init()
1699 * Section: 5.2.1 INIT received in COOKIE-WAIT or COOKIE-ECHOED State (Item B)
1701 * endpoint is attempting, at about the same time, to establish an
1704 * Upon receipt of an INIT in the COOKIE-WAIT or COOKIE-ECHOED state, an
1710 * INIT to calculate the State Cookie.
1712 * After that, the endpoint MUST NOT change its state, the T1-init
1715 * a TCB exists will resolve the duplicate INITs to a single association.
1717 * For an endpoint that is in the COOKIE-ECHOED state it MUST populate
1718 * its Tie-Tags with the Tag information of itself and its peer (see
1719 * section 5.2.2 for a description of the Tie-Tags).
1740 /* Call helper to do the real work for both simultaneous and in sctp_sf_do_5_2_1_siminit()
1751 * COOKIE-ECHOED and COOKIE-WAIT
1757 * place within the state cookie. We shall refer to these locations as
1758 * the Peer's-Tie-Tag and the Local-Tie-Tag. The outbound SCTP packet
1759 * containing this INIT ACK MUST carry a Verification Tag value equal to
1770 * Note: Only when a TCB exists and the association is not in a COOKIE-
1771 * WAIT state are the Tie-Tags populated. For a normal association INIT
1772 * (i.e. the endpoint is in a COOKIE-WAIT state), the Tie-Tags MUST be
1773 * set to 0 (indicating that no previous TCB existed). The INIT ACK and
1795 /* Call helper to do the real work for both simultaneous and in sctp_sf_do_5_2_2_dupinit()
1803 * Unexpected INIT-ACK handler.
1807 * COOKIE-WAIT state, the endpoint should discard the INIT ACK chunk.
1820 * endpoint. If this is an OOTB INIT-ACK, treat it as such. in sctp_sf_do_5_2_3_initack()
1822 if (ep == sctp_sk(net->sctp.ctl_sock)->ep) in sctp_sf_do_5_2_3_initack()
1832 struct net *net = asoc->base.net; in sctp_sf_do_assoc_update()
1849 return -ENOMEM; in sctp_sf_do_assoc_update()
1852 /* Unexpected COOKIE-ECHO handler for peer restart (Table 2, action 'A')
1871 /* new_asoc is a brand-new association, so these are not yet in sctp_sf_do_dupcook_a()
1872 * side effects--it is safe to run them here. in sctp_sf_do_dupcook_a()
1874 peer_init = (struct sctp_init_chunk *)(chunk->subh.cookie_hdr + 1); in sctp_sf_do_dupcook_a()
1887 * since you'd have to get inside the cookie. in sctp_sf_do_dupcook_a()
1892 /* If the endpoint is in the SHUTDOWN-ACK-SENT state and recognizes in sctp_sf_do_dupcook_a()
1895 * chunk with a "Cookie Received while Shutting Down" error cause to in sctp_sf_do_dupcook_a()
1900 SCTP_ST_CHUNK(chunk->chunk_hdr->type), in sctp_sf_do_dupcook_a()
1915 /* For now, stop pending T3-rtx and SACK timers, fail any unsent/unacked in sctp_sf_do_dupcook_a()
1923 /* Stop pending T4-rto timer, teardown ASCONF queue, ASCONF-ACK queue in sctp_sf_do_dupcook_a()
1924 * and ASCONF-ACK cache. in sctp_sf_do_dupcook_a()
1938 /* Report association restart to upper layer. */ in sctp_sf_do_dupcook_a()
1940 asoc->c.sinit_num_ostreams, in sctp_sf_do_dupcook_a()
1941 asoc->c.sinit_max_instreams, in sctp_sf_do_dupcook_a()
1949 (sctp_sstate(asoc->base.sk, CLOSING) || in sctp_sf_do_dupcook_a()
1950 sock_flag(asoc->base.sk, SOCK_DEAD))) { in sctp_sf_do_dupcook_a()
1952 * transition to ESTABLISHED. Instead trigger SHUTDOWN in sctp_sf_do_dupcook_a()
1972 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'B')
1975 * B) In this case, both sides may be attempting to start an association
1977 * after responding to the local endpoint's INIT
1991 /* new_asoc is a brand-new association, so these are not yet in sctp_sf_do_dupcook_b()
1992 * side effects--it is safe to run them here. in sctp_sf_do_dupcook_b()
1994 peer_init = (struct sctp_init_chunk *)(chunk->subh.cookie_hdr + 1); in sctp_sf_do_dupcook_b()
2007 if (asoc->state < SCTP_STATE_ESTABLISHED) in sctp_sf_do_dupcook_b()
2023 * D) IMPLEMENTATION NOTE: An implementation may choose to in sctp_sf_do_dupcook_b()
2024 * send the Communication Up notification to the SCTP user in sctp_sf_do_dupcook_b()
2027 * Sadly, this needs to be implemented as a side-effect, because in sctp_sf_do_dupcook_b()
2028 * we are not guaranteed to have set the association id of the real in sctp_sf_do_dupcook_b()
2029 * association and so these notifications need to be delayed until in sctp_sf_do_dupcook_b()
2037 * delivers this notification to inform the application that of the in sctp_sf_do_dupcook_b()
2040 * This also needs to be done as a side effect for the same reason as in sctp_sf_do_dupcook_b()
2043 if (asoc->peer.adaptation_ind) in sctp_sf_do_dupcook_b()
2046 if (!asoc->peer.auth_capable) in sctp_sf_do_dupcook_b()
2055 /* Unexpected COOKIE-ECHO handler for setup collision (Table 2, action 'C')
2060 * INIT-ACK and finally sent a COOKIE ECHO with the peer's same tag
2079 /* Unexpected COOKIE-ECHO handler lost chunk (Table 2, action 'D')
2100 * enter the ESTABLISHED state, if it is in the COOKIE-ECHOED state. in sctp_sf_do_dupcook_d()
2101 * It should stop any cookie timer that may be running and send in sctp_sf_do_dupcook_d()
2109 if (asoc->state < SCTP_STATE_ESTABLISHED) { in sctp_sf_do_dupcook_d()
2121 * to send the Communication Up notification to the in sctp_sf_do_dupcook_d()
2127 asoc->c.sinit_num_ostreams, in sctp_sf_do_dupcook_d()
2128 asoc->c.sinit_max_instreams, in sctp_sf_do_dupcook_d()
2135 * SCTP delivers this notification to inform the application in sctp_sf_do_dupcook_d()
2138 if (asoc->peer.adaptation_ind) { in sctp_sf_do_dupcook_d()
2146 if (!asoc->peer.auth_capable) { in sctp_sf_do_dupcook_d()
2184 * Handle a duplicate COOKIE-ECHO. This usually means a cookie-carrying
2215 * perspective. In this case check to make sure we have at least in sctp_sf_do_5_2_4_dupcook()
2228 chunk->subh.cookie_hdr = (struct sctp_signed_cookie *)chunk->skb->data; in sctp_sf_do_5_2_4_dupcook()
2229 if (!pskb_pull(chunk->skb, ntohs(chunk->chunk_hdr->length) - in sctp_sf_do_5_2_4_dupcook()
2242 * If the re-build failed, what is the proper error path in sctp_sf_do_5_2_4_dupcook()
2245 * [We should abort the association. --piggy] in sctp_sf_do_5_2_4_dupcook()
2252 case -SCTP_IERROR_NOMEM: in sctp_sf_do_5_2_4_dupcook()
2255 case -SCTP_IERROR_STALE_COOKIE: in sctp_sf_do_5_2_4_dupcook()
2259 case -SCTP_IERROR_BAD_SIG: in sctp_sf_do_5_2_4_dupcook()
2266 new_asoc->temp = 1; in sctp_sf_do_5_2_4_dupcook()
2274 * state, so there is no need to call security_sctp_assoc_request(). in sctp_sf_do_5_2_4_dupcook()
2282 chunk->head_skb ?: chunk->skb)) { in sctp_sf_do_5_2_4_dupcook()
2319 /* Restore association pointer to provide SCTP command interpreter in sctp_sf_do_5_2_4_dupcook()
2320 * with a valid context in case it needs to manipulate in sctp_sf_do_5_2_4_dupcook()
2332 * Process an ABORT. (SHUTDOWN-PENDING state)
2350 * Since this is an ABORT chunk, we have to discard it in sctp_sf_shutdown_pending_abort()
