1 /* SCTP kernel reference Implementation 2 * Copyright (c) 1999-2000 Cisco, Inc. 3 * Copyright (c) 1999-2001 Motorola, Inc. 4 * Copyright (c) 2001-2003 International Business Machines, Corp. 5 * Copyright (c) 2001 Intel Corp. 6 * Copyright (c) 2001 Nokia, Inc. 7 * Copyright (c) 2001 La Monte H.P. Yarroll 8 * 9 * This file is part of the SCTP kernel reference Implementation 10 * 11 * These functions handle all input from the IP layer into SCTP. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * Xingang Guo <xingang.guo@intel.com> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Hui Huang <hui.huang@nokia.com> 43 * Daisy Chang <daisyc@us.ibm.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Ardelle Fan <ardelle.fan@intel.com> 46 * 47 * Any bugs reported given to us we will try to fix... any fixes shared will 48 * be incorporated into the next SCTP release. 49 */ 50 51 #include <linux/types.h> 52 #include <linux/list.h> /* For struct list_head */ 53 #include <linux/socket.h> 54 #include <linux/ip.h> 55 #include <linux/time.h> /* For struct timeval */ 56 #include <net/ip.h> 57 #include <net/icmp.h> 58 #include <net/snmp.h> 59 #include <net/sock.h> 60 #include <net/xfrm.h> 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 /* Forward declarations for internal helpers. */ 65 static int sctp_rcv_ootb(struct sk_buff *); 66 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 67 const union sctp_addr *laddr, 68 const union sctp_addr *paddr, 69 struct sctp_transport **transportp); 70 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr); 71 static struct sctp_association *__sctp_lookup_association( 72 const union sctp_addr *local, 73 const union sctp_addr *peer, 74 struct sctp_transport **pt); 75 76 77 /* Calculate the SCTP checksum of an SCTP packet. */ 78 static inline int sctp_rcv_checksum(struct sk_buff *skb) 79 { 80 struct sctphdr *sh; 81 __u32 cmp, val; 82 struct sk_buff *list = skb_shinfo(skb)->frag_list; 83 84 sh = (struct sctphdr *) skb->h.raw; 85 cmp = ntohl(sh->checksum); 86 87 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb)); 88 89 for (; list; list = list->next) 90 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list), 91 val); 92 93 val = sctp_end_cksum(val); 94 95 if (val != cmp) { 96 /* CRC failure, dump it. */ 97 SCTP_INC_STATS_BH(SCTP_MIB_CHECKSUMERRORS); 98 return -1; 99 } 100 return 0; 101 } 102 103 struct sctp_input_cb { 104 union { 105 struct inet_skb_parm h4; 106 #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) 107 struct inet6_skb_parm h6; 108 #endif 109 } header; 110 struct sctp_chunk *chunk; 111 }; 112 #define SCTP_INPUT_CB(__skb) ((struct sctp_input_cb *)&((__skb)->cb[0])) 113 114 /* 115 * This is the routine which IP calls when receiving an SCTP packet. 116 */ 117 int sctp_rcv(struct sk_buff *skb) 118 { 119 struct sock *sk; 120 struct sctp_association *asoc; 121 struct sctp_endpoint *ep = NULL; 122 struct sctp_ep_common *rcvr; 123 struct sctp_transport *transport = NULL; 124 struct sctp_chunk *chunk; 125 struct sctphdr *sh; 126 union sctp_addr src; 127 union sctp_addr dest; 128 int family; 129 struct sctp_af *af; 130 int ret = 0; 131 132 if (skb->pkt_type!