1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <linux/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 SCTP_STATIC 69 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen); 71 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 72 const struct sctp_association *asoc, 73 const struct sctp_chunk *init_chunk, 74 int *cookie_len, 75 const __u8 *raw_addrs, int addrs_len); 76 static int sctp_process_param(struct sctp_association *asoc, 77 union sctp_params param, 78 const union sctp_addr *peer_addr, 79 gfp_t gfp); 80 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 81 const void *data); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 115 size_t paylen) 116 { 117 sctp_errhdr_t err; 118 __u16 len; 119 120 /* Cause code constants are now defined in network order. */ 121 err.cause = cause_code; 122 len = sizeof(sctp_errhdr_t) + paylen; 123 err.length = htons(len); 124 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 125 } 126 127 /* 3.3.2 Initiation (INIT) (1) 128 * 129 * This chunk is used to initiate a SCTP association between two 130 * endpoints. The format of the INIT chunk is shown below: 131 * 132 * 0 1 2 3 133 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 134 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 * | Type = 1 | Chunk Flags | Chunk Length | 136 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 137 * | Initiate Tag | 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Advertised Receiver Window Credit (a_rwnd) | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Number of Outbound Streams | Number of Inbound Streams | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Initial TSN | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * \ \ 146 * / Optional/Variable-Length Parameters / 147 * \ \ 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * 150 * 151 * The INIT chunk contains the following parameters. Unless otherwise 152 * noted, each parameter MUST only be included once in the INIT chunk. 153 * 154 * Fixed Parameters Status 155 * ---------------------------------------------- 156 * Initiate Tag Mandatory 157 * Advertised Receiver Window Credit Mandatory 158 * Number of Outbound Streams Mandatory 159 * Number of Inbound Streams Mandatory 160 * Initial TSN Mandatory 161 * 162 * Variable Parameters Status Type Value 163 * ------------------------------------------------------------- 164 * IPv4 Address (Note 1) Optional 5 165 * IPv6 Address (Note 1) Optional 6 166 * Cookie Preservative Optional 9 167 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 168 * Host Name Address (Note 3) Optional 11 169 * Supported Address Types (Note 4) Optional 12 170 */ 171 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 172 const struct sctp_bind_addr *bp, 173 gfp_t gfp, int vparam_len) 174 { 175 sctp_inithdr_t init; 176 union sctp_params addrs; 177 size_t chunksize; 178 struct sctp_chunk *retval = NULL; 179 int num_types, addrs_len = 0; 180 struct sctp_sock *sp; 181 sctp_supported_addrs_param_t sat; 182 __be16 types[2]; 183 sctp_adaptation_ind_param_t aiparam; 184 sctp_supported_ext_param_t ext_param; 185 int num_ext = 0; 186 __u8 extensions[3]; 187 sctp_paramhdr_t *auth_chunks = NULL, 188 *auth_hmacs = NULL; 189 190 /* RFC 2960 3.3.2 Initiation (INIT) (1) 191 * 192 * Note 1: The INIT chunks can contain multiple addresses that 193 * can be IPv4 and/or IPv6 in any combination. 194 */ 195 retval = NULL; 196 197 /* Convert the provided bind address list to raw format. */ 198 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 199 200 init.init_tag = htonl(asoc->c.my_vtag); 201 init.a_rwnd = htonl(asoc->rwnd); 202 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 203 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 204 init.initial_tsn = htonl(asoc->c.initial_tsn); 205 206 /* How many address types are needed? */ 207 sp = sctp_sk(asoc->base.sk); 208 num_types = sp->pf->supported_addrs(sp, types); 209 210 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 211 chunksize += sizeof(ecap_param); 212 213 if (sctp_prsctp_enable) 214 chunksize += sizeof(prsctp_param); 215 216 /* ADDIP: Section 4.2.7: 217 * An implementation supporting this extension [ADDIP] MUST list 218 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 219 * INIT-ACK parameters. 220 */ 221 if (sctp_addip_enable) { 222 extensions[num_ext] = SCTP_CID_ASCONF; 223 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 224 num_ext += 2; 225 } 226 227 chunksize += sizeof(aiparam); 228 chunksize += vparam_len; 229 230 /* Account for AUTH related parameters */ 231 if (sctp_auth_enable) { 232 /* Add random parameter length*/ 233 chunksize += sizeof(asoc->c.auth_random); 234 235 /* Add HMACS parameter length if any were defined */ 236 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 237 if (auth_hmacs->length) 238 chunksize += ntohs(auth_hmacs->length); 239 else 240 auth_hmacs = NULL; 241 242 /* Add CHUNKS parameter length */ 243 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 244 if (auth_chunks->length) 245 chunksize += ntohs(auth_chunks->length); 246 else 247 auth_chunks = NULL; 248 249 extensions[num_ext] = SCTP_CID_AUTH; 250 num_ext += 1; 251 } 252 253 /* If we have any extensions to report, account for that */ 254 if (num_ext) 255 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 256 257 /* RFC 2960 3.3.2 Initiation (INIT) (1) 258 * 259 * Note 3: An INIT chunk MUST NOT contain more than one Host 260 * Name address parameter. Moreover, the sender of the INIT 261 * MUST NOT combine any other address types with the Host Name 262 * address in the INIT. The receiver of INIT MUST ignore any 263 * other address types if the Host Name address parameter is 264 * present in the received INIT chunk. 265 * 266 * PLEASE DO NOT FIXME [This version does not support Host Name.] 267 */ 268 269 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 270 if (!retval) 271 goto nodata; 272 273 retval->subh.init_hdr = 274 sctp_addto_chunk(retval, sizeof(init), &init); 275 retval->param_hdr.v = 276 sctp_addto_chunk(retval, addrs_len, addrs.v); 277 278 /* RFC 2960 3.3.2 Initiation (INIT) (1) 279 * 280 * Note 4: This parameter, when present, specifies all the 281 * address types the sending endpoint can support. The absence 282 * of this parameter indicates that the sending endpoint can 283 * support any address type. 284 */ 285 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 286 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 287 sctp_addto_chunk(retval, sizeof(sat), &sat); 288 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 289 290 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 291 292 /* Add the supported extensions parameter. Be nice and add this 293 * fist before addiding the parameters for the extensions themselves 294 */ 295 if (num_ext) { 296 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 297 ext_param.param_hdr.length = 298 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 299 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 300 &ext_param); 301 sctp_addto_param(retval, num_ext, extensions); 302 } 303 304 if (sctp_prsctp_enable) 305 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 306 307 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 308 aiparam.param_hdr.length = htons(sizeof(aiparam)); 309 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 310 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 311 312 /* Add SCTP-AUTH chunks to the parameter list */ 313 if (sctp_auth_enable) { 314 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 315 asoc->c.auth_random); 316 if (auth_hmacs) 317 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 318 auth_hmacs); 319 if (auth_chunks) 320 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 321 auth_chunks); 322 } 323 nodata: 324 kfree(addrs.v); 325 return retval; 326 } 327 328 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 329 const struct sctp_chunk *chunk, 330 gfp_t gfp, int unkparam_len) 331 { 332 sctp_inithdr_t initack; 333 struct sctp_chunk *retval; 334 union sctp_params addrs; 335 int addrs_len; 336 sctp_cookie_param_t *cookie; 337 int cookie_len; 338 size_t chunksize; 339 sctp_adaptation_ind_param_t aiparam; 340 sctp_supported_ext_param_t ext_param; 341 int num_ext = 0; 342 __u8 extensions[3]; 343 sctp_paramhdr_t *auth_chunks = NULL, 344 *auth_hmacs = NULL, 345 *auth_random = NULL; 346 347 retval = NULL; 348 349 /* Note: there may be no addresses to embed. */ 350 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 351 352 initack.init_tag = htonl(asoc->c.my_vtag); 353 initack.a_rwnd = htonl(asoc->rwnd); 354 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 355 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 356 initack.initial_tsn = htonl(asoc->c.initial_tsn); 357 358 /* FIXME: We really ought to build the cookie right 359 * into the packet instead of allocating more fresh memory. 360 */ 361 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 362 addrs.v, addrs_len); 363 if (!cookie) 364 goto nomem_cookie; 365 366 /* Calculate the total size of allocation, include the reserved 367 * space for reporting unknown parameters if it is specified. 368 */ 369 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 370 371 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 372 if (asoc->peer.ecn_capable) 373 chunksize += sizeof(ecap_param); 374 375 if (sctp_prsctp_enable) 376 chunksize += sizeof(prsctp_param); 377 378 if (sctp_addip_enable) { 379 extensions[num_ext] = SCTP_CID_ASCONF; 380 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 381 num_ext += 2; 382 } 383 384 chunksize += sizeof(aiparam); 385 386 if (asoc->peer.auth_capable) { 387 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 388 chunksize += ntohs(auth_random->length); 389 390 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 391 if (auth_hmacs->length) 392 chunksize += ntohs(auth_hmacs->length); 393 else 394 auth_hmacs = NULL; 395 396 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 397 if (auth_chunks->length) 398 chunksize += ntohs(auth_chunks->length); 399 else 400 auth_chunks = NULL; 401 402 extensions[num_ext] = SCTP_CID_AUTH; 403 num_ext += 1; 404 } 405 406 if (num_ext) 407 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 408 409 /* Now allocate and fill out the chunk. */ 410 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 411 if (!retval) 412 goto nomem_chunk; 413 414 /* Per the advice in RFC 2960 6.4, send this reply to 415 * the source of the INIT packet. 416 */ 417 retval->transport = chunk->transport; 418 retval->subh.init_hdr = 419 sctp_addto_chunk(retval, sizeof(initack), &initack); 420 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 421 sctp_addto_chunk(retval, cookie_len, cookie); 422 if (asoc->peer.ecn_capable) 423 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 424 if (num_ext) { 425 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 426 ext_param.param_hdr.length = 427 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 428 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 429 &ext_param); 430 sctp_addto_param(retval, num_ext, extensions); 431 } 432 if (asoc->peer.prsctp_capable) 433 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 434 435 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 436 aiparam.param_hdr.length = htons(sizeof(aiparam)); 437 aiparam.adaptation_ind = htonl(sctp_sk(asoc->base.sk)->adaptation_ind); 438 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 439 440 if (asoc->peer.auth_capable) { 441 sctp_addto_chunk(retval, ntohs(auth_random->length), 442 auth_random); 443 if (auth_hmacs) 444 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 445 auth_hmacs); 446 if (auth_chunks) 447 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 448 auth_chunks); 449 } 450 451 /* We need to remove the const qualifier at this point. */ 452 retval->asoc = (struct sctp_association *) asoc; 453 454 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 455 * 456 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 457 * HEARTBEAT ACK, * etc.) to the same destination transport 458 * address from which it received the DATA or control chunk 459 * to which it is replying. 460 * 461 * [INIT ACK back to where the INIT came from.] 462 */ 463 if (chunk) 464 retval->transport = chunk->transport; 465 466 nomem_chunk: 467 kfree(cookie); 468 nomem_cookie: 469 kfree(addrs.v); 470 return retval; 471 } 472 473 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 474 * 475 * This chunk is used only during the initialization of an association. 