1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern kmem_cache_t *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 int gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 int gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __u16 types[2]; 187 sctp_adaption_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaption_ind = htonl(sp->adaption_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 if (addrs.v) 258 kfree(addrs.v); 259 return retval; 260 } 261 262 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 263 const struct sctp_chunk *chunk, 264 int gfp, int unkparam_len) 265 { 266 sctp_inithdr_t initack; 267 struct sctp_chunk *retval; 268 union sctp_params addrs; 269 int addrs_len; 270 sctp_cookie_param_t *cookie; 271 int cookie_len; 272 size_t chunksize; 273 sctp_adaption_ind_param_t aiparam; 274 275 retval = NULL; 276 277 /* Note: there may be no addresses to embed. */ 278 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 279 280 initack.init_tag = htonl(asoc->c.my_vtag); 281 initack.a_rwnd = htonl(asoc->rwnd); 282 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 283 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 284 initack.initial_tsn = htonl(asoc->c.initial_tsn); 285 286 /* FIXME: We really ought to build the cookie right 287 * into the packet instead of allocating more fresh memory. 288 */ 289 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 290 addrs.v, addrs_len); 291 if (!cookie) 292 goto nomem_cookie; 293 294 /* Calculate the total size of allocation, include the reserved 295 * space for reporting unknown parameters if it is specified. 296 */ 297 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 298 299 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 300 if (asoc->peer.ecn_capable) 301 chunksize += sizeof(ecap_param); 302 303 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 304 if (asoc->peer.prsctp_capable) 305 chunksize += sizeof(prsctp_param); 306 307 chunksize += sizeof(aiparam); 308 309 /* Now allocate and fill out the chunk. */ 310 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 311 if (!retval) 312 goto nomem_chunk; 313 314 /* Per the advice in RFC 2960 6.4, send this reply to 315 * the source of the INIT packet. 316 */ 317 retval->transport = chunk->transport; 318 retval->subh.init_hdr = 319 sctp_addto_chunk(retval, sizeof(initack), &initack); 320 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 321 sctp_addto_chunk(retval, cookie_len, cookie); 322 if (asoc->peer.ecn_capable) 323 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 324 if (asoc->peer.prsctp_capable) 325 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 326 327 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 328 aiparam.param_hdr.length = htons(sizeof(aiparam)); 329 aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind); 330 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 331 332 /* We need to remove the const qualifier at this point. */ 333 retval->asoc = (struct sctp_association *) asoc; 334 335 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 336 * 337 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 338 * HEARTBEAT ACK, * etc.) to the same destination transport 339 * address from which it received the DATA or control chunk 340 * to which it is replying. 341 * 342 * [INIT ACK back to where the INIT came from.] 343 */ 344 if (chunk) 345 retval->transport = chunk->transport; 346 347 nomem_chunk: 348 kfree(cookie); 349 nomem_cookie: 350 if (addrs.v) 351 kfree(addrs.v); 352 return retval; 353 } 354 355 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 356 * 357 * This chunk is used only during the initialization of an association. 358 * It is sent by the initiator of an association to its peer to complete 359 * the initialization process. This chunk MUST precede any DATA chunk 360 * sent within the association, but MAY be bundled with one or more DATA 361 * chunks in the same packet. 362 * 363 * 0 1 2 3 364 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * | Type = 10 |Chunk Flags | Length | 367 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 368 * / Cookie / 369 * \ \ 370 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 * 372 * Chunk Flags: 8 bit 373 * 374 * Set to zero on transmit and ignored on receipt. 375 * 376 * Length: 16 bits (unsigned integer) 377 * 378 * Set to the size of the chunk in bytes, including the 4 bytes of 379 * the chunk header and the size of the Cookie. 380 * 381 * Cookie: variable size 382 * 383 * This field must contain the exact cookie received in the 384 * State Cookie parameter from the previous INIT ACK. 385 * 386 * An implementation SHOULD make the cookie as small as possible 387 * to insure interoperability. 388 */ 389 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 390 const struct sctp_chunk *chunk) 391 { 392 struct sctp_chunk *retval; 393 void *cookie; 394 int cookie_len; 395 396 cookie = asoc->peer.cookie; 397 cookie_len = asoc->peer.cookie_len; 398 399 /* Build a cookie echo chunk. */ 400 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 401 if (!retval) 402 goto nodata; 403 retval->subh.cookie_hdr = 404 sctp_addto_chunk(retval, cookie_len, cookie); 405 406 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 407 * 408 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 409 * HEARTBEAT ACK, * etc.) to the same destination transport 410 * address from which it * received the DATA or control chunk 411 * to which it is replying. 412 * 413 * [COOKIE ECHO back to where the INIT ACK came from.] 414 */ 415 if (chunk) 416 retval->transport = chunk->transport; 417 418 nodata: 419 return retval; 420 } 421 422 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 423 * 424 * This chunk is used only during the initialization of an 425 * association. It is used to acknowledge the receipt of a COOKIE 426 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 427 * within the association, but MAY be bundled with one or more DATA 428 * chunks or SACK chunk in the same SCTP packet. 429 * 430 * 0 1 2 3 431 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * | Type = 11 |Chunk Flags | Length = 4 | 434 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 * 436 * Chunk Flags: 8 bits 437 * 438 * Set to zero on transmit and ignored on receipt. 439 */ 440 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 441 const struct sctp_chunk *chunk) 442 { 443 struct sctp_chunk *retval; 444 445 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 446 447 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 448 * 449 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 450 * HEARTBEAT ACK, * etc.) to the same destination transport 451 * address from which it * received the DATA or control chunk 452 * to which it is replying. 453 * 454 * [COOKIE ACK back to where the COOKIE ECHO came from.] 455 */ 456 if (retval && chunk) 457 retval->transport = chunk->transport; 458 459 return retval; 460 } 461 462 /* 463 * Appendix A: Explicit Congestion Notification: 464 * CWR: 465 * 466 * RFC 2481 details a specific bit for a sender to send in the header of 467 * its next outbound TCP segment to indicate to its peer that it has 468 * reduced its congestion window. This is termed the CWR bit. For 469 * SCTP the same indication is made by including the CWR chunk. 470 * This chunk contains one data element, i.e. the TSN number that 471 * was sent in the ECNE chunk. This element represents the lowest 472 * TSN number in the datagram that was originally marked with the 473 * CE bit. 474 * 475 * 0 1 2 3 476 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * | Lowest TSN Number | 481 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 * 483 * Note: The CWR is considered a Control chunk. 484 */ 485 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 486 const __u32 lowest_tsn, 487 const struct sctp_chunk *chunk) 488 { 489 struct sctp_chunk *retval; 490 sctp_cwrhdr_t cwr; 491 492 cwr.lowest_tsn = htonl(lowest_tsn); 493 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 494 sizeof(sctp_cwrhdr_t)); 495 496 if (!retval) 497 goto nodata; 498 499 retval->subh.ecn_cwr_hdr = 500 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 501 502 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 503 * 504 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 505 * HEARTBEAT ACK, * etc.) to the same destination transport 506 * address from which it * received the DATA or control chunk 507 * to which it is replying. 508 * 509 * [Report a reduced congestion window back to where the ECNE 510 * came from.] 511 */ 512 if (chunk) 513 retval->transport = chunk->transport; 514 515 nodata: 516 return retval; 517 } 518 519 /* Make an ECNE chunk. This is a congestion experienced report. */ 520 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 521 const __u32 lowest_tsn) 522 { 523 struct sctp_chunk *retval; 524 sctp_ecnehdr_t ecne; 525 526 ecne.lowest_tsn = htonl(lowest_tsn); 527 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 528 sizeof(sctp_ecnehdr_t)); 529 if (!retval) 530 goto nodata; 531 retval->subh.ecne_hdr = 532 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 533 534 nodata: 535 return retval; 536 } 537 538 /* Make a DATA chunk for the given association from the provided 539 * parameters. However, do not populate the data payload. 540 */ 541 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 542 const struct sctp_sndrcvinfo *sinfo, 543 int data_len, __u8 flags, __u16 ssn) 544 { 545 struct sctp_chunk *retval; 546 struct sctp_datahdr dp; 547 int chunk_len; 548 549 /* We assign the TSN as LATE as possible, not here when 550 * creating the chunk. 