=PACKET_HOST) 133 goto discard_it; 134 135 SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); 136 137 sh = (struct sctphdr *) skb->h.raw; 138 139 /* Pull up the IP and SCTP headers. */ 140 __skb_pull(skb, skb->h.raw - skb->data); 141 if (skb->len < sizeof(struct sctphdr)) 142 goto discard_it; 143 if (sctp_rcv_checksum(skb) < 0) 144 goto discard_it; 145 146 skb_pull(skb, sizeof(struct sctphdr)); 147 148 /* Make sure we at least have chunk headers worth of data left. */ 149 if (skb->len < sizeof(struct sctp_chunkhdr)) 150 goto discard_it; 151 152 family = ipver2af(skb->nh.iph->version); 153 af = sctp_get_af_specific(family); 154 if (unlikely(!af)) 155 goto discard_it; 156 157 /* Initialize local addresses for lookups. */ 158 af->from_skb(&src, skb, 1); 159 af->from_skb(&dest, skb, 0); 160 161 /* If the packet is to or from a non-unicast address, 162 * silently discard the packet. 163 * 164 * This is not clearly defined in the RFC except in section 165 * 8.4 - OOTB handling. However, based on the book "Stream Control 166 * Transmission Protocol" 2.1, "It is important to note that the 167 * IP address of an SCTP transport address must be a routable 168 * unicast address. In other words, IP multicast addresses and 169 * IP broadcast addresses cannot be used in an SCTP transport 170 * address." 171 */ 172 if (!af->addr_valid(&src, NULL) || !af->addr_valid(&dest, NULL)) 173 goto discard_it; 174 175 asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport); 176 177 if (!asoc) 178 ep = __sctp_rcv_lookup_endpoint(&dest); 179 180 /* Retrieve the common input handling substructure. */ 181 rcvr = asoc ? &asoc->base : &ep->base; 182 sk = rcvr->sk; 183 184 /* 185 * If a frame arrives on an interface and the receiving socket is 186 * bound to another interface, via SO_BINDTODEVICE, treat it as OOTB 187 */ 188 if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) 189 { 190 sock_put(sk); 191 if (asoc) { 192 sctp_association_put(asoc); 193 asoc = NULL; 194 } else { 195 sctp_endpoint_put(ep); 196 ep = NULL; 197 } 198 sk = sctp_get_ctl_sock(); 199 ep = sctp_sk(sk)->ep; 200 sctp_endpoint_hold(ep); 201 sock_hold(sk); 202 rcvr = &ep->base; 203 } 204 205 /* 206 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 207 * An SCTP packet is called an "out of the blue" (OOTB) 208 * packet if it is correctly formed, i.e., passed the 209 * receiver's checksum check, but the receiver is not 210 * able to identify the association to which this 211 * packet belongs. 212 */ 213 if (!asoc) { 214 if (sctp_rcv_ootb(skb)) { 215 SCTP_INC_STATS_BH(SCTP_MIB_OUTOFBLUES); 216 goto discard_release; 217 } 218 } 219 220 /* SCTP seems to always need a timestamp right now (FIXME) */ 221 if (skb->tstamp.off_sec == 0) { 222 __net_timestamp(skb); 223 sock_enable_timestamp(sk); 224 } 225 226 if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family)) 227 goto discard_release; 228 229 ret = sk_filter(sk, skb, 1); 230 if (ret) 231 goto discard_release; 232 233 /* Create an SCTP packet structure. */ 234 chunk = sctp_chunkify(skb, asoc, sk); 235 if (!chunk) { 236 ret = -ENOMEM; 237 goto discard_release; 238 } 239 SCTP_INPUT_CB(skb)->chunk = chunk; 240 241 /* Remember what endpoint is to handle this packet. */ 242 chunk->rcvr = rcvr; 243 244 /* Remember the SCTP header. */ 245 chunk->sctp_hdr = sh; 246 247 /* Set the source and destination addresses of the incoming chunk. */ 248 sctp_init_addrs(chunk, &src, &dest); 249 250 /* Remember where we came from. */ 251 chunk->transport = transport; 252 253 /* Acquire access to the sock lock. Note: We are safe from other 254 * bottom halves on this lock, but a user may be in the lock too, 255 * so check if it is busy. 256 */ 257 sctp_bh_lock_sock(sk); 258 259 if (sock_owned_by_user(sk)) 260 sk_add_backlog(sk, skb); 261 else 262 sctp_backlog_rcv(sk, skb); 263 264 /* Release the sock and any reference counts we took in the 265 * lookup calls. 