1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern kmem_cache_t *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 unsigned int __nocast gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 unsigned int __nocast gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __u16 types[2]; 187 sctp_adaption_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaption_ind = htonl(sp->adaption_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 if (addrs.v) 258 kfree(addrs.v); 259 return retval; 260 } 261 262 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 263 const struct sctp_chunk *chunk, 264 unsigned int __nocast gfp, int unkparam_len) 265 { 266 sctp_inithdr_t initack; 267 struct sctp_chunk *retval; 268 union sctp_params addrs; 269 int addrs_len; 270 sctp_cookie_param_t *cookie; 271 int cookie_len; 272 size_t chunksize; 273 sctp_adaption_ind_param_t aiparam; 274 275 retval = NULL; 276 277 /* Note: there may be no addresses to embed. */ 278 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 279 280 initack.init_tag = htonl(asoc->c.my_vtag); 281 initack.a_rwnd = htonl(asoc->rwnd); 282 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 283 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 284 initack.initial_tsn = htonl(asoc->c.initial_tsn); 285 286 /* FIXME: We really ought to build the cookie right 287 * into the packet instead of allocating more fresh memory. 288 */ 289 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 290 addrs.v, addrs_len); 291 if (!cookie) 292 goto nomem_cookie; 293 294 /* Calculate the total size of allocation, include the reserved 295 * space for reporting unknown parameters if it is specified. 296 */ 297 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 298 299 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 300 if (asoc->peer.ecn_capable) 301 chunksize += sizeof(ecap_param); 302 303 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 304 if (asoc->peer.prsctp_capable) 305 chunksize += sizeof(prsctp_param); 306 307 chunksize += sizeof(aiparam); 308 309 /* Now allocate and fill out the chunk. */ 310 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 311 if (!retval) 312 goto nomem_chunk; 313 314 /* Per the advice in RFC 2960 6.4, send this reply to 315 * the source of the INIT packet. 316 */ 317 retval->transport = chunk->transport; 318 retval->subh.init_hdr = 319 sctp_addto_chunk(retval, sizeof(initack), &initack); 320 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 321 sctp_addto_chunk(retval, cookie_len, cookie); 322 if (asoc->peer.ecn_capable) 323 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 324 if (asoc->peer.prsctp_capable) 325 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 326 327 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 328 aiparam.param_hdr.length = htons(sizeof(aiparam)); 329 aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind); 330 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 331 332 /* We need to remove the const qualifier at this point. */ 333 retval->asoc = (struct sctp_association *) asoc; 334 335 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 336 * 337 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 338 * HEARTBEAT ACK, * etc.) to the same destination transport 339 * address from which it received the DATA or control chunk 340 * to which it is replying. 341 * 342 * [INIT ACK back to where the INIT came from.] 343 */ 344 if (chunk) 345 retval->transport = chunk->transport; 346 347 nomem_chunk: 348 kfree(cookie); 349 nomem_cookie: 350 if (addrs.v) 351 kfree(addrs.v); 352 return retval; 353 } 354 355 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 356 * 357 * This chunk is used only during the initialization of an association. 358 * It is sent by the initiator of an association to its peer to complete 359 * the initialization process. This chunk MUST precede any DATA chunk 360 * sent within the association, but MAY be bundled with one or more DATA 361 * chunks in the same packet. 362 * 363 * 0 1 2 3 364 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * | Type = 10 |Chunk Flags | Length | 367 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 368 * / Cookie / 369 * \ \ 370 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 * 372 * Chunk Flags: 8 bit 373 * 374 * Set to zero on transmit and ignored on receipt. 375 * 376 * Length: 16 bits (unsigned integer) 377 * 378 * Set to the size of the chunk in bytes, including the 4 bytes of 379 * the chunk header and the size of the Cookie. 380 * 381 * Cookie: variable size 382 * 383 * This field must contain the exact cookie received in the 384 * State Cookie parameter from the previous INIT ACK. 385 * 386 * An implementation SHOULD make the cookie as small as possible 387 * to insure interoperability. 388 */ 389 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 390 const struct sctp_chunk *chunk) 391 { 392 struct sctp_chunk *retval; 393 void *cookie; 394 int cookie_len; 395 396 cookie = asoc->peer.cookie; 397 cookie_len = asoc->peer.cookie_len; 398 399 /* Build a cookie echo chunk. */ 400 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 401 if (!retval) 402 goto nodata; 403 retval->subh.cookie_hdr = 404 sctp_addto_chunk(retval, cookie_len, cookie); 405 406 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 407 * 408 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 409 * HEARTBEAT ACK, * etc.) to the same destination transport 410 * address from which it * received the DATA or control chunk 411 * to which it is replying. 412 * 413 * [COOKIE ECHO back to where the INIT ACK came from.] 414 */ 415 if (chunk) 416 retval->transport = chunk->transport; 417 418 nodata: 419 return retval; 420 } 421 422 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 423 * 424 * This chunk is used only during the initialization of an 425 * association. It is used to acknowledge the receipt of a COOKIE 426 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 427 * within the association, but MAY be bundled with one or more DATA 428 * chunks or SACK chunk in the same SCTP packet. 429 * 430 * 0 1 2 3 431 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * | Type = 11 |Chunk Flags | Length = 4 | 434 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 * 436 * Chunk Flags: 8 bits 437 * 438 * Set to zero on transmit and ignored on receipt. 439 */ 440 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 441 const struct sctp_chunk *chunk) 442 { 443 struct sctp_chunk *retval; 444 445 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 446 447 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 448 * 449 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 450 * HEARTBEAT ACK, * etc.) to the same destination transport 451 * address from which it * received the DATA or control chunk 452 * to which it is replying. 453 * 454 * [COOKIE ACK back to where the COOKIE ECHO came from.] 455 */ 456 if (retval && chunk) 457 retval->transport = chunk->transport; 458 459 return retval; 460 } 461 462 /* 463 * Appendix A: Explicit Congestion Notification: 464 * CWR: 465 * 466 * RFC 2481 details a specific bit for a sender to send in the header of 467 * its next outbound TCP segment to indicate to its peer that it has 468 * reduced its congestion window. This is termed the CWR bit. For 469 * SCTP the same indication is made by including the CWR chunk. 470 * This chunk contains one data element, i.e. the TSN number that 471 * was sent in the ECNE chunk. This element represents the lowest 472 * TSN number in the datagram that was originally marked with the 473 * CE bit. 474 * 475 * 0 1 2 3 476 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * | Lowest TSN Number | 481 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 * 483 * Note: The CWR is considered a Control chunk. 484 */ 485 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 486 const __u32 lowest_tsn, 487 const struct sctp_chunk *chunk) 488 { 489 struct sctp_chunk *retval; 490 sctp_cwrhdr_t cwr; 491 492 cwr.lowest_tsn = htonl(lowest_tsn); 493 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 494 sizeof(sctp_cwrhdr_t)); 495 496 if (!retval) 497 goto nodata; 498 499 retval->subh.ecn_cwr_hdr = 500 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 501 502 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 503 * 504 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 505 * HEARTBEAT ACK, * etc.) to the same destination transport 506 * address from which it * received the DATA or control chunk 507 * to which it is replying. 508 * 509 * [Report a reduced congestion window back to where the ECNE 510 * came from.] 511 */ 512 if (chunk) 513 retval->transport = chunk->transport; 514 515 nodata: 516 return retval; 517 } 518 519 /* Make an ECNE chunk. This is a congestion experienced report. */ 520 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 521 const __u32 lowest_tsn) 522 { 523 struct sctp_chunk *retval; 524 sctp_ecnehdr_t ecne; 525 526 ecne.lowest_tsn = htonl(lowest_tsn); 527 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 528 sizeof(sctp_ecnehdr_t)); 529 if (!retval) 530 goto nodata; 531 retval->subh.ecne_hdr = 532 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 533 534 nodata: 535 return retval; 536 } 537 538 /* Make a DATA chunk for the given association from the provided 539 * parameters. However, do not populate the data payload. 540 */ 541 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 542 const struct sctp_sndrcvinfo *sinfo, 543 int data_len, __u8 flags, __u16 ssn) 544 { 545 struct sctp_chunk *retval; 546 struct sctp_datahdr dp; 547 int chunk_len; 548 549 /* We assign the TSN as LATE as possible, not here when 550 * creating the chunk. 