551 */ 552 dp.tsn = 0; 553 dp.stream = htons(sinfo->sinfo_stream); 554 dp.ppid = sinfo->sinfo_ppid; 555 556 /* Set the flags for an unordered send. */ 557 if (sinfo->sinfo_flags & MSG_UNORDERED) { 558 flags |= SCTP_DATA_UNORDERED; 559 dp.ssn = 0; 560 } else 561 dp.ssn = htons(ssn); 562 563 chunk_len = sizeof(dp) + data_len; 564 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 565 if (!retval) 566 goto nodata; 567 568 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 569 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 570 571 nodata: 572 return retval; 573 } 574 575 /* Create a selective ackowledgement (SACK) for the given 576 * association. This reports on which TSN's we've seen to date, 577 * including duplicates and gaps. 578 */ 579 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 580 { 581 struct sctp_chunk *retval; 582 struct sctp_sackhdr sack; 583 int len; 584 __u32 ctsn; 585 __u16 num_gabs, num_dup_tsns; 586 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 587 588 ctsn = sctp_tsnmap_get_ctsn(map); 589 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 590 591 /* How much room is needed in the chunk? */ 592 num_gabs = sctp_tsnmap_num_gabs(map); 593 num_dup_tsns = sctp_tsnmap_num_dups(map); 594 595 /* Initialize the SACK header. */ 596 sack.cum_tsn_ack = htonl(ctsn); 597 sack.a_rwnd = htonl(asoc->a_rwnd); 598 sack.num_gap_ack_blocks = htons(num_gabs); 599 sack.num_dup_tsns = htons(num_dup_tsns); 600 601 len = sizeof(sack) 602 + sizeof(struct sctp_gap_ack_block) * num_gabs 603 + sizeof(__u32) * num_dup_tsns; 604 605 /* Create the chunk. */ 606 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 607 if (!retval) 608 goto nodata; 609 610 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 611 * 612 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 613 * HEARTBEAT ACK, etc.) to the same destination transport 614 * address from which it received the DATA or control chunk to 615 * which it is replying. This rule should also be followed if 616 * the endpoint is bundling DATA chunks together with the 617 * reply chunk. 618 * 619 * However, when acknowledging multiple DATA chunks received 620 * in packets from different source addresses in a single 621 * SACK, the SACK chunk may be transmitted to one of the 622 * destination transport addresses from which the DATA or 623 * control chunks being acknowledged were received. 624 * 625 * [BUG: We do not implement the following paragraph. 626 * Perhaps we should remember the last transport we used for a 627 * SACK and avoid that (if possible) if we have seen any 628 * duplicates. --piggy] 629 * 630 * When a receiver of a duplicate DATA chunk sends a SACK to a 631 * multi- homed endpoint it MAY be beneficial to vary the 632 * destination address and not use the source address of the 633 * DATA chunk. The reason being that receiving a duplicate 634 * from a multi-homed endpoint might indicate that the return 635 * path (as specified in the source address of the DATA chunk) 636 * for the SACK is broken. 637 * 638 * [Send to the address from which we last received a DATA chunk.] 639 */ 640 retval->transport = asoc->peer.last_data_from; 641 642 retval->subh.sack_hdr = 643 sctp_addto_chunk(retval, sizeof(sack), &sack); 644 645 /* Add the gap ack block information. */ 646 if (num_gabs) 647 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 648 sctp_tsnmap_get_gabs(map)); 649 650 /* Add the duplicate TSN information. */ 651 if (num_dup_tsns) 652 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 653 sctp_tsnmap_get_dups(map)); 654 655 nodata: 656 return retval; 657 } 658 659 /* Make a SHUTDOWN chunk. */ 660 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 661 const struct sctp_chunk *chunk) 662 { 663 struct sctp_chunk *retval; 664 sctp_shutdownhdr_t shut; 665 __u32 ctsn; 666 667 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 668 shut.cum_tsn_ack = htonl(ctsn); 669 670 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 671 sizeof(sctp_shutdownhdr_t)); 672 if (!retval) 673 goto nodata; 674 675 retval->subh.shutdown_hdr = 676 sctp_addto_chunk(retval, sizeof(shut), &shut); 677 678 if (chunk) 679 retval->transport = chunk->transport; 680 nodata: 681 return retval; 682 } 683 684 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 685 const struct sctp_chunk *chunk) 686 { 687 struct sctp_chunk *retval; 688 689 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 690 691 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 692 * 693 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 694 * HEARTBEAT ACK, * etc.) to the same destination transport 695 * address from which it * received the DATA or control chunk 696 * to which it is replying. 697 * 698 * [ACK back to where the SHUTDOWN came from.] 699 */ 700 if (retval && chunk) 701 retval->transport = chunk->transport; 702 703 return retval; 704 } 705 706 struct sctp_chunk *sctp_make_shutdown_complete( 707 const struct sctp_association *asoc, 708 const struct sctp_chunk *chunk) 709 { 710 struct sctp_chunk *retval; 711 __u8 flags = 0; 712 713 /* Set the T-bit if we have no association (vtag will be 714 * reflected) 715 */ 716 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 717 718 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 719 720 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 721 * 722 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 723 * HEARTBEAT ACK, * etc.) to the same destination transport 724 * address from which it * received the DATA or control chunk 725 * to which it is replying. 726 * 727 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 728 * came from.] 729 */ 730 if (retval && chunk) 731 retval->transport = chunk->transport; 732 733 return retval; 734 } 735 736 /* Create an ABORT. Note that we set the T bit if we have no 737 * association, except when responding to an INIT (sctpimpguide 2.41). 738 */ 739 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 740 const struct sctp_chunk *chunk, 741 const size_t hint) 742 { 743 struct sctp_chunk *retval; 744 __u8 flags = 0; 745 746 /* Set the T-bit if we have no association and 'chunk' is not 747 * an INIT (vtag will be reflected). 748 */ 749 if (!asoc) { 750 if (chunk && chunk->chunk_hdr && 751 chunk->chunk_hdr->type == SCTP_CID_INIT) 752 flags = 0; 753 else 754 flags = SCTP_CHUNK_FLAG_T; 755 } 756 757 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 758 759 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 760 * 761 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 762 * HEARTBEAT ACK, * etc.) to the same destination transport 763 * address from which it * received the DATA or control chunk 764 * to which it is replying. 765 * 766 * [ABORT back to where the offender came from.] 767 */ 768 if (retval && chunk) 769 retval->transport = chunk->transport; 770 771 return retval; 772 } 773 774 /* Helper to create ABORT with a NO_USER_DATA error. */ 775 struct sctp_chunk *sctp_make_abort_no_data( 776 const struct sctp_association *asoc, 777 const struct sctp_chunk *chunk, __u32 tsn) 778 { 779 struct sctp_chunk *retval; 780 __u32 payload; 781 782 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 783 + sizeof(tsn)); 784 785 if (!retval) 786 goto no_mem; 787 788 /* Put the tsn back into network byte order. */ 789 payload = htonl(tsn); 790 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 791 sizeof(payload)); 792 793 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 794 * 795 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 796 * HEARTBEAT ACK, * etc.) to the same destination transport 797 * address from which it * received the DATA or control chunk 798 * to which it is replying. 799 * 800 * [ABORT back to where the offender came from.] 801 */ 802 if (chunk) 803 retval->transport = chunk->transport; 804 805 no_mem: 806 return retval; 807 } 808 809 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 810 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 811 const struct sctp_chunk *chunk, 812 const struct msghdr *msg) 813 { 814 struct sctp_chunk *retval; 815 void *payload = NULL, *payoff; 816 size_t paylen = 0; 817 struct iovec *iov = NULL; 818 int iovlen = 0; 819 820 if (msg) { 821 iov = msg->msg_iov; 822 iovlen = msg->msg_iovlen; 823 paylen = get_user_iov_size(iov, iovlen); 824 } 825 826 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen); 827 if (!retval) 828 goto err_chunk; 829 830 if (paylen) { 831 /* Put the msg_iov together into payload. */ 832 payload = kmalloc(paylen, GFP_ATOMIC); 833 if (!payload) 834 goto err_payload; 835 payoff = payload; 836 837 for (; iovlen > 0; --iovlen) { 838 if (copy_from_user(payoff, iov->iov_base,iov->iov_len)) 839 goto err_copy; 840 payoff += iov->iov_len; 841 iov++; 842 } 843 } 844 845 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 846 847 if (paylen) 848 kfree(payload); 849 850 return retval; 851 852 err_copy: 853 kfree(payload); 854 err_payload: 855 sctp_chunk_free(retval); 856 retval = NULL; 857 err_chunk: 858 return retval; 859 } 860 861 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 862 struct sctp_chunk *sctp_make_abort_violation( 863 const struct sctp_association *asoc, 864 const struct sctp_chunk *chunk, 865 const __u8 *payload, 866 const size_t paylen) 867 { 868 struct sctp_chunk *retval; 869 struct sctp_paramhdr phdr; 870 871 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 872 + sizeof(sctp_chunkhdr_t)); 873 if (!retval) 874 goto end; 875 876 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 877 878 phdr.type = htons(chunk->chunk_hdr->type); 879 phdr.length = chunk->chunk_hdr->length; 880 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 881 882 end: 883 return retval; 884 } 885 886 /* Make a HEARTBEAT chunk. */ 887 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 888 const struct sctp_transport *transport, 889 const void *payload, const size_t paylen) 890 { 891 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 892 0, paylen); 893 894 if (!retval) 895 goto nodata; 896 897 /* Cast away the 'const', as this is just telling the chunk 898 * what transport it belongs to. 899 */ 900 retval->transport = (struct sctp_transport *) transport; 901 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 902 903 nodata: 904 return retval; 905 } 906 907 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 908 const struct sctp_chunk *chunk, 909 const void *payload, const size_t paylen) 910 { 911 struct sctp_chunk *retval; 912 913 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 914 if (!retval) 915 goto nodata; 916 917 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 918 919 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 920 * 921 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 922 * HEARTBEAT ACK, * etc.) to the same destination transport 923 * address from which it * received the DATA or control chunk 924 * to which it is replying. 