2356 * as we do not know its true length. So, to be safe, discard the in sctp_sf_shutdown_pending_abort()
2362 /* ADD-IP: Special case for ABORT chunks in sctp_sf_shutdown_pending_abort()
2364 * destined to the IP address being deleted MUST be in sctp_sf_shutdown_pending_abort()
2368 sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) in sctp_sf_shutdown_pending_abort()
2378 * Process an ABORT. (SHUTDOWN-SENT state)
2396 * Since this is an ABORT chunk, we have to discard it in sctp_sf_shutdown_sent_abort()
2402 * as we do not know its true length. So, to be safe, discard the in sctp_sf_shutdown_sent_abort()
2408 /* ADD-IP: Special case for ABORT chunks in sctp_sf_shutdown_sent_abort()
2410 * destined to the IP address being deleted MUST be in sctp_sf_shutdown_sent_abort()
2414 sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) in sctp_sf_shutdown_sent_abort()
2420 /* Stop the T2-shutdown timer. */ in sctp_sf_shutdown_sent_abort()
2424 /* Stop the T5-shutdown guard timer. */ in sctp_sf_shutdown_sent_abort()
2432 * Process an ABORT. (SHUTDOWN-ACK-SENT state)
2444 /* The same T2 timer, so we should be able to use in sctp_sf_shutdown_ack_sent_abort()
2445 * common function with the SHUTDOWN-SENT state. in sctp_sf_shutdown_ack_sent_abort()
2486 /* FUTURE FIXME: When PR-SCTP related and other optional in sctp_sf_cookie_echoed_err()
2487 * parms are emitted, this will have to change to handle multiple in sctp_sf_cookie_echoed_err()
2490 sctp_walk_errors(err, chunk->chunk_hdr) { in sctp_sf_cookie_echoed_err()
2491 if (SCTP_ERROR_STALE_COOKIE == err->cause) in sctp_sf_cookie_echoed_err()
2496 /* It is possible to have malformed error causes, and that in sctp_sf_cookie_echoed_err()
2497 * will cause us to end the walk early. However, since in sctp_sf_cookie_echoed_err()
2508 * If the association is in the COOKIE-ECHOED state, the endpoint may elect
2511 * 3) Send a new INIT chunk to the endpoint, adding a Cookie
2512 * Preservative parameter requesting an extension to the lifetime of
2516 * than 1 second beyond the measured RTT, due to long State Cookie
2517 * lifetimes making the endpoint more subject to a replay attack.
2519 * Verification Tag: Not explicit, but safe to ignore.
2537 int attempts = asoc->init_err_counter + 1; in sctp_sf_do_5_2_6_stale()
2544 if (attempts > asoc->max_init_attempts) { in sctp_sf_do_5_2_6_stale()
2552 err = (struct sctp_errhdr *)(chunk->skb->data); in sctp_sf_do_5_2_6_stale()
2557 * more than 1 second beyond the measured RTT, due to long in sctp_sf_do_5_2_6_stale()
2558 * State Cookie lifetimes making the endpoint more subject to in sctp_sf_do_5_2_6_stale()
2561 * Suggested Cookie Life-span Increment's unit is msec. in sctp_sf_do_5_2_6_stale()
2565 * to give ample time to retransmit the new cookie and thus in sctp_sf_do_5_2_6_stale()
2576 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr; in sctp_sf_do_5_2_6_stale()
2586 /* Stop pending T3-rtx and heartbeat timers */ in sctp_sf_do_5_2_6_stale()
2590 /* Delete non-primary peer ip addresses since we are transitioning in sctp_sf_do_5_2_6_stale()
2591 * back to the COOKIE-WAIT state in sctp_sf_do_5_2_6_stale()
2595 /* If we've sent any data bundled with COOKIE-ECHO we will need to in sctp_sf_do_5_2_6_stale()
2599 SCTP_TRANSPORT(asoc->peer.primary_path)); in sctp_sf_do_5_2_6_stale()
2601 /* Cast away the const modifier, as we want to just in sctp_sf_do_5_2_6_stale()
2627 * termination to its upper layer.
2632 * - The endpoint shall always fill in the Verification Tag field of the
2636 * - If the ABORT is sent in response to an OOTB packet, the endpoint
2639 * - The receiver MUST accept the packet if the Verification Tag
2666 * Since this is an ABORT chunk, we have to discard it in sctp_sf_do_9_1_abort()
2672 * as we do not know its true length. So, to be safe, discard the in sctp_sf_do_9_1_abort()
2678 /* ADD-IP: Special case for ABORT chunks in sctp_sf_do_9_1_abort()
2680 * destined to the IP address being deleted MUST be in sctp_sf_do_9_1_abort()
2684 sctp_bind_addr_state(&asoc->base.bind_addr, &chunk->dest)) in sctp_sf_do_9_1_abort()
2706 len = ntohs(chunk->chunk_hdr->length); in __sctp_sf_do_9_1_abort()
2708 error = ((struct sctp_errhdr *)chunk->skb->data)->cause; in __sctp_sf_do_9_1_abort()
2720 * Process an ABORT. (COOKIE-WAIT state)
2740 * Since this is an ABORT chunk, we have to discard it in sctp_sf_cookie_wait_abort()
2746 * as we do not know its true length. So, to be safe, discard the in sctp_sf_cookie_wait_abort()
2753 len = ntohs(chunk->chunk_hdr->length); in sctp_sf_cookie_wait_abort()
2755 error = ((struct sctp_errhdr *)chunk->skb->data)->cause; in sctp_sf_cookie_wait_abort()
2758 chunk->transport); in sctp_sf_cookie_wait_abort()
2762 * Process an incoming ICMP as an ABORT. (COOKIE-WAIT state)
2778 * Process an ABORT. (COOKIE-ECHOED state)
2788 /* There is a single T1 timer, so we should be able to use in sctp_sf_cookie_echoed_abort()
2789 * common function with the COOKIE-WAIT state. in sctp_sf_cookie_echoed_abort()
2795 * Stop T1 timer and abort association with "INIT failed".
2826 * - enter the SHUTDOWN-RECEIVED state,
2828 * - stop accepting new data from its SCTP user
2830 * - verify, by checking the Cumulative TSN Ack field of the chunk,
2834 * Once an endpoint as reached the SHUTDOWN-RECEIVED state it MUST NOT
2835 * send a SHUTDOWN in response to a ULP request. And should discard
2839 * receiver shall continue to follow normal data transmission
2877 sdh = (struct sctp_shutdownhdr *)chunk->skb->data; in sctp_sf_do_9_2_shutdown()
2878 skb_pull(chunk->skb, sizeof(*sdh)); in sctp_sf_do_9_2_shutdown()
2879 chunk->subh.shutdown_hdr = sdh; in sctp_sf_do_9_2_shutdown()
2880 ctsn = ntohl(sdh->cum_tsn_ack); in sctp_sf_do_9_2_shutdown()
2882 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) { in sctp_sf_do_9_2_shutdown()
2884 asoc->ctsn_ack_point); in sctp_sf_do_9_2_shutdown()
2890 * send, terminating the association and respond to the in sctp_sf_do_9_2_shutdown()
2893 if (!TSN_lt(ctsn, asoc->next_tsn)) in sctp_sf_do_9_2_shutdown()
2897 * When a peer sends a SHUTDOWN, SCTP delivers this notification to in sctp_sf_do_9_2_shutdown()
2908 * - enter the SHUTDOWN-RECEIVED state, in sctp_sf_do_9_2_shutdown()
2909 * - stop accepting new data from its SCTP user in sctp_sf_do_9_2_shutdown()
2917 if (sctp_outq_is_empty(&asoc->outqueue)) { in sctp_sf_do_9_2_shutdown()
2925 /* - verify, by checking the Cumulative TSN Ack field of the in sctp_sf_do_9_2_shutdown()
2930 SCTP_BE32(chunk->subh.shutdown_hdr->cum_tsn_ack)); in sctp_sf_do_9_2_shutdown()
2939 * Once an endpoint has reached the SHUTDOWN-RECEIVED state,
2940 * it MUST NOT send a SHUTDOWN in response to a ULP request.