266 */ 267 sctp_bh_unlock_sock(sk); 268 if (asoc) 269 sctp_association_put(asoc); 270 else 271 sctp_endpoint_put(ep); 272 sock_put(sk); 273 return ret; 274 275 discard_it: 276 kfree_skb(skb); 277 return ret; 278 279 discard_release: 280 /* Release any structures we may be holding. */ 281 sock_put(sk); 282 if (asoc) 283 sctp_association_put(asoc); 284 else 285 sctp_endpoint_put(ep); 286 287 goto discard_it; 288 } 289 290 /* Handle second half of inbound skb processing. If the sock was busy, 291 * we may have need to delay processing until later when the sock is 292 * released (on the backlog). If not busy, we call this routine 293 * directly from the bottom half. 294 */ 295 int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb) 296 { 297 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; 298 struct sctp_inq *inqueue = &chunk->rcvr->inqueue; 299 300 sctp_inq_push(inqueue, chunk); 301 return 0; 302 } 303 304 /* Handle icmp frag needed error. */ 305 void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc, 306 struct sctp_transport *t, __u32 pmtu) 307 { 308 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { 309 printk(KERN_WARNING "%s: Reported pmtu %d too low, " 310 "using default minimum of %d\n", __FUNCTION__, pmtu, 311 SCTP_DEFAULT_MINSEGMENT); 312 pmtu = SCTP_DEFAULT_MINSEGMENT; 313 } 314 315 if (!sock_owned_by_user(sk) && t && (t->pmtu != pmtu)) { 316 t->pmtu = pmtu; 317 sctp_assoc_sync_pmtu(asoc); 318 sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); 319 } 320 } 321 322 /* 323 * SCTP Implementer's Guide, 2.37 ICMP handling procedures 324 * 325 * ICMP8) If the ICMP code is a "Unrecognized next header type encountered" 326 * or a "Protocol Unreachable" treat this message as an abort 327 * with the T bit set. 328 * 329 * This function sends an event to the state machine, which will abort the 330 * association. 331 * 332 */ 333 void sctp_icmp_proto_unreachable(struct sock *sk, 334 struct sctp_association *asoc, 335 struct sctp_transport *t) 336 { 337 SCTP_DEBUG_PRINTK("%s\n", __FUNCTION__); 338 339 sctp_do_sm(SCTP_EVENT_T_OTHER, 340 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH), 341 asoc->state, asoc->ep, asoc, t, 342 GFP_ATOMIC); 343 344 } 345 346 /* Common lookup code for icmp/icmpv6 error handler. */ 347 struct sock *sctp_err_lookup(int family, struct sk_buff *skb, 348 struct sctphdr *sctphdr, 349 struct sctp_association **app, 350 struct sctp_transport **tpp) 351 { 352 union sctp_addr saddr; 353 union sctp_addr daddr; 354 struct sctp_af *af; 355 struct sock *sk = NULL; 356 struct sctp_association *asoc = NULL; 357 struct sctp_transport *transport = NULL; 358 359 *app = NULL; *tpp = NULL; 360 361 af = sctp_get_af_specific(family); 362 if (unlikely(!af)) { 363 return NULL; 364 } 365 366 /* Initialize local addresses for lookups. */ 367 af->from_skb(&saddr, skb, 1); 368 af->from_skb(&daddr, skb, 0); 369 370 /* Look for an association that matches the incoming ICMP error 371 * packet. 372 */ 373 asoc = __sctp_lookup_association(&saddr, &daddr, &transport); 374 if (!asoc) 375 return NULL; 376 377 sk = asoc->base.sk; 378 379 if (ntohl(sctphdr->vtag) != asoc->c.peer_vtag) { 380 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 381 goto out; 382 } 383 384 sctp_bh_lock_sock(sk); 385 386 /* If too many ICMPs get dropped on busy 387 * servers this needs to be solved differently. 