925 * 926 * [HBACK back to where the HEARTBEAT came from.] 927 */ 928 if (chunk) 929 retval->transport = chunk->transport; 930 931 nodata: 932 return retval; 933 } 934 935 /* Create an Operation Error chunk with the specified space reserved. 936 * This routine can be used for containing multiple causes in the chunk. 937 */ 938 static struct sctp_chunk *sctp_make_op_error_space( 939 const struct sctp_association *asoc, 940 const struct sctp_chunk *chunk, 941 size_t size) 942 { 943 struct sctp_chunk *retval; 944 945 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 946 sizeof(sctp_errhdr_t) + size); 947 if (!retval) 948 goto nodata; 949 950 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 951 * 952 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 953 * HEARTBEAT ACK, etc.) to the same destination transport 954 * address from which it received the DATA or control chunk 955 * to which it is replying. 956 * 957 */ 958 if (chunk) 959 retval->transport = chunk->transport; 960 961 nodata: 962 return retval; 963 } 964 965 /* Create an Operation Error chunk. */ 966 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 967 const struct sctp_chunk *chunk, 968 __u16 cause_code, const void *payload, 969 size_t paylen) 970 { 971 struct sctp_chunk *retval; 972 973 retval = sctp_make_op_error_space(asoc, chunk, paylen); 974 if (!retval) 975 goto nodata; 976 977 sctp_init_cause(retval, cause_code, payload, paylen); 978 979 nodata: 980 return retval; 981 } 982 983 /******************************************************************** 984 * 2nd Level Abstractions 985 ********************************************************************/ 986 987 /* Turn an skb into a chunk. 988 * FIXME: Eventually move the structure directly inside the skb->cb[]. 989 */ 990 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 991 const struct sctp_association *asoc, 992 struct sock *sk) 993 { 994 struct sctp_chunk *retval; 995 996 retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC); 997 998 if (!retval) 999 goto nodata; 1000 memset(retval, 0, sizeof(struct sctp_chunk)); 1001 1002 if (!sk) { 1003 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1004 } 1005 1006 retval->skb = skb; 1007 retval->asoc = (struct sctp_association *)asoc; 1008 retval->resent = 0; 1009 retval->has_tsn = 0; 1010 retval->has_ssn = 0; 1011 retval->rtt_in_progress = 0; 1012 retval->sent_at = 0; 1013 retval->singleton = 1; 1014 retval->end_of_packet = 0; 1015 retval->ecn_ce_done = 0; 1016 retval->pdiscard = 0; 1017 1018 /* sctpimpguide-05.txt Section 2.8.2 1019 * M1) Each time a new DATA chunk is transmitted 1020 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1021 * 'TSN.Missing.Report' count will be used to determine missing chunks 1022 * and when to fast retransmit. 1023 */ 1024 retval->tsn_missing_report = 0; 1025 retval->tsn_gap_acked = 0; 1026 retval->fast_retransmit = 0; 1027 1028 /* If this is a fragmented message, track all fragments 1029 * of the message (for SEND_FAILED). 1030 */ 1031 retval->msg = NULL; 1032 1033 /* Polish the bead hole. */ 1034 INIT_LIST_HEAD(&retval->transmitted_list); 1035 INIT_LIST_HEAD(&retval->frag_list); 1036 SCTP_DBG_OBJCNT_INC(chunk); 1037 atomic_set(&retval->refcnt, 1); 1038 1039 nodata: 1040 return retval; 1041 } 1042 1043 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1044 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1045 union sctp_addr *dest) 1046 { 1047 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1048 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1049 } 1050 1051 /* Extract the source address from a chunk. */ 1052 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1053 { 1054 /* If we have a known transport, use that. */ 1055 if (chunk->transport) { 1056 return &chunk->transport->ipaddr; 1057 } else { 1058 /* Otherwise, extract it from the IP header. */ 1059 return &chunk->source; 1060 } 1061 } 1062 1063 /* Create a new chunk, setting the type and flags headers from the 1064 * arguments, reserving enough space for a 'paylen' byte payload. 1065 */ 1066 SCTP_STATIC 1067 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1068 __u8 type, __u8 flags, int paylen) 1069 { 1070 struct sctp_chunk *retval; 1071 sctp_chunkhdr_t *chunk_hdr; 1072 struct sk_buff *skb; 1073 struct sock *sk; 1074 1075 /* No need to allocate LL here, as this is only a chunk. */ 1076 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1077 GFP_ATOMIC); 1078 if (!skb) 1079 goto nodata; 1080 1081 /* Make room for the chunk header. */ 1082 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1083 chunk_hdr->type = type; 1084 chunk_hdr->flags = flags; 1085 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1086 1087 sk = asoc ? asoc->base.sk : NULL; 1088 retval = sctp_chunkify(skb, asoc, sk); 1089 if (!retval) { 1090 kfree_skb(skb); 1091 goto nodata; 1092 } 1093 1094 retval->chunk_hdr = chunk_hdr; 1095 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1096 1097 /* Set the skb to the belonging sock for accounting. */ 1098 skb->sk = sk; 1099 1100 return retval; 1101 nodata: 1102 return NULL; 1103 } 1104 1105 1106 /* Release the memory occupied by a chunk. */ 1107 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1108 { 1109 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1110 dev_kfree_skb(chunk->skb); 1111 1112 SCTP_DBG_OBJCNT_DEC(chunk); 1113 kmem_cache_free(sctp_chunk_cachep, chunk); 1114 } 1115 1116 /* Possibly, free the chunk. */ 1117 void sctp_chunk_free(struct sctp_chunk *chunk) 1118 { 1119 /* Make sure that we are not on any list. */ 1120 skb_unlink((struct sk_buff *) chunk); 1121 list_del_init(&chunk->transmitted_list); 1122 1123 /* Release our reference on the message tracker. */ 1124 if (chunk->msg) 1125 sctp_datamsg_put(chunk->msg); 1126 1127 sctp_chunk_put(chunk); 1128 } 1129 1130 /* Grab a reference to the chunk. */ 1131 void sctp_chunk_hold(struct sctp_chunk *ch) 1132 { 1133 atomic_inc(&ch->refcnt); 1134 } 1135 1136 /* Release a reference to the chunk. */ 1137 void sctp_chunk_put(struct sctp_chunk *ch) 1138 { 1139 if (atomic_dec_and_test(&ch->refcnt)) 1140 sctp_chunk_destroy(ch); 1141 } 1142 1143 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1144 * enough. 1145 */ 1146 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1147 { 1148 void *target; 1149 void *padding; 1150 int chunklen = ntohs(chunk->chunk_hdr->length); 1151 int padlen = chunklen % 4; 1152 1153 padding = skb_put(chunk->skb, padlen); 1154 target = skb_put(chunk->skb, len); 1155 1156 memset(padding, 0, padlen); 1157 memcpy(target, data, len); 1158 1159 /* Adjust the chunk length field. */ 1160 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1161 chunk->chunk_end = chunk->skb->tail; 1162 1163 return target; 1164 } 1165 1166 /* Append bytes from user space to the end of a chunk. Will panic if 1167 * chunk is not big enough. 1168 * Returns a kernel err value. 1169 */ 1170 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1171 struct iovec *data) 1172 { 1173 __u8 *target; 1174 int err = 0; 1175 1176 /* Make room in chunk for data. */ 1177 target = skb_put(chunk->skb, len); 1178 1179 /* Copy data (whole iovec) into chunk */ 1180 if ((err = memcpy_fromiovecend(target, data, off, len))) 1181 goto out; 1182 1183 /* Adjust the chunk length field. */ 1184 chunk->chunk_hdr->length = 1185 htons(ntohs(chunk->chunk_hdr->length) + len); 1186 chunk->chunk_end = chunk->skb->tail; 1187 1188 out: 1189 return err; 1190 } 1191 1192 /* Helper function to assign a TSN if needed. This assumes that both 1193 * the data_hdr and association have already been assigned. 1194 */ 1195 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1196 { 1197 __u16 ssn; 1198 __u16 sid; 1199 1200 if (chunk->has_ssn) 1201 return; 1202 1203 /* This is the last possible instant to assign a SSN. */ 1204 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1205 ssn = 0; 1206 } else { 1207 sid = htons(chunk->subh.data_hdr->stream); 1208 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1209 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1210 else 1211 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1212 ssn = htons(ssn); 1213 } 1214 1215 chunk->subh.data_hdr->ssn = ssn; 1216 chunk->has_ssn = 1; 1217 } 1218 1219 /* Helper function to assign a TSN if needed. This assumes that both 1220 * the data_hdr and association have already been assigned. 