2964 sdh = (struct sctp_shutdownhdr *)chunk->skb->data; in sctp_sf_do_9_2_shut_ctsn()
2965 ctsn = ntohl(sdh->cum_tsn_ack); in sctp_sf_do_9_2_shut_ctsn()
2967 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) { in sctp_sf_do_9_2_shut_ctsn()
2969 asoc->ctsn_ack_point); in sctp_sf_do_9_2_shut_ctsn()
2975 * send, terminating the association and respond to the in sctp_sf_do_9_2_shut_ctsn()
2978 if (!TSN_lt(ctsn, asoc->next_tsn)) in sctp_sf_do_9_2_shut_ctsn()
2986 SCTP_BE32(sdh->cum_tsn_ack)); in sctp_sf_do_9_2_shut_ctsn()
2992 * If an endpoint is in SHUTDOWN-ACK-SENT state and receives an INIT chunk
2995 * that belong to this association, it should discard the INIT chunk and
3012 /* Since we are not going to really process this INIT, there in __sctp_sf_do_9_2_reshutack()
3021 * the T2-SHUTDOWN timer. in __sctp_sf_do_9_2_reshutack()
3025 /* and restart the T2-shutdown timer. */ in __sctp_sf_do_9_2_reshutack()
3044 if (!chunk->singleton) in sctp_sf_do_9_2_reshutack()
3050 if (chunk->sctp_hdr->vtag != 0) in sctp_sf_do_9_2_reshutack()
3063 * RFC 2481 details a specific bit for a sender to send in the header of
3064 * its next outbound TCP segment to indicate to its peer that it has
3099 cwr = (struct sctp_cwrhdr *)chunk->skb->data; in sctp_sf_do_ecn_cwr()
3100 skb_pull(chunk->skb, sizeof(*cwr)); in sctp_sf_do_ecn_cwr()
3102 lowest_tsn = ntohl(cwr->lowest_tsn); in sctp_sf_do_ecn_cwr()
3105 if (TSN_lte(asoc->last_ecne_tsn, lowest_tsn)) { in sctp_sf_do_ecn_cwr()
3106 /* Stop sending ECNE. */ in sctp_sf_do_ecn_cwr()
3119 * ECN-Echo
3121 * RFC 2481 details a specific bit for a receiver to send back in its
3122 * TCP acknowledgements to notify the sender of the Congestion
3153 ecne = (struct sctp_ecnehdr *)chunk->skb->data; in sctp_sf_do_ecne()
3154 skb_pull(chunk->skb, sizeof(*ecne)); in sctp_sf_do_ecne()
3158 SCTP_U32(ntohl(ecne->lowest_tsn))); in sctp_sf_do_ecne()
3174 * situations it may be beneficial for an SCTP transmitter to be more
3180 * incoming packet, other than to update the offered window as the
3210 if (!sctp_chunk_length_valid(chunk, sctp_datachk_len(&asoc->stream))) in sctp_sf_eat_data_6_2()
3230 (u8 *)chunk->subh.data_hdr, in sctp_sf_eat_data_6_2()
3231 sctp_datahdr_len(&asoc->stream)); in sctp_sf_eat_data_6_2()
3236 if (chunk->chunk_hdr->flags & SCTP_DATA_SACK_IMM) in sctp_sf_eat_data_6_2()
3239 if (asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE]) { in sctp_sf_eat_data_6_2()
3244 /* If this is the last chunk in a packet, we need to count it in sctp_sf_eat_data_6_2()
3245 * toward sack generation. Note that we need to SACK every in sctp_sf_eat_data_6_2()
3247 * THEM. We elect to NOT generate SACK's if the chunk fails in sctp_sf_eat_data_6_2()
3261 * situations it may be beneficial for an SCTP transmitter to in sctp_sf_eat_data_6_2()
3266 if (chunk->end_of_packet) in sctp_sf_eat_data_6_2()
3286 if (chunk->end_of_packet) in sctp_sf_eat_data_6_2()
3291 if (chunk->end_of_packet) in sctp_sf_eat_data_6_2()
3301 * (4) In SHUTDOWN-SENT state the endpoint MUST acknowledge any received
3330 if (!sctp_chunk_length_valid(chunk, sctp_datachk_len(&asoc->stream))) in sctp_sf_eat_data_fast_4_4()
3346 (u8 *)chunk->subh.data_hdr, in sctp_sf_eat_data_fast_4_4()
3347 sctp_datahdr_len(&asoc->stream)); in sctp_sf_eat_data_fast_4_4()
3356 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately in sctp_sf_eat_data_fast_4_4()
3357 * respond to each received packet containing one or more DATA chunk(s) in sctp_sf_eat_data_fast_4_4()
3358 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer in sctp_sf_eat_data_fast_4_4()
3360 if (chunk->end_of_packet) { in sctp_sf_eat_data_fast_4_4()
3380 * Cumulative TSN Ack Point indicates an out-of-order SACK.
3382 * ii) Set rwnd equal to the newly received a_rwnd minus the number
3391 * timer is running for the destination address to which the DATA
3392 * chunk was originally transmitted, then T3-rtx is started for
3429 chunk->subh.sack_hdr = sackh; in sctp_sf_eat_sack_6_2()
3430 ctsn = ntohl(sackh->cum_tsn_ack); in sctp_sf_eat_sack_6_2()
3433 * send, terminating the association and respond to the in sctp_sf_eat_sack_6_2()
3436 if (TSN_lte(asoc->next_tsn, ctsn)) in sctp_sf_eat_sack_6_2()
3445 * Point indicates an out-of-order SACK. in sctp_sf_eat_sack_6_2()
3447 if (TSN_lt(ctsn, asoc->ctsn_ack_point)) { in sctp_sf_eat_sack_6_2()
3449 asoc->ctsn_ack_point); in sctp_sf_eat_sack_6_2()
3464 * Generate an ABORT in response to a packet.
3468 * 8) The receiver should respond to the sender of the OOTB packet with
3472 * packet and set the T-bit in the Chunk Flags to indicate that the
3506 /* Reflect vtag if T-Bit is set */ in sctp_sf_tabort_8_4_8()
3508 packet->vtag = ntohl(chunk->sctp_hdr->vtag); in sctp_sf_tabort_8_4_8()
3510 /* Set the skb to the belonging sock for accounting. */ in sctp_sf_tabort_8_4_8()
3511 abort->skb->sk = ep->base.sk; in sctp_sf_tabort_8_4_8()
3526 * From Section 4 at draft-tuexen-tsvwg-sctp-udp-encaps-cons-03.
3550 abort->skb->sk = ep->base.sk; in sctp_sf_new_encap_port()
3567 * API 5.3.1.3 - SCTP_REMOTE_ERROR
3588 sctp_walk_errors(err, chunk->chunk_hdr); in sctp_sf_operr_notify()
3589 if ((void *)err != (void *)chunk->chunk_end) in sctp_sf_operr_notify()
3604 * stop the T2-shutdown timer, send a SHUTDOWN COMPLETE chunk to its
3630 * notification is passed to the upper layer. in sctp_sf_do_9_2_final()
3637 /* ...send a SHUTDOWN COMPLETE chunk to its peer, */ in sctp_sf_do_9_2_final()
3648 * stop the T2-shutdown timer, in sctp_sf_do_9_2_final()
3673 * RFC 2960, 8.4 - Handle "Out of the blue" Packets, sctpimpguide 2.41.