551 */ 552 dp.tsn = 0; 553 dp.stream = htons(sinfo->sinfo_stream); 554 dp.ppid = sinfo->sinfo_ppid; 555 556 /* Set the flags for an unordered send. */ 557 if (sinfo->sinfo_flags & MSG_UNORDERED) { 558 flags |= SCTP_DATA_UNORDERED; 559 dp.ssn = 0; 560 } else 561 dp.ssn = htons(ssn); 562 563 chunk_len = sizeof(dp) + data_len; 564 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 565 if (!retval) 566 goto nodata; 567 568 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 569 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 570 571 nodata: 572 return retval; 573 } 574 575 /* Create a selective ackowledgement (SACK) for the given 576 * association. This reports on which TSN's we've seen to date, 577 * including duplicates and gaps. 578 */ 579 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 580 { 581 struct sctp_chunk *retval; 582 struct sctp_sackhdr sack; 583 int len; 584 __u32 ctsn; 585 __u16 num_gabs, num_dup_tsns; 586 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 587 588 ctsn = sctp_tsnmap_get_ctsn(map); 589 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 590 591 /* How much room is needed in the chunk? */ 592 num_gabs = sctp_tsnmap_num_gabs(map); 593 num_dup_tsns = sctp_tsnmap_num_dups(map); 594 595 /* Initialize the SACK header. */ 596 sack.cum_tsn_ack = htonl(ctsn); 597 sack.a_rwnd = htonl(asoc->a_rwnd); 598 sack.num_gap_ack_blocks = htons(num_gabs); 599 sack.num_dup_tsns = htons(num_dup_tsns); 600 601 len = sizeof(sack) 602 + sizeof(struct sctp_gap_ack_block) * num_gabs 603 + sizeof(__u32) * num_dup_tsns; 604 605 /* Create the chunk. */ 606 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 607 if (!retval) 608 goto nodata; 609 610 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 611 * 612 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 613 * HEARTBEAT ACK, etc.) to the same destination transport 614 * address from which it received the DATA or control chunk to 615 * which it is replying. This rule should also be followed if 616 * the endpoint is bundling DATA chunks together with the 617 * reply chunk. 618 * 619 * However, when acknowledging multiple DATA chunks received 620 * in packets from different source addresses in a single 621 * SACK, the SACK chunk may be transmitted to one of the 622 * destination transport addresses from which the DATA or 623 * control chunks being acknowledged were received. 624 * 625 * [BUG: We do not implement the following paragraph. 626 * Perhaps we should remember the last transport we used for a 627 * SACK and avoid that (if possible) if we have seen any 628 * duplicates. --piggy] 629 * 630 * When a receiver of a duplicate DATA chunk sends a SACK to a 631 * multi- homed endpoint it MAY be beneficial to vary the 632 * destination address and not use the source address of the 633 * DATA chunk. The reason being that receiving a duplicate 634 * from a multi-homed endpoint might indicate that the return 635 * path (as specified in the source address of the DATA chunk) 636 * for the SACK is broken. 637 * 638 * [Send to the address from which we last received a DATA chunk.] 639 */ 640 retval->transport = asoc->peer.last_data_from; 641 642 retval->subh.sack_hdr = 643 sctp_addto_chunk(retval, sizeof(sack), &sack); 644 645 /* Add the gap ack block information. */ 646 if (num_gabs) 647 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 648 sctp_tsnmap_get_gabs(map)); 649 650 /* Add the duplicate TSN information. */ 651 if (num_dup_tsns) 652 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 653 sctp_tsnmap_get_dups(map)); 654 655 nodata: 656 return retval; 657 } 658 659 /* Make a SHUTDOWN chunk. */ 660 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 661 const struct sctp_chunk *chunk) 662 { 663 struct sctp_chunk *retval; 664 sctp_shutdownhdr_t shut; 665 __u32 ctsn; 666 667 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 668 shut.cum_tsn_ack = htonl(ctsn); 669 670 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 671 sizeof(sctp_shutdownhdr_t)); 672 if (!retval) 673 goto nodata; 674 675 retval->subh.shutdown_hdr = 676 sctp_addto_chunk(retval, sizeof(shut), &shut); 677 678 if (chunk) 679 retval->transport = chunk->transport; 680 nodata: 681 return retval; 682 } 683 684 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 685 const struct sctp_chunk *chunk) 686 { 687 struct sctp_chunk *retval; 688 689 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 690 691 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 692 * 693 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 694 * HEARTBEAT ACK, * etc.) to the same destination transport 695 * address from which it * received the DATA or control chunk 696 * to which it is replying. 697 * 698 * [ACK back to where the SHUTDOWN came from.] 699 */ 700 if (retval && chunk) 701 retval->transport = chunk->transport; 702 703 return retval; 704 } 705 706 struct sctp_chunk *sctp_make_shutdown_complete( 707 const struct sctp_association *asoc, 708 const struct sctp_chunk *chunk) 709 { 710 struct sctp_chunk *retval; 711 __u8 flags = 0; 712 713 /* Set the T-bit if we have no association (vtag will be 714 * reflected) 715 */ 716 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 717 718 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 719 720 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 721 * 722 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 723 * HEARTBEAT ACK, * etc.) to the same destination transport 724 * address from which it * received the DATA or control chunk 725 * to which it is replying. 726 * 727 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 728 * came from.] 729 */ 730 if (retval && chunk) 731 retval->transport = chunk->transport; 732 733 return retval; 734 } 735 736 /* Create an ABORT. Note that we set the T bit if we have no 737 * association, except when responding to an INIT (sctpimpguide 2.41). 738 */ 739 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 740 const struct sctp_chunk *chunk, 741 const size_t hint) 742 { 743 struct sctp_chunk *retval; 744 __u8 flags = 0; 745 746 /* Set the T-bit if we have no association and 'chunk' is not 747 * an INIT (vtag will be reflected). 748 */ 749 if (!asoc) { 750 if (chunk && chunk->chunk_hdr && 751 chunk->chunk_hdr->type == SCTP_CID_INIT) 752 flags = 0; 753 else 754 flags = SCTP_CHUNK_FLAG_T; 755 } 756 757 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 758 759 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 760 * 761 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 762 * HEARTBEAT ACK, * etc.) to the same destination transport 763 * address from which it * received the DATA or control chunk 764 * to which it is replying. 765 * 766 * [ABORT back to where the offender came from.] 767 */ 768 if (retval && chunk) 769 retval->transport = chunk->transport; 770 771 return retval; 772 } 773 774 /* Helper to create ABORT with a NO_USER_DATA error. */ 775 struct sctp_chunk *sctp_make_abort_no_data( 776 const struct sctp_association *asoc, 777 const struct sctp_chunk *chunk, __u32 tsn) 778 { 779 struct sctp_chunk *retval; 780 __u32 payload; 781 782 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 783 + sizeof(tsn)); 784 785 if (!retval) 786 goto no_mem; 787 788 /* Put the tsn back into network byte order. */ 789 payload = htonl(tsn); 790 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 791 sizeof(payload)); 792 793 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 794 * 795 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 796 * HEARTBEAT ACK, * etc.) to the same destination transport 797 * address from which it * received the DATA or control chunk 798 * to which it is replying. 799 * 800 * [ABORT back to where the offender came from.] 801 */ 802 if (chunk) 803 retval->transport = chunk->transport; 804 805 no_mem: 806 return retval; 807 } 808 809 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 810 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 811 const struct sctp_chunk *chunk, 812 const struct msghdr *msg) 813 { 814 struct sctp_chunk *retval; 815 void *payload = NULL, *payoff; 816 size_t paylen = 0; 817 struct iovec *iov = NULL; 818 int iovlen = 0; 819 820 if (msg) { 821 iov = msg->msg_iov; 822 iovlen = msg->msg_iovlen; 823 paylen = get_user_iov_size(iov, iovlen); 824 } 825 826 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen); 827 if (!retval) 828 goto err_chunk; 829 830 if (paylen) { 831 /* Put the msg_iov together into payload. */ 832 payload = kmalloc(paylen, GFP_ATOMIC); 833 if (!payload) 834 goto err_payload; 835 payoff = payload; 836 837 for (; iovlen > 0; --iovlen) { 838 if (copy_from_user(payoff, iov->iov_base,iov->iov_len)) 839 goto err_copy; 840 payoff += iov->iov_len; 841 iov++; 842 } 843 } 844 845 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 846 847 if (paylen) 848 kfree(payload); 849 850 return retval; 851 852 err_copy: 853 kfree(payload); 854 err_payload: 855 sctp_chunk_free(retval); 856 retval = NULL; 857 err_chunk: 858 return retval; 859 } 860 861 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 862 struct sctp_chunk *sctp_make_abort_violation( 863 const struct sctp_association *asoc, 864 const struct sctp_chunk *chunk, 865 const __u8 *payload, 866 const size_t paylen) 867 { 868 struct sctp_chunk *retval; 869 struct sctp_paramhdr phdr; 870 871 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 872 + sizeof(sctp_chunkhdr_t)); 873 if (!retval) 874 goto end; 875 876 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 877 878 phdr.type = htons(chunk->chunk_hdr->type); 879 phdr.length = chunk->chunk_hdr->length; 880 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 881 882 end: 883 return retval; 884 } 885 886 /* Make a HEARTBEAT chunk. */ 887 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 888 const struct sctp_transport *transport, 889 const void *payload, const size_t paylen) 890 { 891 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 892 0, paylen); 893 894 if (!retval) 895 goto nodata; 896 897 /* Cast away the 'const', as this is just telling the chunk 898 * what transport it belongs to. 899 */ 900 retval->transport = (struct sctp_transport *) transport; 901 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 902 903 nodata: 904 return retval; 905 } 906 907 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 908 const struct sctp_chunk *chunk, 909 const void *payload, const size_t paylen) 910 { 911 struct sctp_chunk *retval; 912 913 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 914 if (!retval) 915 goto nodata; 916 917 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 918 919 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 920 * 921 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 922 * HEARTBEAT ACK, * etc.) to the same destination transport 923 * address from which it * received the DATA or control chunk 924 * to which it is replying. 