1221 */ 1222 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1223 { 1224 if (!chunk->has_tsn) { 1225 /* This is the last possible instant to 1226 * assign a TSN. 1227 */ 1228 chunk->subh.data_hdr->tsn = 1229 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1230 chunk->has_tsn = 1; 1231 } 1232 } 1233 1234 /* Create a CLOSED association to use with an incoming packet. */ 1235 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1236 struct sctp_chunk *chunk, int gfp) 1237 { 1238 struct sctp_association *asoc; 1239 struct sk_buff *skb; 1240 sctp_scope_t scope; 1241 struct sctp_af *af; 1242 1243 /* Create the bare association. */ 1244 scope = sctp_scope(sctp_source(chunk)); 1245 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1246 if (!asoc) 1247 goto nodata; 1248 asoc->temp = 1; 1249 skb = chunk->skb; 1250 /* Create an entry for the source address of the packet. */ 1251 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1252 if (unlikely(!af)) 1253 goto fail; 1254 af->from_skb(&asoc->c.peer_addr, skb, 1); 1255 nodata: 1256 return asoc; 1257 1258 fail: 1259 sctp_association_free(asoc); 1260 return NULL; 1261 } 1262 1263 /* Build a cookie representing asoc. 1264 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1265 */ 1266 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1267 const struct sctp_association *asoc, 1268 const struct sctp_chunk *init_chunk, 1269 int *cookie_len, 1270 const __u8 *raw_addrs, int addrs_len) 1271 { 1272 sctp_cookie_param_t *retval; 1273 struct sctp_signed_cookie *cookie; 1274 struct scatterlist sg; 1275 int headersize, bodysize; 1276 unsigned int keylen; 1277 char *key; 1278 1279 headersize = sizeof(sctp_paramhdr_t) + SCTP_SECRET_SIZE; 1280 bodysize = sizeof(struct sctp_cookie) 1281 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1282 1283 /* Pad out the cookie to a multiple to make the signature 1284 * functions simpler to write. 1285 */ 1286 if (bodysize % SCTP_COOKIE_MULTIPLE) 1287 bodysize += SCTP_COOKIE_MULTIPLE 1288 - (bodysize % SCTP_COOKIE_MULTIPLE); 1289 *cookie_len = headersize + bodysize; 1290 1291 retval = (sctp_cookie_param_t *)kmalloc(*cookie_len, GFP_ATOMIC); 1292 1293 if (!retval) { 1294 *cookie_len = 0; 1295 goto nodata; 1296 } 1297 1298 /* Clear this memory since we are sending this data structure 1299 * out on the network. 1300 */ 1301 memset(retval, 0x00, *cookie_len); 1302 cookie = (struct sctp_signed_cookie *) retval->body; 1303 1304 /* Set up the parameter header. */ 1305 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1306 retval->p.length = htons(*cookie_len); 1307 1308 /* Copy the cookie part of the association itself. */ 1309 cookie->c = asoc->c; 1310 /* Save the raw address list length in the cookie. */ 1311 cookie->c.raw_addr_list_len = addrs_len; 1312 1313 /* Remember PR-SCTP capability. */ 1314 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1315 1316 /* Save adaption indication in the cookie. */ 1317 cookie->c.adaption_ind = asoc->peer.adaption_ind; 1318 1319 /* Set an expiration time for the cookie. */ 1320 do_gettimeofday(&cookie->c.expiration); 1321 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1322 1323 /* Copy the peer's init packet. */ 1324 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1325 ntohs(init_chunk->chunk_hdr->length)); 1326 1327 /* Copy the raw local address list of the association. */ 1328 memcpy((__u8 *)&cookie->c.peer_init[0] + 1329 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1330 1331 if (sctp_sk(ep->base.sk)->hmac) { 1332 /* Sign the message. */ 1333 sg.page = virt_to_page(&cookie->c); 1334 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1335 sg.length = bodysize; 1336 keylen = SCTP_SECRET_SIZE; 1337 key = (char *)ep->secret_key[ep->current_key]; 1338 1339 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1340 &sg, 1, cookie->signature); 1341 } 1342 1343 nodata: 1344 return retval; 1345 } 1346 1347 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1348 struct sctp_association *sctp_unpack_cookie( 1349 const struct sctp_endpoint *ep, 1350 const struct sctp_association *asoc, 1351 struct sctp_chunk *chunk, int gfp, 1352 int *error, struct sctp_chunk **errp) 1353 { 1354 struct sctp_association *retval = NULL; 1355 struct sctp_signed_cookie *cookie; 1356 struct sctp_cookie *bear_cookie; 1357 int headersize, bodysize, fixed_size; 1358 __u8 digest[SCTP_SIGNATURE_SIZE]; 1359 struct scatterlist sg; 1360 unsigned int keylen, len; 1361 char *key; 1362 sctp_scope_t scope; 1363 struct sk_buff *skb = chunk->skb; 1364 1365 headersize = sizeof(sctp_chunkhdr_t) + SCTP_SECRET_SIZE; 1366 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1367 fixed_size = headersize + sizeof(struct sctp_cookie); 1368 1369 /* Verify that the chunk looks like it even has a cookie. 1370 * There must be enough room for our cookie and our peer's 1371 * INIT chunk. 1372 */ 1373 len = ntohs(chunk->chunk_hdr->length); 1374 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1375 goto malformed; 1376 1377 /* Verify that the cookie has been padded out. */ 1378 if (bodysize % SCTP_COOKIE_MULTIPLE) 1379 goto malformed; 1380 1381 /* Process the cookie. */ 1382 cookie = chunk->subh.cookie_hdr; 1383 bear_cookie = &cookie->c; 1384 1385 if (!sctp_sk(ep->base.sk)->hmac) 1386 goto no_hmac; 1387 1388 /* Check the signature. */ 1389 keylen = SCTP_SECRET_SIZE; 1390 sg.page = virt_to_page(bear_cookie); 1391 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1392 sg.length = bodysize; 1393 key = (char *)ep->secret_key[ep->current_key]; 1394 1395 memset(digest, 0x00, sizeof(digest)); 1396 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg, 1397 1, digest); 1398 1399 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1400 /* Try the previous key. */ 1401 key = (char *)ep->secret_key[ep->last_key]; 1402 memset(digest, 0x00, sizeof(digest)); 1403 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1404 &sg, 1, digest); 1405 1406 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1407 /* Yikes! Still bad signature! */ 1408 *error = -SCTP_IERROR_BAD_SIG; 1409 goto fail; 1410 } 1411 } 1412 1413 no_hmac: 1414 /* IG Section 2.35.2: 1415 * 3) Compare the port numbers and the verification tag contained 1416 * within the COOKIE ECHO chunk to the actual port numbers and the 1417 * verification tag within the SCTP common header of the received 1418 * packet. If these values do not match the packet MUST be silently 1419 * discarded, 1420 */ 1421 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1422 *error = -SCTP_IERROR_BAD_TAG; 1423 goto fail; 1424 } 1425 1426 if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port || 1427 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1428 *error = -SCTP_IERROR_BAD_PORTS; 1429 goto fail; 1430 } 1431 1432 /* Check to see if the cookie is stale. If there is already 1433 * an association, there is no need to check cookie's expiration 1434 * for init collision case of lost COOKIE ACK. 1435 */ 1436 if (!asoc && tv_lt(bear_cookie->expiration, skb->stamp)) { 1437 __u16 len; 1438 /* 1439 * Section 3.3.10.3 Stale Cookie Error (3) 1440 * 1441 * Cause of error 1442 * --------------- 1443 * Stale Cookie Error: Indicates the receipt of a valid State 1444 * Cookie that has expired. 1445 */ 1446 len = ntohs(chunk->chunk_hdr->length); 1447 *errp = sctp_make_op_error_space(asoc, chunk, len); 1448 if (*errp) { 1449 suseconds_t usecs = (skb->stamp.tv_sec - 1450 bear_cookie->expiration.tv_sec) * 1000000L + 1451 skb->stamp.tv_usec - 1452 bear_cookie->expiration.tv_usec; 1453 1454 usecs = htonl(usecs); 1455 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1456 &usecs, sizeof(usecs)); 1457 *error = -SCTP_IERROR_STALE_COOKIE; 1458 } else 1459 *error = -SCTP_IERROR_NOMEM; 1460 1461 goto fail; 1462 } 1463 1464 /* Make a new base association. */ 1465 scope = sctp_scope(sctp_source(chunk)); 1466 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1467 if (!retval) { 1468 *error = -SCTP_IERROR_NOMEM; 1469 goto fail; 1470 } 1471 1472 /* Set up our peer's port number. */ 1473 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1474 1475 /* Populate the association from the cookie. */ 1476 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1477 1478 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1479 GFP_ATOMIC) < 0) { 1480 *error = -SCTP_IERROR_NOMEM; 1481 goto fail; 1482 } 1483 1484 /* Also, add the destination address. */ 1485 if (list_empty(&retval->base.bind_addr.address_list)) { 1486 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1487 GFP_ATOMIC); 1488 } 1489 1490 retval->next_tsn = retval->c.initial_tsn; 1491 retval->ctsn_ack_point = retval->next_tsn - 1; 1492 retval->addip_serial = retval->c.initial_tsn; 1493 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1494 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1495 retval->peer.adaption_ind = retval->c.adaption_ind; 1496 1497 /* The INIT stuff will be done by the side effects. */ 1498 return retval; 1499 1500 fail: 1501 if (retval) 1502 sctp_association_free(retval); 1503 1504 return NULL; 1505 1506 malformed: 1507 /* Yikes! The packet is either corrupt or deliberately 1508 * malformed. 1509 */ 1510 *error = -SCTP_IERROR_MALFORMED; 1511 goto fail; 1512 } 1513 1514 /******************************************************************** 1515 * 3rd Level Abstractions 1516 ********************************************************************/ 1517 1518 struct __sctp_missing { 1519 __u32 num_missing; 1520 __u16 type; 1521 } __attribute__((packed)); 1522 1523 /* 1524 * Report a missing mandatory parameter. 1525 */ 1526 static int sctp_process_missing_param(const struct sctp_association *asoc, 1527 sctp_param_t paramtype, 1528 struct sctp_chunk *chunk, 1529 struct sctp_chunk **errp) 1530 { 1531 struct __sctp_missing report; 1532 __u16 len; 1533 1534 len = WORD_ROUND(sizeof(report)); 1535 1536 /* Make an ERROR chunk, preparing enough room for 1537 * returning multiple unknown parameters. 