3676 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3680 * set the T-bit in the Chunk Flags to indicate that the Verification
3683 * 8) The receiver should respond to the sender of the OOTB packet with
3687 * packet and set the T-bit in the Chunk Flags to indicate that the
3699 struct sk_buff *skb = chunk->skb; in sctp_sf_ootb()
3711 ch = (struct sctp_chunkhdr *)chunk->chunk_hdr; in sctp_sf_ootb()
3714 if (ntohs(ch->length) < sizeof(*ch)) in sctp_sf_ootb()
3719 ch_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length)); in sctp_sf_ootb()
3727 if (SCTP_CID_SHUTDOWN_ACK == ch->type) in sctp_sf_ootb()
3732 * receives an ABORT MUST NOT respond to that ABORT by in sctp_sf_ootb()
3735 if (SCTP_CID_ABORT == ch->type) in sctp_sf_ootb()
3743 if (SCTP_CID_COOKIE_ACK == ch->type) in sctp_sf_ootb()
3746 if (SCTP_CID_ERROR == ch->type) { in sctp_sf_ootb()
3748 if (SCTP_ERROR_STALE_COOKIE == err->cause) { in sctp_sf_ootb()
3772 * respond to the sender of the OOTB packet with a SHUTDOWN COMPLETE.
3776 * set the T-bit in the Chunk Flags to indicate that the Verification
3812 /* Reflect vtag if T-Bit is set */ in sctp_sf_shut_8_4_5()
3814 packet->vtag = ntohl(chunk->sctp_hdr->vtag); in sctp_sf_shut_8_4_5()
3816 /* Set the skb to the belonging sock for accounting. */ in sctp_sf_shut_8_4_5()
3817 shut->skb->sk = ep->base.sk; in sctp_sf_shut_8_4_5()
3826 /* We need to discard the rest of the packet to prevent in sctp_sf_shut_8_4_5()
3837 * If the receiver is in COOKIE-ECHOED or COOKIE-WAIT state the
3841 * chunks. --piggy ]
3862 * to a restarted association. So the packet is treated as an OOTB in sctp_sf_do_8_5_1_E_sa()
3896 /* ADD-IP: Section 4.1.1 in sctp_sf_do_asconf()
3898 * the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk in sctp_sf_do_asconf()
3900 * described in [I-D.ietf-tsvwg-sctp-auth]. in sctp_sf_do_asconf()
3902 if (!asoc->peer.asconf_capable || in sctp_sf_do_asconf()
3903 (!net->sctp.addip_noauth && !chunk->auth)) in sctp_sf_do_asconf()
3906 hdr = (struct sctp_addiphdr *)chunk->skb->data; in sctp_sf_do_asconf()
3907 serial = ntohl(hdr->serial); in sctp_sf_do_asconf()
3914 /* ADDIP 5.2 E1) Compare the value of the serial number to the value in sctp_sf_do_asconf()
3916 * 'Peer-Serial-Number'. in sctp_sf_do_asconf()
3918 if (serial == asoc->peer.addip_serial + 1) { in sctp_sf_do_asconf()
3920 * we can clean our old ASCONF-ACKs. in sctp_sf_do_asconf()
3922 if (!chunk->has_asconf) in sctp_sf_do_asconf()
3927 * processing the ASCONF Chunk, append an ASCONF-ACK Chunk to in sctp_sf_do_asconf()
3929 * later needs to be retransmitted). in sctp_sf_do_asconf()
3931 * Essentially, do V1-V5. in sctp_sf_do_asconf()
3937 } else if (serial < asoc->peer.addip_serial + 1) { in sctp_sf_do_asconf()
3940 * ('Peer- Sequence-Number' + 1), simply skip to the next in sctp_sf_do_asconf()
3942 * any previously cached ASCONF-ACK response that was in sctp_sf_do_asconf()
3944 * ASCONF. Note: It is possible that no cached ASCONF-ACK in sctp_sf_do_asconf()
3947 * should skip the ASCONF Chunk and not include ASCONF-ACK in sctp_sf_do_asconf()
3950 asconf_ack = sctp_assoc_lookup_asconf_ack(asoc, hdr->serial); in sctp_sf_do_asconf()
3955 * this time around. This is to make sure that we don't in sctp_sf_do_asconf()
3958 asconf_ack->transport = NULL; in sctp_sf_do_asconf()
3967 * containing the ASCONF-ACK Chunks MUST be the source address of in sctp_sf_do_asconf()
3970 * To do this properly, we'll set the destination address of the chunk in sctp_sf_do_asconf()
3971 * and at the transmit time, will try look up the transport to use. in sctp_sf_do_asconf()
3975 asconf_ack->dest = chunk->source; in sctp_sf_do_asconf()
3977 if (asoc->new_transport) { in sctp_sf_do_asconf()
3978 sctp_sf_heartbeat(ep, asoc, type, asoc->new_transport, commands); in sctp_sf_do_asconf()
3979 ((struct sctp_association *)asoc)->new_transport = NULL; in sctp_sf_do_asconf()
3995 if (list_empty(&asoc->addip_chunk_list)) in sctp_send_next_asconf()
3998 entry = asoc->addip_chunk_list.next; in sctp_send_next_asconf()
4003 asoc->addip_last_asconf = asconf; in sctp_send_next_asconf()
4011 * delete IP addresses the D0 to D13 rules should be applied:
4020 struct sctp_chunk *last_asconf = asoc->addip_last_asconf; in sctp_sf_do_asconf_ack()
4039 /* ADD-IP, Section 4.1.2: in sctp_sf_do_asconf_ack()
4041 * the mechanism defined in [I-D.ietf-tsvwg-sctp-auth]. If this chunk in sctp_sf_do_asconf_ack()
4043 * described in [I-D.ietf-tsvwg-sctp-auth]. in sctp_sf_do_asconf_ack()
4045 if (!asoc->peer.asconf_capable || in sctp_sf_do_asconf_ack()
4046 (!net->sctp.addip_noauth && !asconf_ack->auth)) in sctp_sf_do_asconf_ack()
4049 addip_hdr = (struct sctp_addiphdr *)asconf_ack->skb->data; in sctp_sf_do_asconf_ack()
4050 rcvd_serial = ntohl(addip_hdr->serial); in sctp_sf_do_asconf_ack()
4052 /* Verify the ASCONF-ACK chunk before processing it. */ in sctp_sf_do_asconf_ack()
4058 addip_hdr = last_asconf->subh.addip_hdr; in sctp_sf_do_asconf_ack()
4059 sent_serial = ntohl(addip_hdr->serial); in sctp_sf_do_asconf_ack()
4061 sent_serial = asoc->addip_serial - 1; in sctp_sf_do_asconf_ack()
4064 /* D0) If an endpoint receives an ASCONF-ACK that is greater than or in sctp_sf_do_asconf_ack()
4065 * equal to the next serial number to be used but no ASCONF chunk is in sctp_sf_do_asconf_ack()
4067 * sequence number is greater than if it is no more than 2^^31-1 in sctp_sf_do_asconf_ack()
4071 !(asoc->addip_last_asconf)) { in sctp_sf_do_asconf_ack()
4079 /* We are going to ABORT, so we might as well stop in sctp_sf_do_asconf_ack()
4094 if ((rcvd_serial == sent_serial) && asoc->addip_last_asconf) { in sctp_sf_do_asconf_ack()
4111 /* We are going to ABORT, so we might as well stop in sctp_sf_do_asconf_ack()
4127 /* RE-CONFIG Section 5.2 Upon reception of an RECONF Chunk. */
4155 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; in sctp_sf_do_reconf()
4160 if (param.p->type == SCTP_PARAM_RESET_OUT_REQUEST) in sctp_sf_do_reconf()
4163 else if (param.p->type == SCTP_PARAM_RESET_IN_REQUEST) in sctp_sf_do_reconf()
4166 else if (param.p->type == SCTP_PARAM_RESET_TSN_REQUEST) in sctp_sf_do_reconf()
4169 else if (param.p->type == SCTP_PARAM_RESET_ADD_OUT_STREAMS) in sctp_sf_do_reconf()
4172 else if (param.p->type == SCTP_PARAM_RESET_ADD_IN_STREAMS) in sctp_sf_do_reconf()
4175 else if (param.p->type == SCTP_PARAM_RESET_RESPONSE) in sctp_sf_do_reconf()
4192 * PR-SCTP Section 3.6 Receiver Side Implementation of PR-SCTP
4195 * its cumulative TSN point to the value carried in the FORWARD TSN
4198 * After the above processing, the data receiver MUST stop reporting any
4199 * missing TSNs earlier than or equal to the new cumulative TSN point.