476 * It is sent by the initiator of an association to its peer to complete 477 * the initialization process. This chunk MUST precede any DATA chunk 478 * sent within the association, but MAY be bundled with one or more DATA 479 * chunks in the same packet. 480 * 481 * 0 1 2 3 482 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 483 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 484 * | Type = 10 |Chunk Flags | Length | 485 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 486 * / Cookie / 487 * \ \ 488 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 489 * 490 * Chunk Flags: 8 bit 491 * 492 * Set to zero on transmit and ignored on receipt. 493 * 494 * Length: 16 bits (unsigned integer) 495 * 496 * Set to the size of the chunk in bytes, including the 4 bytes of 497 * the chunk header and the size of the Cookie. 498 * 499 * Cookie: variable size 500 * 501 * This field must contain the exact cookie received in the 502 * State Cookie parameter from the previous INIT ACK. 503 * 504 * An implementation SHOULD make the cookie as small as possible 505 * to insure interoperability. 506 */ 507 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 508 const struct sctp_chunk *chunk) 509 { 510 struct sctp_chunk *retval; 511 void *cookie; 512 int cookie_len; 513 514 cookie = asoc->peer.cookie; 515 cookie_len = asoc->peer.cookie_len; 516 517 /* Build a cookie echo chunk. */ 518 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 519 if (!retval) 520 goto nodata; 521 retval->subh.cookie_hdr = 522 sctp_addto_chunk(retval, cookie_len, cookie); 523 524 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 525 * 526 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 527 * HEARTBEAT ACK, * etc.) to the same destination transport 528 * address from which it * received the DATA or control chunk 529 * to which it is replying. 530 * 531 * [COOKIE ECHO back to where the INIT ACK came from.] 532 */ 533 if (chunk) 534 retval->transport = chunk->transport; 535 536 nodata: 537 return retval; 538 } 539 540 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 541 * 542 * This chunk is used only during the initialization of an 543 * association. It is used to acknowledge the receipt of a COOKIE 544 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 545 * within the association, but MAY be bundled with one or more DATA 546 * chunks or SACK chunk in the same SCTP packet. 547 * 548 * 0 1 2 3 549 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 550 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 551 * | Type = 11 |Chunk Flags | Length = 4 | 552 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 553 * 554 * Chunk Flags: 8 bits 555 * 556 * Set to zero on transmit and ignored on receipt. 557 */ 558 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 559 const struct sctp_chunk *chunk) 560 { 561 struct sctp_chunk *retval; 562 563 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 564 565 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 566 * 567 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 568 * HEARTBEAT ACK, * etc.) to the same destination transport 569 * address from which it * received the DATA or control chunk 570 * to which it is replying. 571 * 572 * [COOKIE ACK back to where the COOKIE ECHO came from.] 573 */ 574 if (retval && chunk) 575 retval->transport = chunk->transport; 576 577 return retval; 578 } 579 580 /* 581 * Appendix A: Explicit Congestion Notification: 582 * CWR: 583 * 584 * RFC 2481 details a specific bit for a sender to send in the header of 585 * its next outbound TCP segment to indicate to its peer that it has 586 * reduced its congestion window. This is termed the CWR bit. For 587 * SCTP the same indication is made by including the CWR chunk. 588 * This chunk contains one data element, i.e. the TSN number that 589 * was sent in the ECNE chunk. This element represents the lowest 590 * TSN number in the datagram that was originally marked with the 591 * CE bit. 592 * 593 * 0 1 2 3 594 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 595 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 596 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 597 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 598 * | Lowest TSN Number | 599 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 600 * 601 * Note: The CWR is considered a Control chunk. 602 */ 603 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 604 const __u32 lowest_tsn, 605 const struct sctp_chunk *chunk) 606 { 607 struct sctp_chunk *retval; 608 sctp_cwrhdr_t cwr; 609 610 cwr.lowest_tsn = htonl(lowest_tsn); 611 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 612 sizeof(sctp_cwrhdr_t)); 613 614 if (!retval) 615 goto nodata; 616 617 retval->subh.ecn_cwr_hdr = 618 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 619 620 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 621 * 622 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 623 * HEARTBEAT ACK, * etc.) to the same destination transport 624 * address from which it * received the DATA or control chunk 625 * to which it is replying. 626 * 627 * [Report a reduced congestion window back to where the ECNE 628 * came from.] 629 */ 630 if (chunk) 631 retval->transport = chunk->transport; 632 633 nodata: 634 return retval; 635 } 636 637 /* Make an ECNE chunk. This is a congestion experienced report. */ 638 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 639 const __u32 lowest_tsn) 640 { 641 struct sctp_chunk *retval; 642 sctp_ecnehdr_t ecne; 643 644 ecne.lowest_tsn = htonl(lowest_tsn); 645 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 646 sizeof(sctp_ecnehdr_t)); 647 if (!retval) 648 goto nodata; 649 retval->subh.ecne_hdr = 650 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 651 652 nodata: 653 return retval; 654 } 655 656 /* Make a DATA chunk for the given association from the provided 657 * parameters. However, do not populate the data payload. 658 */ 659 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 660 const struct sctp_sndrcvinfo *sinfo, 661 int data_len, __u8 flags, __u16 ssn) 662 { 663 struct sctp_chunk *retval; 664 struct sctp_datahdr dp; 665 int chunk_len; 666 667 /* We assign the TSN as LATE as possible, not here when 668 * creating the chunk. 669 */ 670 dp.tsn = 0; 671 dp.stream = htons(sinfo->sinfo_stream); 672 dp.ppid = sinfo->sinfo_ppid; 673 674 /* Set the flags for an unordered send. */ 675 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 676 flags |= SCTP_DATA_UNORDERED; 677 dp.ssn = 0; 678 } else 679 dp.ssn = htons(ssn); 680 681 chunk_len = sizeof(dp) + data_len; 682 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 683 if (!retval) 684 goto nodata; 685 686 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 687 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 688 689 nodata: 690 return retval; 691 } 692 693 /* Create a selective ackowledgement (SACK) for the given 694 * association. This reports on which TSN's we've seen to date, 695 * including duplicates and gaps. 696 */ 697 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 698 { 699 struct sctp_chunk *retval; 700 struct sctp_sackhdr sack; 701 int len; 702 __u32 ctsn; 703 __u16 num_gabs, num_dup_tsns; 704 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 705 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 706 707 memset(gabs, 0, sizeof(gabs)); 708 ctsn = sctp_tsnmap_get_ctsn(map); 709 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 710 711 /* How much room is needed in the chunk? */ 712 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 713 num_dup_tsns = sctp_tsnmap_num_dups(map); 714 715 /* Initialize the SACK header. */ 716 sack.cum_tsn_ack = htonl(ctsn); 717 sack.a_rwnd = htonl(asoc->a_rwnd); 718 sack.num_gap_ack_blocks = htons(num_gabs); 719 sack.num_dup_tsns = htons(num_dup_tsns); 720 721 len = sizeof(sack) 722 + sizeof(struct sctp_gap_ack_block) * num_gabs 723 + sizeof(__u32) * num_dup_tsns; 724 725 /* Create the chunk. */ 726 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 727 if (!retval) 728 goto nodata; 729 730 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 731 * 732 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 733 * HEARTBEAT ACK, etc.) to the same destination transport 734 * address from which it received the DATA or control chunk to 735 * which it is replying. This rule should also be followed if 736 * the endpoint is bundling DATA chunks together with the 737 * reply chunk. 738 * 739 * However, when acknowledging multiple DATA chunks received 740 * in packets from different source addresses in a single 741 * SACK, the SACK chunk may be transmitted to one of the 742 * destination transport addresses from which the DATA or 743 * control chunks being acknowledged were received. 744 * 745 * [BUG: We do not implement the following paragraph. 746 * Perhaps we should remember the last transport we used for a 747 * SACK and avoid that (if possible) if we have seen any 748 * duplicates. --piggy] 749 * 750 * When a receiver of a duplicate DATA chunk sends a SACK to a 751 * multi- homed endpoint it MAY be beneficial to vary the 752 * destination address and not use the source address of the 753 * DATA chunk. The reason being that receiving a duplicate 754 * from a multi-homed endpoint might indicate that the return 755 * path (as specified in the source address of the DATA chunk) 756 * for the SACK is broken. 757 * 758 * [Send to the address from which we last received a DATA chunk.] 759 */ 760 retval->transport = asoc->peer.last_data_from; 761 762 retval->subh.sack_hdr = 763 sctp_addto_chunk(retval, sizeof(sack), &sack); 764 765 /* Add the gap ack block information. */ 766 if (num_gabs) 767 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 768 gabs); 769 770 /* Add the duplicate TSN information. */ 771 if (num_dup_tsns) 772 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 773 sctp_tsnmap_get_dups(map)); 774 775 nodata: 776 return retval; 777 } 778 779 /* Make a SHUTDOWN chunk. */ 780 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 781 const struct sctp_chunk *chunk) 782 { 783 struct sctp_chunk *retval; 784 sctp_shutdownhdr_t shut; 785 __u32 ctsn; 786 787 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 788 shut.cum_tsn_ack = htonl(ctsn); 789 790 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 791 sizeof(sctp_shutdownhdr_t)); 792 if (!retval) 793 goto nodata; 794 795 retval->subh.shutdown_hdr = 796 sctp_addto_chunk(retval, sizeof(shut), &shut); 797 798 if (chunk) 799 retval->transport = chunk->transport; 800 nodata: 801 return retval; 802 } 803 804 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 805 const struct sctp_chunk *chunk) 806 { 807 struct sctp_chunk *retval; 808 809 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 810 811 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 812 * 813 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 814 * HEARTBEAT ACK, * etc.) to the same destination transport 815 * address from which it * received the DATA or control chunk 816 * to which it is replying. 817 * 818 * [ACK back to where the SHUTDOWN came from.] 819 */ 820 if (retval && chunk) 821 retval->transport = chunk->transport; 822 823 return retval; 824 } 825 826 struct sctp_chunk *sctp_make_shutdown_complete( 827 const struct sctp_association *asoc, 828 const struct sctp_chunk *chunk) 829 { 830 struct sctp_chunk *retval; 831 __u8 flags = 0; 832 833 /* Set the T-bit if we have no association (vtag will be 834 * reflected) 835 */ 836 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 837 838 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 839 840 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 841 * 842 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 843 * HEARTBEAT ACK, * etc.) to the same destination transport 844 * address from which it * received the DATA or control chunk 845 * to which it is replying. 846 * 847 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 848 * came from.] 849 */ 850 if (retval && chunk) 851 retval->transport = chunk->transport; 852 853 return retval; 854 } 855 856 /* Create an ABORT. Note that we set the T bit if we have no 857 * association, except when responding to an INIT (sctpimpguide 2.41). 858 */ 859 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 860 const struct sctp_chunk *chunk, 861 const size_t hint) 862 { 863 struct sctp_chunk *retval; 864 __u8 flags = 0; 865 866 /* Set the T-bit if we have no association and 'chunk' is not 867 * an INIT (vtag will be reflected). 