388 */ 389 if (sock_owned_by_user(sk)) 390 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 391 392 *app = asoc; 393 *tpp = transport; 394 return sk; 395 396 out: 397 sock_put(sk); 398 if (asoc) 399 sctp_association_put(asoc); 400 return NULL; 401 } 402 403 /* Common cleanup code for icmp/icmpv6 error handler. */ 404 void sctp_err_finish(struct sock *sk, struct sctp_association *asoc) 405 { 406 sctp_bh_unlock_sock(sk); 407 sock_put(sk); 408 if (asoc) 409 sctp_association_put(asoc); 410 } 411 412 /* 413 * This routine is called by the ICMP module when it gets some 414 * sort of error condition. If err < 0 then the socket should 415 * be closed and the error returned to the user. If err > 0 416 * it's just the icmp type << 8 | icmp code. After adjustment 417 * header points to the first 8 bytes of the sctp header. We need 418 * to find the appropriate port. 419 * 420 * The locking strategy used here is very "optimistic". When 421 * someone else accesses the socket the ICMP is just dropped 422 * and for some paths there is no check at all. 423 * A more general error queue to queue errors for later handling 424 * is probably better. 425 * 426 */ 427 void sctp_v4_err(struct sk_buff *skb, __u32 info) 428 { 429 struct iphdr *iph = (struct iphdr *)skb->data; 430 struct sctphdr *sh = (struct sctphdr *)(skb->data + (iph->ihl <<2)); 431 int type = skb->h.icmph->type; 432 int code = skb->h.icmph->code; 433 struct sock *sk; 434 struct sctp_association *asoc; 435 struct sctp_transport *transport; 436 struct inet_sock *inet; 437 char *saveip, *savesctp; 438 int err; 439 440 if (skb->len < ((iph->ihl << 2) + 8)) { 441 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 442 return; 443 } 444 445 /* Fix up skb to look at the embedded net header. */ 446 saveip = skb->nh.raw; 447 savesctp = skb->h.raw; 448 skb->nh.iph = iph; 449 skb->h.raw = (char *)sh; 450 sk = sctp_err_lookup(AF_INET, skb, sh, &asoc, &transport); 451 /* Put back, the original pointers. */ 452 skb->nh.raw = saveip; 453 skb->h.raw = savesctp; 454 if (!sk) { 455 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 456 return; 457 } 458 /* Warning: The sock lock is held. Remember to call 459 * sctp_err_finish! 460 */ 461 462 switch (type) { 463 case ICMP_PARAMETERPROB: 464 err = EPROTO; 465 break; 466 case ICMP_DEST_UNREACH: 467 if (code > NR_ICMP_UNREACH) 468 goto out_unlock; 469 470 /* PMTU discovery (RFC1191) */ 471 if (ICMP_FRAG_NEEDED == code) { 472 sctp_icmp_frag_needed(sk, asoc, transport, info); 473 goto out_unlock; 474 } 475 else { 476 if (ICMP_PROT_UNREACH == code) { 477 sctp_icmp_proto_unreachable(sk, asoc, 478 transport); 479 goto out_unlock; 480 } 481 } 482 err = icmp_err_convert[code].errno; 483 break; 484 case ICMP_TIME_EXCEEDED: 485 /* Ignore any time exceeded errors due to fragment reassembly 486 * timeouts. 487 */ 488 if (ICMP_EXC_FRAGTIME == code) 489 goto out_unlock; 490 491 err = EHOSTUNREACH; 492 break; 493 default: 494 goto out_unlock; 495 } 496 497 inet = inet_sk(sk); 498 if (!sock_owned_by_user(sk) && inet->recverr) { 499 sk->sk_err = err; 500 sk->sk_error_report(sk); 501 } else { /* Only an error on timeout */ 502 sk->sk_err_soft = err; 503 } 504 505 out_unlock: 506 sctp_err_finish(sk, asoc); 507 } 508 509 /* 510 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 511 * 512 * This function scans all the chunks in the OOTB packet to determine if 513 * the packet should be discarded right away. If a response might be needed 514 * for this packet, or, if further processing is possible, the packet will 515 * be queued to a proper inqueue for the next phase of handling. 