925 * 926 * [HBACK back to where the HEARTBEAT came from.] 927 */ 928 if (chunk) 929 retval->transport = chunk->transport; 930 931 nodata: 932 return retval; 933 } 934 935 /* Create an Operation Error chunk with the specified space reserved. 936 * This routine can be used for containing multiple causes in the chunk. 937 */ 938 static struct sctp_chunk *sctp_make_op_error_space( 939 const struct sctp_association *asoc, 940 const struct sctp_chunk *chunk, 941 size_t size) 942 { 943 struct sctp_chunk *retval; 944 945 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 946 sizeof(sctp_errhdr_t) + size); 947 if (!retval) 948 goto nodata; 949 950 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 951 * 952 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 953 * HEARTBEAT ACK, etc.) to the same destination transport 954 * address from which it received the DATA or control chunk 955 * to which it is replying. 956 * 957 */ 958 if (chunk) 959 retval->transport = chunk->transport; 960 961 nodata: 962 return retval; 963 } 964 965 /* Create an Operation Error chunk. */ 966 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 967 const struct sctp_chunk *chunk, 968 __u16 cause_code, const void *payload, 969 size_t paylen) 970 { 971 struct sctp_chunk *retval; 972 973 retval = sctp_make_op_error_space(asoc, chunk, paylen); 974 if (!retval) 975 goto nodata; 976 977 sctp_init_cause(retval, cause_code, payload, paylen); 978 979 nodata: 980 return retval; 981 } 982 983 /******************************************************************** 984 * 2nd Level Abstractions 985 ********************************************************************/ 986 987 /* Turn an skb into a chunk. 988 * FIXME: Eventually move the structure directly inside the skb->cb[]. 989 */ 990 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 991 const struct sctp_association *asoc, 992 struct sock *sk) 993 { 994 struct sctp_chunk *retval; 995 996 retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC); 997 998 if (!retval) 999 goto nodata; 1000 memset(retval, 0, sizeof(struct sctp_chunk)); 1001 1002 if (!sk) { 1003 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1004 } 1005 1006 INIT_LIST_HEAD(&retval->list); 1007 retval->skb = skb; 1008 retval->asoc = (struct sctp_association *)asoc; 1009 retval->resent = 0; 1010 retval->has_tsn = 0; 1011 retval->has_ssn = 0; 1012 retval->rtt_in_progress = 0; 1013 retval->sent_at = 0; 1014 retval->singleton = 1; 1015 retval->end_of_packet = 0; 1016 retval->ecn_ce_done = 0; 1017 retval->pdiscard = 0; 1018 1019 /* sctpimpguide-05.txt Section 2.8.2 1020 * M1) Each time a new DATA chunk is transmitted 1021 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1022 * 'TSN.Missing.Report' count will be used to determine missing chunks 1023 * and when to fast retransmit. 1024 */ 1025 retval->tsn_missing_report = 0; 1026 retval->tsn_gap_acked = 0; 1027 retval->fast_retransmit = 0; 1028 1029 /* If this is a fragmented message, track all fragments 1030 * of the message (for SEND_FAILED). 1031 */ 1032 retval->msg = NULL; 1033 1034 /* Polish the bead hole. */ 1035 INIT_LIST_HEAD(&retval->transmitted_list); 1036 INIT_LIST_HEAD(&retval->frag_list); 1037 SCTP_DBG_OBJCNT_INC(chunk); 1038 atomic_set(&retval->refcnt, 1); 1039 1040 nodata: 1041 return retval; 1042 } 1043 1044 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1045 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1046 union sctp_addr *dest) 1047 { 1048 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1049 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1050 } 1051 1052 /* Extract the source address from a chunk. */ 1053 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1054 { 1055 /* If we have a known transport, use that. */ 1056 if (chunk->transport) { 1057 return &chunk->transport->ipaddr; 1058 } else { 1059 /* Otherwise, extract it from the IP header. */ 1060 return &chunk->source; 1061 } 1062 } 1063 1064 /* Create a new chunk, setting the type and flags headers from the 1065 * arguments, reserving enough space for a 'paylen' byte payload. 1066 */ 1067 SCTP_STATIC 1068 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1069 __u8 type, __u8 flags, int paylen) 1070 { 1071 struct sctp_chunk *retval; 1072 sctp_chunkhdr_t *chunk_hdr; 1073 struct sk_buff *skb; 1074 struct sock *sk; 1075 1076 /* No need to allocate LL here, as this is only a chunk. */ 1077 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1078 GFP_ATOMIC); 1079 if (!skb) 1080 goto nodata; 1081 1082 /* Make room for the chunk header. */ 1083 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1084 chunk_hdr->type = type; 1085 chunk_hdr->flags = flags; 1086 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1087 1088 sk = asoc ? asoc->base.sk : NULL; 1089 retval = sctp_chunkify(skb, asoc, sk); 1090 if (!retval) { 1091 kfree_skb(skb); 1092 goto nodata; 1093 } 1094 1095 retval->chunk_hdr = chunk_hdr; 1096 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1097 1098 /* Set the skb to the belonging sock for accounting. */ 1099 skb->sk = sk; 1100 1101 return retval; 1102 nodata: 1103 return NULL; 1104 } 1105 1106 1107 /* Release the memory occupied by a chunk. */ 1108 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1109 { 1110 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1111 dev_kfree_skb(chunk->skb); 1112 1113 SCTP_DBG_OBJCNT_DEC(chunk); 1114 kmem_cache_free(sctp_chunk_cachep, chunk); 1115 } 1116 1117 /* Possibly, free the chunk. */ 1118 void sctp_chunk_free(struct sctp_chunk *chunk) 1119 { 1120 BUG_ON(!list_empty(&chunk->list)); 1121 list_del_init(&chunk->transmitted_list); 1122 1123 /* Release our reference on the message tracker. */ 1124 if (chunk->msg) 1125 sctp_datamsg_put(chunk->msg); 1126 1127 sctp_chunk_put(chunk); 1128 } 1129 1130 /* Grab a reference to the chunk. */ 1131 void sctp_chunk_hold(struct sctp_chunk *ch) 1132 { 1133 atomic_inc(&ch->refcnt); 1134 } 1135 1136 /* Release a reference to the chunk. */ 1137 void sctp_chunk_put(struct sctp_chunk *ch) 1138 { 1139 if (atomic_dec_and_test(&ch->refcnt)) 1140 sctp_chunk_destroy(ch); 1141 } 1142 1143 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1144 * enough. 1145 */ 1146 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1147 { 1148 void *target; 1149 void *padding; 1150 int chunklen = ntohs(chunk->chunk_hdr->length); 1151 int padlen = chunklen % 4; 1152 1153 padding = skb_put(chunk->skb, padlen); 1154 target = skb_put(chunk->skb, len); 1155 1156 memset(padding, 0, padlen); 1157 memcpy(target, data, len); 1158 1159 /* Adjust the chunk length field. */ 1160 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1161 chunk->chunk_end = chunk->skb->tail; 1162 1163 return target; 1164 } 1165 1166 /* Append bytes from user space to the end of a chunk. Will panic if 1167 * chunk is not big enough. 1168 * Returns a kernel err value. 1169 */ 1170 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1171 struct iovec *data) 1172 { 1173 __u8 *target; 1174 int err = 0; 1175 1176 /* Make room in chunk for data. */ 1177 target = skb_put(chunk->skb, len); 1178 1179 /* Copy data (whole iovec) into chunk */ 1180 if ((err = memcpy_fromiovecend(target, data, off, len))) 1181 goto out; 1182 1183 /* Adjust the chunk length field. */ 1184 chunk->chunk_hdr->length = 1185 htons(ntohs(chunk->chunk_hdr->length) + len); 1186 chunk->chunk_end = chunk->skb->tail; 1187 1188 out: 1189 return err; 1190 } 1191 1192 /* Helper function to assign a TSN if needed. This assumes that both 1193 * the data_hdr and association have already been assigned. 1194 */ 1195 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1196 { 1197 __u16 ssn; 1198 __u16 sid; 1199 1200 if (chunk->has_ssn) 1201 return; 1202 1203 /* This is the last possible instant to assign a SSN. */ 1204 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1205 ssn = 0; 1206 } else { 1207 sid = htons(chunk->subh.data_hdr->stream); 1208 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1209 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1210 else 1211 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1212 ssn = htons(ssn); 1213 } 1214 1215 chunk->subh.data_hdr->ssn = ssn; 1216 chunk->has_ssn = 1; 1217 } 1218 1219 /* Helper function to assign a TSN if needed. This assumes that both 1220 * the data_hdr and association have already been assigned. 