4223 if (!asoc->peer.prsctp_capable) in sctp_sf_eat_fwd_tsn()
4227 if (!sctp_chunk_length_valid(chunk, sctp_ftsnchk_len(&asoc->stream))) in sctp_sf_eat_fwd_tsn()
4231 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data; in sctp_sf_eat_fwd_tsn()
4232 chunk->subh.fwdtsn_hdr = fwdtsn_hdr; in sctp_sf_eat_fwd_tsn()
4233 len = ntohs(chunk->chunk_hdr->length); in sctp_sf_eat_fwd_tsn()
4234 len -= sizeof(struct sctp_chunkhdr); in sctp_sf_eat_fwd_tsn()
4235 skb_pull(chunk->skb, len); in sctp_sf_eat_fwd_tsn()
4237 tsn = ntohl(fwdtsn_hdr->new_cum_tsn); in sctp_sf_eat_fwd_tsn()
4240 /* The TSN is too high--silently discard the chunk and count on it in sctp_sf_eat_fwd_tsn()
4243 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0) in sctp_sf_eat_fwd_tsn()
4246 if (!asoc->stream.si->validate_ftsn(chunk)) in sctp_sf_eat_fwd_tsn()
4250 if (len > sctp_ftsnhdr_len(&asoc->stream)) in sctp_sf_eat_fwd_tsn()
4255 if (asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE]) { in sctp_sf_eat_fwd_tsn()
4290 if (!asoc->peer.prsctp_capable) in sctp_sf_eat_fwd_tsn_fast()
4294 if (!sctp_chunk_length_valid(chunk, sctp_ftsnchk_len(&asoc->stream))) in sctp_sf_eat_fwd_tsn_fast()
4298 fwdtsn_hdr = (struct sctp_fwdtsn_hdr *)chunk->skb->data; in sctp_sf_eat_fwd_tsn_fast()
4299 chunk->subh.fwdtsn_hdr = fwdtsn_hdr; in sctp_sf_eat_fwd_tsn_fast()
4300 len = ntohs(chunk->chunk_hdr->length); in sctp_sf_eat_fwd_tsn_fast()
4301 len -= sizeof(struct sctp_chunkhdr); in sctp_sf_eat_fwd_tsn_fast()
4302 skb_pull(chunk->skb, len); in sctp_sf_eat_fwd_tsn_fast()
4304 tsn = ntohl(fwdtsn_hdr->new_cum_tsn); in sctp_sf_eat_fwd_tsn_fast()
4307 /* The TSN is too high--silently discard the chunk and count on it in sctp_sf_eat_fwd_tsn_fast()
4310 if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0) in sctp_sf_eat_fwd_tsn_fast()
4313 if (!asoc->stream.si->validate_ftsn(chunk)) in sctp_sf_eat_fwd_tsn_fast()
4317 if (len > sctp_ftsnhdr_len(&asoc->stream)) in sctp_sf_eat_fwd_tsn_fast()
4325 * While in SHUTDOWN-SENT state, the SHUTDOWN sender MUST immediately in sctp_sf_eat_fwd_tsn_fast()
4326 * respond to each received packet containing one or more DATA chunk(s) in sctp_sf_eat_fwd_tsn_fast()
4327 * with a SACK, a SHUTDOWN chunk, and restart the T2-shutdown timer in sctp_sf_eat_fwd_tsn_fast()
4338 * SCTP-AUTH Section 6.3 Receiving authenticated chunks
4342 * receiver in the HMAC-ALGO parameter in the INIT or INIT-ACK chunk
4371 auth_hdr = (struct sctp_authhdr *)chunk->skb->data; in sctp_sf_authenticate()
4372 chunk->subh.auth_hdr = auth_hdr; in sctp_sf_authenticate()
4373 skb_pull(chunk->skb, sizeof(*auth_hdr)); in sctp_sf_authenticate()
4378 if (!sctp_auth_asoc_verify_hmac_id(asoc, auth_hdr->hmac_id)) in sctp_sf_authenticate()
4384 key_id = ntohs(auth_hdr->shkey_id); in sctp_sf_authenticate()
4385 if (key_id != asoc->active_key_id) { in sctp_sf_authenticate()
4394 sig_len = ntohs(chunk->chunk_hdr->length) - in sctp_sf_authenticate()
4396 hmac = sctp_auth_get_hmac(ntohs(auth_hdr->hmac_id)); in sctp_sf_authenticate()
4397 if (sig_len != hmac->hmac_len) in sctp_sf_authenticate()
4408 skb_pull(chunk->skb, sig_len); in sctp_sf_authenticate()
4416 sctp_auth_calculate_hmac(asoc, chunk->skb, in sctp_sf_authenticate()
4417 (struct sctp_auth_chunk *)chunk->chunk_hdr, in sctp_sf_authenticate()
4427 chunk->auth = 1; in sctp_sf_authenticate()
4446 if (!asoc->peer.auth_capable) in sctp_sf_eat_auth()
4460 auth_hdr = (struct sctp_authhdr *)chunk->skb->data; in sctp_sf_eat_auth()
4469 &auth_hdr->hmac_id, in sctp_sf_eat_auth()
4491 if (asoc->active_key_id != ntohs(auth_hdr->shkey_id)) { in sctp_sf_eat_auth()
4494 ev = sctp_ulpevent_make_authkey(asoc, ntohs(auth_hdr->shkey_id), in sctp_sf_eat_auth()
4512 * Chunk Types are encoded such that the highest-order two bits specify
4516 * 00 - Stop processing this SCTP packet and discard it, do not process
4519 * 01 - Stop processing this SCTP packet and discard it, do not process
4523 * 10 - Skip this chunk and continue processing.
4525 * 11 - Skip this chunk and continue processing, but report in an ERROR
4548 * chunkhdr structure to make a comparison. in sctp_sf_unk_chunk()
4560 hdr = unk_chunk->chunk_hdr; in sctp_sf_unk_chunk()
4563 SCTP_PAD4(ntohs(hdr->length)), in sctp_sf_unk_chunk()
4578 hdr = unk_chunk->chunk_hdr; in sctp_sf_unk_chunk()
4581 SCTP_PAD4(ntohs(hdr->length)), in sctp_sf_unk_chunk()
4600 * [Too numerous to mention...]
4624 * chunkhdr structure to make a comparison. in sctp_sf_discard_chunk()
4701 * Common function to handle a protocol violation.
4716 /* SCTP-AUTH, Section 6.3: in sctp_sf_abort_violation()
4717 * It should be noted that if the receiver wants to tear in sctp_sf_abort_violation()
4722 * This means that if we only want to abort associations in sctp_sf_abort_violation()
4736 /* Treat INIT-ACK as a special case during COOKIE-WAIT. */ in sctp_sf_abort_violation()
4737 if (chunk->chunk_hdr->type == SCTP_CID_INIT_ACK && in sctp_sf_abort_violation()
4738 !asoc->peer.i.init_tag) { in sctp_sf_abort_violation()
4741 initack = (struct sctp_initack_chunk *)chunk->chunk_hdr; in sctp_sf_abort_violation()
4743 abort->chunk_hdr->flags |= SCTP_CHUNK_FLAG_T; in sctp_sf_abort_violation()
4747 inittag = ntohl(initack->init_hdr.init_tag); in sctp_sf_abort_violation()
4756 if (asoc->state <= SCTP_STATE_COOKIE_ECHOED) { in sctp_sf_abort_violation()
4777 packet->vtag = ntohl(chunk->sctp_hdr->vtag); in sctp_sf_abort_violation()
4779 abort->skb->sk = ep->base.sk; in sctp_sf_abort_violation()
4805 * if its length is set to be smaller than the size of struct sctp_sack_chunk.