868 */ 869 if (!asoc) { 870 if (chunk && chunk->chunk_hdr && 871 chunk->chunk_hdr->type == SCTP_CID_INIT) 872 flags = 0; 873 else 874 flags = SCTP_CHUNK_FLAG_T; 875 } 876 877 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 878 879 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 880 * 881 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 882 * HEARTBEAT ACK, * etc.) to the same destination transport 883 * address from which it * received the DATA or control chunk 884 * to which it is replying. 885 * 886 * [ABORT back to where the offender came from.] 887 */ 888 if (retval && chunk) 889 retval->transport = chunk->transport; 890 891 return retval; 892 } 893 894 /* Helper to create ABORT with a NO_USER_DATA error. */ 895 struct sctp_chunk *sctp_make_abort_no_data( 896 const struct sctp_association *asoc, 897 const struct sctp_chunk *chunk, __u32 tsn) 898 { 899 struct sctp_chunk *retval; 900 __be32 payload; 901 902 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 903 + sizeof(tsn)); 904 905 if (!retval) 906 goto no_mem; 907 908 /* Put the tsn back into network byte order. */ 909 payload = htonl(tsn); 910 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 911 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 912 913 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 914 * 915 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 916 * HEARTBEAT ACK, * etc.) to the same destination transport 917 * address from which it * received the DATA or control chunk 918 * to which it is replying. 919 * 920 * [ABORT back to where the offender came from.] 921 */ 922 if (chunk) 923 retval->transport = chunk->transport; 924 925 no_mem: 926 return retval; 927 } 928 929 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 930 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 931 const struct msghdr *msg, 932 size_t paylen) 933 { 934 struct sctp_chunk *retval; 935 void *payload = NULL; 936 int err; 937 938 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 939 if (!retval) 940 goto err_chunk; 941 942 if (paylen) { 943 /* Put the msg_iov together into payload. */ 944 payload = kmalloc(paylen, GFP_KERNEL); 945 if (!payload) 946 goto err_payload; 947 948 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 949 if (err < 0) 950 goto err_copy; 951 } 952 953 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 954 sctp_addto_chunk(retval, paylen, payload); 955 956 if (paylen) 957 kfree(payload); 958 959 return retval; 960 961 err_copy: 962 kfree(payload); 963 err_payload: 964 sctp_chunk_free(retval); 965 retval = NULL; 966 err_chunk: 967 return retval; 968 } 969 970 /* Append bytes to the end of a parameter. Will panic if chunk is not big 971 * enough. 972 */ 973 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 974 const void *data) 975 { 976 void *target; 977 int chunklen = ntohs(chunk->chunk_hdr->length); 978 979 target = skb_put(chunk->skb, len); 980 981 memcpy(target, data, len); 982 983 /* Adjust the chunk length field. */ 984 chunk->chunk_hdr->length = htons(chunklen + len); 985 chunk->chunk_end = skb_tail_pointer(chunk->skb); 986 987 return target; 988 } 989 990 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 991 struct sctp_chunk *sctp_make_abort_violation( 992 const struct sctp_association *asoc, 993 const struct sctp_chunk *chunk, 994 const __u8 *payload, 995 const size_t paylen) 996 { 997 struct sctp_chunk *retval; 998 struct sctp_paramhdr phdr; 999 1000 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1001 + sizeof(sctp_paramhdr_t)); 1002 if (!retval) 1003 goto end; 1004 1005 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1006 + sizeof(sctp_paramhdr_t)); 1007 1008 phdr.type = htons(chunk->chunk_hdr->type); 1009 phdr.length = chunk->chunk_hdr->length; 1010 sctp_addto_chunk(retval, paylen, payload); 1011 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1012 1013 end: 1014 return retval; 1015 } 1016 1017 struct sctp_chunk *sctp_make_violation_paramlen( 1018 const struct sctp_association *asoc, 1019 const struct sctp_chunk *chunk, 1020 struct sctp_paramhdr *param) 1021 { 1022 struct sctp_chunk *retval; 1023 static const char error[] = "The following parameter had invalid length:"; 1024 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1025 sizeof(sctp_paramhdr_t); 1026 1027 retval = sctp_make_abort(asoc, chunk, payload_len); 1028 if (!retval) 1029 goto nodata; 1030 1031 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1032 sizeof(error) + sizeof(sctp_paramhdr_t)); 1033 sctp_addto_chunk(retval, sizeof(error), error); 1034 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1035 1036 nodata: 1037 return retval; 1038 } 1039 1040 /* Make a HEARTBEAT chunk. */ 1041 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1042 const struct sctp_transport *transport, 1043 const void *payload, const size_t paylen) 1044 { 1045 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1046 0, paylen); 1047 1048 if (!retval) 1049 goto nodata; 1050 1051 /* Cast away the 'const', as this is just telling the chunk 1052 * what transport it belongs to. 1053 */ 1054 retval->transport = (struct sctp_transport *) transport; 1055 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1056 1057 nodata: 1058 return retval; 1059 } 1060 1061 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1062 const struct sctp_chunk *chunk, 1063 const void *payload, const size_t paylen) 1064 { 1065 struct sctp_chunk *retval; 1066 1067 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1068 if (!retval) 1069 goto nodata; 1070 1071 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1072 1073 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1074 * 1075 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1076 * HEARTBEAT ACK, * etc.) to the same destination transport 1077 * address from which it * received the DATA or control chunk 1078 * to which it is replying. 1079 * 1080 * [HBACK back to where the HEARTBEAT came from.] 1081 */ 1082 if (chunk) 1083 retval->transport = chunk->transport; 1084 1085 nodata: 1086 return retval; 1087 } 1088 1089 /* Create an Operation Error chunk with the specified space reserved. 1090 * This routine can be used for containing multiple causes in the chunk. 1091 */ 1092 static struct sctp_chunk *sctp_make_op_error_space( 1093 const struct sctp_association *asoc, 1094 const struct sctp_chunk *chunk, 1095 size_t size) 1096 { 1097 struct sctp_chunk *retval; 1098 1099 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1100 sizeof(sctp_errhdr_t) + size); 1101 if (!retval) 1102 goto nodata; 1103 1104 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1105 * 1106 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1107 * HEARTBEAT ACK, etc.) to the same destination transport 1108 * address from which it received the DATA or control chunk 1109 * to which it is replying. 1110 * 1111 */ 1112 if (chunk) 1113 retval->transport = chunk->transport; 1114 1115 nodata: 1116 return retval; 1117 } 1118 1119 /* Create an Operation Error chunk. */ 1120 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1121 const struct sctp_chunk *chunk, 1122 __be16 cause_code, const void *payload, 1123 size_t paylen) 1124 { 1125 struct sctp_chunk *retval; 1126 1127 retval = sctp_make_op_error_space(asoc, chunk, paylen); 1128 if (!retval) 1129 goto nodata; 1130 1131 sctp_init_cause(retval, cause_code, paylen); 1132 sctp_addto_chunk(retval, paylen, payload); 1133 1134 nodata: 1135 return retval; 1136 } 1137 1138 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1139 { 1140 struct sctp_chunk *retval; 1141 struct sctp_hmac *hmac_desc; 1142 struct sctp_authhdr auth_hdr; 1143 __u8 *hmac; 1144 1145 /* Get the first hmac that the peer told us to use */ 1146 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1147 if (unlikely(!hmac_desc)) 1148 return NULL; 1149 1150 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1151 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1152 if (!retval) 1153 return NULL; 1154 1155 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1156 auth_hdr.shkey_id = htons(asoc->active_key_id); 1157 1158 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1159 &auth_hdr); 1160 1161 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1162 memset(hmac, 0, hmac_desc->hmac_len); 1163 1164 /* Adjust the chunk header to include the empty MAC */ 1165 retval->chunk_hdr->length = 1166 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1167 retval->chunk_end = skb_tail_pointer(retval->skb); 1168 1169 return retval; 1170 } 1171 1172 1173 /******************************************************************** 1174 * 2nd Level Abstractions 1175 ********************************************************************/ 1176 1177 /* Turn an skb into a chunk. 1178 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1179 */ 1180 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1181 const struct sctp_association *asoc, 1182 struct sock *sk) 1183 { 1184 struct sctp_chunk *retval; 1185 1186 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1187 1188 if (!retval) 1189 goto nodata; 1190 1191 if (!sk) { 1192 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1193 } 1194 1195 INIT_LIST_HEAD(&retval->list); 1196 retval->skb = skb; 1197 retval->asoc = (struct sctp_association *)asoc; 1198 retval->resent = 0; 1199 retval->has_tsn = 0; 1200 retval->has_ssn = 0; 1201 retval->rtt_in_progress = 0; 1202 retval->sent_at = 0; 1203 retval->singleton = 1; 1204 retval->end_of_packet = 0; 1205 retval->ecn_ce_done = 0; 1206 retval->pdiscard = 0; 1207 1208 /* sctpimpguide-05.txt Section 2.8.2 1209 * M1) Each time a new DATA chunk is transmitted 1210 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1211 * 'TSN.Missing.Report' count will be used to determine missing chunks 1212 * and when to fast retransmit. 1213 */ 1214 retval->tsn_missing_report = 0; 1215 retval->tsn_gap_acked = 0; 1216 retval->fast_retransmit = SCTP_CAN_FRTX; 1217 1218 /* If this is a fragmented message, track all fragments 1219 * of the message (for SEND_FAILED). 1220 */ 1221 retval->msg = NULL; 1222 1223 /* Polish the bead hole. */ 1224 INIT_LIST_HEAD(&retval->transmitted_list); 1225 INIT_LIST_HEAD(&retval->frag_list); 1226 SCTP_DBG_OBJCNT_INC(chunk); 1227 atomic_set(&retval->refcnt, 1); 1228 1229 nodata: 1230 return retval; 1231 } 1232 1233 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1234 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1235 union sctp_addr *dest) 1236 { 1237 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1238 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1239 } 1240 1241 /* Extract the source address from a chunk. */ 1242 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1243 { 1244 /* If we have a known transport, use that. */ 1245 if (chunk->transport) { 1246 return &chunk->transport->ipaddr; 1247 } else { 1248 /* Otherwise, extract it from the IP header. */ 1249 return &chunk->source; 1250 } 1251 } 1252 1253 /* Create a new chunk, setting the type and flags headers from the 1254 * arguments, reserving enough space for a 'paylen' byte payload. 1255 */ 1256 SCTP_STATIC 1257 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1258 __u8 type, __u8 flags, int paylen) 1259 { 1260 struct sctp_chunk *retval; 1261 sctp_chunkhdr_t *chunk_hdr; 1262 struct sk_buff *skb; 1263 struct sock *sk; 1264 1265 /* No need to allocate LL here, as this is only a chunk. */ 1266 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1267 GFP_ATOMIC); 1268 if (!skb) 1269 goto nodata; 1270 1271 /* Make room for the chunk header. */ 1272 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1273 chunk_hdr->type = type; 1274 chunk_hdr->flags = flags; 1275 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1276 1277 sk = asoc ? asoc->base.sk : NULL; 1278 retval = sctp_chunkify(skb, asoc, sk); 1279 if (!retval) { 1280 kfree_skb(skb); 1281 goto nodata; 1282 } 1283 1284 retval->chunk_hdr = chunk_hdr; 1285 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1286 1287 /* Determine if the chunk needs to be authenticated */ 1288 if (sctp_auth_send_cid(type, asoc)) 1289 retval->auth = 1; 1290 1291 /* Set the skb to the belonging sock for accounting. */ 1292 skb->sk = sk; 1293 1294 return retval; 1295 nodata: 1296 return NULL; 1297 } 1298 1299 1300 /* Release the memory occupied by a chunk. */ 1301 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1302 { 1303 BUG_ON(!list_empty(&chunk->list)); 1304 list_del_init(&chunk->transmitted_list); 1305 1306 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1307 dev_kfree_skb(chunk->skb); 1308 1309 SCTP_DBG_OBJCNT_DEC(chunk); 1310 kmem_cache_free(sctp_chunk_cachep, chunk); 1311 } 1312 1313 /* Possibly, free the chunk. */ 1314 void sctp_chunk_free(struct sctp_chunk *chunk) 1315 { 1316 /* Release our reference on the message tracker. */ 1317 if (chunk->msg) 1318 sctp_datamsg_put(chunk->msg); 1319 1320 sctp_chunk_put(chunk); 1321 } 1322 1323 /* Grab a reference to the chunk. */ 1324 void sctp_chunk_hold(struct sctp_chunk *ch) 1325 { 1326 atomic_inc(&ch->refcnt); 1327 } 1328 1329 /* Release a reference to the chunk. */ 1330 void sctp_chunk_put(struct sctp_chunk *ch) 1331 { 1332 if (atomic_dec_and_test(&ch->refcnt)) 1333 sctp_chunk_destroy(ch); 1334 } 1335 1336 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1337 * enough. 