1221 */ 1222 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1223 { 1224 if (!chunk->has_tsn) { 1225 /* This is the last possible instant to 1226 * assign a TSN. 1227 */ 1228 chunk->subh.data_hdr->tsn = 1229 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1230 chunk->has_tsn = 1; 1231 } 1232 } 1233 1234 /* Create a CLOSED association to use with an incoming packet. */ 1235 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1236 struct sctp_chunk *chunk, 1237 unsigned int __nocast gfp) 1238 { 1239 struct sctp_association *asoc; 1240 struct sk_buff *skb; 1241 sctp_scope_t scope; 1242 struct sctp_af *af; 1243 1244 /* Create the bare association. */ 1245 scope = sctp_scope(sctp_source(chunk)); 1246 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1247 if (!asoc) 1248 goto nodata; 1249 asoc->temp = 1; 1250 skb = chunk->skb; 1251 /* Create an entry for the source address of the packet. */ 1252 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1253 if (unlikely(!af)) 1254 goto fail; 1255 af->from_skb(&asoc->c.peer_addr, skb, 1); 1256 nodata: 1257 return asoc; 1258 1259 fail: 1260 sctp_association_free(asoc); 1261 return NULL; 1262 } 1263 1264 /* Build a cookie representing asoc. 1265 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1266 */ 1267 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1268 const struct sctp_association *asoc, 1269 const struct sctp_chunk *init_chunk, 1270 int *cookie_len, 1271 const __u8 *raw_addrs, int addrs_len) 1272 { 1273 sctp_cookie_param_t *retval; 1274 struct sctp_signed_cookie *cookie; 1275 struct scatterlist sg; 1276 int headersize, bodysize; 1277 unsigned int keylen; 1278 char *key; 1279 1280 headersize = sizeof(sctp_paramhdr_t) + SCTP_SECRET_SIZE; 1281 bodysize = sizeof(struct sctp_cookie) 1282 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1283 1284 /* Pad out the cookie to a multiple to make the signature 1285 * functions simpler to write. 1286 */ 1287 if (bodysize % SCTP_COOKIE_MULTIPLE) 1288 bodysize += SCTP_COOKIE_MULTIPLE 1289 - (bodysize % SCTP_COOKIE_MULTIPLE); 1290 *cookie_len = headersize + bodysize; 1291 1292 retval = (sctp_cookie_param_t *)kmalloc(*cookie_len, GFP_ATOMIC); 1293 1294 if (!retval) { 1295 *cookie_len = 0; 1296 goto nodata; 1297 } 1298 1299 /* Clear this memory since we are sending this data structure 1300 * out on the network. 1301 */ 1302 memset(retval, 0x00, *cookie_len); 1303 cookie = (struct sctp_signed_cookie *) retval->body; 1304 1305 /* Set up the parameter header. */ 1306 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1307 retval->p.length = htons(*cookie_len); 1308 1309 /* Copy the cookie part of the association itself. */ 1310 cookie->c = asoc->c; 1311 /* Save the raw address list length in the cookie. */ 1312 cookie->c.raw_addr_list_len = addrs_len; 1313 1314 /* Remember PR-SCTP capability. */ 1315 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1316 1317 /* Save adaption indication in the cookie. */ 1318 cookie->c.adaption_ind = asoc->peer.adaption_ind; 1319 1320 /* Set an expiration time for the cookie. */ 1321 do_gettimeofday(&cookie->c.expiration); 1322 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1323 1324 /* Copy the peer's init packet. */ 1325 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1326 ntohs(init_chunk->chunk_hdr->length)); 1327 1328 /* Copy the raw local address list of the association. */ 1329 memcpy((__u8 *)&cookie->c.peer_init[0] + 1330 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1331 1332 if (sctp_sk(ep->base.sk)->hmac) { 1333 /* Sign the message. */ 1334 sg.page = virt_to_page(&cookie->c); 1335 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1336 sg.length = bodysize; 1337 keylen = SCTP_SECRET_SIZE; 1338 key = (char *)ep->secret_key[ep->current_key]; 1339 1340 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1341 &sg, 1, cookie->signature); 1342 } 1343 1344 nodata: 1345 return retval; 1346 } 1347 1348 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1349 struct sctp_association *sctp_unpack_cookie( 1350 const struct sctp_endpoint *ep, 1351 const struct sctp_association *asoc, 1352 struct sctp_chunk *chunk, unsigned int __nocast gfp, 1353 int *error, struct sctp_chunk **errp) 1354 { 1355 struct sctp_association *retval = NULL; 1356 struct sctp_signed_cookie *cookie; 1357 struct sctp_cookie *bear_cookie; 1358 int headersize, bodysize, fixed_size; 1359 __u8 digest[SCTP_SIGNATURE_SIZE]; 1360 struct scatterlist sg; 1361 unsigned int keylen, len; 1362 char *key; 1363 sctp_scope_t scope; 1364 struct sk_buff *skb = chunk->skb; 1365 1366 headersize = sizeof(sctp_chunkhdr_t) + SCTP_SECRET_SIZE; 1367 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1368 fixed_size = headersize + sizeof(struct sctp_cookie); 1369 1370 /* Verify that the chunk looks like it even has a cookie. 1371 * There must be enough room for our cookie and our peer's 1372 * INIT chunk. 1373 */ 1374 len = ntohs(chunk->chunk_hdr->length); 1375 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1376 goto malformed; 1377 1378 /* Verify that the cookie has been padded out. */ 1379 if (bodysize % SCTP_COOKIE_MULTIPLE) 1380 goto malformed; 1381 1382 /* Process the cookie. */ 1383 cookie = chunk->subh.cookie_hdr; 1384 bear_cookie = &cookie->c; 1385 1386 if (!sctp_sk(ep->base.sk)->hmac) 1387 goto no_hmac; 1388 1389 /* Check the signature. */ 1390 keylen = SCTP_SECRET_SIZE; 1391 sg.page = virt_to_page(bear_cookie); 1392 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1393 sg.length = bodysize; 1394 key = (char *)ep->secret_key[ep->current_key]; 1395 1396 memset(digest, 0x00, sizeof(digest)); 1397 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg, 1398 1, digest); 1399 1400 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1401 /* Try the previous key. */ 1402 key = (char *)ep->secret_key[ep->last_key]; 1403 memset(digest, 0x00, sizeof(digest)); 1404 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1405 &sg, 1, digest); 1406 1407 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1408 /* Yikes! Still bad signature! */ 1409 *error = -SCTP_IERROR_BAD_SIG; 1410 goto fail; 1411 } 1412 } 1413 1414 no_hmac: 1415 /* IG Section 2.35.2: 1416 * 3) Compare the port numbers and the verification tag contained 1417 * within the COOKIE ECHO chunk to the actual port numbers and the 1418 * verification tag within the SCTP common header of the received 1419 * packet. If these values do not match the packet MUST be silently 1420 * discarded, 1421 */ 1422 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1423 *error = -SCTP_IERROR_BAD_TAG; 1424 goto fail; 1425 } 1426 1427 if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port || 1428 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1429 *error = -SCTP_IERROR_BAD_PORTS; 1430 goto fail; 1431 } 1432 1433 /* Check to see if the cookie is stale. If there is already 1434 * an association, there is no need to check cookie's expiration 1435 * for init collision case of lost COOKIE ACK. 1436 */ 1437 if (!asoc && tv_lt(bear_cookie->expiration, skb->stamp)) { 1438 __u16 len; 1439 /* 1440 * Section 3.3.10.3 Stale Cookie Error (3) 1441 * 1442 * Cause of error 1443 * --------------- 1444 * Stale Cookie Error: Indicates the receipt of a valid State 1445 * Cookie that has expired. 1446 */ 1447 len = ntohs(chunk->chunk_hdr->length); 1448 *errp = sctp_make_op_error_space(asoc, chunk, len); 1449 if (*errp) { 1450 suseconds_t usecs = (skb->stamp.tv_sec - 1451 bear_cookie->expiration.tv_sec) * 1000000L + 1452 skb->stamp.tv_usec - 1453 bear_cookie->expiration.tv_usec; 1454 1455 usecs = htonl(usecs); 1456 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1457 &usecs, sizeof(usecs)); 1458 *error = -SCTP_IERROR_STALE_COOKIE; 1459 } else 1460 *error = -SCTP_IERROR_NOMEM; 1461 1462 goto fail; 1463 } 1464 1465 /* Make a new base association. */ 1466 scope = sctp_scope(sctp_source(chunk)); 1467 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1468 if (!retval) { 1469 *error = -SCTP_IERROR_NOMEM; 1470 goto fail; 1471 } 1472 1473 /* Set up our peer's port number. */ 1474 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1475 1476 /* Populate the association from the cookie. */ 1477 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1478 1479 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1480 GFP_ATOMIC) < 0) { 1481 *error = -SCTP_IERROR_NOMEM; 1482 goto fail; 1483 } 1484 1485 /* Also, add the destination address. */ 1486 if (list_empty(&retval->base.bind_addr.address_list)) { 1487 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1488 GFP_ATOMIC); 1489 } 1490 1491 retval->next_tsn = retval->c.initial_tsn; 1492 retval->ctsn_ack_point = retval->next_tsn - 1; 1493 retval->addip_serial = retval->c.initial_tsn; 1494 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1495 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1496 retval->peer.adaption_ind = retval->c.adaption_ind; 1497 1498 /* The INIT stuff will be done by the side effects. */ 1499 return retval; 1500 1501 fail: 1502 if (retval) 1503 sctp_association_free(retval); 1504 1505 return NULL; 1506 1507 malformed: 1508 /* Yikes! The packet is either corrupt or deliberately 1509 * malformed. 1510 */ 1511 *error = -SCTP_IERROR_MALFORMED; 1512 goto fail; 1513 } 1514 1515 /******************************************************************** 1516 * 3rd Level Abstractions 1517 ********************************************************************/ 1518 1519 struct __sctp_missing { 1520 __u32 num_missing; 1521 __u16 type; 1522 } __attribute__((packed)); 1523 1524 /* 1525 * Report a missing mandatory parameter. 1526 */ 1527 static int sctp_process_missing_param(const struct sctp_association *asoc, 1528 sctp_param_t paramtype, 1529 struct sctp_chunk *chunk, 1530 struct sctp_chunk **errp) 1531 { 1532 struct __sctp_missing report; 1533 __u16 len; 1534 1535 len = WORD_ROUND(sizeof(report)); 1536 1537 /* Make an ERROR chunk, preparing enough room for 1538 * returning multiple unknown parameters. 1539 */ 1540 if (!