4811 * Verification Tag: Nothing to do
4877 /* Handle a protocol violation when the peer trying to advance the
4878 * cumulative tsn ack to a point beyond the max tsn currently sent.
4898 * when we have an association and we receive bundled INIT-ACK, or
4899 * SHUTDOWN-COMPLETE, our peer is clearly violating the "MUST NOT bundle"
4901 * on the path and we may not want to continue this communication.
4922 * Section: 10.1 ULP-to-SCTP
4927 * -> association id [,destination transport addr list] [,outbound stream
4930 * This primitive allows the upper layer to initiate an association to a
4941 * An association id, which is a local handle to the SCTP association,
4943 * SCTP is not able to open an SCTP association with the peer endpoint,
4945 * [In the kernel implementation, the struct sctp_association needs to
4946 * be created BEFORE causing this primitive to run.]
4953 * to this peer. The returned "destination transport addr list" can
4954 * be used by the ULP to change the default primary path or to force
4955 * sending a packet to a specific transport address. [All of this
4956 * stuff happens when the INIT ACK arrives. This is a NON-BLOCKING
4961 * o local SCTP instance name - obtained from the INITIALIZE operation.
4963 * o destination transport addr - specified as one of the transport
4964 * addresses of the peer endpoint with which the association is to be
4966 * [This is asoc->peer.active_path.]
4967 * o outbound stream count - the number of outbound streams the ULP
4968 * would like to open towards this peer endpoint.
4986 /* The comment below says that we enter COOKIE-WAIT AFTER in sctp_sf_do_prm_asoc()
4995 * A) "A" first sends an INIT chunk to "Z". In the INIT, "A" in sctp_sf_do_prm_asoc()
4998 * 1 to 4294967295 (see 5.3.1 for Tag value selection). ... in sctp_sf_do_prm_asoc()
5001 repl = sctp_make_init(asoc, &asoc->base.bind_addr, GFP_ATOMIC, 0); in sctp_sf_do_prm_asoc()
5009 /* Cast away the const modifier, as we want to just in sctp_sf_do_prm_asoc()
5015 /* After sending the INIT, "A" starts the T1-init timer and in sctp_sf_do_prm_asoc()
5016 * enters the COOKIE-WAIT state. in sctp_sf_do_prm_asoc()
5030 * Section: 10.1 ULP-to-SCTP
5035 * [,unorder flag] [,no-bundle flag] [,payload protocol-id] )
5036 * -> result
5038 * This is the main method to send user data via SCTP.
5042 * o association id - local handle to the SCTP association
5044 * o buffer address - the location where the user message to be
5047 * o byte count - The size of the user data in number of bytes;
5051 * o context - an optional 32 bit integer that will be carried in the
5052 * sending failure notification to the ULP if the transportation of
5055 * o stream id - to indicate which stream to send the data on. If not
5058 * o life time - specifies the life time of the user data. The user data
5060 * parameter can be used to avoid efforts to transmit stale
5062 * initiated to transport (i.e. sent to the destination via SCTP's
5064 * user data will be transmitted if SCTP has attempted to transmit a
5067 * o destination transport address - specified as one of the destination
5068 * transport addresses of the peer endpoint to which this packet
5073 * o unorder flag - this flag, if present, indicates that the user
5074 * would like the data delivered in an unordered fashion to the peer
5075 * (i.e., the U flag is set to 1 on all DATA chunks carrying this
5078 * o no-bundle flag - instructs SCTP not to bundle this user data with
5082 * o payload protocol-id - A 32 bit unsigned integer that is to be
5083 * passed to the peer indicating the type of payload protocol data
5108 * -> result
5111 * will be delivered to the peer. The association will be terminated only
5114 * attempting to terminate the association results in a failure, an error
5119 * o association id - local handle to the SCTP association
5139 * layer, the endpoint enters SHUTDOWN-PENDING state and in sctp_sf_do_9_2_prm_shutdown()
5142 * from its upper layer, but retransmits data to the far end in sctp_sf_do_9_2_prm_shutdown()
5143 * if necessary to fill gaps. in sctp_sf_do_9_2_prm_shutdown()
5149 if (sctp_outq_is_empty(&asoc->outqueue)) { in sctp_sf_do_9_2_prm_shutdown()
5164 * -> result
5167 * will be discarded and an ABORT chunk is sent to the peer. A success code
5169 * attempting to abort the association results in a failure, an error
5174 * o association id - local handle to the SCTP association
5178 * o cause code - reason of the abort to be passed to the peer
5197 * from its upper layer, but retransmits data to the far end in sctp_sf_do_9_1_prm_abort()
5198 * if necessary to fill gaps. in sctp_sf_do_9_1_prm_abort()
5205 /* Even if we can't send the ABORT due to low memory delete the in sctp_sf_do_9_1_prm_abort()
5229 sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_ERROR, SCTP_ERROR(-EINVAL)); in sctp_sf_error_closed()
5245 SCTP_ERROR(-ESHUTDOWN)); in sctp_sf_error_shutdown()
5306 /* There is a single T1 timer, so we should be able to use in sctp_sf_cookie_echoed_prm_shutdown()
5307 * common function with the COOKIE-WAIT state. in sctp_sf_cookie_echoed_prm_shutdown()
5336 /* Stop T1-init timer */ in sctp_sf_cookie_wait_prm_abort()
5348 /* Even if we can't send the ABORT due to low memory delete the in sctp_sf_cookie_wait_prm_abort()
5383 /* There is a single T1 timer, so we should be able to use in sctp_sf_cookie_echoed_prm_abort()
5384 * common function with the COOKIE-WAIT state. in sctp_sf_cookie_echoed_prm_abort()
5396 * state table when someone issues an abort while in SHUTDOWN-PENDING state.
5409 /* Stop the T5-shutdown guard timer. */ in sctp_sf_shutdown_pending_prm_abort()
5423 * state table when someone issues an abort while in SHUTDOWN-SENT state.
5436 /* Stop the T2-shutdown timer. */ in sctp_sf_shutdown_sent_prm_abort()
5440 /* Stop the T5-shutdown guard timer. */ in sctp_sf_shutdown_sent_prm_abort()
5467 /* The same T2 timer, so we should be able to use in sctp_sf_shutdown_ack_sent_prm_abort()
5468 * common function with the SHUTDOWN-SENT state. in sctp_sf_shutdown_ack_sent_prm_abort()
5476 * 10.1 ULP-to-SCTP
5481 * -> result
5483 * Instructs the local endpoint to perform a HeartBeat on the specified
5486 * chunk to the destination address is successful.
5490 * o association id - local handle to the SCTP association
5492 * o destination transport address - the transport address of the
5510 * D) Request an on-demand HEARTBEAT on a specific destination in sctp_sf_do_prm_requestheartbeat()
5515 * to that address and not acknowledged within one RTO. in sctp_sf_do_prm_requestheartbeat()
5525 * When an endpoint has an ASCONF signaled change to be sent to the
5526 * remote endpoint it should do A1 to A9
5544 /* RE-CONFIG Section 5.1 RECONF Chunk Procedures */
5582 * When the SCTP stack has no more user data to send or retransmit, this
5583 * notification is given to the user. Also, at the time when a user app
5584 * subscribes to this event, if there is no data to be sent or
5607 * Start the shutdown negotiation.