1338 */ 1339 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1340 { 1341 void *target; 1342 void *padding; 1343 int chunklen = ntohs(chunk->chunk_hdr->length); 1344 int padlen = WORD_ROUND(chunklen) - chunklen; 1345 1346 padding = skb_put(chunk->skb, padlen); 1347 target = skb_put(chunk->skb, len); 1348 1349 memset(padding, 0, padlen); 1350 memcpy(target, data, len); 1351 1352 /* Adjust the chunk length field. */ 1353 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1354 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1355 1356 return target; 1357 } 1358 1359 /* Append bytes from user space to the end of a chunk. Will panic if 1360 * chunk is not big enough. 1361 * Returns a kernel err value. 1362 */ 1363 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1364 struct iovec *data) 1365 { 1366 __u8 *target; 1367 int err = 0; 1368 1369 /* Make room in chunk for data. */ 1370 target = skb_put(chunk->skb, len); 1371 1372 /* Copy data (whole iovec) into chunk */ 1373 if ((err = memcpy_fromiovecend(target, data, off, len))) 1374 goto out; 1375 1376 /* Adjust the chunk length field. */ 1377 chunk->chunk_hdr->length = 1378 htons(ntohs(chunk->chunk_hdr->length) + len); 1379 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1380 1381 out: 1382 return err; 1383 } 1384 1385 /* Helper function to assign a TSN if needed. This assumes that both 1386 * the data_hdr and association have already been assigned. 1387 */ 1388 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1389 { 1390 struct sctp_datamsg *msg; 1391 struct sctp_chunk *lchunk; 1392 struct sctp_stream *stream; 1393 __u16 ssn; 1394 __u16 sid; 1395 1396 if (chunk->has_ssn) 1397 return; 1398 1399 /* All fragments will be on the same stream */ 1400 sid = ntohs(chunk->subh.data_hdr->stream); 1401 stream = &chunk->asoc->ssnmap->out; 1402 1403 /* Now assign the sequence number to the entire message. 1404 * All fragments must have the same stream sequence number. 1405 */ 1406 msg = chunk->msg; 1407 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1408 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1409 ssn = 0; 1410 } else { 1411 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1412 ssn = sctp_ssn_next(stream, sid); 1413 else 1414 ssn = sctp_ssn_peek(stream, sid); 1415 } 1416 1417 lchunk->subh.data_hdr->ssn = htons(ssn); 1418 lchunk->has_ssn = 1; 1419 } 1420 } 1421 1422 /* Helper function to assign a TSN if needed. This assumes that both 1423 * the data_hdr and association have already been assigned. 1424 */ 1425 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1426 { 1427 if (!chunk->has_tsn) { 1428 /* This is the last possible instant to 1429 * assign a TSN. 1430 */ 1431 chunk->subh.data_hdr->tsn = 1432 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1433 chunk->has_tsn = 1; 1434 } 1435 } 1436 1437 /* Create a CLOSED association to use with an incoming packet. */ 1438 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1439 struct sctp_chunk *chunk, 1440 gfp_t gfp) 1441 { 1442 struct sctp_association *asoc; 1443 struct sk_buff *skb; 1444 sctp_scope_t scope; 1445 struct sctp_af *af; 1446 1447 /* Create the bare association. */ 1448 scope = sctp_scope(sctp_source(chunk)); 1449 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1450 if (!asoc) 1451 goto nodata; 1452 asoc->temp = 1; 1453 skb = chunk->skb; 1454 /* Create an entry for the source address of the packet. */ 1455 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1456 if (unlikely(!af)) 1457 goto fail; 1458 af->from_skb(&asoc->c.peer_addr, skb, 1); 1459 nodata: 1460 return asoc; 1461 1462 fail: 1463 sctp_association_free(asoc); 1464 return NULL; 1465 } 1466 1467 /* Build a cookie representing asoc. 1468 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1469 */ 1470 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1471 const struct sctp_association *asoc, 1472 const struct sctp_chunk *init_chunk, 1473 int *cookie_len, 1474 const __u8 *raw_addrs, int addrs_len) 1475 { 1476 sctp_cookie_param_t *retval; 1477 struct sctp_signed_cookie *cookie; 1478 struct scatterlist sg; 1479 int headersize, bodysize; 1480 unsigned int keylen; 1481 char *key; 1482 1483 /* Header size is static data prior to the actual cookie, including 1484 * any padding. 1485 */ 1486 headersize = sizeof(sctp_paramhdr_t) + 1487 (sizeof(struct sctp_signed_cookie) - 1488 sizeof(struct sctp_cookie)); 1489 bodysize = sizeof(struct sctp_cookie) 1490 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1491 1492 /* Pad out the cookie to a multiple to make the signature 1493 * functions simpler to write. 1494 */ 1495 if (bodysize % SCTP_COOKIE_MULTIPLE) 1496 bodysize += SCTP_COOKIE_MULTIPLE 1497 - (bodysize % SCTP_COOKIE_MULTIPLE); 1498 *cookie_len = headersize + bodysize; 1499 1500 /* Clear this memory since we are sending this data structure 1501 * out on the network. 1502 */ 1503 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1504 if (!retval) 1505 goto nodata; 1506 1507 cookie = (struct sctp_signed_cookie *) retval->body; 1508 1509 /* Set up the parameter header. */ 1510 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1511 retval->p.length = htons(*cookie_len); 1512 1513 /* Copy the cookie part of the association itself. */ 1514 cookie->c = asoc->c; 1515 /* Save the raw address list length in the cookie. */ 1516 cookie->c.raw_addr_list_len = addrs_len; 1517 1518 /* Remember PR-SCTP capability. */ 1519 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1520 1521 /* Save adaptation indication in the cookie. */ 1522 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1523 1524 /* Set an expiration time for the cookie. */ 1525 do_gettimeofday(&cookie->c.expiration); 1526 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1527 1528 /* Copy the peer's init packet. */ 1529 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1530 ntohs(init_chunk->chunk_hdr->length)); 1531 1532 /* Copy the raw local address list of the association. */ 1533 memcpy((__u8 *)&cookie->c.peer_init[0] + 1534 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1535 1536 if (sctp_sk(ep->base.sk)->hmac) { 1537 struct hash_desc desc; 1538 1539 /* Sign the message. */ 1540 sg_init_one(&sg, &cookie->c, bodysize); 1541 keylen = SCTP_SECRET_SIZE; 1542 key = (char *)ep->secret_key[ep->current_key]; 1543 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1544 desc.flags = 0; 1545 1546 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1547 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1548 goto free_cookie; 1549 } 1550 1551 return retval; 1552 1553 free_cookie: 1554 kfree(retval); 1555 nodata: 1556 *cookie_len = 0; 1557 return NULL; 1558 } 1559 1560 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1561 struct sctp_association *sctp_unpack_cookie( 1562 const struct sctp_endpoint *ep, 1563 const struct sctp_association *asoc, 1564 struct sctp_chunk *chunk, gfp_t gfp, 1565 int *error, struct sctp_chunk **errp) 1566 { 1567 struct sctp_association *retval = NULL; 1568 struct sctp_signed_cookie *cookie; 1569 struct sctp_cookie *bear_cookie; 1570 int headersize, bodysize, fixed_size; 1571 __u8 *digest = ep->digest; 1572 struct scatterlist sg; 1573 unsigned int keylen, len; 1574 char *key; 1575 sctp_scope_t scope; 1576 struct sk_buff *skb = chunk->skb; 1577 struct timeval tv; 1578 struct hash_desc desc; 1579 1580 /* Header size is static data prior to the actual cookie, including 1581 * any padding. 1582 */ 1583 headersize = sizeof(sctp_chunkhdr_t) + 1584 (sizeof(struct sctp_signed_cookie) - 1585 sizeof(struct sctp_cookie)); 1586 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1587 fixed_size = headersize + sizeof(struct sctp_cookie); 1588 1589 /* Verify that the chunk looks like it even has a cookie. 1590 * There must be enough room for our cookie and our peer's 1591 * INIT chunk. 1592 */ 1593 len = ntohs(chunk->chunk_hdr->length); 1594 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1595 goto malformed; 1596 1597 /* Verify that the cookie has been padded out. */ 1598 if (bodysize % SCTP_COOKIE_MULTIPLE) 1599 goto malformed; 1600 1601 /* Process the cookie. */ 1602 cookie = chunk->subh.cookie_hdr; 1603 bear_cookie = &cookie->c; 1604 1605 if (!sctp_sk(ep->base.sk)->hmac) 1606 goto no_hmac; 1607 1608 /* Check the signature. */ 1609 keylen = SCTP_SECRET_SIZE; 1610 sg_init_one(&sg, bear_cookie, bodysize); 1611 key = (char *)ep->secret_key[ep->current_key]; 1612 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1613 desc.flags = 0; 1614 1615 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1616 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1617 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1618 *error = -SCTP_IERROR_NOMEM; 1619 goto fail; 1620 } 1621 1622 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1623 /* Try the previous key. */ 1624 key = (char *)ep->secret_key[ep->last_key]; 1625 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1626 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1627 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1628 *error = -SCTP_IERROR_NOMEM; 1629 goto fail; 1630 } 1631 1632 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1633 /* Yikes! Still bad signature! */ 1634 *error = -SCTP_IERROR_BAD_SIG; 1635 goto fail; 1636 } 1637 } 1638 1639 no_hmac: 1640 /* IG Section 2.35.2: 1641 * 3) Compare the port numbers and the verification tag contained 1642 * within the COOKIE ECHO chunk to the actual port numbers and the 1643 * verification tag within the SCTP common header of the received 1644 * packet. If these values do not match the packet MUST be silently 1645 * discarded, 1646 */ 1647 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1648 *error = -SCTP_IERROR_BAD_TAG; 1649 goto fail; 1650 } 1651 1652 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1653 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1654 *error = -SCTP_IERROR_BAD_PORTS; 1655 goto fail; 1656 } 1657 1658 /* Check to see if the cookie is stale. If there is already 1659 * an association, there is no need to check cookie's expiration 1660 * for init collision case of lost COOKIE ACK. 1661 * If skb has been timestamped, then use the stamp, otherwise 1662 * use current time. This introduces a small possibility that 1663 * that a cookie may be considered expired, but his would only slow 1664 * down the new association establishment instead of every packet. 1665 */ 1666 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1667 skb_get_timestamp(skb, &tv); 1668 else 1669 do_gettimeofday(&tv); 1670 1671 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1672 /* 1673 * Section 3.3.10.3 Stale Cookie Error (3) 1674 * 1675 * Cause of error 1676 * --------------- 1677 * Stale Cookie Error: Indicates the receipt of a valid State 1678 * Cookie that has expired. 