*errp) 1541 *errp = sctp_make_op_error_space(asoc, chunk, len); 1542 1543 if (*errp) { 1544 report.num_missing = htonl(1); 1545 report.type = paramtype; 1546 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 1547 &report, sizeof(report)); 1548 } 1549 1550 /* Stop processing this chunk. */ 1551 return 0; 1552 } 1553 1554 /* Report an Invalid Mandatory Parameter. */ 1555 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1556 struct sctp_chunk *chunk, 1557 struct sctp_chunk **errp) 1558 { 1559 /* Invalid Mandatory Parameter Error has no payload. */ 1560 1561 if (!*errp) 1562 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1563 1564 if (*errp) 1565 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1566 1567 /* Stop processing this chunk. */ 1568 return 0; 1569 } 1570 1571 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1572 struct sctp_paramhdr *param, 1573 const struct sctp_chunk *chunk, 1574 struct sctp_chunk **errp) 1575 { 1576 char error[] = "The following parameter had invalid length:"; 1577 size_t payload_len = WORD_ROUND(sizeof(error)) + 1578 sizeof(sctp_paramhdr_t); 1579 1580 1581 /* Create an error chunk and fill it in with our payload. */ 1582 if (!*errp) 1583 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1584 1585 if (*errp) { 1586 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1587 sizeof(error)); 1588 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1589 } 1590 1591 return 0; 1592 } 1593 1594 1595 /* Do not attempt to handle the HOST_NAME parm. However, do 1596 * send back an indicator to the peer. 1597 */ 1598 static int sctp_process_hn_param(const struct sctp_association *asoc, 1599 union sctp_params param, 1600 struct sctp_chunk *chunk, 1601 struct sctp_chunk **errp) 1602 { 1603 __u16 len = ntohs(param.p->length); 1604 1605 /* Make an ERROR chunk. */ 1606 if (!*errp) 1607 *errp = sctp_make_op_error_space(asoc, chunk, len); 1608 1609 if (*errp) 1610 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1611 param.v, len); 1612 1613 /* Stop processing this chunk. */ 1614 return 0; 1615 } 1616 1617 /* RFC 3.2.1 & the Implementers Guide 2.2. 1618 * 1619 * The Parameter Types are encoded such that the 1620 * highest-order two bits specify the action that must be 1621 * taken if the processing endpoint does not recognize the 1622 * Parameter Type. 1623 * 1624 * 00 - Stop processing this SCTP chunk and discard it, 1625 * do not process any further chunks within it. 1626 * 1627 * 01 - Stop processing this SCTP chunk and discard it, 1628 * do not process any further chunks within it, and report 1629 * the unrecognized parameter in an 'Unrecognized 1630 * Parameter Type' (in either an ERROR or in the INIT ACK). 1631 * 1632 * 10 - Skip this parameter and continue processing. 1633 * 1634 * 11 - Skip this parameter and continue processing but 1635 * report the unrecognized parameter in an 1636 * 'Unrecognized Parameter Type' (in either an ERROR or in 1637 * the INIT ACK). 1638 * 1639 * Return value: 1640 * 0 - discard the chunk 1641 * 1 - continue with the chunk 1642 */ 1643 static int sctp_process_unk_param(const struct sctp_association *asoc, 1644 union sctp_params param, 1645 struct sctp_chunk *chunk, 1646 struct sctp_chunk **errp) 1647 { 1648 int retval = 1; 1649 1650 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1651 case SCTP_PARAM_ACTION_DISCARD: 1652 retval = 0; 1653 break; 1654 case SCTP_PARAM_ACTION_DISCARD_ERR: 1655 retval = 0; 1656 /* Make an ERROR chunk, preparing enough room for 1657 * returning multiple unknown parameters. 1658 */ 1659 if (NULL == *errp) 1660 *errp = sctp_make_op_error_space(asoc, chunk, 1661 ntohs(chunk->chunk_hdr->length)); 1662 1663 if (*errp) 1664 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1665 param.v, 1666 WORD_ROUND(ntohs(param.p->length))); 1667 1668 break; 1669 case SCTP_PARAM_ACTION_SKIP: 1670 break; 1671 case SCTP_PARAM_ACTION_SKIP_ERR: 1672 /* Make an ERROR chunk, preparing enough room for 1673 * returning multiple unknown parameters. 1674 */ 1675 if (NULL == *errp) 1676 *errp = sctp_make_op_error_space(asoc, chunk, 1677 ntohs(chunk->chunk_hdr->length)); 1678 1679 if (*errp) { 1680 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1681 param.v, 1682 WORD_ROUND(ntohs(param.p->length))); 1683 } else { 1684 /* If there is no memory for generating the ERROR 1685 * report as specified, an ABORT will be triggered 1686 * to the peer and the association won't be 1687 * established. 1688 */ 1689 retval = 0; 1690 } 1691 1692 break; 1693 default: 1694 break; 1695 } 1696 1697 return retval; 1698 } 1699 1700 /* Find unrecognized parameters in the chunk. 1701 * Return values: 1702 * 0 - discard the chunk 1703 * 1 - continue with the chunk 1704 */ 1705 static int sctp_verify_param(const struct sctp_association *asoc, 1706 union sctp_params param, 1707 sctp_cid_t cid, 1708 struct sctp_chunk *chunk, 1709 struct sctp_chunk **err_chunk) 1710 { 1711 int retval = 1; 1712 1713 /* FIXME - This routine is not looking at each parameter per the 1714 * chunk type, i.e., unrecognized parameters should be further 1715 * identified based on the chunk id. 1716 */ 1717 1718 switch (param.p->type) { 1719 case SCTP_PARAM_IPV4_ADDRESS: 1720 case SCTP_PARAM_IPV6_ADDRESS: 1721 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1722 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1723 case SCTP_PARAM_STATE_COOKIE: 1724 case SCTP_PARAM_HEARTBEAT_INFO: 1725 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1726 case SCTP_PARAM_ECN_CAPABLE: 1727 case SCTP_PARAM_ADAPTION_LAYER_IND: 1728 break; 1729 1730 case SCTP_PARAM_HOST_NAME_ADDRESS: 1731 /* Tell the peer, we won't support this param. */ 1732 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1733 case SCTP_PARAM_FWD_TSN_SUPPORT: 1734 if (sctp_prsctp_enable) 1735 break; 1736 /* Fall Through */ 1737 default: 1738 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1739 ntohs(param.p->type), cid); 1740 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1741 1742 break; 1743 } 1744 return retval; 1745 } 1746 1747 /* Verify the INIT packet before we process it. */ 1748 int sctp_verify_init(const struct sctp_association *asoc, 1749 sctp_cid_t cid, 1750 sctp_init_chunk_t *peer_init, 1751 struct sctp_chunk *chunk, 1752 struct sctp_chunk **errp) 1753 { 1754 union sctp_params param; 1755 int has_cookie = 0; 1756 1757 /* Verify stream values are non-zero. */ 1758 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1759 (0 == peer_init->init_hdr.num_inbound_streams)) { 1760 1761 sctp_process_inv_mandatory(asoc, chunk, errp); 1762 return 0; 1763 } 1764 1765 /* Check for missing mandatory parameters. */ 1766 sctp_walk_params(param, peer_init, init_hdr.params) { 1767 1768 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1769 has_cookie = 1; 1770 1771 } /* for (loop through all parameters) */ 1772 1773 /* There is a possibility that a parameter length was bad and 1774 * in that case we would have stoped walking the parameters. 1775 * The current param.p would point at the bad one. 1776 * Current consensus on the mailing list is to generate a PROTOCOL 1777 * VIOLATION error. We build the ERROR chunk here and let the normal 1778 * error handling code build and send the packet. 1779 */ 1780 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1781 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1782 return 0; 1783 } 1784 1785 /* The only missing mandatory param possible today is 1786 * the state cookie for an INIT-ACK chunk. 1787 */ 1788 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1789 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1790 chunk, errp); 1791 return 0; 1792 } 1793 1794 /* Find unrecognized parameters. */ 1795 1796 sctp_walk_params(param, peer_init, init_hdr.params) { 1797 1798 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1799 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1800 return 0; 1801 else 1802 return 1; 1803 } 1804 1805 } /* for (loop through all parameters) */ 1806 1807 return 1; 1808 } 1809 1810 /* Unpack the parameters in an INIT packet into an association. 1811 * Returns 0 on failure, else success. 1812 * FIXME: This is an association method. 1813 */ 1814 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1815 const union sctp_addr *peer_addr, 1816 sctp_init_chunk_t *peer_init, unsigned int __nocast gfp) 1817 { 1818 union sctp_params param; 1819 struct sctp_transport *transport; 1820 struct list_head *pos, *temp; 1821 char *cookie; 1822 1823 /* We must include the address that the INIT packet came from. 1824 * This is the only address that matters for an INIT packet. 1825 * When processing a COOKIE ECHO, we retrieve the from address 1826 * of the INIT from the cookie. 1827 */ 1828 1829 /* This implementation defaults to making the first transport 1830 * added as the primary transport. The source address seems to 1831 * be a a better choice than any of the embedded addresses. 1832 */ 1833 if (peer_addr) 1834 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 1835 goto nomem; 1836 1837 /* Process the initialization parameters. */ 1838 1839 sctp_walk_params(param, peer_init, init_hdr.params) { 1840 1841 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1842 goto clean_up; 1843 } 1844 1845 /* Walk list of transports, removing transports in the UNKNOWN state. */ 1846 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1847 transport = list_entry(pos, struct sctp_transport, transports); 1848 if (transport->state == SCTP_UNKNOWN) { 1849 sctp_assoc_rm_peer(asoc, transport); 1850 } 1851 } 1852 1853 /* The fixed INIT headers are always in network byte 1854 * order. 1855 */ 1856 asoc->peer.i.init_tag = 1857 ntohl(peer_init->init_hdr.init_tag); 1858 asoc->peer.i.a_rwnd = 1859 ntohl(peer_init->init_hdr.a_rwnd); 1860 asoc->peer.i.num_outbound_streams = 1861 ntohs(peer_init->init_hdr.num_outbound_streams); 1862 asoc->peer.i.num_inbound_streams = 1863 ntohs(peer_init->init_hdr.num_inbound_streams); 1864 asoc->peer.i.initial_tsn = 1865 ntohl(peer_init->init_hdr.initial_tsn); 1866 1867 /* Apply the upper bounds for output streams based on peer's 1868 * number of inbound streams. 