1538 */ 1539 if (!*errp) 1540 *errp = sctp_make_op_error_space(asoc, chunk, len); 1541 1542 if (*errp) { 1543 report.num_missing = htonl(1); 1544 report.type = paramtype; 1545 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 1546 &report, sizeof(report)); 1547 } 1548 1549 /* Stop processing this chunk. */ 1550 return 0; 1551 } 1552 1553 /* Report an Invalid Mandatory Parameter. */ 1554 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1555 struct sctp_chunk *chunk, 1556 struct sctp_chunk **errp) 1557 { 1558 /* Invalid Mandatory Parameter Error has no payload. */ 1559 1560 if (!*errp) 1561 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1562 1563 if (*errp) 1564 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1565 1566 /* Stop processing this chunk. */ 1567 return 0; 1568 } 1569 1570 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1571 struct sctp_paramhdr *param, 1572 const struct sctp_chunk *chunk, 1573 struct sctp_chunk **errp) 1574 { 1575 char error[] = "The following parameter had invalid length:"; 1576 size_t payload_len = WORD_ROUND(sizeof(error)) + 1577 sizeof(sctp_paramhdr_t); 1578 1579 1580 /* Create an error chunk and fill it in with our payload. */ 1581 if (!*errp) 1582 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1583 1584 if (*errp) { 1585 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1586 sizeof(error)); 1587 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1588 } 1589 1590 return 0; 1591 } 1592 1593 1594 /* Do not attempt to handle the HOST_NAME parm. However, do 1595 * send back an indicator to the peer. 1596 */ 1597 static int sctp_process_hn_param(const struct sctp_association *asoc, 1598 union sctp_params param, 1599 struct sctp_chunk *chunk, 1600 struct sctp_chunk **errp) 1601 { 1602 __u16 len = ntohs(param.p->length); 1603 1604 /* Make an ERROR chunk. */ 1605 if (!*errp) 1606 *errp = sctp_make_op_error_space(asoc, chunk, len); 1607 1608 if (*errp) 1609 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1610 param.v, len); 1611 1612 /* Stop processing this chunk. */ 1613 return 0; 1614 } 1615 1616 /* RFC 3.2.1 & the Implementers Guide 2.2. 1617 * 1618 * The Parameter Types are encoded such that the 1619 * highest-order two bits specify the action that must be 1620 * taken if the processing endpoint does not recognize the 1621 * Parameter Type. 1622 * 1623 * 00 - Stop processing this SCTP chunk and discard it, 1624 * do not process any further chunks within it. 1625 * 1626 * 01 - Stop processing this SCTP chunk and discard it, 1627 * do not process any further chunks within it, and report 1628 * the unrecognized parameter in an 'Unrecognized 1629 * Parameter Type' (in either an ERROR or in the INIT ACK). 1630 * 1631 * 10 - Skip this parameter and continue processing. 1632 * 1633 * 11 - Skip this parameter and continue processing but 1634 * report the unrecognized parameter in an 1635 * 'Unrecognized Parameter Type' (in either an ERROR or in 1636 * the INIT ACK). 1637 * 1638 * Return value: 1639 * 0 - discard the chunk 1640 * 1 - continue with the chunk 1641 */ 1642 static int sctp_process_unk_param(const struct sctp_association *asoc, 1643 union sctp_params param, 1644 struct sctp_chunk *chunk, 1645 struct sctp_chunk **errp) 1646 { 1647 int retval = 1; 1648 1649 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1650 case SCTP_PARAM_ACTION_DISCARD: 1651 retval = 0; 1652 break; 1653 case SCTP_PARAM_ACTION_DISCARD_ERR: 1654 retval = 0; 1655 /* Make an ERROR chunk, preparing enough room for 1656 * returning multiple unknown parameters. 1657 */ 1658 if (NULL == *errp) 1659 *errp = sctp_make_op_error_space(asoc, chunk, 1660 ntohs(chunk->chunk_hdr->length)); 1661 1662 if (*errp) 1663 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1664 param.v, 1665 WORD_ROUND(ntohs(param.p->length))); 1666 1667 break; 1668 case SCTP_PARAM_ACTION_SKIP: 1669 break; 1670 case SCTP_PARAM_ACTION_SKIP_ERR: 1671 /* Make an ERROR chunk, preparing enough room for 1672 * returning multiple unknown parameters. 1673 */ 1674 if (NULL == *errp) 1675 *errp = sctp_make_op_error_space(asoc, chunk, 1676 ntohs(chunk->chunk_hdr->length)); 1677 1678 if (*errp) { 1679 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1680 param.v, 1681 WORD_ROUND(ntohs(param.p->length))); 1682 } else { 1683 /* If there is no memory for generating the ERROR 1684 * report as specified, an ABORT will be triggered 1685 * to the peer and the association won't be 1686 * established. 1687 */ 1688 retval = 0; 1689 } 1690 1691 break; 1692 default: 1693 break; 1694 } 1695 1696 return retval; 1697 } 1698 1699 /* Find unrecognized parameters in the chunk. 1700 * Return values: 1701 * 0 - discard the chunk 1702 * 1 - continue with the chunk 1703 */ 1704 static int sctp_verify_param(const struct sctp_association *asoc, 1705 union sctp_params param, 1706 sctp_cid_t cid, 1707 struct sctp_chunk *chunk, 1708 struct sctp_chunk **err_chunk) 1709 { 1710 int retval = 1; 1711 1712 /* FIXME - This routine is not looking at each parameter per the 1713 * chunk type, i.e., unrecognized parameters should be further 1714 * identified based on the chunk id. 1715 */ 1716 1717 switch (param.p->type) { 1718 case SCTP_PARAM_IPV4_ADDRESS: 1719 case SCTP_PARAM_IPV6_ADDRESS: 1720 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1721 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1722 case SCTP_PARAM_STATE_COOKIE: 1723 case SCTP_PARAM_HEARTBEAT_INFO: 1724 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1725 case SCTP_PARAM_ECN_CAPABLE: 1726 case SCTP_PARAM_ADAPTION_LAYER_IND: 1727 break; 1728 1729 case SCTP_PARAM_HOST_NAME_ADDRESS: 1730 /* Tell the peer, we won't support this param. */ 1731 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1732 case SCTP_PARAM_FWD_TSN_SUPPORT: 1733 if (sctp_prsctp_enable) 1734 break; 1735 /* Fall Through */ 1736 default: 1737 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1738 ntohs(param.p->type), cid); 1739 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1740 1741 break; 1742 } 1743 return retval; 1744 } 1745 1746 /* Verify the INIT packet before we process it. */ 1747 int sctp_verify_init(const struct sctp_association *asoc, 1748 sctp_cid_t cid, 1749 sctp_init_chunk_t *peer_init, 1750 struct sctp_chunk *chunk, 1751 struct sctp_chunk **errp) 1752 { 1753 union sctp_params param; 1754 int has_cookie = 0; 1755 1756 /* Verify stream values are non-zero. */ 1757 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1758 (0 == peer_init->init_hdr.num_inbound_streams)) { 1759 1760 sctp_process_inv_mandatory(asoc, chunk, errp); 1761 return 0; 1762 } 1763 1764 /* Check for missing mandatory parameters. */ 1765 sctp_walk_params(param, peer_init, init_hdr.params) { 1766 1767 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1768 has_cookie = 1; 1769 1770 } /* for (loop through all parameters) */ 1771 1772 /* There is a possibility that a parameter length was bad and 1773 * in that case we would have stoped walking the parameters. 1774 * The current param.p would point at the bad one. 1775 * Current consensus on the mailing list is to generate a PROTOCOL 1776 * VIOLATION error. We build the ERROR chunk here and let the normal 1777 * error handling code build and send the packet. 1778 */ 1779 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1780 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1781 return 0; 1782 } 1783 1784 /* The only missing mandatory param possible today is 1785 * the state cookie for an INIT-ACK chunk. 1786 */ 1787 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1788 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1789 chunk, errp); 1790 return 0; 1791 } 1792 1793 /* Find unrecognized parameters. */ 1794 1795 sctp_walk_params(param, peer_init, init_hdr.params) { 1796 1797 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1798 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1799 return 0; 1800 else 1801 return 1; 1802 } 1803 1804 } /* for (loop through all parameters) */ 1805 1806 return 1; 1807 } 1808 1809 /* Unpack the parameters in an INIT packet into an association. 1810 * Returns 0 on failure, else success. 1811 * FIXME: This is an association method. 1812 */ 1813 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1814 const union sctp_addr *peer_addr, 1815 sctp_init_chunk_t *peer_init, int gfp) 1816 { 1817 union sctp_params param; 1818 struct sctp_transport *transport; 1819 struct list_head *pos, *temp; 1820 char *cookie; 1821 1822 /* We must include the address that the INIT packet came from. 1823 * This is the only address that matters for an INIT packet. 1824 * When processing a COOKIE ECHO, we retrieve the from address 1825 * of the INIT from the cookie. 1826 */ 1827 1828 /* This implementation defaults to making the first transport 1829 * added as the primary transport. The source address seems to 1830 * be a a better choice than any of the embedded addresses. 1831 */ 1832 if (peer_addr) 1833 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp)) 1834 goto nomem; 1835 1836 /* Process the initialization parameters. */ 1837 1838 sctp_walk_params(param, peer_init, init_hdr.params) { 1839 1840 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1841 goto clean_up; 1842 } 1843 1844 /* The fixed INIT headers are always in network byte 1845 * order. 1846 */ 1847 asoc->peer.i.init_tag = 1848 ntohl(peer_init->init_hdr.init_tag); 1849 asoc->peer.i.a_rwnd = 1850 ntohl(peer_init->init_hdr.a_rwnd); 1851 asoc->peer.i.num_outbound_streams = 1852 ntohs(peer_init->init_hdr.num_outbound_streams); 1853 asoc->peer.i.num_inbound_streams = 1854 ntohs(peer_init->init_hdr.num_inbound_streams); 1855 asoc->peer.i.initial_tsn = 1856 ntohl(peer_init->init_hdr.initial_tsn); 1857 1858 /* Apply the upper bounds for output streams based on peer's 1859 * number of inbound streams. 