1679 */ 1680 len = ntohs(chunk->chunk_hdr->length); 1681 *errp = sctp_make_op_error_space(asoc, chunk, len); 1682 if (*errp) { 1683 suseconds_t usecs = (tv.tv_sec - 1684 bear_cookie->expiration.tv_sec) * 1000000L + 1685 tv.tv_usec - bear_cookie->expiration.tv_usec; 1686 __be32 n = htonl(usecs); 1687 1688 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1689 sizeof(n)); 1690 sctp_addto_chunk(*errp, sizeof(n), &n); 1691 *error = -SCTP_IERROR_STALE_COOKIE; 1692 } else 1693 *error = -SCTP_IERROR_NOMEM; 1694 1695 goto fail; 1696 } 1697 1698 /* Make a new base association. */ 1699 scope = sctp_scope(sctp_source(chunk)); 1700 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1701 if (!retval) { 1702 *error = -SCTP_IERROR_NOMEM; 1703 goto fail; 1704 } 1705 1706 /* Set up our peer's port number. */ 1707 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1708 1709 /* Populate the association from the cookie. */ 1710 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1711 1712 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1713 GFP_ATOMIC) < 0) { 1714 *error = -SCTP_IERROR_NOMEM; 1715 goto fail; 1716 } 1717 1718 /* Also, add the destination address. */ 1719 if (list_empty(&retval->base.bind_addr.address_list)) { 1720 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1721 SCTP_ADDR_SRC, GFP_ATOMIC); 1722 } 1723 1724 retval->next_tsn = retval->c.initial_tsn; 1725 retval->ctsn_ack_point = retval->next_tsn - 1; 1726 retval->addip_serial = retval->c.initial_tsn; 1727 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1728 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1729 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1730 1731 /* The INIT stuff will be done by the side effects. */ 1732 return retval; 1733 1734 fail: 1735 if (retval) 1736 sctp_association_free(retval); 1737 1738 return NULL; 1739 1740 malformed: 1741 /* Yikes! The packet is either corrupt or deliberately 1742 * malformed. 1743 */ 1744 *error = -SCTP_IERROR_MALFORMED; 1745 goto fail; 1746 } 1747 1748 /******************************************************************** 1749 * 3rd Level Abstractions 1750 ********************************************************************/ 1751 1752 struct __sctp_missing { 1753 __be32 num_missing; 1754 __be16 type; 1755 } __attribute__((packed)); 1756 1757 /* 1758 * Report a missing mandatory parameter. 1759 */ 1760 static int sctp_process_missing_param(const struct sctp_association *asoc, 1761 sctp_param_t paramtype, 1762 struct sctp_chunk *chunk, 1763 struct sctp_chunk **errp) 1764 { 1765 struct __sctp_missing report; 1766 __u16 len; 1767 1768 len = WORD_ROUND(sizeof(report)); 1769 1770 /* Make an ERROR chunk, preparing enough room for 1771 * returning multiple unknown parameters. 1772 */ 1773 if (!*errp) 1774 *errp = sctp_make_op_error_space(asoc, chunk, len); 1775 1776 if (*errp) { 1777 report.num_missing = htonl(1); 1778 report.type = paramtype; 1779 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1780 sizeof(report)); 1781 sctp_addto_chunk(*errp, sizeof(report), &report); 1782 } 1783 1784 /* Stop processing this chunk. */ 1785 return 0; 1786 } 1787 1788 /* Report an Invalid Mandatory Parameter. */ 1789 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1790 struct sctp_chunk *chunk, 1791 struct sctp_chunk **errp) 1792 { 1793 /* Invalid Mandatory Parameter Error has no payload. */ 1794 1795 if (!*errp) 1796 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1797 1798 if (*errp) 1799 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1800 1801 /* Stop processing this chunk. */ 1802 return 0; 1803 } 1804 1805 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1806 struct sctp_paramhdr *param, 1807 const struct sctp_chunk *chunk, 1808 struct sctp_chunk **errp) 1809 { 1810 /* This is a fatal error. Any accumulated non-fatal errors are 1811 * not reported. 1812 */ 1813 if (*errp) 1814 sctp_chunk_free(*errp); 1815 1816 /* Create an error chunk and fill it in with our payload. */ 1817 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1818 1819 return 0; 1820 } 1821 1822 1823 /* Do not attempt to handle the HOST_NAME parm. However, do 1824 * send back an indicator to the peer. 1825 */ 1826 static int sctp_process_hn_param(const struct sctp_association *asoc, 1827 union sctp_params param, 1828 struct sctp_chunk *chunk, 1829 struct sctp_chunk **errp) 1830 { 1831 __u16 len = ntohs(param.p->length); 1832 1833 /* Processing of the HOST_NAME parameter will generate an 1834 * ABORT. If we've accumulated any non-fatal errors, they 1835 * would be unrecognized parameters and we should not include 1836 * them in the ABORT. 1837 */ 1838 if (*errp) 1839 sctp_chunk_free(*errp); 1840 1841 *errp = sctp_make_op_error_space(asoc, chunk, len); 1842 1843 if (*errp) { 1844 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1845 sctp_addto_chunk(*errp, len, param.v); 1846 } 1847 1848 /* Stop processing this chunk. */ 1849 return 0; 1850 } 1851 1852 static int sctp_verify_ext_param(union sctp_params param) 1853 { 1854 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1855 int have_auth = 0; 1856 int have_asconf = 0; 1857 int i; 1858 1859 for (i = 0; i < num_ext; i++) { 1860 switch (param.ext->chunks[i]) { 1861 case SCTP_CID_AUTH: 1862 have_auth = 1; 1863 break; 1864 case SCTP_CID_ASCONF: 1865 case SCTP_CID_ASCONF_ACK: 1866 have_asconf = 1; 1867 break; 1868 } 1869 } 1870 1871 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1872 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1873 * only if ADD-IP is turned on and we are not backward-compatible 1874 * mode. 1875 */ 1876 if (sctp_addip_noauth) 1877 return 1; 1878 1879 if (sctp_addip_enable && !have_auth && have_asconf) 1880 return 0; 1881 1882 return 1; 1883 } 1884 1885 static void sctp_process_ext_param(struct sctp_association *asoc, 1886 union sctp_params param) 1887 { 1888 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1889 int i; 1890 1891 for (i = 0; i < num_ext; i++) { 1892 switch (param.ext->chunks[i]) { 1893 case SCTP_CID_FWD_TSN: 1894 if (sctp_prsctp_enable && 1895 !asoc->peer.prsctp_capable) 1896 asoc->peer.prsctp_capable = 1; 1897 break; 1898 case SCTP_CID_AUTH: 1899 /* if the peer reports AUTH, assume that he 1900 * supports AUTH. 1901 */ 1902 if (sctp_auth_enable) 1903 asoc->peer.auth_capable = 1; 1904 break; 1905 case SCTP_CID_ASCONF: 1906 case SCTP_CID_ASCONF_ACK: 1907 if (sctp_addip_enable) 1908 asoc->peer.asconf_capable = 1; 1909 break; 1910 default: 1911 break; 1912 } 1913 } 1914 } 1915 1916 /* RFC 3.2.1 & the Implementers Guide 2.2. 1917 * 1918 * The Parameter Types are encoded such that the 1919 * highest-order two bits specify the action that must be 1920 * taken if the processing endpoint does not recognize the 1921 * Parameter Type. 1922 * 1923 * 00 - Stop processing this parameter; do not process any further 1924 * parameters within this chunk 1925 * 1926 * 01 - Stop processing this parameter, do not process any further 1927 * parameters within this chunk, and report the unrecognized 1928 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1929 * 1930 * 10 - Skip this parameter and continue processing. 1931 * 1932 * 11 - Skip this parameter and continue processing but 1933 * report the unrecognized parameter in an 1934 * 'Unrecognized Parameter' ERROR chunk. 1935 * 1936 * Return value: 1937 * SCTP_IERROR_NO_ERROR - continue with the chunk 1938 * SCTP_IERROR_ERROR - stop and report an error. 1939 * SCTP_IERROR_NOMEME - out of memory. 1940 */ 1941 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 1942 union sctp_params param, 1943 struct sctp_chunk *chunk, 1944 struct sctp_chunk **errp) 1945 { 1946 int retval = SCTP_IERROR_NO_ERROR; 1947 1948 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1949 case SCTP_PARAM_ACTION_DISCARD: 1950 retval = SCTP_IERROR_ERROR; 1951 break; 1952 case SCTP_PARAM_ACTION_SKIP: 1953 break; 1954 case SCTP_PARAM_ACTION_DISCARD_ERR: 1955 retval = SCTP_IERROR_ERROR; 1956 /* Fall through */ 1957 case SCTP_PARAM_ACTION_SKIP_ERR: 1958 /* Make an ERROR chunk, preparing enough room for 1959 * returning multiple unknown parameters. 1960 */ 1961 if (NULL == *errp) 1962 *errp = sctp_make_op_error_space(asoc, chunk, 1963 ntohs(chunk->chunk_hdr->length)); 1964 1965 if (*errp) { 1966 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1967 WORD_ROUND(ntohs(param.p->length))); 1968 sctp_addto_chunk(*errp, 1969 WORD_ROUND(ntohs(param.p->length)), 1970 param.v); 1971 } else { 1972 /* If there is no memory for generating the ERROR 1973 * report as specified, an ABORT will be triggered 1974 * to the peer and the association won't be 1975 * established. 1976 */ 1977 retval = SCTP_IERROR_NOMEM; 1978 } 1979 break; 1980 default: 1981 break; 1982 } 1983 1984 return retval; 1985 } 1986 1987 /* Verify variable length parameters 1988 * Return values: 1989 * SCTP_IERROR_ABORT - trigger an ABORT 1990 * SCTP_IERROR_NOMEM - out of memory (abort) 1991 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 1992 * SCTP_IERROR_NO_ERROR - continue with the chunk 1993 */ 1994 static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 1995 union sctp_params param, 1996 sctp_cid_t cid, 1997 struct sctp_chunk *chunk, 1998 struct sctp_chunk **err_chunk) 1999 { 2000 struct sctp_hmac_algo_param *hmacs; 2001 int retval = SCTP_IERROR_NO_ERROR; 2002 __u16 n_elt, id = 0; 2003 int i; 2004 2005 /* FIXME - This routine is not looking at each parameter per the 2006 * chunk type, i.e., unrecognized parameters should be further 2007 * identified based on the chunk id. 2008 */ 2009 2010 switch (param.p->type) { 2011 case SCTP_PARAM_IPV4_ADDRESS: 2012 case SCTP_PARAM_IPV6_ADDRESS: 2013 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2014 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2015 case SCTP_PARAM_STATE_COOKIE: 2016 case SCTP_PARAM_HEARTBEAT_INFO: 2017 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2018 case SCTP_PARAM_ECN_CAPABLE: 2019 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2020 break; 2021 2022 case SCTP_PARAM_SUPPORTED_EXT: 2023 if (!sctp_verify_ext_param(param)) 2024 return SCTP_IERROR_ABORT; 2025 break; 2026 2027 case SCTP_PARAM_SET_PRIMARY: 2028 if (sctp_addip_enable) 2029 break; 2030 goto fallthrough; 2031 2032 case SCTP_PARAM_HOST_NAME_ADDRESS: 2033 /* Tell the peer, we won't support this param. */ 2034 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2035 retval = SCTP_IERROR_ABORT; 2036 break; 2037 2038 case SCTP_PARAM_FWD_TSN_SUPPORT: 2039 if (sctp_prsctp_enable) 2040 break; 2041 goto fallthrough; 2042 2043 case SCTP_PARAM_RANDOM: 2044 if (!sctp_auth_enable) 2045 goto fallthrough; 2046 2047 /* SCTP-AUTH: Secion 6.1 2048 * If the random number is not 32 byte long the association 2049 * MUST be aborted. The ABORT chunk SHOULD contain the error 2050 * cause 'Protocol Violation'. 2051 */ 2052 if (SCTP_AUTH_RANDOM_LENGTH != 2053 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2054 sctp_process_inv_paramlength(asoc, param.p, 2055 chunk, err_chunk); 2056 retval = SCTP_IERROR_ABORT; 2057 } 2058 break; 2059 2060 case SCTP_PARAM_CHUNKS: 2061 if (!sctp_auth_enable) 2062 goto fallthrough; 2063 2064 /* SCTP-AUTH: Section 3.2 2065 * The CHUNKS parameter MUST be included once in the INIT or 2066 * INIT-ACK chunk if the sender wants to receive authenticated 2067 * chunks. Its maximum length is 260 bytes. 2068 */ 2069 if (260 < ntohs(param.p->length)) { 2070 sctp_process_inv_paramlength(asoc, param.p, 2071 chunk, err_chunk); 2072 retval = SCTP_IERROR_ABORT; 2073 } 2074 break; 2075 2076 case SCTP_PARAM_HMAC_ALGO: 2077 if (!sctp_auth_enable) 2078 goto fallthrough; 2079 2080 hmacs = (struct sctp_hmac_algo_param *)param.p; 2081 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2082 2083 /* SCTP-AUTH: Section 6.1 2084 * The HMAC algorithm based on SHA-1 MUST be supported and 2085 * included in the HMAC-ALGO parameter. 2086 */ 2087 for (i = 0; i < n_elt; i++) { 2088 id = ntohs(hmacs->hmac_ids[i]); 2089 2090 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2091 break; 2092 } 2093 2094 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2095 sctp_process_inv_paramlength(asoc, param.p, chunk, 2096 err_chunk); 2097 retval = SCTP_IERROR_ABORT; 2098 } 2099 break; 2100 fallthrough: 2101 default: 2102 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2103 ntohs(param.p->type), cid); 2104 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2105 break; 2106 } 2107 return retval; 2108 } 2109 2110 /* Verify the INIT packet before we process it. */ 2111 int sctp_verify_init(const struct sctp_association *asoc, 2112 sctp_cid_t cid, 2113 sctp_init_chunk_t *peer_init, 2114 struct sctp_chunk *chunk, 2115 struct sctp_chunk **errp) 2116 { 2117 union sctp_params param; 2118 int has_cookie = 0; 2119 int result; 2120 2121 /* Verify stream values are non-zero. */ 2122 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2123 (0 == peer_init->init_hdr.num_inbound_streams) || 2124 (0 == peer_init->init_hdr.init_tag) || 2125 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2126 2127 return sctp_process_inv_mandatory(asoc, chunk, errp); 2128 } 2129 2130 /* Check for missing mandatory parameters. */ 2131 sctp_walk_params(param, peer_init, init_hdr.params) { 2132 2133 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2134 has_cookie = 1; 2135 2136 } /* for (loop through all parameters) */ 2137 2138 /* There is a possibility that a parameter length was bad and 2139 * in that case we would have stoped walking the parameters. 