516 * 517 * Output: 518 * Return 0 - If further processing is needed. 519 * Return 1 - If the packet can be discarded right away. 520 */ 521 int sctp_rcv_ootb(struct sk_buff *skb) 522 { 523 sctp_chunkhdr_t *ch; 524 __u8 *ch_end; 525 sctp_errhdr_t *err; 526 527 ch = (sctp_chunkhdr_t *) skb->data; 528 ch_end = ((__u8 *) ch) + WORD_ROUND(ntohs(ch->length)); 529 530 /* Scan through all the chunks in the packet. */ 531 while (ch_end > (__u8 *)ch && ch_end < skb->tail) { 532 533 /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the 534 * receiver MUST silently discard the OOTB packet and take no 535 * further action. 536 */ 537 if (SCTP_CID_ABORT == ch->type) 538 goto discard; 539 540 /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE 541 * chunk, the receiver should silently discard the packet 542 * and take no further action. 543 */ 544 if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type) 545 goto discard; 546 547 /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR 548 * or a COOKIE ACK the SCTP Packet should be silently 549 * discarded. 550 */ 551 if (SCTP_CID_COOKIE_ACK == ch->type) 552 goto discard; 553 554 if (SCTP_CID_ERROR == ch->type) { 555 sctp_walk_errors(err, ch) { 556 if (SCTP_ERROR_STALE_COOKIE == err->cause) 557 goto discard; 558 } 559 } 560 561 ch = (sctp_chunkhdr_t *) ch_end; 562 ch_end = ((__u8 *) ch) + WORD_ROUND(ntohs(ch->length)); 563 } 564 565 return 0; 566 567 discard: 568 return 1; 569 } 570 571 /* Insert endpoint into the hash table. */ 572 static void __sctp_hash_endpoint(struct sctp_endpoint *ep) 573 { 574 struct sctp_ep_common **epp; 575 struct sctp_ep_common *epb; 576 struct sctp_hashbucket *head; 577 578 epb = &ep->base; 579 580 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 581 head = &sctp_ep_hashtable[epb->hashent]; 582 583 sctp_write_lock(&head->lock); 584 epp = &head->chain; 585 epb->next = *epp; 586 if (epb->next) 587 (*epp)->pprev = &epb->next; 588 *epp = epb; 589 epb->pprev = epp; 590 sctp_write_unlock(&head->lock); 591 } 592 593 /* Add an endpoint to the hash. Local BH-safe. */ 594 void sctp_hash_endpoint(struct sctp_endpoint *ep) 595 { 596 sctp_local_bh_disable(); 597 __sctp_hash_endpoint(ep); 598 sctp_local_bh_enable(); 599 } 600 601 /* Remove endpoint from the hash table. */ 602 static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) 603 { 604 struct sctp_hashbucket *head; 605 struct sctp_ep_common *epb; 606 607 epb = &ep->base; 608 609 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 610 611 head = &sctp_ep_hashtable[epb->hashent]; 612 613 sctp_write_lock(&head->lock); 614 615 if (epb->pprev) { 616 if (epb->next) 617 epb->next->pprev = epb->pprev; 618 *epb->pprev = epb->next; 619 epb->pprev = NULL; 620 } 621 622 sctp_write_unlock(&head->lock); 623 } 624 625 /* Remove endpoint from the hash. Local BH-safe. */ 626 void sctp_unhash_endpoint(struct sctp_endpoint *ep) 627 { 628 sctp_local_bh_disable(); 629 __sctp_unhash_endpoint(ep); 630 sctp_local_bh_enable(); 631 } 632 633 /* Look up an endpoint. */ 634 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr) 635 { 636 struct sctp_hashbucket *head; 637 struct sctp_ep_common *epb; 638 struct sctp_endpoint *ep; 639 int hash; 640 641 hash = sctp_ep_hashfn(laddr->v4.sin_port); 642 head = &sctp_ep_hashtable[hash]; 643 read_lock(&head->lock); 644 for (epb = head->chain; epb; epb = epb->next) { 645 ep = sctp_ep(epb); 646 if (sctp_endpoint_is_match(ep, laddr)) 647 goto hit; 648 } 649 650 ep = sctp_sk((sctp_get_ctl_sock()))->ep; 