1860 */ 1861 if (asoc->c.sinit_num_ostreams > 1862 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1863 asoc->c.sinit_num_ostreams = 1864 ntohs(peer_init->init_hdr.num_inbound_streams); 1865 } 1866 1867 if (asoc->c.sinit_max_instreams > 1868 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1869 asoc->c.sinit_max_instreams = 1870 ntohs(peer_init->init_hdr.num_outbound_streams); 1871 } 1872 1873 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1874 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1875 1876 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1877 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1878 1879 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1880 cookie = asoc->peer.cookie; 1881 if (cookie) { 1882 asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp); 1883 if (!asoc->peer.cookie) 1884 goto clean_up; 1885 memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len); 1886 } 1887 1888 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1889 * high (for example, implementations MAY use the size of the receiver 1890 * advertised window). 1891 */ 1892 list_for_each(pos, &asoc->peer.transport_addr_list) { 1893 transport = list_entry(pos, struct sctp_transport, transports); 1894 transport->ssthresh = asoc->peer.i.a_rwnd; 1895 } 1896 1897 /* Set up the TSN tracking pieces. */ 1898 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1899 asoc->peer.i.initial_tsn); 1900 1901 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1902 * 1903 * The stream sequence number in all the streams shall start 1904 * from 0 when the association is established. Also, when the 1905 * stream sequence number reaches the value 65535 the next 1906 * stream sequence number shall be set to 0. 1907 */ 1908 1909 /* Allocate storage for the negotiated streams if it is not a temporary * association. 1910 */ 1911 if (!asoc->temp) { 1912 int assoc_id; 1913 int error; 1914 1915 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1916 asoc->c.sinit_num_ostreams, gfp); 1917 if (!asoc->ssnmap) 1918 goto clean_up; 1919 1920 retry: 1921 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1922 goto clean_up; 1923 spin_lock_bh(&sctp_assocs_id_lock); 1924 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1925 &assoc_id); 1926 spin_unlock_bh(&sctp_assocs_id_lock); 1927 if (error == -EAGAIN) 1928 goto retry; 1929 else if (error) 1930 goto clean_up; 1931 1932 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1933 } 1934 1935 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1936 * 1937 * When an endpoint has an ASCONF signaled change to be sent to the 1938 * remote endpoint it should do the following: 1939 * ... 1940 * A2) A serial number should be assigned to the Chunk. The serial 1941 * number should be a monotonically increasing number. All serial 1942 * numbers are defined to be initialized at the start of the 1943 * association to the same value as the Initial TSN. 1944 */ 1945 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1946 return 1; 1947 1948 clean_up: 1949 /* Release the transport structures. */ 1950 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1951 transport = list_entry(pos, struct sctp_transport, transports); 1952 list_del_init(pos); 1953 sctp_transport_free(transport); 1954 } 1955 nomem: 1956 return 0; 1957 } 1958 1959 1960 /* Update asoc with the option described in param. 1961 * 1962 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1963 * 1964 * asoc is the association to update. 1965 * param is the variable length parameter to use for update. 1966 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 1967 * If the current packet is an INIT we want to minimize the amount of 1968 * work we do. In particular, we should not build transport 1969 * structures for the addresses. 1970 */ 1971 static int sctp_process_param(struct sctp_association *asoc, 1972 union sctp_params param, 1973 const union sctp_addr *peer_addr, 1974 int gfp) 1975 { 1976 union sctp_addr addr; 1977 int i; 1978 __u16 sat; 1979 int retval = 1; 1980 sctp_scope_t scope; 1981 time_t stale; 1982 struct sctp_af *af; 1983 1984 /* We maintain all INIT parameters in network byte order all the 1985 * time. This allows us to not worry about whether the parameters 1986 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 1987 */ 1988 switch (param.p->type) { 1989 case SCTP_PARAM_IPV6_ADDRESS: 1990 if (PF_INET6 != asoc->base.sk->sk_family) 1991 break; 1992 /* Fall through. */ 1993 case SCTP_PARAM_IPV4_ADDRESS: 1994 af = sctp_get_af_specific(param_type2af(param.p->type)); 1995 af->from_addr_param(&addr, param.addr, asoc->peer.port, 0); 1996 scope = sctp_scope(peer_addr); 1997 if (sctp_in_scope(&addr, scope)) 1998 if (!sctp_assoc_add_peer(asoc, &addr, gfp)) 1999 return 0; 2000 break; 2001 2002 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2003 if (!sctp_cookie_preserve_enable) 2004 break; 2005 2006 stale = ntohl(param.life->lifespan_increment); 2007 2008 /* Suggested Cookie Life span increment's unit is msec, 2009 * (1/1000sec). 2010 */ 2011 asoc->cookie_life.tv_sec += stale / 1000; 2012 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2013 break; 2014 2015 case SCTP_PARAM_HOST_NAME_ADDRESS: 2016 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2017 break; 2018 2019 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2020 /* Turn off the default values first so we'll know which 2021 * ones are really set by the peer. 2022 */ 2023 asoc->peer.ipv4_address = 0; 2024 asoc->peer.ipv6_address = 0; 2025 2026 /* Cycle through address types; avoid divide by 0. */ 2027 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2028 if (sat) 2029 sat /= sizeof(__u16); 2030 2031 for (i = 0; i < sat; ++i) { 2032 switch (param.sat->types[i]) { 2033 case SCTP_PARAM_IPV4_ADDRESS: 2034 asoc->peer.ipv4_address = 1; 2035 break; 2036 2037 case SCTP_PARAM_IPV6_ADDRESS: 2038 asoc->peer.ipv6_address = 1; 2039 break; 2040 2041 case SCTP_PARAM_HOST_NAME_ADDRESS: 2042 asoc->peer.hostname_address = 1; 2043 break; 2044 2045 default: /* Just ignore anything else. */ 2046 break; 2047 }; 2048 } 2049 break; 2050 2051 case SCTP_PARAM_STATE_COOKIE: 2052 asoc->peer.cookie_len = 2053 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2054 asoc->peer.cookie = param.cookie->body; 2055 break; 2056 2057 case SCTP_PARAM_HEARTBEAT_INFO: 2058 /* Would be odd to receive, but it causes no problems. */ 2059 break; 2060 2061 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2062 /* Rejected during verify stage. */ 2063 break; 2064 2065 case SCTP_PARAM_ECN_CAPABLE: 2066 asoc->peer.ecn_capable = 1; 2067 break; 2068 2069 case SCTP_PARAM_ADAPTION_LAYER_IND: 2070 asoc->peer.adaption_ind = param.aind->adaption_ind; 2071 break; 2072 2073 case SCTP_PARAM_FWD_TSN_SUPPORT: 2074 if (sctp_prsctp_enable) { 2075 asoc->peer.prsctp_capable = 1; 2076 break; 2077 } 2078 /* Fall Through */ 2079 default: 2080 /* Any unrecognized parameters should have been caught 2081 * and handled by sctp_verify_param() which should be 2082 * called prior to this routine. Simply log the error 2083 * here. 2084 */ 2085 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2086 ntohs(param.p->type), asoc); 2087 break; 2088 }; 2089 2090 return retval; 2091 } 2092 2093 /* Select a new verification tag. */ 2094 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2095 { 2096 /* I believe that this random number generator complies with RFC1750. 2097 * A tag of 0 is reserved for special cases (e.g. INIT). 2098 */ 2099 __u32 x; 2100 2101 do { 2102 get_random_bytes(&x, sizeof(__u32)); 2103 } while (x == 0); 2104 2105 return x; 2106 } 2107 2108 /* Select an initial TSN to send during startup. */ 2109 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2110 { 2111 __u32 retval; 2112 2113 get_random_bytes(&retval, sizeof(__u32)); 2114 return retval; 2115 } 2116 2117 /* 2118 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2119 * 0 1 2 3 2120 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2121 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2122 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2123 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2124 * | Serial Number | 2125 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2126 * | Address Parameter | 2127 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2128 * | ASCONF Parameter #1 | 2129 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2130 * \ \ 2131 * / .... / 2132 * \ \ 2133 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2134 * | ASCONF Parameter #N | 2135 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2136 * 2137 * Address Parameter and other parameter will not be wrapped in this function 2138 */ 2139 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2140 union sctp_addr *addr, 2141 int vparam_len) 2142 { 2143 sctp_addiphdr_t asconf; 2144 struct sctp_chunk *retval; 2145 int length = sizeof(asconf) + vparam_len; 2146 union sctp_addr_param addrparam; 2147 int addrlen; 2148 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2149 2150 addrlen = af->to_addr_param(addr, &addrparam); 2151 if (!addrlen) 2152 return NULL; 2153 length += addrlen; 2154 2155 /* Create the chunk. */ 2156 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2157 if (!retval) 2158 return NULL; 2159 2160 asconf.serial = htonl(asoc->addip_serial++); 2161 2162 retval->subh.addip_hdr = 2163 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2164 retval->param_hdr.v = 2165 sctp_addto_chunk(retval, addrlen, &addrparam); 2166 2167 return retval; 2168 } 