2140 * The current param.p would point at the bad one. 2141 * Current consensus on the mailing list is to generate a PROTOCOL 2142 * VIOLATION error. We build the ERROR chunk here and let the normal 2143 * error handling code build and send the packet. 2144 */ 2145 if (param.v != (void*)chunk->chunk_end) 2146 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2147 2148 /* The only missing mandatory param possible today is 2149 * the state cookie for an INIT-ACK chunk. 2150 */ 2151 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2152 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2153 chunk, errp); 2154 2155 /* Verify all the variable length parameters */ 2156 sctp_walk_params(param, peer_init, init_hdr.params) { 2157 2158 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2159 switch (result) { 2160 case SCTP_IERROR_ABORT: 2161 case SCTP_IERROR_NOMEM: 2162 return 0; 2163 case SCTP_IERROR_ERROR: 2164 return 1; 2165 case SCTP_IERROR_NO_ERROR: 2166 default: 2167 break; 2168 } 2169 2170 } /* for (loop through all parameters) */ 2171 2172 return 1; 2173 } 2174 2175 /* Unpack the parameters in an INIT packet into an association. 2176 * Returns 0 on failure, else success. 2177 * FIXME: This is an association method. 2178 */ 2179 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2180 const union sctp_addr *peer_addr, 2181 sctp_init_chunk_t *peer_init, gfp_t gfp) 2182 { 2183 union sctp_params param; 2184 struct sctp_transport *transport; 2185 struct list_head *pos, *temp; 2186 char *cookie; 2187 2188 /* We must include the address that the INIT packet came from. 2189 * This is the only address that matters for an INIT packet. 2190 * When processing a COOKIE ECHO, we retrieve the from address 2191 * of the INIT from the cookie. 2192 */ 2193 2194 /* This implementation defaults to making the first transport 2195 * added as the primary transport. The source address seems to 2196 * be a a better choice than any of the embedded addresses. 2197 */ 2198 if (peer_addr) { 2199 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2200 goto nomem; 2201 } 2202 2203 /* Process the initialization parameters. */ 2204 sctp_walk_params(param, peer_init, init_hdr.params) { 2205 2206 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2207 goto clean_up; 2208 } 2209 2210 /* AUTH: After processing the parameters, make sure that we 2211 * have all the required info to potentially do authentications. 2212 */ 2213 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2214 !asoc->peer.peer_hmacs)) 2215 asoc->peer.auth_capable = 0; 2216 2217 /* In a non-backward compatible mode, if the peer claims 2218 * support for ADD-IP but not AUTH, the ADD-IP spec states 2219 * that we MUST ABORT the association. Section 6. The section 2220 * also give us an option to silently ignore the packet, which 2221 * is what we'll do here. 2222 */ 2223 if (!sctp_addip_noauth && 2224 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2225 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2226 SCTP_PARAM_DEL_IP | 2227 SCTP_PARAM_SET_PRIMARY); 2228 asoc->peer.asconf_capable = 0; 2229 goto clean_up; 2230 } 2231 2232 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2233 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2234 transport = list_entry(pos, struct sctp_transport, transports); 2235 if (transport->state == SCTP_UNKNOWN) { 2236 sctp_assoc_rm_peer(asoc, transport); 2237 } 2238 } 2239 2240 /* The fixed INIT headers are always in network byte 2241 * order. 2242 */ 2243 asoc->peer.i.init_tag = 2244 ntohl(peer_init->init_hdr.init_tag); 2245 asoc->peer.i.a_rwnd = 2246 ntohl(peer_init->init_hdr.a_rwnd); 2247 asoc->peer.i.num_outbound_streams = 2248 ntohs(peer_init->init_hdr.num_outbound_streams); 2249 asoc->peer.i.num_inbound_streams = 2250 ntohs(peer_init->init_hdr.num_inbound_streams); 2251 asoc->peer.i.initial_tsn = 2252 ntohl(peer_init->init_hdr.initial_tsn); 2253 2254 /* Apply the upper bounds for output streams based on peer's 2255 * number of inbound streams. 2256 */ 2257 if (asoc->c.sinit_num_ostreams > 2258 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2259 asoc->c.sinit_num_ostreams = 2260 ntohs(peer_init->init_hdr.num_inbound_streams); 2261 } 2262 2263 if (asoc->c.sinit_max_instreams > 2264 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2265 asoc->c.sinit_max_instreams = 2266 ntohs(peer_init->init_hdr.num_outbound_streams); 2267 } 2268 2269 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2270 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2271 2272 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2273 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2274 2275 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2276 cookie = asoc->peer.cookie; 2277 if (cookie) { 2278 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2279 if (!asoc->peer.cookie) 2280 goto clean_up; 2281 } 2282 2283 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2284 * high (for example, implementations MAY use the size of the receiver 2285 * advertised window). 2286 */ 2287 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2288 transports) { 2289 transport->ssthresh = asoc->peer.i.a_rwnd; 2290 } 2291 2292 /* Set up the TSN tracking pieces. */ 2293 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2294 asoc->peer.i.initial_tsn, gfp)) 2295 goto clean_up; 2296 2297 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2298 * 2299 * The stream sequence number in all the streams shall start 2300 * from 0 when the association is established. Also, when the 2301 * stream sequence number reaches the value 65535 the next 2302 * stream sequence number shall be set to 0. 2303 */ 2304 2305 /* Allocate storage for the negotiated streams if it is not a temporary 2306 * association. 2307 */ 2308 if (!asoc->temp) { 2309 int error; 2310 2311 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2312 asoc->c.sinit_num_ostreams, gfp); 2313 if (!asoc->ssnmap) 2314 goto clean_up; 2315 2316 error = sctp_assoc_set_id(asoc, gfp); 2317 if (error) 2318 goto clean_up; 2319 } 2320 2321 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2322 * 2323 * When an endpoint has an ASCONF signaled change to be sent to the 2324 * remote endpoint it should do the following: 2325 * ... 2326 * A2) A serial number should be assigned to the Chunk. The serial 2327 * number should be a monotonically increasing number. All serial 2328 * numbers are defined to be initialized at the start of the 2329 * association to the same value as the Initial TSN. 2330 */ 2331 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2332 return 1; 2333 2334 clean_up: 2335 /* Release the transport structures. */ 2336 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2337 transport = list_entry(pos, struct sctp_transport, transports); 2338 if (transport->state != SCTP_ACTIVE) 2339 sctp_assoc_rm_peer(asoc, transport); 2340 } 2341 2342 nomem: 2343 return 0; 2344 } 2345 2346 2347 /* Update asoc with the option described in param. 2348 * 2349 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2350 * 2351 * asoc is the association to update. 2352 * param is the variable length parameter to use for update. 2353 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2354 * If the current packet is an INIT we want to minimize the amount of 2355 * work we do. In particular, we should not build transport 2356 * structures for the addresses. 2357 */ 2358 static int sctp_process_param(struct sctp_association *asoc, 2359 union sctp_params param, 2360 const union sctp_addr *peer_addr, 2361 gfp_t gfp) 2362 { 2363 union sctp_addr addr; 2364 int i; 2365 __u16 sat; 2366 int retval = 1; 2367 sctp_scope_t scope; 2368 time_t stale; 2369 struct sctp_af *af; 2370 union sctp_addr_param *addr_param; 2371 struct sctp_transport *t; 2372 2373 /* We maintain all INIT parameters in network byte order all the 2374 * time. This allows us to not worry about whether the parameters 2375 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2376 */ 2377 switch (param.p->type) { 2378 case SCTP_PARAM_IPV6_ADDRESS: 2379 if (PF_INET6 != asoc->base.sk->sk_family) 2380 break; 2381 goto do_addr_param; 2382 2383 case SCTP_PARAM_IPV4_ADDRESS: 2384 /* v4 addresses are not allowed on v6-only socket */ 2385 if (ipv6_only_sock(asoc->base.sk)) 2386 break; 2387 do_addr_param: 2388 af = sctp_get_af_specific(param_type2af(param.p->type)); 2389 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2390 scope = sctp_scope(peer_addr); 2391 if (sctp_in_scope(&addr, scope)) 2392 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2393 return 0; 2394 break; 2395 2396 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2397 if (!sctp_cookie_preserve_enable) 2398 break; 2399 2400 stale = ntohl(param.life->lifespan_increment); 2401 2402 /* Suggested Cookie Life span increment's unit is msec, 2403 * (1/1000sec). 2404 */ 2405 asoc->cookie_life.tv_sec += stale / 1000; 2406 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2407 break; 2408 2409 case SCTP_PARAM_HOST_NAME_ADDRESS: 2410 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2411 break; 2412 2413 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2414 /* Turn off the default values first so we'll know which 2415 * ones are really set by the peer. 2416 */ 2417 asoc->peer.ipv4_address = 0; 2418 asoc->peer.ipv6_address = 0; 2419 2420 /* Assume that peer supports the address family 2421 * by which it sends a packet. 2422 */ 2423 if (peer_addr->sa.sa_family == AF_INET6) 2424 asoc->peer.ipv6_address = 1; 2425 else if (peer_addr->sa.sa_family == AF_INET) 2426 asoc->peer.ipv4_address = 1; 2427 2428 /* Cycle through address types; avoid divide by 0. */ 2429 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2430 if (sat) 2431 sat /= sizeof(__u16); 2432 2433 for (i = 0; i < sat; ++i) { 2434 switch (param.sat->types[i]) { 2435 case SCTP_PARAM_IPV4_ADDRESS: 2436 asoc->peer.ipv4_address = 1; 2437 break; 2438 2439 case SCTP_PARAM_IPV6_ADDRESS: 2440 if (PF_INET6 == asoc->base.sk->sk_family) 2441 asoc->peer.ipv6_address = 1; 2442 break; 2443 2444 case SCTP_PARAM_HOST_NAME_ADDRESS: 2445 asoc->peer.hostname_address = 1; 2446 break; 2447 2448 default: /* Just ignore anything else. */ 2449 break; 2450 } 2451 } 2452 break; 2453 2454 case SCTP_PARAM_STATE_COOKIE: 2455 asoc->peer.cookie_len = 2456 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2457 asoc->peer.cookie = param.cookie->body; 2458 break; 2459 2460 case SCTP_PARAM_HEARTBEAT_INFO: 2461 /* Would be odd to receive, but it causes no problems. */ 2462 break; 2463 2464 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2465 /* Rejected during verify stage. */ 2466 break; 2467 2468 case SCTP_PARAM_ECN_CAPABLE: 2469 asoc->peer.ecn_capable = 1; 2470 break; 2471 2472 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2473 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2474 break; 2475 2476 case SCTP_PARAM_SET_PRIMARY: 2477 if (!sctp_addip_enable) 2478 goto fall_through; 2479 2480 addr_param = param.v + sizeof(sctp_addip_param_t); 2481 2482 af = sctp_get_af_specific(param_type2af(param.p->type)); 2483 af->from_addr_param(&addr, addr_param, 2484 htons(asoc->peer.port), 0); 2485 2486 /* if the address is invalid, we can't process it. 2487 * XXX: see spec for what to do. 2488 */ 2489 if (!af->addr_valid(&addr, NULL, NULL)) 2490 break; 2491 2492 t = sctp_assoc_lookup_paddr(asoc, &addr); 2493 if (!t) 2494 break; 2495 2496 sctp_assoc_set_primary(asoc, t); 2497 break; 2498 2499 case SCTP_PARAM_SUPPORTED_EXT: 2500 sctp_process_ext_param(asoc, param); 2501 break; 2502 2503 case SCTP_PARAM_FWD_TSN_SUPPORT: 2504 if (sctp_prsctp_enable) { 2505 asoc->peer.prsctp_capable = 1; 2506 break; 2507 } 2508 /* Fall Through */ 2509 goto fall_through; 2510 2511 case SCTP_PARAM_RANDOM: 2512 if (!sctp_auth_enable) 2513 goto fall_through; 2514 2515 /* Save peer's random parameter */ 2516 asoc->peer.peer_random = kmemdup(param.p, 2517 ntohs(param.p->length), gfp); 2518 if (!asoc->peer.peer_random) { 2519 retval = 0; 2520 break; 2521 } 2522 break; 2523 2524 case SCTP_PARAM_HMAC_ALGO: 2525 if (!sctp_auth_enable) 2526 goto fall_through; 2527 2528 /* Save peer's HMAC list */ 2529 asoc->peer.peer_hmacs = kmemdup(param.p, 2530 ntohs(param.p->length), gfp); 2531 if (!asoc->peer.peer_hmacs) { 2532 retval = 0; 2533 break; 2534 } 2535 2536 /* Set the default HMAC the peer requested*/ 2537 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2538 break; 2539 2540 case SCTP_PARAM_CHUNKS: 2541 if (!sctp_auth_enable) 2542 goto fall_through; 2543 2544 asoc->peer.peer_chunks = kmemdup(param.p, 2545 ntohs(param.p->length), gfp); 2546 if (!asoc->peer.peer_chunks) 2547 retval = 0; 2548 break; 2549 fall_through: 2550 default: 2551 /* Any unrecognized parameters should have been caught 2552 * and handled by sctp_verify_param() which should be 2553 * called prior to this routine. Simply log the error 2554 * here. 2555 */ 2556 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2557 ntohs(param.p->type), asoc); 2558 break; 2559 } 2560 2561 return retval; 2562 } 2563 2564 /* Select a new verification tag. */ 2565 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2566 { 2567 /* I believe that this random number generator complies with RFC1750. 