5611 * shall send a SHUTDOWN chunk to its peer including in the Cumulative
5613 * It shall then start the T2-shutdown timer and enter the SHUTDOWN-SENT
5614 * state. If the timer expires, the endpoint must re-send the SHUTDOWN
5630 * endpoint shall send a SHUTDOWN chunk to its peer including in sctp_sf_do_9_2_start_shutdown()
5639 * T2-shutdown timer. in sctp_sf_do_9_2_start_shutdown()
5643 /* It shall then start the T2-shutdown timer */ in sctp_sf_do_9_2_start_shutdown()
5648 * The sender of the SHUTDOWN MAY also start an overall guard timer in sctp_sf_do_9_2_start_shutdown()
5649 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence. in sctp_sf_do_9_2_start_shutdown()
5654 if (asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE]) in sctp_sf_do_9_2_start_shutdown()
5658 /* and enter the SHUTDOWN-SENT state. */ in sctp_sf_do_9_2_start_shutdown()
5662 /* sctp-implguide 2.10 Issues with Heartbeating and failover in sctp_sf_do_9_2_start_shutdown()
5665 * or SHUTDOWN-ACK. in sctp_sf_do_9_2_start_shutdown()
5683 * shall send a SHUTDOWN ACK and start a T2-shutdown timer of its own,
5684 * entering the SHUTDOWN-ACK-SENT state. If the timer expires, the
5685 * endpoint must re-send the SHUTDOWN ACK.
5701 * 1) called in response to a SHUTDOWN chunk in sctp_sf_do_9_2_shutdown_ack()
5704 * For the case (2), the arg parameter is set to NULL. We need in sctp_sf_do_9_2_shutdown_ack()
5705 * to check that we have a chunk before accessing it's fields. in sctp_sf_do_9_2_shutdown_ack()
5727 * the T2-shutdown timer. in sctp_sf_do_9_2_shutdown_ack()
5731 /* and start/restart a T2-shutdown timer of its own, */ in sctp_sf_do_9_2_shutdown_ack()
5735 if (asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE]) in sctp_sf_do_9_2_shutdown_ack()
5739 /* Enter the SHUTDOWN-ACK-SENT state. */ in sctp_sf_do_9_2_shutdown_ack()
5743 /* sctp-implguide 2.10 Issues with Heartbeating and failover in sctp_sf_do_9_2_shutdown_ack()
5746 * or SHUTDOWN-ACK. in sctp_sf_do_9_2_shutdown_ack()
5783 * Section: 6.3.3 Handle T3-rtx Expiration
5785 * Whenever the retransmission timer T3-rtx expires for a destination
5802 if (asoc->overall_error_count >= asoc->max_retrans) { in sctp_sf_do_6_3_3_rtx()
5803 if (asoc->peer.zero_window_announced && in sctp_sf_do_6_3_3_rtx()
5804 asoc->state == SCTP_STATE_SHUTDOWN_PENDING) { in sctp_sf_do_6_3_3_rtx()
5807 * closed for a while and we have not been able to in sctp_sf_do_6_3_3_rtx()
5809 * retransmission attempts limit. Start the T5 in sctp_sf_do_6_3_3_rtx()
5810 * shutdown guard timer to give the receiver one last in sctp_sf_do_6_3_3_rtx()
5811 * chance and some additional time to recover before in sctp_sf_do_6_3_3_rtx()
5830 * 7.2.3 and set the cwnd <- MTU. in sctp_sf_do_6_3_3_rtx()
5834 * expires, set RTO <- RTO * 2 ("back off the timer"). The in sctp_sf_do_6_3_3_rtx()
5836 * used to provide an upper bound to this doubling operation. in sctp_sf_do_6_3_3_rtx()
5841 * T3-rtx has expired will fit into a single packet, subject in sctp_sf_do_6_3_3_rtx()
5842 * to the MTU constraint for the path corresponding to the in sctp_sf_do_6_3_3_rtx()
5843 * destination transport address to which the retransmission in sctp_sf_do_6_3_3_rtx()
5847 * single packet to the destination endpoint. in sctp_sf_do_6_3_3_rtx()
5849 * Note: Any DATA chunks that were sent to the address for in sctp_sf_do_6_3_3_rtx()
5850 * which the T3-rtx timer expired but did not fit in one MTU in sctp_sf_do_6_3_3_rtx()
5874 * some situations it may be beneficial for an SCTP transmitter to be
5900 * 2) If the T1-init timer expires, the endpoint MUST retransmit INIT
5901 * and re-start the T1-init timer without changing state. This MUST
5902 * be repeated up to 'Max.Init.Retransmits' times. After that, the
5904 * error to SCTP user.
5918 int attempts = asoc->init_err_counter + 1; in sctp_sf_t1_init_timer_expire()
5926 if (attempts <= asoc->max_init_attempts) { in sctp_sf_t1_init_timer_expire()
5927 bp = (struct sctp_bind_addr *) &asoc->base.bind_addr; in sctp_sf_t1_init_timer_expire()
5936 /* Issue a sideeffect to do the needed accounting. */ in sctp_sf_t1_init_timer_expire()
5944 asoc->max_init_attempts); in sctp_sf_t1_init_timer_expire()
5965 * 3) If the T1-cookie timer expires, the endpoint MUST retransmit
5966 * COOKIE ECHO and re-start the T1-cookie timer without changing
5967 * state. This MUST be repeated up to 'Max.Init.Retransmits' times.
5969 * report the error to SCTP user.
5983 int attempts = asoc->init_err_counter + 1; in sctp_sf_t1_cookie_timer_expire()
5986 pr_debug("%s: timer T1 expired (COOKIE-ECHO)\n", __func__); in sctp_sf_t1_cookie_timer_expire()
5990 if (attempts <= asoc->max_init_attempts) { in sctp_sf_t1_cookie_timer_expire()
5997 /* Issue a sideeffect to do the needed accounting. */ in sctp_sf_t1_cookie_timer_expire()
6013 /* RFC2960 9.2 If the timer expires, the endpoint must re-send the SHUTDOWN
6017 * SHUTDOWN chunk to the protocol parameter 'Association.Max.Retrans'.
6019 * MUST report the peer endpoint unreachable to the upper layer (and
6023 * the T2-Shutdown timer, giving its peer ample opportunity to transmit
6040 ((struct sctp_association *)asoc)->shutdown_retries++; in sctp_sf_t2_timer_expire()
6042 if (asoc->overall_error_count >= asoc->max_retrans) { in sctp_sf_t2_timer_expire()
6053 switch (asoc->state) { in sctp_sf_t2_timer_expire()
6071 * If we remove the transport an SHUTDOWN was last sent to, don't in sctp_sf_t2_timer_expire()
6074 if (asoc->shutdown_last_sent_to) in sctp_sf_t2_timer_expire()
6076 SCTP_TRANSPORT(asoc->shutdown_last_sent_to)); in sctp_sf_t2_timer_expire()
6079 * the T2-shutdown timer. in sctp_sf_t2_timer_expire()
6083 /* Restart the T2-shutdown timer. */ in sctp_sf_t2_timer_expire()
6095 * If the T4 RTO timer expires the endpoint should do B1 to B5
6105 struct sctp_chunk *chunk = asoc->addip_last_asconf; in sctp_sf_t4_timer_expire()
6106 struct sctp_transport *transport = chunk->transport; in sctp_sf_t4_timer_expire()
6126 if (asoc->overall_error_count >= asoc->max_retrans) { in sctp_sf_t4_timer_expire()
6138 /* ADDIP 4.1 B3) Back-off the destination address RTO value to which in sctp_sf_t4_timer_expire()
6143 /* ADDIP 4.1 B4) Re-transmit the ASCONF Chunk last sent and if possible in sctp_sf_t4_timer_expire()
6144 * choose an alternate destination address (please refer to RFC2960 in sctp_sf_t4_timer_expire()
6145 * [5] section 6.4.1). An endpoint MUST NOT add new parameters to this in sctp_sf_t4_timer_expire()
6149 sctp_chunk_hold(asoc->addip_last_asconf); in sctp_sf_t4_timer_expire()
6151 SCTP_CHUNK(asoc->addip_last_asconf)); in sctp_sf_t4_timer_expire()
6153 /* ADDIP 4.1 B5) Restart the T-4 RTO timer. Note that if a different in sctp_sf_t4_timer_expire()
6163 /* sctpimpguide-05 Section 2.12.2
6164 * The sender of the SHUTDOWN MAY also start an overall guard timer
6165 * 'T5-shutdown-guard' to bound the overall time for shutdown sequence.