1869 */ 1870 if (asoc->c.sinit_num_ostreams > 1871 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1872 asoc->c.sinit_num_ostreams = 1873 ntohs(peer_init->init_hdr.num_inbound_streams); 1874 } 1875 1876 if (asoc->c.sinit_max_instreams > 1877 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1878 asoc->c.sinit_max_instreams = 1879 ntohs(peer_init->init_hdr.num_outbound_streams); 1880 } 1881 1882 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1883 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1884 1885 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1886 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1887 1888 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1889 cookie = asoc->peer.cookie; 1890 if (cookie) { 1891 asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp); 1892 if (!asoc->peer.cookie) 1893 goto clean_up; 1894 memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len); 1895 } 1896 1897 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1898 * high (for example, implementations MAY use the size of the receiver 1899 * advertised window). 1900 */ 1901 list_for_each(pos, &asoc->peer.transport_addr_list) { 1902 transport = list_entry(pos, struct sctp_transport, transports); 1903 transport->ssthresh = asoc->peer.i.a_rwnd; 1904 } 1905 1906 /* Set up the TSN tracking pieces. */ 1907 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1908 asoc->peer.i.initial_tsn); 1909 1910 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1911 * 1912 * The stream sequence number in all the streams shall start 1913 * from 0 when the association is established. Also, when the 1914 * stream sequence number reaches the value 65535 the next 1915 * stream sequence number shall be set to 0. 1916 */ 1917 1918 /* Allocate storage for the negotiated streams if it is not a temporary 1919 * association. 1920 */ 1921 if (!asoc->temp) { 1922 int assoc_id; 1923 int error; 1924 1925 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1926 asoc->c.sinit_num_ostreams, gfp); 1927 if (!asoc->ssnmap) 1928 goto clean_up; 1929 1930 retry: 1931 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1932 goto clean_up; 1933 spin_lock_bh(&sctp_assocs_id_lock); 1934 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1935 &assoc_id); 1936 spin_unlock_bh(&sctp_assocs_id_lock); 1937 if (error == -EAGAIN) 1938 goto retry; 1939 else if (error) 1940 goto clean_up; 1941 1942 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1943 } 1944 1945 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1946 * 1947 * When an endpoint has an ASCONF signaled change to be sent to the 1948 * remote endpoint it should do the following: 1949 * ... 1950 * A2) A serial number should be assigned to the Chunk. The serial 1951 * number should be a monotonically increasing number. All serial 1952 * numbers are defined to be initialized at the start of the 1953 * association to the same value as the Initial TSN. 1954 */ 1955 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1956 return 1; 1957 1958 clean_up: 1959 /* Release the transport structures. */ 1960 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1961 transport = list_entry(pos, struct sctp_transport, transports); 1962 list_del_init(pos); 1963 sctp_transport_free(transport); 1964 } 1965 1966 asoc->peer.transport_count = 0; 1967 1968 nomem: 1969 return 0; 1970 } 1971 1972 1973 /* Update asoc with the option described in param. 1974 * 1975 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1976 * 1977 * asoc is the association to update. 1978 * param is the variable length parameter to use for update. 1979 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 1980 * If the current packet is an INIT we want to minimize the amount of 1981 * work we do. In particular, we should not build transport 1982 * structures for the addresses. 1983 */ 1984 static int sctp_process_param(struct sctp_association *asoc, 1985 union sctp_params param, 1986 const union sctp_addr *peer_addr, 1987 unsigned int __nocast gfp) 1988 { 1989 union sctp_addr addr; 1990 int i; 1991 __u16 sat; 1992 int retval = 1; 1993 sctp_scope_t scope; 1994 time_t stale; 1995 struct sctp_af *af; 1996 1997 /* We maintain all INIT parameters in network byte order all the 1998 * time. This allows us to not worry about whether the parameters 1999 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2000 */ 2001 switch (param.p->type) { 2002 case SCTP_PARAM_IPV6_ADDRESS: 2003 if (PF_INET6 != asoc->base.sk->sk_family) 2004 break; 2005 /* Fall through. */ 2006 case SCTP_PARAM_IPV4_ADDRESS: 2007 af = sctp_get_af_specific(param_type2af(param.p->type)); 2008 af->from_addr_param(&addr, param.addr, asoc->peer.port, 0); 2009 scope = sctp_scope(peer_addr); 2010 if (sctp_in_scope(&addr, scope)) 2011 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_ACTIVE)) 2012 return 0; 2013 break; 2014 2015 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2016 if (!sctp_cookie_preserve_enable) 2017 break; 2018 2019 stale = ntohl(param.life->lifespan_increment); 2020 2021 /* Suggested Cookie Life span increment's unit is msec, 2022 * (1/1000sec). 2023 */ 2024 asoc->cookie_life.tv_sec += stale / 1000; 2025 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2026 break; 2027 2028 case SCTP_PARAM_HOST_NAME_ADDRESS: 2029 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2030 break; 2031 2032 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2033 /* Turn off the default values first so we'll know which 2034 * ones are really set by the peer. 2035 */ 2036 asoc->peer.ipv4_address = 0; 2037 asoc->peer.ipv6_address = 0; 2038 2039 /* Cycle through address types; avoid divide by 0. */ 2040 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2041 if (sat) 2042 sat /= sizeof(__u16); 2043 2044 for (i = 0; i < sat; ++i) { 2045 switch (param.sat->types[i]) { 2046 case SCTP_PARAM_IPV4_ADDRESS: 2047 asoc->peer.ipv4_address = 1; 2048 break; 2049 2050 case SCTP_PARAM_IPV6_ADDRESS: 2051 asoc->peer.ipv6_address = 1; 2052 break; 2053 2054 case SCTP_PARAM_HOST_NAME_ADDRESS: 2055 asoc->peer.hostname_address = 1; 2056 break; 2057 2058 default: /* Just ignore anything else. */ 2059 break; 2060 }; 2061 } 2062 break; 2063 2064 case SCTP_PARAM_STATE_COOKIE: 2065 asoc->peer.cookie_len = 2066 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2067 asoc->peer.cookie = param.cookie->body; 2068 break; 2069 2070 case SCTP_PARAM_HEARTBEAT_INFO: 2071 /* Would be odd to receive, but it causes no problems. */ 2072 break; 2073 2074 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2075 /* Rejected during verify stage. */ 2076 break; 2077 2078 case SCTP_PARAM_ECN_CAPABLE: 2079 asoc->peer.ecn_capable = 1; 2080 break; 2081 2082 case SCTP_PARAM_ADAPTION_LAYER_IND: 2083 asoc->peer.adaption_ind = param.aind->adaption_ind; 2084 break; 2085 2086 case SCTP_PARAM_FWD_TSN_SUPPORT: 2087 if (sctp_prsctp_enable) { 2088 asoc->peer.prsctp_capable = 1; 2089 break; 2090 } 2091 /* Fall Through */ 2092 default: 2093 /* Any unrecognized parameters should have been caught 2094 * and handled by sctp_verify_param() which should be 2095 * called prior to this routine. Simply log the error 2096 * here. 2097 */ 2098 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2099 ntohs(param.p->type), asoc); 2100 break; 2101 }; 2102 2103 return retval; 2104 } 2105 2106 /* Select a new verification tag. */ 2107 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2108 { 2109 /* I believe that this random number generator complies with RFC1750. 2110 * A tag of 0 is reserved for special cases (e.g. INIT). 2111 */ 2112 __u32 x; 2113 2114 do { 2115 get_random_bytes(&x, sizeof(__u32)); 2116 } while (x == 0); 2117 2118 return x; 2119 } 2120 2121 /* Select an initial TSN to send during startup. */ 2122 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2123 { 2124 __u32 retval; 2125 2126 get_random_bytes(&retval, sizeof(__u32)); 2127 return retval; 2128 } 2129 2130 /* 2131 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2132 * 0 1 2 3 2133 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2134 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2135 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2136 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2137 * | Serial Number | 2138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2139 * | Address Parameter | 2140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2141 * | ASCONF Parameter #1 | 2142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2143 * \ \ 2144 * / .... / 2145 * \ \ 2146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2147 * | ASCONF Parameter #N | 2148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2149 * 2150 * Address Parameter and other parameter will not be wrapped in this function 2151 */ 2152 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2153 union sctp_addr *addr, 2154 int vparam_len) 2155 { 2156 sctp_addiphdr_t asconf; 2157 struct sctp_chunk *retval; 2158 int length = sizeof(asconf) + vparam_len; 2159 union sctp_addr_param addrparam; 2160 int addrlen; 2161 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2162 2163 addrlen = af->to_addr_param(addr, &addrparam); 2164 if (!addrlen) 2165 return NULL; 2166 length += addrlen; 2167 2168 /* Create the chunk. */ 2169 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2170 if (!retval) 2171 return NULL; 2172 2173 asconf.serial = htonl(asoc->addip_serial++); 2174 2175 retval->subh.addip_hdr = 2176 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2177 retval->param_hdr.v = 2178 sctp_addto_chunk(retval, addrlen, &addrparam); 