2568 * A tag of 0 is reserved for special cases (e.g. INIT). 2569 */ 2570 __u32 x; 2571 2572 do { 2573 get_random_bytes(&x, sizeof(__u32)); 2574 } while (x == 0); 2575 2576 return x; 2577 } 2578 2579 /* Select an initial TSN to send during startup. */ 2580 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2581 { 2582 __u32 retval; 2583 2584 get_random_bytes(&retval, sizeof(__u32)); 2585 return retval; 2586 } 2587 2588 /* 2589 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2590 * 0 1 2 3 2591 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2592 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2593 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2594 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2595 * | Serial Number | 2596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2597 * | Address Parameter | 2598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2599 * | ASCONF Parameter #1 | 2600 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2601 * \ \ 2602 * / .... / 2603 * \ \ 2604 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2605 * | ASCONF Parameter #N | 2606 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2607 * 2608 * Address Parameter and other parameter will not be wrapped in this function 2609 */ 2610 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2611 union sctp_addr *addr, 2612 int vparam_len) 2613 { 2614 sctp_addiphdr_t asconf; 2615 struct sctp_chunk *retval; 2616 int length = sizeof(asconf) + vparam_len; 2617 union sctp_addr_param addrparam; 2618 int addrlen; 2619 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2620 2621 addrlen = af->to_addr_param(addr, &addrparam); 2622 if (!addrlen) 2623 return NULL; 2624 length += addrlen; 2625 2626 /* Create the chunk. */ 2627 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2628 if (!retval) 2629 return NULL; 2630 2631 asconf.serial = htonl(asoc->addip_serial++); 2632 2633 retval->subh.addip_hdr = 2634 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2635 retval->param_hdr.v = 2636 sctp_addto_chunk(retval, addrlen, &addrparam); 2637 2638 return retval; 2639 } 2640 2641 /* ADDIP 2642 * 3.2.1 Add IP Address 2643 * 0 1 2 3 2644 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2645 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2646 * | Type = 0xC001 | Length = Variable | 2647 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2648 * | ASCONF-Request Correlation ID | 2649 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2650 * | Address Parameter | 2651 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2652 * 2653 * 3.2.2 Delete IP Address 2654 * 0 1 2 3 2655 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2657 * | Type = 0xC002 | Length = Variable | 2658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2659 * | ASCONF-Request Correlation ID | 2660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2661 * | Address Parameter | 2662 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2663 * 2664 */ 2665 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2666 union sctp_addr *laddr, 2667 struct sockaddr *addrs, 2668 int addrcnt, 2669 __be16 flags) 2670 { 2671 sctp_addip_param_t param; 2672 struct sctp_chunk *retval; 2673 union sctp_addr_param addr_param; 2674 union sctp_addr *addr; 2675 void *addr_buf; 2676 struct sctp_af *af; 2677 int paramlen = sizeof(param); 2678 int addr_param_len = 0; 2679 int totallen = 0; 2680 int i; 2681 2682 /* Get total length of all the address parameters. */ 2683 addr_buf = addrs; 2684 for (i = 0; i < addrcnt; i++) { 2685 addr = (union sctp_addr *)addr_buf; 2686 af = sctp_get_af_specific(addr->v4.sin_family); 2687 addr_param_len = af->to_addr_param(addr, &addr_param); 2688 2689 totallen += paramlen; 2690 totallen += addr_param_len; 2691 2692 addr_buf += af->sockaddr_len; 2693 } 2694 2695 /* Create an asconf chunk with the required length. */ 2696 retval = sctp_make_asconf(asoc, laddr, totallen); 2697 if (!retval) 2698 return NULL; 2699 2700 /* Add the address parameters to the asconf chunk. */ 2701 addr_buf = addrs; 2702 for (i = 0; i < addrcnt; i++) { 2703 addr = (union sctp_addr *)addr_buf; 2704 af = sctp_get_af_specific(addr->v4.sin_family); 2705 addr_param_len = af->to_addr_param(addr, &addr_param); 2706 param.param_hdr.type = flags; 2707 param.param_hdr.length = htons(paramlen + addr_param_len); 2708 param.crr_id = i; 2709 2710 sctp_addto_chunk(retval, paramlen, ¶m); 2711 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2712 2713 addr_buf += af->sockaddr_len; 2714 } 2715 return retval; 2716 } 2717 2718 /* ADDIP 2719 * 3.2.4 Set Primary IP Address 2720 * 0 1 2 3 2721 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2722 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2723 * | Type =0xC004 | Length = Variable | 2724 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2725 * | ASCONF-Request Correlation ID | 2726 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2727 * | Address Parameter | 2728 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2729 * 2730 * Create an ASCONF chunk with Set Primary IP address parameter. 2731 */ 2732 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2733 union sctp_addr *addr) 2734 { 2735 sctp_addip_param_t param; 2736 struct sctp_chunk *retval; 2737 int len = sizeof(param); 2738 union sctp_addr_param addrparam; 2739 int addrlen; 2740 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2741 2742 addrlen = af->to_addr_param(addr, &addrparam); 2743 if (!addrlen) 2744 return NULL; 2745 len += addrlen; 2746 2747 /* Create the chunk and make asconf header. */ 2748 retval = sctp_make_asconf(asoc, addr, len); 2749 if (!retval) 2750 return NULL; 2751 2752 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2753 param.param_hdr.length = htons(len); 2754 param.crr_id = 0; 2755 2756 sctp_addto_chunk(retval, sizeof(param), ¶m); 2757 sctp_addto_chunk(retval, addrlen, &addrparam); 2758 2759 return retval; 2760 } 2761 2762 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2763 * 0 1 2 3 2764 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2765 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2766 * | Type = 0x80 | Chunk Flags | Chunk Length | 2767 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2768 * | Serial Number | 2769 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2770 * | ASCONF Parameter Response#1 | 2771 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2772 * \ \ 2773 * / .... / 2774 * \ \ 2775 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2776 * | ASCONF Parameter Response#N | 2777 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2778 * 2779 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2780 */ 2781 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2782 __u32 serial, int vparam_len) 2783 { 2784 sctp_addiphdr_t asconf; 2785 struct sctp_chunk *retval; 2786 int length = sizeof(asconf) + vparam_len; 2787 2788 /* Create the chunk. */ 2789 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2790 if (!retval) 2791 return NULL; 2792 2793 asconf.serial = htonl(serial); 2794 2795 retval->subh.addip_hdr = 2796 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2797 2798 return retval; 2799 } 2800 2801 /* Add response parameters to an ASCONF_ACK chunk. */ 2802 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2803 __be16 err_code, sctp_addip_param_t *asconf_param) 2804 { 2805 sctp_addip_param_t ack_param; 2806 sctp_errhdr_t err_param; 2807 int asconf_param_len = 0; 2808 int err_param_len = 0; 2809 __be16 response_type; 2810 2811 if (SCTP_ERROR_NO_ERROR == err_code) { 2812 response_type = SCTP_PARAM_SUCCESS_REPORT; 2813 } else { 2814 response_type = SCTP_PARAM_ERR_CAUSE; 2815 err_param_len = sizeof(err_param); 2816 if (asconf_param) 2817 asconf_param_len = 2818 ntohs(asconf_param->param_hdr.length); 2819 } 2820 2821 /* Add Success Indication or Error Cause Indication parameter. */ 2822 ack_param.param_hdr.type = response_type; 2823 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2824 err_param_len + 2825 asconf_param_len); 2826 ack_param.crr_id = crr_id; 2827 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2828 2829 if (SCTP_ERROR_NO_ERROR == err_code) 2830 return; 2831 2832 /* Add Error Cause parameter. */ 2833 err_param.cause = err_code; 2834 err_param.length = htons(err_param_len + asconf_param_len); 2835 sctp_addto_chunk(chunk, err_param_len, &err_param); 2836 2837 /* Add the failed TLV copied from ASCONF chunk. */ 2838 if (asconf_param) 2839 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2840 } 2841 2842 /* Process a asconf parameter. */ 2843 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2844 struct sctp_chunk *asconf, 2845 sctp_addip_param_t *asconf_param) 2846 { 2847 struct sctp_transport *peer; 2848 struct sctp_af *af; 2849 union sctp_addr addr; 2850 union sctp_addr_param *addr_param; 2851 2852 addr_param = (union sctp_addr_param *) 2853 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2854 2855 switch (addr_param->v4.param_hdr.type) { 2856 case SCTP_PARAM_IPV6_ADDRESS: 2857 if (!asoc->peer.ipv6_address) 2858 return SCTP_ERROR_INV_PARAM; 2859 break; 2860 case SCTP_PARAM_IPV4_ADDRESS: 2861 if (!asoc->peer.ipv4_address) 2862 return SCTP_ERROR_INV_PARAM; 2863 break; 2864 default: 2865 return SCTP_ERROR_INV_PARAM; 2866 } 2867 2868 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2869 if (unlikely(!af)) 2870 return SCTP_ERROR_INV_PARAM; 2871 2872 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2873 2874 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 2875 * or multicast address. 2876 * (note: wildcard is permitted and requires special handling so 2877 * make sure we check for that) 2878 */ 2879 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 2880 return SCTP_ERROR_INV_PARAM; 2881 2882 switch (asconf_param->param_hdr.type) { 2883 case SCTP_PARAM_ADD_IP: 2884 /* Section 4.2.1: 2885 * If the address 0.0.0.0 or ::0 is provided, the source 2886 * address of the packet MUST be added. 2887 */ 2888 if (af->is_any(&addr)) 2889 memcpy(&addr, &asconf->source, sizeof(addr)); 2890 2891 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2892 * request and does not have the local resources to add this 2893 * new address to the association, it MUST return an Error 2894 * Cause TLV set to the new error code 'Operation Refused 2895 * Due to Resource Shortage'. 2896 */ 2897 2898 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2899 if (!peer) 2900 return SCTP_ERROR_RSRC_LOW; 2901 2902 /* Start the heartbeat timer. */ 2903 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2904 sctp_transport_hold(peer); 2905 break; 2906 case SCTP_PARAM_DEL_IP: 2907 /* ADDIP 4.3 D7) If a request is received to delete the 2908 * last remaining IP address of a peer endpoint, the receiver 2909 * MUST send an Error Cause TLV with the error cause set to the 2910 * new error code 'Request to Delete Last Remaining IP Address'. 2911 */ 2912 if (asoc->peer.transport_count == 1) 2913 return SCTP_ERROR_DEL_LAST_IP; 2914 2915 /* ADDIP 4.3 D8) If a request is received to delete an IP 2916 * address which is also the source address of the IP packet 2917 * which contained the ASCONF chunk, the receiver MUST reject 2918 * this request. To reject the request the receiver MUST send 2919 * an Error Cause TLV set to the new error code 'Request to 2920 * Delete Source IP Address' 2921 */ 2922 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2923 return SCTP_ERROR_DEL_SRC_IP; 2924 2925 /* Section 4.2.2 2926 * If the address 0.0.0.0 or ::0 is provided, all 2927 * addresses of the peer except the source address of the 2928 * packet MUST be deleted. 