651 epb = &ep->base; 652 653 hit: 654 sctp_endpoint_hold(ep); 655 sock_hold(epb->sk); 656 read_unlock(&head->lock); 657 return ep; 658 } 659 660 /* Insert association into the hash table. */ 661 static void __sctp_hash_established(struct sctp_association *asoc) 662 { 663 struct sctp_ep_common **epp; 664 struct sctp_ep_common *epb; 665 struct sctp_hashbucket *head; 666 667 epb = &asoc->base; 668 669 /* Calculate which chain this entry will belong to. */ 670 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, asoc->peer.port); 671 672 head = &sctp_assoc_hashtable[epb->hashent]; 673 674 sctp_write_lock(&head->lock); 675 epp = &head->chain; 676 epb->next = *epp; 677 if (epb->next) 678 (*epp)->pprev = &epb->next; 679 *epp = epb; 680 epb->pprev = epp; 681 sctp_write_unlock(&head->lock); 682 } 683 684 /* Add an association to the hash. Local BH-safe. */ 685 void sctp_hash_established(struct sctp_association *asoc) 686 { 687 sctp_local_bh_disable(); 688 __sctp_hash_established(asoc); 689 sctp_local_bh_enable(); 690 } 691 692 /* Remove association from the hash table. */ 693 static void __sctp_unhash_established(struct sctp_association *asoc) 694 { 695 struct sctp_hashbucket *head; 696 struct sctp_ep_common *epb; 697 698 epb = &asoc->base; 699 700 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, 701 asoc->peer.port); 702 703 head = &sctp_assoc_hashtable[epb->hashent]; 704 705 sctp_write_lock(&head->lock); 706 707 if (epb->pprev) { 708 if (epb->next) 709 epb->next->pprev = epb->pprev; 710 *epb->pprev = epb->next; 711 epb->pprev = NULL; 712 } 713 714 sctp_write_unlock(&head->lock); 715 } 716 717 /* Remove association from the hash table. Local BH-safe. */ 718 void sctp_unhash_established(struct sctp_association *asoc) 719 { 720 sctp_local_bh_disable(); 721 __sctp_unhash_established(asoc); 722 sctp_local_bh_enable(); 723 } 724 725 /* Look up an association. */ 726 static struct sctp_association *__sctp_lookup_association( 727 const union sctp_addr *local, 728 const union sctp_addr *peer, 729 struct sctp_transport **pt) 730 { 731 struct sctp_hashbucket *head; 732 struct sctp_ep_common *epb; 733 struct sctp_association *asoc; 734 struct sctp_transport *transport; 735 int hash; 736 737 /* Optimize here for direct hit, only listening connections can 738 * have wildcards anyways. 739 */ 740 hash = sctp_assoc_hashfn(local->v4.sin_port, peer->v4.sin_port); 741 head = &sctp_assoc_hashtable[hash]; 742 read_lock(&head->lock); 743 for (epb = head->chain; epb; epb = epb->next) { 744 asoc = sctp_assoc(epb); 745 transport = sctp_assoc_is_match(asoc, local, peer); 746 if (transport) 747 goto hit; 748 } 749 750 read_unlock(&head->lock); 751 752 return NULL; 753 754 hit: 755 *pt = transport; 756 sctp_association_hold(asoc); 757 sock_hold(epb->sk); 758 read_unlock(&head->lock); 759 return asoc; 760 } 761 762 /* Look up an association. BH-safe. */ 763 SCTP_STATIC 764 struct sctp_association *sctp_lookup_association(const union sctp_addr *laddr, 765 const union sctp_addr *paddr, 766 struct sctp_transport **transportp) 767 { 768 struct sctp_association *asoc; 769 770 sctp_local_bh_disable(); 771 asoc = __sctp_lookup_association(laddr, paddr, transportp); 772 sctp_local_bh_enable(); 773 774 return asoc; 775 } 776 777 /* Is there an association matching the given local and peer addresses? */ 778 int sctp_has_association(const union sctp_addr *laddr, 779 const union sctp_addr *paddr) 780 { 781 struct sctp_association *asoc; 782 struct sctp_transport *transport; 783 784 