2179 2180 return retval; 2181 } 2182 2183 /* ADDIP 2184 * 3.2.1 Add IP Address 2185 * 0 1 2 3 2186 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2187 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2188 * | Type = 0xC001 | Length = Variable | 2189 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2190 * | ASCONF-Request Correlation ID | 2191 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2192 * | Address Parameter | 2193 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2194 * 2195 * 3.2.2 Delete IP Address 2196 * 0 1 2 3 2197 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2198 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2199 * | Type = 0xC002 | Length = Variable | 2200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2201 * | ASCONF-Request Correlation ID | 2202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2203 * | Address Parameter | 2204 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2205 * 2206 */ 2207 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2208 union sctp_addr *laddr, 2209 struct sockaddr *addrs, 2210 int addrcnt, 2211 __u16 flags) 2212 { 2213 sctp_addip_param_t param; 2214 struct sctp_chunk *retval; 2215 union sctp_addr_param addr_param; 2216 union sctp_addr *addr; 2217 void *addr_buf; 2218 struct sctp_af *af; 2219 int paramlen = sizeof(param); 2220 int addr_param_len = 0; 2221 int totallen = 0; 2222 int i; 2223 2224 /* Get total length of all the address parameters. */ 2225 addr_buf = addrs; 2226 for (i = 0; i < addrcnt; i++) { 2227 addr = (union sctp_addr *)addr_buf; 2228 af = sctp_get_af_specific(addr->v4.sin_family); 2229 addr_param_len = af->to_addr_param(addr, &addr_param); 2230 2231 totallen += paramlen; 2232 totallen += addr_param_len; 2233 2234 addr_buf += af->sockaddr_len; 2235 } 2236 2237 /* Create an asconf chunk with the required length. */ 2238 retval = sctp_make_asconf(asoc, laddr, totallen); 2239 if (!retval) 2240 return NULL; 2241 2242 /* Add the address parameters to the asconf chunk. */ 2243 addr_buf = addrs; 2244 for (i = 0; i < addrcnt; i++) { 2245 addr = (union sctp_addr *)addr_buf; 2246 af = sctp_get_af_specific(addr->v4.sin_family); 2247 addr_param_len = af->to_addr_param(addr, &addr_param); 2248 param.param_hdr.type = flags; 2249 param.param_hdr.length = htons(paramlen + addr_param_len); 2250 param.crr_id = i; 2251 2252 sctp_addto_chunk(retval, paramlen, ¶m); 2253 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2254 2255 addr_buf += af->sockaddr_len; 2256 } 2257 return retval; 2258 } 2259 2260 /* ADDIP 2261 * 3.2.4 Set Primary IP Address 2262 * 0 1 2 3 2263 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2264 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2265 * | Type =0xC004 | Length = Variable | 2266 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2267 * | ASCONF-Request Correlation ID | 2268 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2269 * | Address Parameter | 2270 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2271 * 2272 * Create an ASCONF chunk with Set Primary IP address parameter. 2273 */ 2274 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2275 union sctp_addr *addr) 2276 { 2277 sctp_addip_param_t param; 2278 struct sctp_chunk *retval; 2279 int len = sizeof(param); 2280 union sctp_addr_param addrparam; 2281 int addrlen; 2282 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2283 2284 addrlen = af->to_addr_param(addr, &addrparam); 2285 if (!addrlen) 2286 return NULL; 2287 len += addrlen; 2288 2289 /* Create the chunk and make asconf header. */ 2290 retval = sctp_make_asconf(asoc, addr, len); 2291 if (!retval) 2292 return NULL; 2293 2294 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2295 param.param_hdr.length = htons(len); 2296 param.crr_id = 0; 2297 2298 sctp_addto_chunk(retval, sizeof(param), ¶m); 2299 sctp_addto_chunk(retval, addrlen, &addrparam); 2300 2301 return retval; 2302 } 2303 2304 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2305 * 0 1 2 3 2306 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2307 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2308 * | Type = 0x80 | Chunk Flags | Chunk Length | 2309 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2310 * | Serial Number | 2311 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2312 * | ASCONF Parameter Response#1 | 2313 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2314 * \ \ 2315 * / .... / 2316 * \ \ 2317 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2318 * | ASCONF Parameter Response#N | 2319 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2320 * 2321 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2322 */ 2323 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2324 __u32 serial, int vparam_len) 2325 { 2326 sctp_addiphdr_t asconf; 2327 struct sctp_chunk *retval; 2328 int length = sizeof(asconf) + vparam_len; 2329 2330 /* Create the chunk. */ 2331 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2332 if (!retval) 2333 return NULL; 2334 2335 asconf.serial = htonl(serial); 2336 2337 retval->subh.addip_hdr = 2338 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2339 2340 return retval; 2341 } 2342 2343 /* Add response parameters to an ASCONF_ACK chunk. */ 2344 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id, 2345 __u16 err_code, sctp_addip_param_t *asconf_param) 2346 { 2347 sctp_addip_param_t ack_param; 2348 sctp_errhdr_t err_param; 2349 int asconf_param_len = 0; 2350 int err_param_len = 0; 2351 __u16 response_type; 2352 2353 if (SCTP_ERROR_NO_ERROR == err_code) { 2354 response_type = SCTP_PARAM_SUCCESS_REPORT; 2355 } else { 2356 response_type = SCTP_PARAM_ERR_CAUSE; 2357 err_param_len = sizeof(err_param); 2358 if (asconf_param) 2359 asconf_param_len = 2360 ntohs(asconf_param->param_hdr.length); 2361 } 2362 2363 /* Add Success Indication or Error Cause Indication parameter. */ 2364 ack_param.param_hdr.type = response_type; 2365 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2366 err_param_len + 2367 asconf_param_len); 2368 ack_param.crr_id = crr_id; 2369 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2370 2371 if (SCTP_ERROR_NO_ERROR == err_code) 2372 return; 2373 2374 /* Add Error Cause parameter. */ 2375 err_param.cause = err_code; 2376 err_param.length = htons(err_param_len + asconf_param_len); 2377 sctp_addto_chunk(chunk, err_param_len, &err_param); 2378 2379 /* Add the failed TLV copied from ASCONF chunk. */ 2380 if (asconf_param) 2381 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2382 } 2383 2384 /* Process a asconf parameter. */ 2385 static __u16 sctp_process_asconf_param(struct sctp_association *asoc, 2386 struct sctp_chunk *asconf, 2387 sctp_addip_param_t *asconf_param) 2388 { 2389 struct sctp_transport *peer; 2390 struct sctp_af *af; 2391 union sctp_addr addr; 2392 struct list_head *pos; 2393 union sctp_addr_param *addr_param; 2394 2395 addr_param = (union sctp_addr_param *) 2396 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2397 2398 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2399 if (unlikely(!af)) 2400 return SCTP_ERROR_INV_PARAM; 2401 2402 af->from_addr_param(&addr, addr_param, asoc->peer.port, 0); 2403 switch (asconf_param->param_hdr.type) { 2404 case SCTP_PARAM_ADD_IP: 2405 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2406 * request and does not have the local resources to add this 2407 * new address to the association, it MUST return an Error 2408 * Cause TLV set to the new error code 'Operation Refused 2409 * Due to Resource Shortage'. 2410 */ 2411 2412 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_ACTIVE); 2413 if (!peer) 2414 return SCTP_ERROR_RSRC_LOW; 2415 2416 /* Start the heartbeat timer. */ 2417 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2418 sctp_transport_hold(peer); 2419 break; 2420 case SCTP_PARAM_DEL_IP: 2421 /* ADDIP 4.3 D7) If a request is received to delete the 2422 * last remaining IP address of a peer endpoint, the receiver 2423 * MUST send an Error Cause TLV with the error cause set to the 2424 * new error code 'Request to Delete Last Remaining IP Address'. 2425 */ 2426 pos = asoc->peer.transport_addr_list.next; 2427 if (pos->next == &asoc->peer.transport_addr_list) 2428 return SCTP_ERROR_DEL_LAST_IP; 2429 2430 /* ADDIP 4.3 D8) If a request is received to delete an IP 2431 * address which is also the source address of the IP packet 2432 * which contained the ASCONF chunk, the receiver MUST reject 2433 * this request. To reject the request the receiver MUST send 2434 * an Error Cause TLV set to the new error code 'Request to 2435 * Delete Source IP Address' 2436 */ 2437 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2438 return SCTP_ERROR_DEL_SRC_IP; 2439 2440 sctp_assoc_del_peer(asoc, &addr); 2441 break; 2442 case SCTP_PARAM_SET_PRIMARY: 2443 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2444 if (!peer) 2445 return SCTP_ERROR_INV_PARAM; 2446 2447 sctp_assoc_set_primary(asoc, peer); 2448 break; 2449 default: 2450 return SCTP_ERROR_INV_PARAM; 2451 break; 2452 } 2453 2454 return SCTP_ERROR_NO_ERROR; 2455 } 2456 2457 /* Process an incoming ASCONF chunk with the next expected serial no. and 2458 * return an ASCONF_ACK chunk to be sent in response. 2459 */ 2460 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2461 struct sctp_chunk *asconf) 2462 { 2463 sctp_addiphdr_t *hdr; 2464 union sctp_addr_param *addr_param; 2465 sctp_addip_param_t *asconf_param; 2466 struct sctp_chunk *asconf_ack; 2467 2468 __u16 err_code; 2469 int length = 0; 2470 int chunk_len = asconf->skb->len; 2471 __u32 serial; 2472 int all_param_pass = 1; 2473 2474 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2475 serial = ntohl(hdr->serial); 2476 2477 /* Skip the addiphdr and store a pointer to address parameter. */ 2478 length = sizeof(sctp_addiphdr_t); 2479 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2480 chunk_len -= length; 2481 2482 /* Skip the address parameter and store a pointer to the first 2483 * asconf paramter. 