6203 * The work that needs to be done is same as when SHUTDOWN is initiated by
6220 * layer, the endpoint enters SHUTDOWN-PENDING state and in sctp_sf_autoclose_timer_expire()
6223 * from its upper layer, but retransmits data to the far end in sctp_sf_autoclose_timer_expire()
6224 * if necessary to fill gaps. in sctp_sf_autoclose_timer_expire()
6230 if (sctp_outq_is_empty(&asoc->outqueue)) { in sctp_sf_autoclose_timer_expire()
6239 * These are sa state functions which could apply to all types of events.
6280 * be ignored, so as to prevent any rearming of the timer.
6314 sack = (struct sctp_sackhdr *) chunk->skb->data; in sctp_sm_pull_sack()
6316 num_blocks = ntohs(sack->num_gap_ack_blocks); in sctp_sm_pull_sack()
6317 num_dup_tsns = ntohs(sack->num_dup_tsns); in sctp_sm_pull_sack()
6320 if (len > chunk->skb->len) in sctp_sm_pull_sack()
6323 skb_pull(chunk->skb, len); in sctp_sm_pull_sack()
6328 /* Create an ABORT packet to be sent as a response, with the specified
6353 /* Reflect vtag if T-Bit is set */ in sctp_abort_pkt_new()
6355 packet->vtag = ntohl(chunk->sctp_hdr->vtag); in sctp_abort_pkt_new()
6357 /* Add specified error causes, i.e., payload, to the in sctp_abort_pkt_new()
6362 /* Set the skb to the belonging sock for accounting. */ in sctp_abort_pkt_new()
6363 abort->skb->sk = ep->base.sk; in sctp_abort_pkt_new()
6384 sport = ntohs(chunk->sctp_hdr->dest); in sctp_ootb_pkt_new()
6385 dport = ntohs(chunk->sctp_hdr->source); in sctp_ootb_pkt_new()
6387 /* The V-tag is going to be the same as the inbound packet if no in sctp_ootb_pkt_new()
6391 /* Special case the INIT-ACK as there is no peer's vtag in sctp_ootb_pkt_new()
6394 switch (chunk->chunk_hdr->type) { in sctp_ootb_pkt_new()
6400 initack = (struct sctp_initack_chunk *)chunk->chunk_hdr; in sctp_ootb_pkt_new()
6401 vtag = ntohl(initack->init_hdr.init_tag); in sctp_ootb_pkt_new()
6405 vtag = asoc->peer.i.init_tag; in sctp_ootb_pkt_new()
6412 switch (chunk->chunk_hdr->type) { in sctp_ootb_pkt_new()
6417 init = (struct sctp_init_chunk *)chunk->chunk_hdr; in sctp_ootb_pkt_new()
6418 vtag = ntohl(init->init_hdr.init_tag); in sctp_ootb_pkt_new()
6422 vtag = ntohl(chunk->sctp_hdr->vtag); in sctp_ootb_pkt_new()
6432 transport->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port; in sctp_ootb_pkt_new()
6437 sctp_transport_route(transport, (union sctp_addr *)&chunk->dest, in sctp_ootb_pkt_new()
6438 sctp_sk(net->sctp.ctl_sock)); in sctp_ootb_pkt_new()
6440 packet = &transport->packet; in sctp_ootb_pkt_new()
6453 sctp_transport_free(packet->transport); in sctp_ootb_pkt_free()
6472 cookie = chunk->subh.cookie_hdr; in sctp_send_stale_cookie_err()
6473 packet->vtag = cookie->c.peer_vtag; in sctp_send_stale_cookie_err()
6475 /* Set the skb to the belonging sock for accounting. */ in sctp_send_stale_cookie_err()
6476 err_chunk->skb->sk = ep->base.sk; in sctp_send_stale_cookie_err()
6492 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; in sctp_eat_data()
6493 struct sock *sk = asoc->base.sk; in sctp_eat_data()
6502 data_hdr = (struct sctp_datahdr *)chunk->skb->data; in sctp_eat_data()
6503 chunk->subh.data_hdr = data_hdr; in sctp_eat_data()
6504 skb_pull(chunk->skb, sctp_datahdr_len(&asoc->stream)); in sctp_eat_data()
6506 tsn = ntohl(data_hdr->tsn); in sctp_eat_data()
6509 /* ASSERT: Now skb->data is really the user data. */ in sctp_eat_data()
6514 * a packet, we use ecn_ce_done to track if we've already in sctp_eat_data()
6517 * We need to do ECN processing even if we plan to discard the in sctp_eat_data()
6521 if (asoc->peer.ecn_capable && !chunk->ecn_ce_done) { in sctp_eat_data()
6522 struct sctp_af *af = SCTP_INPUT_CB(chunk->skb)->af; in sctp_eat_data()
6523 chunk->ecn_ce_done = 1; in sctp_eat_data()
6525 if (af->is_ce(sctp_gso_headskb(chunk->skb))) { in sctp_eat_data()
6532 tmp = sctp_tsnmap_check(&asoc->peer.tsn_map, tsn); in sctp_eat_data()
6534 /* The TSN is too high--silently discard the chunk and in sctp_eat_data()
6537 if (chunk->asoc) in sctp_eat_data()
6538 chunk->asoc->stats.outofseqtsns++; in sctp_eat_data()
6549 * Actually, allow a little bit of overflow (up to a MTU). in sctp_eat_data()
6551 datalen = ntohs(chunk->chunk_hdr->length); in sctp_eat_data()
6552 datalen -= sctp_datachk_len(&asoc->stream); in sctp_eat_data()
6557 if ((datalen >= asoc->rwnd) && (!asoc->ulpq.pd_mode)) { in sctp_eat_data()
6570 if ((!chunk->data_accepted) && (!asoc->rwnd || asoc->rwnd_over || in sctp_eat_data()
6571 (datalen > asoc->rwnd + asoc->frag_point))) { in sctp_eat_data()
6573 /* If this is the next TSN, consider reneging to make in sctp_eat_data()
6576 * space and in the future we may want to detect and in sctp_eat_data()
6585 __func__, tsn, datalen, asoc->rwnd); in sctp_eat_data()
6592 * Also try to renege to limit our memory usage in the event that in sctp_eat_data()
6611 * --------------- in sctp_eat_data()
6612 * No User Data: This error cause is returned to the originator of a in sctp_eat_data()
6621 /* We are going to ABORT, so we might as well stop in sctp_eat_data()
6634 chunk->data_accepted = 1; in sctp_eat_data()
6639 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { in sctp_eat_data()
6641 if (chunk->asoc) in sctp_eat_data()
6642 chunk->asoc->stats.iuodchunks++; in sctp_eat_data()
6645 if (chunk->asoc) in sctp_eat_data()
6646 chunk->asoc->stats.iodchunks++; in sctp_eat_data()
6654 * with cause set to "Invalid Stream Identifier" (See Section 3.3.10) in sctp_eat_data()
6657 if (ntohs(data_hdr->stream) >= asoc->stream.incnt) { in sctp_eat_data()
6662 &data_hdr->stream, in sctp_eat_data()
6663 sizeof(data_hdr->stream), in sctp_eat_data()
6671 /* Check to see if the SSN is possible for this TSN. in sctp_eat_data()
6678 if (!asoc->stream.si->validate_data(chunk)) in sctp_eat_data()
6681 /* Send the data up to the user. Note: Schedule the in sctp_eat_data()