2929 */ 2930 if (af->is_any(&addr)) { 2931 sctp_assoc_set_primary(asoc, asconf->transport); 2932 sctp_assoc_del_nonprimary_peers(asoc, 2933 asconf->transport); 2934 } else 2935 sctp_assoc_del_peer(asoc, &addr); 2936 break; 2937 case SCTP_PARAM_SET_PRIMARY: 2938 /* ADDIP Section 4.2.4 2939 * If the address 0.0.0.0 or ::0 is provided, the receiver 2940 * MAY mark the source address of the packet as its 2941 * primary. 2942 */ 2943 if (af->is_any(&addr)) 2944 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 2945 2946 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2947 if (!peer) 2948 return SCTP_ERROR_INV_PARAM; 2949 2950 sctp_assoc_set_primary(asoc, peer); 2951 break; 2952 default: 2953 return SCTP_ERROR_INV_PARAM; 2954 break; 2955 } 2956 2957 return SCTP_ERROR_NO_ERROR; 2958 } 2959 2960 /* Verify the ASCONF packet before we process it. */ 2961 int sctp_verify_asconf(const struct sctp_association *asoc, 2962 struct sctp_paramhdr *param_hdr, void *chunk_end, 2963 struct sctp_paramhdr **errp) { 2964 sctp_addip_param_t *asconf_param; 2965 union sctp_params param; 2966 int length, plen; 2967 2968 param.v = (sctp_paramhdr_t *) param_hdr; 2969 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 2970 length = ntohs(param.p->length); 2971 *errp = param.p; 2972 2973 if (param.v > chunk_end - length || 2974 length < sizeof(sctp_paramhdr_t)) 2975 return 0; 2976 2977 switch (param.p->type) { 2978 case SCTP_PARAM_ADD_IP: 2979 case SCTP_PARAM_DEL_IP: 2980 case SCTP_PARAM_SET_PRIMARY: 2981 asconf_param = (sctp_addip_param_t *)param.v; 2982 plen = ntohs(asconf_param->param_hdr.length); 2983 if (plen < sizeof(sctp_addip_param_t) + 2984 sizeof(sctp_paramhdr_t)) 2985 return 0; 2986 break; 2987 case SCTP_PARAM_SUCCESS_REPORT: 2988 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2989 if (length != sizeof(sctp_addip_param_t)) 2990 return 0; 2991 2992 break; 2993 default: 2994 break; 2995 } 2996 2997 param.v += WORD_ROUND(length); 2998 } 2999 3000 if (param.v != chunk_end) 3001 return 0; 3002 3003 return 1; 3004 } 3005 3006 /* Process an incoming ASCONF chunk with the next expected serial no. and 3007 * return an ASCONF_ACK chunk to be sent in response. 3008 */ 3009 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3010 struct sctp_chunk *asconf) 3011 { 3012 sctp_addiphdr_t *hdr; 3013 union sctp_addr_param *addr_param; 3014 sctp_addip_param_t *asconf_param; 3015 struct sctp_chunk *asconf_ack; 3016 3017 __be16 err_code; 3018 int length = 0; 3019 int chunk_len; 3020 __u32 serial; 3021 int all_param_pass = 1; 3022 3023 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3024 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3025 serial = ntohl(hdr->serial); 3026 3027 /* Skip the addiphdr and store a pointer to address parameter. */ 3028 length = sizeof(sctp_addiphdr_t); 3029 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3030 chunk_len -= length; 3031 3032 /* Skip the address parameter and store a pointer to the first 3033 * asconf parameter. 3034 */ 3035 length = ntohs(addr_param->v4.param_hdr.length); 3036 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3037 chunk_len -= length; 3038 3039 /* create an ASCONF_ACK chunk. 3040 * Based on the definitions of parameters, we know that the size of 3041 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 3042 * parameters. 3043 */ 3044 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 3045 if (!asconf_ack) 3046 goto done; 3047 3048 /* Process the TLVs contained within the ASCONF chunk. */ 3049 while (chunk_len > 0) { 3050 err_code = sctp_process_asconf_param(asoc, asconf, 3051 asconf_param); 3052 /* ADDIP 4.1 A7) 3053 * If an error response is received for a TLV parameter, 3054 * all TLVs with no response before the failed TLV are 3055 * considered successful if not reported. All TLVs after 3056 * the failed response are considered unsuccessful unless 3057 * a specific success indication is present for the parameter. 3058 */ 3059 if (SCTP_ERROR_NO_ERROR != err_code) 3060 all_param_pass = 0; 3061 3062 if (!all_param_pass) 3063 sctp_add_asconf_response(asconf_ack, 3064 asconf_param->crr_id, err_code, 3065 asconf_param); 3066 3067 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3068 * an IP address sends an 'Out of Resource' in its response, it 3069 * MUST also fail any subsequent add or delete requests bundled 3070 * in the ASCONF. 3071 */ 3072 if (SCTP_ERROR_RSRC_LOW == err_code) 3073 goto done; 3074 3075 /* Move to the next ASCONF param. */ 3076 length = ntohs(asconf_param->param_hdr.length); 3077 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3078 length); 3079 chunk_len -= length; 3080 } 3081 3082 done: 3083 asoc->peer.addip_serial++; 3084 3085 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3086 * after freeing the reference to old asconf ack if any. 3087 */ 3088 if (asconf_ack) { 3089 sctp_chunk_hold(asconf_ack); 3090 list_add_tail(&asconf_ack->transmitted_list, 3091 &asoc->asconf_ack_list); 3092 } 3093 3094 return asconf_ack; 3095 } 3096 3097 /* Process a asconf parameter that is successfully acked. */ 3098 static int sctp_asconf_param_success(struct sctp_association *asoc, 3099 sctp_addip_param_t *asconf_param) 3100 { 3101 struct sctp_af *af; 3102 union sctp_addr addr; 3103 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3104 union sctp_addr_param *addr_param; 3105 struct sctp_transport *transport; 3106 struct sctp_sockaddr_entry *saddr; 3107 int retval = 0; 3108 3109 addr_param = (union sctp_addr_param *) 3110 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 3111 3112 /* We have checked the packet before, so we do not check again. */ 3113 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 3114 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3115 3116 switch (asconf_param->param_hdr.type) { 3117 case SCTP_PARAM_ADD_IP: 3118 /* This is always done in BH context with a socket lock 3119 * held, so the list can not change. 3120 */ 3121 local_bh_disable(); 3122 list_for_each_entry(saddr, &bp->address_list, list) { 3123 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3124 saddr->state = SCTP_ADDR_SRC; 3125 } 3126 local_bh_enable(); 3127 break; 3128 case SCTP_PARAM_DEL_IP: 3129 local_bh_disable(); 3130 retval = sctp_del_bind_addr(bp, &addr); 3131 local_bh_enable(); 3132 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3133 transports) { 3134 dst_release(transport->dst); 3135 sctp_transport_route(transport, NULL, 3136 sctp_sk(asoc->base.sk)); 3137 } 3138 break; 3139 default: 3140 break; 3141 } 3142 3143 return retval; 3144 } 3145 3146 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3147 * for the given asconf parameter. If there is no response for this parameter, 3148 * return the error code based on the third argument 'no_err'. 3149 * ADDIP 4.1 3150 * A7) If an error response is received for a TLV parameter, all TLVs with no 3151 * response before the failed TLV are considered successful if not reported. 3152 * All TLVs after the failed response are considered unsuccessful unless a 3153 * specific success indication is present for the parameter. 3154 */ 3155 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3156 sctp_addip_param_t *asconf_param, 3157 int no_err) 3158 { 3159 sctp_addip_param_t *asconf_ack_param; 3160 sctp_errhdr_t *err_param; 3161 int length; 3162 int asconf_ack_len; 3163 __be16 err_code; 3164 3165 if (no_err) 3166 err_code = SCTP_ERROR_NO_ERROR; 3167 else 3168 err_code = SCTP_ERROR_REQ_REFUSED; 3169 3170 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3171 sizeof(sctp_chunkhdr_t); 3172 3173 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3174 * the first asconf_ack parameter. 3175 */ 3176 length = sizeof(sctp_addiphdr_t); 3177 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3178 length); 3179 asconf_ack_len -= length; 3180 3181 while (asconf_ack_len > 0) { 3182 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3183 switch(asconf_ack_param->param_hdr.type) { 3184 case SCTP_PARAM_SUCCESS_REPORT: 3185 return SCTP_ERROR_NO_ERROR; 3186 case SCTP_PARAM_ERR_CAUSE: 3187 length = sizeof(sctp_addip_param_t); 3188 err_param = (sctp_errhdr_t *) 3189 ((void *)asconf_ack_param + length); 3190 asconf_ack_len -= length; 3191 if (asconf_ack_len > 0) 3192 return err_param->cause; 3193 else 3194 return SCTP_ERROR_INV_PARAM; 3195 break; 3196 default: 3197 return SCTP_ERROR_INV_PARAM; 3198 } 3199 } 3200 3201 length = ntohs(asconf_ack_param->param_hdr.length); 3202 asconf_ack_param = (sctp_addip_param_t *) 3203 ((void *)asconf_ack_param + length); 3204 asconf_ack_len -= length; 3205 } 3206 3207 return err_code; 3208 } 3209 3210 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3211 int sctp_process_asconf_ack(struct sctp_association *asoc, 3212 struct sctp_chunk *asconf_ack) 3213 { 3214 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3215 union sctp_addr_param *addr_param; 3216 sctp_addip_param_t *asconf_param; 3217 int length = 0; 3218 int asconf_len = asconf->skb->len; 3219 int all_param_pass = 0; 3220 int no_err = 1; 3221 int retval = 0; 3222 __be16 err_code = SCTP_ERROR_NO_ERROR; 3223 3224 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3225 * a pointer to address parameter. 3226 */ 3227 length = sizeof(sctp_addip_chunk_t); 3228 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3229 asconf_len -= length; 3230 3231 /* Skip the address parameter in the last asconf sent and store a 3232 * pointer to the first asconf parameter. 3233 */ 3234 length = ntohs(addr_param->v4.param_hdr.length); 3235 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3236 asconf_len -= length; 3237 3238 /* ADDIP 4.1 3239 * A8) If there is no response(s) to specific TLV parameter(s), and no 3240 * failures are indicated, then all request(s) are considered 3241 * successful. 3242 */ 3243 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3244 all_param_pass = 1; 3245 3246 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3247 while (asconf_len > 0) { 3248 if (all_param_pass) 3249 err_code = SCTP_ERROR_NO_ERROR; 3250 else { 3251 err_code = sctp_get_asconf_response(asconf_ack, 3252 asconf_param, 3253 no_err); 3254 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3255 no_err = 0; 3256 } 3257 3258 switch (err_code) { 3259 case SCTP_ERROR_NO_ERROR: 3260 retval = sctp_asconf_param_success(asoc, asconf_param); 3261 break; 3262 3263 case SCTP_ERROR_RSRC_LOW: 3264 retval = 1; 3265 break; 3266 3267 case SCTP_ERROR_INV_PARAM: 3268 /* Disable sending this type of asconf parameter in 3269 * future. 3270 */ 3271 asoc->peer.addip_disabled_mask |= 3272 asconf_param->param_hdr.type; 3273 break; 3274 3275 case SCTP_ERROR_REQ_REFUSED: 3276 case SCTP_ERROR_DEL_LAST_IP: 3277 case SCTP_ERROR_DEL_SRC_IP: 3278 default: 3279 break; 3280 } 3281 3282 /* Skip the processed asconf parameter and move to the next 3283 * one. 3284 */ 3285 length = ntohs(asconf_param->param_hdr.length); 3286 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3287 length); 3288 asconf_len -= length; 3289 } 3290 3291 /* Free the cached last sent asconf chunk. */ 3292 list_del_init(&asconf->transmitted_list); 3293 sctp_chunk_free(asconf); 3294 asoc->addip_last_asconf = NULL; 3295 3296 /* Send the next asconf chunk from the addip chunk queue. */ 3297 if (!list_empty(&asoc->addip_chunk_list)) { 3298 struct list_head *entry = asoc->addip_chunk_list.next; 3299 asconf = list_entry(entry, struct sctp_chunk, list); 3300 3301 list_del_init(entry); 3302 3303 /* Hold the chunk until an ASCONF_ACK is received. */ 3304 sctp_chunk_hold(asconf); 3305 if (sctp_primitive_ASCONF(asoc, asconf)) 3306 sctp_chunk_free(asconf); 3307 else 3308 asoc->addip_last_asconf = asconf; 3309 } 3310 3311 return retval; 3312 } 3313 3314 /* Make a FWD TSN chunk. */ 3315 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3316 __u32 new_cum_tsn, size_t nstreams, 3317 struct sctp_fwdtsn_skip *skiplist) 3318 { 3319 struct sctp_chunk *retval = NULL; 3320 struct sctp_fwdtsn_chunk *ftsn_chunk; 3321 struct sctp_fwdtsn_hdr ftsn_hdr; 3322 struct sctp_fwdtsn_skip skip; 3323 size_t hint; 3324 int i; 3325 3326 hint = (nstreams + 1) * sizeof(__u32); 3327 3328 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3329 3330 if (!retval) 3331 return NULL; 3332 3333 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 3334 3335 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3336 retval->subh.fwdtsn_hdr = 3337 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3338 3339 for (i = 0; i < nstreams; i++) { 3340 skip.stream = skiplist[i].stream; 3341 skip.ssn = skiplist[i].ssn; 3342 sctp_addto_chunk(retval, sizeof(skip), &skip); 3343 } 3344 3345 return retval; 3346 } 3347