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { 785 sock_put(asoc->base.sk); 786 sctp_association_put(asoc); 787 return 1; 788 } 789 790 return 0; 791 } 792 793 /* 794 * SCTP Implementors Guide, 2.18 Handling of address 795 * parameters within the INIT or INIT-ACK. 796 * 797 * D) When searching for a matching TCB upon reception of an INIT 798 * or INIT-ACK chunk the receiver SHOULD use not only the 799 * source address of the packet (containing the INIT or 800 * INIT-ACK) but the receiver SHOULD also use all valid 801 * address parameters contained within the chunk. 802 * 803 * 2.18.3 Solution description 804 * 805 * This new text clearly specifies to an implementor the need 806 * to look within the INIT or INIT-ACK. Any implementation that 807 * does not do this, may not be able to establish associations 808 * in certain circumstances. 809 * 810 */ 811 static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb, 812 const union sctp_addr *laddr, struct sctp_transport **transportp) 813 { 814 struct sctp_association *asoc; 815 union sctp_addr addr; 816 union sctp_addr *paddr = &addr; 817 struct sctphdr *sh = (struct sctphdr *) skb->h.raw; 818 sctp_chunkhdr_t *ch; 819 union sctp_params params; 820 sctp_init_chunk_t *init; 821 struct sctp_transport *transport; 822 struct sctp_af *af; 823 824 ch = (sctp_chunkhdr_t *) skb->data; 825 826 /* If this is INIT/INIT-ACK look inside the chunk too. */ 827 switch (ch->type) { 828 case SCTP_CID_INIT: 829 case SCTP_CID_INIT_ACK: 830 break; 831 default: 832 return NULL; 833 } 834 835 /* The code below will attempt to walk the chunk and extract 836 * parameter information. Before we do that, we need to verify 837 * that the chunk length doesn't cause overflow. Otherwise, we'll 838 * walk off the end. 839 */ 840 if (WORD_ROUND(ntohs(ch->length)) > skb->len) 841 return NULL; 842 843 /* 844 * This code will NOT touch anything inside the chunk--it is 845 * strictly READ-ONLY. 846 * 847 * RFC 2960 3 SCTP packet Format 848 * 849 * Multiple chunks can be bundled into one SCTP packet up to 850 * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN 851 * COMPLETE chunks. These chunks MUST NOT be bundled with any 852 * other chunk in a packet. See Section 6.10 for more details 853 * on chunk bundling. 854 */ 855 856 /* Find the start of the TLVs and the end of the chunk. This is 857 * the region we search for address parameters. 858 */ 859 init = (sctp_init_chunk_t *)skb->data; 860 861 /* Walk the parameters looking for embedded addresses. */ 862 sctp_walk_params(params, init, init_hdr.params) { 863 864 /* Note: Ignoring hostname addresses. */ 865 af = sctp_get_af_specific(param_type2af(params.p->type)); 866 if (!af) 867 continue; 868 869 af->from_addr_param(paddr, params.addr, ntohs(sh->source), 0); 870 871 asoc = __sctp_lookup_association(laddr, paddr, &transport); 872 if (asoc) 873 return asoc; 874 } 875 876 return NULL; 877 } 878 879 /* Lookup an association for an inbound skb. */ 880 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 881 const union sctp_addr *paddr, 882 const union sctp_addr *laddr, 883 struct sctp_transport **transportp) 884 { 885 struct sctp_association *asoc; 886 887 asoc = __sctp_lookup_association(laddr, paddr, transportp); 888 889 /* Further lookup for INIT/INIT-ACK packets. 890 * SCTP Implementors Guide, 2.18 Handling of address 891 * parameters within the INIT or INIT-ACK. 892 */ 893 if (!asoc) 894 asoc = __sctp_rcv_init_lookup(skb, laddr, transportp); 895 896 return asoc; 897 } 898