2484 */ 2485 length = ntohs(addr_param->v4.param_hdr.length); 2486 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2487 chunk_len -= length; 2488 2489 /* create an ASCONF_ACK chunk. 2490 * Based on the definitions of parameters, we know that the size of 2491 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2492 * paramters. 2493 */ 2494 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2495 if (!asconf_ack) 2496 goto done; 2497 2498 /* Process the TLVs contained within the ASCONF chunk. */ 2499 while (chunk_len > 0) { 2500 err_code = sctp_process_asconf_param(asoc, asconf, 2501 asconf_param); 2502 /* ADDIP 4.1 A7) 2503 * If an error response is received for a TLV parameter, 2504 * all TLVs with no response before the failed TLV are 2505 * considered successful if not reported. All TLVs after 2506 * the failed response are considered unsuccessful unless 2507 * a specific success indication is present for the parameter. 2508 */ 2509 if (SCTP_ERROR_NO_ERROR != err_code) 2510 all_param_pass = 0; 2511 2512 if (!all_param_pass) 2513 sctp_add_asconf_response(asconf_ack, 2514 asconf_param->crr_id, err_code, 2515 asconf_param); 2516 2517 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2518 * an IP address sends an 'Out of Resource' in its response, it 2519 * MUST also fail any subsequent add or delete requests bundled 2520 * in the ASCONF. 2521 */ 2522 if (SCTP_ERROR_RSRC_LOW == err_code) 2523 goto done; 2524 2525 /* Move to the next ASCONF param. */ 2526 length = ntohs(asconf_param->param_hdr.length); 2527 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2528 length); 2529 chunk_len -= length; 2530 } 2531 2532 done: 2533 asoc->peer.addip_serial++; 2534 2535 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2536 * after freeing the reference to old asconf ack if any. 2537 */ 2538 if (asconf_ack) { 2539 if (asoc->addip_last_asconf_ack) 2540 sctp_chunk_free(asoc->addip_last_asconf_ack); 2541 2542 sctp_chunk_hold(asconf_ack); 2543 asoc->addip_last_asconf_ack = asconf_ack; 2544 } 2545 2546 return asconf_ack; 2547 } 2548 2549 /* Process a asconf parameter that is successfully acked. */ 2550 static int sctp_asconf_param_success(struct sctp_association *asoc, 2551 sctp_addip_param_t *asconf_param) 2552 { 2553 struct sctp_af *af; 2554 union sctp_addr addr; 2555 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2556 union sctp_addr_param *addr_param; 2557 struct list_head *pos; 2558 struct sctp_transport *transport; 2559 int retval = 0; 2560 2561 addr_param = (union sctp_addr_param *) 2562 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2563 2564 /* We have checked the packet before, so we do not check again. */ 2565 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2566 af->from_addr_param(&addr, addr_param, bp->port, 0); 2567 2568 switch (asconf_param->param_hdr.type) { 2569 case SCTP_PARAM_ADD_IP: 2570 sctp_local_bh_disable(); 2571 sctp_write_lock(&asoc->base.addr_lock); 2572 retval = sctp_add_bind_addr(bp, &addr, GFP_ATOMIC); 2573 sctp_write_unlock(&asoc->base.addr_lock); 2574 sctp_local_bh_enable(); 2575 break; 2576 case SCTP_PARAM_DEL_IP: 2577 sctp_local_bh_disable(); 2578 sctp_write_lock(&asoc->base.addr_lock); 2579 retval = sctp_del_bind_addr(bp, &addr); 2580 sctp_write_unlock(&asoc->base.addr_lock); 2581 sctp_local_bh_enable(); 2582 list_for_each(pos, &asoc->peer.transport_addr_list) { 2583 transport = list_entry(pos, struct sctp_transport, 2584 transports); 2585 sctp_transport_route(transport, NULL, 2586 sctp_sk(asoc->base.sk)); 2587 } 2588 break; 2589 default: 2590 break; 2591 } 2592 2593 return retval; 2594 } 2595 2596 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2597 * for the given asconf parameter. If there is no response for this parameter, 2598 * return the error code based on the third argument 'no_err'. 2599 * ADDIP 4.1 2600 * A7) If an error response is received for a TLV parameter, all TLVs with no 2601 * response before the failed TLV are considered successful if not reported. 2602 * All TLVs after the failed response are considered unsuccessful unless a 2603 * specific success indication is present for the parameter. 2604 */ 2605 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2606 sctp_addip_param_t *asconf_param, 2607 int no_err) 2608 { 2609 sctp_addip_param_t *asconf_ack_param; 2610 sctp_errhdr_t *err_param; 2611 int length; 2612 int asconf_ack_len = asconf_ack->skb->len; 2613 __u16 err_code; 2614 2615 if (no_err) 2616 err_code = SCTP_ERROR_NO_ERROR; 2617 else 2618 err_code = SCTP_ERROR_REQ_REFUSED; 2619 2620 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2621 * the first asconf_ack parameter. 2622 */ 2623 length = sizeof(sctp_addiphdr_t); 2624 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2625 length); 2626 asconf_ack_len -= length; 2627 2628 while (asconf_ack_len > 0) { 2629 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2630 switch(asconf_ack_param->param_hdr.type) { 2631 case SCTP_PARAM_SUCCESS_REPORT: 2632 return SCTP_ERROR_NO_ERROR; 2633 case SCTP_PARAM_ERR_CAUSE: 2634 length = sizeof(sctp_addip_param_t); 2635 err_param = (sctp_errhdr_t *) 2636 ((void *)asconf_ack_param + length); 2637 asconf_ack_len -= length; 2638 if (asconf_ack_len > 0) 2639 return err_param->cause; 2640 else 2641 return SCTP_ERROR_INV_PARAM; 2642 break; 2643 default: 2644 return SCTP_ERROR_INV_PARAM; 2645 } 2646 } 2647 2648 length = ntohs(asconf_ack_param->param_hdr.length); 2649 asconf_ack_param = (sctp_addip_param_t *) 2650 ((void *)asconf_ack_param + length); 2651 asconf_ack_len -= length; 2652 } 2653 2654 return err_code; 2655 } 2656 2657 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2658 int sctp_process_asconf_ack(struct sctp_association *asoc, 2659 struct sctp_chunk *asconf_ack) 2660 { 2661 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2662 union sctp_addr_param *addr_param; 2663 sctp_addip_param_t *asconf_param; 2664 int length = 0; 2665 int asconf_len = asconf->skb->len; 2666 int all_param_pass = 0; 2667 int no_err = 1; 2668 int retval = 0; 2669 __u16 err_code = SCTP_ERROR_NO_ERROR; 2670 2671 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2672 * a pointer to address parameter. 2673 */ 2674 length = sizeof(sctp_addip_chunk_t); 2675 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2676 asconf_len -= length; 2677 2678 /* Skip the address parameter in the last asconf sent and store a 2679 * pointer to the first asconf paramter. 2680 */ 2681 length = ntohs(addr_param->v4.param_hdr.length); 2682 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2683 asconf_len -= length; 2684 2685 /* ADDIP 4.1 2686 * A8) If there is no response(s) to specific TLV parameter(s), and no 2687 * failures are indicated, then all request(s) are considered 2688 * successful. 2689 */ 2690 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2691 all_param_pass = 1; 2692 2693 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2694 while (asconf_len > 0) { 2695 if (all_param_pass) 2696 err_code = SCTP_ERROR_NO_ERROR; 2697 else { 2698 err_code = sctp_get_asconf_response(asconf_ack, 2699 asconf_param, 2700 no_err); 2701 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2702 no_err = 0; 2703 } 2704 2705 switch (err_code) { 2706 case SCTP_ERROR_NO_ERROR: 2707 retval = sctp_asconf_param_success(asoc, asconf_param); 2708 break; 2709 2710 case SCTP_ERROR_RSRC_LOW: 2711 retval = 1; 2712 break; 2713 2714 case SCTP_ERROR_INV_PARAM: 2715 /* Disable sending this type of asconf parameter in 2716 * future. 2717 */ 2718 asoc->peer.addip_disabled_mask |= 2719 asconf_param->param_hdr.type; 2720 break; 2721 2722 case SCTP_ERROR_REQ_REFUSED: 2723 case SCTP_ERROR_DEL_LAST_IP: 2724 case SCTP_ERROR_DEL_SRC_IP: 2725 default: 2726 break; 2727 } 2728 2729 /* Skip the processed asconf parameter and move to the next 2730 * one. 2731 */ 2732 length = ntohs(asconf_param->param_hdr.length); 2733 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2734 length); 2735 asconf_len -= length; 2736 } 2737 2738 /* Free the cached last sent asconf chunk. */ 2739 sctp_chunk_free(asconf); 2740 asoc->addip_last_asconf = NULL; 2741 2742 /* Send the next asconf chunk from the addip chunk queue. */ 2743 if (!list_empty(&asoc->addip_chunk_list)) { 2744 struct list_head *entry = asoc->addip_chunk_list.next; 2745 asconf = list_entry(entry, struct sctp_chunk, list); 2746 2747 list_del_init(entry); 2748 2749 /* Hold the chunk until an ASCONF_ACK is received. */ 2750 sctp_chunk_hold(asconf); 2751 if (sctp_primitive_ASCONF(asoc, asconf)) 2752 sctp_chunk_free(asconf); 2753 else 2754 asoc->addip_last_asconf = asconf; 2755 } 2756 2757 return retval; 2758 } 2759 2760 /* Make a FWD TSN chunk. */ 2761 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2762 __u32 new_cum_tsn, size_t nstreams, 2763 struct sctp_fwdtsn_skip *skiplist) 2764 { 2765 struct sctp_chunk *retval = NULL; 2766 struct sctp_fwdtsn_chunk *ftsn_chunk; 2767 struct sctp_fwdtsn_hdr ftsn_hdr; 2768 struct sctp_fwdtsn_skip skip; 2769 size_t hint; 2770 int i; 2771 2772 hint = (nstreams + 1) * sizeof(__u32); 2773 2774 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2775 2776 if (!retval) 2777 return NULL; 2778 2779 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2780 2781 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2782 retval->subh.fwdtsn_hdr = 2783 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2784 2785 for (i = 0; i < nstreams; i++) { 2786 skip.stream = skiplist[i].stream; 2787 skip.ssn = skiplist[i].ssn; 2788 sctp_addto_chunk(retval, sizeof(skip), &skip); 2789 } 2790 2791 return retval; 2792 } 2793