2169 2170 /* ADDIP 2171 * 3.2.1 Add IP Address 2172 * 0 1 2 3 2173 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2174 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2175 * | Type = 0xC001 | Length = Variable | 2176 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2177 * | ASCONF-Request Correlation ID | 2178 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2179 * | Address Parameter | 2180 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2181 * 2182 * 3.2.2 Delete IP Address 2183 * 0 1 2 3 2184 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2185 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2186 * | Type = 0xC002 | Length = Variable | 2187 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2188 * | ASCONF-Request Correlation ID | 2189 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2190 * | Address Parameter | 2191 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2192 * 2193 */ 2194 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2195 union sctp_addr *laddr, 2196 struct sockaddr *addrs, 2197 int addrcnt, 2198 __u16 flags) 2199 { 2200 sctp_addip_param_t param; 2201 struct sctp_chunk *retval; 2202 union sctp_addr_param addr_param; 2203 union sctp_addr *addr; 2204 void *addr_buf; 2205 struct sctp_af *af; 2206 int paramlen = sizeof(param); 2207 int addr_param_len = 0; 2208 int totallen = 0; 2209 int i; 2210 2211 /* Get total length of all the address parameters. */ 2212 addr_buf = addrs; 2213 for (i = 0; i < addrcnt; i++) { 2214 addr = (union sctp_addr *)addr_buf; 2215 af = sctp_get_af_specific(addr->v4.sin_family); 2216 addr_param_len = af->to_addr_param(addr, &addr_param); 2217 2218 totallen += paramlen; 2219 totallen += addr_param_len; 2220 2221 addr_buf += af->sockaddr_len; 2222 } 2223 2224 /* Create an asconf chunk with the required length. */ 2225 retval = sctp_make_asconf(asoc, laddr, totallen); 2226 if (!retval) 2227 return NULL; 2228 2229 /* Add the address parameters to the asconf chunk. */ 2230 addr_buf = addrs; 2231 for (i = 0; i < addrcnt; i++) { 2232 addr = (union sctp_addr *)addr_buf; 2233 af = sctp_get_af_specific(addr->v4.sin_family); 2234 addr_param_len = af->to_addr_param(addr, &addr_param); 2235 param.param_hdr.type = flags; 2236 param.param_hdr.length = htons(paramlen + addr_param_len); 2237 param.crr_id = i; 2238 2239 sctp_addto_chunk(retval, paramlen, ¶m); 2240 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2241 2242 addr_buf += af->sockaddr_len; 2243 } 2244 return retval; 2245 } 2246 2247 /* ADDIP 2248 * 3.2.4 Set Primary IP Address 2249 * 0 1 2 3 2250 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2251 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2252 * | Type =0xC004 | Length = Variable | 2253 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2254 * | ASCONF-Request Correlation ID | 2255 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2256 * | Address Parameter | 2257 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2258 * 2259 * Create an ASCONF chunk with Set Primary IP address parameter. 2260 */ 2261 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2262 union sctp_addr *addr) 2263 { 2264 sctp_addip_param_t param; 2265 struct sctp_chunk *retval; 2266 int len = sizeof(param); 2267 union sctp_addr_param addrparam; 2268 int addrlen; 2269 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2270 2271 addrlen = af->to_addr_param(addr, &addrparam); 2272 if (!addrlen) 2273 return NULL; 2274 len += addrlen; 2275 2276 /* Create the chunk and make asconf header. */ 2277 retval = sctp_make_asconf(asoc, addr, len); 2278 if (!retval) 2279 return NULL; 2280 2281 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2282 param.param_hdr.length = htons(len); 2283 param.crr_id = 0; 2284 2285 sctp_addto_chunk(retval, sizeof(param), ¶m); 2286 sctp_addto_chunk(retval, addrlen, &addrparam); 2287 2288 return retval; 2289 } 2290 2291 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2292 * 0 1 2 3 2293 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2294 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2295 * | Type = 0x80 | Chunk Flags | Chunk Length | 2296 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2297 * | Serial Number | 2298 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2299 * | ASCONF Parameter Response#1 | 2300 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2301 * \ \ 2302 * / .... / 2303 * \ \ 2304 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2305 * | ASCONF Parameter Response#N | 2306 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2307 * 2308 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2309 */ 2310 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2311 __u32 serial, int vparam_len) 2312 { 2313 sctp_addiphdr_t asconf; 2314 struct sctp_chunk *retval; 2315 int length = sizeof(asconf) + vparam_len; 2316 2317 /* Create the chunk. */ 2318 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2319 if (!retval) 2320 return NULL; 2321 2322 asconf.serial = htonl(serial); 2323 2324 retval->subh.addip_hdr = 2325 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2326 2327 return retval; 2328 } 2329 2330 /* Add response parameters to an ASCONF_ACK chunk. */ 2331 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id, 2332 __u16 err_code, sctp_addip_param_t *asconf_param) 2333 { 2334 sctp_addip_param_t ack_param; 2335 sctp_errhdr_t err_param; 2336 int asconf_param_len = 0; 2337 int err_param_len = 0; 2338 __u16 response_type; 2339 2340 if (SCTP_ERROR_NO_ERROR == err_code) { 2341 response_type = SCTP_PARAM_SUCCESS_REPORT; 2342 } else { 2343 response_type = SCTP_PARAM_ERR_CAUSE; 2344 err_param_len = sizeof(err_param); 2345 if (asconf_param) 2346 asconf_param_len = 2347 ntohs(asconf_param->param_hdr.length); 2348 } 2349 2350 /* Add Success Indication or Error Cause Indication parameter. */ 2351 ack_param.param_hdr.type = response_type; 2352 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2353 err_param_len + 2354 asconf_param_len); 2355 ack_param.crr_id = crr_id; 2356 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2357 2358 if (SCTP_ERROR_NO_ERROR == err_code) 2359 return; 2360 2361 /* Add Error Cause parameter. */ 2362 err_param.cause = err_code; 2363 err_param.length = htons(err_param_len + asconf_param_len); 2364 sctp_addto_chunk(chunk, err_param_len, &err_param); 2365 2366 /* Add the failed TLV copied from ASCONF chunk. */ 2367 if (asconf_param) 2368 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2369 } 2370 2371 /* Process a asconf parameter. */ 2372 static __u16 sctp_process_asconf_param(struct sctp_association *asoc, 2373 struct sctp_chunk *asconf, 2374 sctp_addip_param_t *asconf_param) 2375 { 2376 struct sctp_transport *peer; 2377 struct sctp_af *af; 2378 union sctp_addr addr; 2379 struct list_head *pos; 2380 union sctp_addr_param *addr_param; 2381 2382 addr_param = (union sctp_addr_param *) 2383 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2384 2385 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2386 if (unlikely(!af)) 2387 return SCTP_ERROR_INV_PARAM; 2388 2389 af->from_addr_param(&addr, addr_param, asoc->peer.port, 0); 2390 switch (asconf_param->param_hdr.type) { 2391 case SCTP_PARAM_ADD_IP: 2392 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2393 * request and does not have the local resources to add this 2394 * new address to the association, it MUST return an Error 2395 * Cause TLV set to the new error code 'Operation Refused 2396 * Due to Resource Shortage'. 2397 */ 2398 2399 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC); 2400 if (!peer) 2401 return SCTP_ERROR_RSRC_LOW; 2402 2403 /* Start the heartbeat timer. */ 2404 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2405 sctp_transport_hold(peer); 2406 break; 2407 case SCTP_PARAM_DEL_IP: 2408 /* ADDIP 4.3 D7) If a request is received to delete the 2409 * last remaining IP address of a peer endpoint, the receiver 2410 * MUST send an Error Cause TLV with the error cause set to the 2411 * new error code 'Request to Delete Last Remaining IP Address'. 2412 */ 2413 pos = asoc->peer.transport_addr_list.next; 2414 if (pos->next == &asoc->peer.transport_addr_list) 2415 return SCTP_ERROR_DEL_LAST_IP; 2416 2417 /* ADDIP 4.3 D8) If a request is received to delete an IP 2418 * address which is also the source address of the IP packet 2419 * which contained the ASCONF chunk, the receiver MUST reject 2420 * this request. To reject the request the receiver MUST send 2421 * an Error Cause TLV set to the new error code 'Request to 2422 * Delete Source IP Address' 2423 */ 2424 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2425 return SCTP_ERROR_DEL_SRC_IP; 2426 2427 sctp_assoc_del_peer(asoc, &addr); 2428 break; 2429 case SCTP_PARAM_SET_PRIMARY: 2430 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2431 if (!peer) 2432 return SCTP_ERROR_INV_PARAM; 2433 2434 sctp_assoc_set_primary(asoc, peer); 2435 break; 2436 default: 2437 return SCTP_ERROR_INV_PARAM; 2438 break; 2439 } 2440 2441 return SCTP_ERROR_NO_ERROR; 2442 } 2443 2444 /* Process an incoming ASCONF chunk with the next expected serial no. and 2445 * return an ASCONF_ACK chunk to be sent in response. 2446 */ 2447 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2448 struct sctp_chunk *asconf) 2449 { 2450 sctp_addiphdr_t *hdr; 2451 union sctp_addr_param *addr_param; 2452 sctp_addip_param_t *asconf_param; 2453 struct sctp_chunk *asconf_ack; 2454 2455 __u16 err_code; 2456 int length = 0; 2457 int chunk_len = asconf->skb->len; 2458 __u32 serial; 2459 int all_param_pass = 1; 2460 2461 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2462 serial = ntohl(hdr->serial); 2463 2464 /* Skip the addiphdr and store a pointer to address parameter. */ 2465 length = sizeof(sctp_addiphdr_t); 2466 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2467 chunk_len -= length; 2468 2469 /* Skip the address parameter and store a pointer to the first 2470 * asconf paramter. 2471 */ 2472 length = ntohs(addr_param->v4.param_hdr.length); 2473 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2474 chunk_len -= length; 2475 2476 /* create an ASCONF_ACK chunk. 2477 * Based on the definitions of parameters, we know that the size of 2478 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2479 * paramters. 2480 */ 2481 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2482 if (!asconf_ack) 2483 goto done; 2484 2485 /* Process the TLVs contained within the ASCONF chunk. */ 2486 while (chunk_len > 0) { 2487 err_code = sctp_process_asconf_param(asoc, asconf, 2488 asconf_param); 2489 /* ADDIP 4.1 A7) 2490 * If an error response is received for a TLV parameter, 2491 * all TLVs with no response before the failed TLV are 2492 * considered successful if not reported. All TLVs after 2493 * the failed response are considered unsuccessful unless 2494 * a specific success indication is present for the parameter. 2495 */ 2496 if (SCTP_ERROR_NO_ERROR != err_code) 2497 all_param_pass = 0; 2498 2499 if (!all_param_pass) 2500 sctp_add_asconf_response(asconf_ack, 2501 asconf_param->crr_id, err_code, 2502 asconf_param); 2503 2504 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2505 * an IP address sends an 'Out of Resource' in its response, it 2506 * MUST also fail any subsequent add or delete requests bundled 2507 * in the ASCONF. 2508 */ 2509 if (SCTP_ERROR_RSRC_LOW == err_code) 2510 goto done; 2511 2512 /* Move to the next ASCONF param. */ 2513 length = ntohs(asconf_param->param_hdr.length); 2514 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2515 length); 2516 chunk_len -= length; 2517 } 2518 2519 done: 2520 asoc->peer.addip_serial++; 2521 2522 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2523 * after freeing the reference to old asconf ack if any. 2524 */ 2525 if (asconf_ack) { 2526 if (asoc->addip_last_asconf_ack) 2527 sctp_chunk_free(asoc->addip_last_asconf_ack); 2528 2529 sctp_chunk_hold(asconf_ack); 2530 asoc->addip_last_asconf_ack = asconf_ack; 2531 } 2532 2533 return asconf_ack; 2534 } 2535 2536 /* Process a asconf parameter that is successfully acked. */ 2537 static int sctp_asconf_param_success(struct sctp_association *asoc, 2538 sctp_addip_param_t *asconf_param) 2539 { 2540 struct sctp_af *af; 2541 union sctp_addr addr; 2542 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2543 union sctp_addr_param *addr_param; 2544 struct list_head *pos; 2545 struct sctp_transport *transport; 2546 int retval = 0; 2547 2548 addr_param = (union sctp_addr_param *) 2549 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2550 2551 /* We have checked the packet before, so we do not check again. */ 2552 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2553 af->from_addr_param(&addr, addr_param, bp->port, 0); 2554 2555 switch (asconf_param->param_hdr.type) { 2556 case SCTP_PARAM_ADD_IP: 2557 sctp_local_bh_disable(); 2558 sctp_write_lock(&asoc->base.addr_lock); 2559 retval = sctp_add_bind_addr(bp, &addr, GFP_ATOMIC); 2560 sctp_write_unlock(&asoc->base.addr_lock); 2561 sctp_local_bh_enable(); 2562 break; 2563 case SCTP_PARAM_DEL_IP: 2564 sctp_local_bh_disable(); 2565 sctp_write_lock(&asoc->base.addr_lock); 2566 retval = sctp_del_bind_addr(bp, &addr); 2567 sctp_write_unlock(&asoc->base.addr_lock); 2568 sctp_local_bh_enable(); 2569 list_for_each(pos, &asoc->peer.transport_addr_list) { 2570 transport = list_entry(pos, struct sctp_transport, 2571 transports); 2572 sctp_transport_route(transport, NULL, 2573 sctp_sk(asoc->base.sk)); 2574 } 2575 break; 2576 default: 2577 break; 2578 } 2579 2580 return retval; 2581 } 2582 2583 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2584 * for the given asconf parameter. If there is no response for this parameter, 2585 * return the error code based on the third argument 'no_err'. 2586 * ADDIP 4.1 2587 * A7) If an error response is received for a TLV parameter, all TLVs with no 2588 * response before the failed TLV are considered successful if not reported. 2589 * All TLVs after the failed response are considered unsuccessful unless a 2590 * specific success indication is present for the parameter. 2591 */ 2592 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2593 sctp_addip_param_t *asconf_param, 2594 int no_err) 2595 { 2596 sctp_addip_param_t *asconf_ack_param; 2597 sctp_errhdr_t *err_param; 2598 int length; 2599 int asconf_ack_len = asconf_ack->skb->len; 2600 __u16 err_code; 2601 2602 if (no_err) 2603 err_code = SCTP_ERROR_NO_ERROR; 2604 else 2605 err_code = SCTP_ERROR_REQ_REFUSED; 2606 2607 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2608 * the first asconf_ack parameter. 2609 */ 2610 length = sizeof(sctp_addiphdr_t); 2611 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2612 length); 2613 asconf_ack_len -= length; 2614 2615 while (asconf_ack_len > 0) { 2616 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2617 switch(asconf_ack_param->param_hdr.type) { 2618 case SCTP_PARAM_SUCCESS_REPORT: 2619 return SCTP_ERROR_NO_ERROR; 2620 case SCTP_PARAM_ERR_CAUSE: 2621 length = sizeof(sctp_addip_param_t); 2622 err_param = (sctp_errhdr_t *) 2623 ((void *)asconf_ack_param + length); 2624 asconf_ack_len -= length; 2625 if (asconf_ack_len > 0) 2626 return err_param->cause; 2627 else 2628 return SCTP_ERROR_INV_PARAM; 2629 break; 2630 default: 2631 return SCTP_ERROR_INV_PARAM; 2632 } 2633 } 2634 2635 length = ntohs(asconf_ack_param->param_hdr.length); 2636 asconf_ack_param = (sctp_addip_param_t *) 2637 ((void *)asconf_ack_param + length); 2638 asconf_ack_len -= length; 2639 } 2640 2641 return err_code; 2642 } 2643 2644 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2645 int sctp_process_asconf_ack(struct sctp_association *asoc, 2646 struct sctp_chunk *asconf_ack) 2647 { 2648 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2649 union sctp_addr_param *addr_param; 2650 sctp_addip_param_t *asconf_param; 2651 int length = 0; 2652 int asconf_len = asconf->skb->len; 2653 int all_param_pass = 0; 2654 int no_err = 1; 2655 int retval = 0; 2656 __u16 err_code = SCTP_ERROR_NO_ERROR; 2657 2658 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2659 * a pointer to address parameter. 2660 */ 2661 length = sizeof(sctp_addip_chunk_t); 2662 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2663 asconf_len -= length; 2664 2665 /* Skip the address parameter in the last asconf sent and store a 2666 * pointer to the first asconf paramter. 2667 */ 2668 length = ntohs(addr_param->v4.param_hdr.length); 2669 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2670 asconf_len -= length; 2671 2672 /* ADDIP 4.1 2673 * A8) If there is no response(s) to specific TLV parameter(s), and no 2674 * failures are indicated, then all request(s) are considered 2675 * successful. 2676 */ 2677 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2678 all_param_pass = 1; 2679 2680 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2681 while (asconf_len > 0) { 2682 if (all_param_pass) 2683 err_code = SCTP_ERROR_NO_ERROR; 2684 else { 2685 err_code = sctp_get_asconf_response(asconf_ack, 2686 asconf_param, 2687 no_err); 2688 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2689 no_err = 0; 2690 } 2691 2692 switch (err_code) { 2693 case SCTP_ERROR_NO_ERROR: 2694 retval = sctp_asconf_param_success(asoc, asconf_param); 2695 break; 2696 2697 case SCTP_ERROR_RSRC_LOW: 2698 retval = 1; 2699 break; 2700 2701 case SCTP_ERROR_INV_PARAM: 2702 /* Disable sending this type of asconf parameter in 2703 * future. 2704 */ 2705 asoc->peer.addip_disabled_mask |= 2706 asconf_param->param_hdr.type; 2707 break; 2708 2709 case SCTP_ERROR_REQ_REFUSED: 2710 case SCTP_ERROR_DEL_LAST_IP: 2711 case SCTP_ERROR_DEL_SRC_IP: 2712 default: 2713 break; 2714 } 2715 2716 /* Skip the processed asconf parameter and move to the next 2717 * one. 2718 */ 2719 length = ntohs(asconf_param->param_hdr.length); 2720 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2721 length); 2722 asconf_len -= length; 2723 } 2724 2725 /* Free the cached last sent asconf chunk. */ 2726 sctp_chunk_free(asconf); 2727 asoc->addip_last_asconf = NULL; 2728 2729 /* Send the next asconf chunk from the addip chunk queue. */ 2730 asconf = (struct sctp_chunk *)__skb_dequeue(&asoc->addip_chunks); 2731 if (asconf) { 2732 /* Hold the chunk until an ASCONF_ACK is received. */ 2733 sctp_chunk_hold(asconf); 2734 if (sctp_primitive_ASCONF(asoc, asconf)) 2735 sctp_chunk_free(asconf); 2736 else 2737 asoc->addip_last_asconf = asconf; 2738 } 2739 2740 return retval; 2741 } 2742 2743 /* Make a FWD TSN chunk. */ 2744 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2745 __u32 new_cum_tsn, size_t nstreams, 2746 struct sctp_fwdtsn_skip *skiplist) 2747 { 2748 struct sctp_chunk *retval = NULL; 2749 struct sctp_fwdtsn_chunk *ftsn_chunk; 2750 struct sctp_fwdtsn_hdr ftsn_hdr; 2751 struct sctp_fwdtsn_skip skip; 2752 size_t hint; 2753 int i; 2754 2755 hint = (nstreams + 1) * sizeof(__u32); 2756 2757 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2758 2759 if (!retval) 2760 return NULL; 2761 2762 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2763 2764 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2765 retval->subh.fwdtsn_hdr = 2766 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2767 2768 for (i = 0; i < nstreams; i++) { 2769 skip.stream = skiplist[i].stream; 2770 skip.ssn = skiplist[i].ssn; 2771 sctp_addto_chunk(retval, sizeof(skip), &skip); 2772 } 2773 2774 return retval; 2775 } 2776