1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, see 27 * <http://www.gnu.org/licenses/>. 28 * 29 * Please send any bug reports or fixes you make to the 30 * email address(es): 31 * lksctp developers <linux-sctp@vger.kernel.org> 32 * 33 * Written or modified by: 34 * La Monte H.P. Yarroll <piggy@acm.org> 35 * Karl Knutson <karl@athena.chicago.il.us> 36 * C. Robin <chris@hundredacre.ac.uk> 37 * Jon Grimm <jgrimm@us.ibm.com> 38 * Xingang Guo <xingang.guo@intel.com> 39 * Dajiang Zhang <dajiang.zhang@nokia.com> 40 * Sridhar Samudrala <sri@us.ibm.com> 41 * Daisy Chang <daisyc@us.ibm.com> 42 * Ardelle Fan <ardelle.fan@intel.com> 43 * Kevin Gao <kevin.gao@intel.com> 44 */ 45 46 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 47 48 #include <crypto/hash.h> 49 #include <linux/types.h> 50 #include <linux/kernel.h> 51 #include <linux/ip.h> 52 #include <linux/ipv6.h> 53 #include <linux/net.h> 54 #include <linux/inet.h> 55 #include <linux/scatterlist.h> 56 #include <linux/slab.h> 57 #include <net/sock.h> 58 59 #include <linux/skbuff.h> 60 #include <linux/random.h> /* for get_random_bytes */ 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 65 __u8 type, __u8 flags, int paylen, 66 gfp_t gfp); 67 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 68 __u8 flags, int paylen, gfp_t gfp); 69 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen, 71 gfp_t gfp); 72 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 73 const struct sctp_association *asoc, 74 const struct sctp_chunk *init_chunk, 75 int *cookie_len, 76 const __u8 *raw_addrs, int addrs_len); 77 static int sctp_process_param(struct sctp_association *asoc, 78 union sctp_params param, 79 const union sctp_addr *peer_addr, 80 gfp_t gfp); 81 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 82 const void *data); 83 static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len, 84 const void *data); 85 86 /* Control chunk destructor */ 87 static void sctp_control_release_owner(struct sk_buff *skb) 88 { 89 /*TODO: do memory release */ 90 } 91 92 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 93 { 94 struct sctp_association *asoc = chunk->asoc; 95 struct sk_buff *skb = chunk->skb; 96 97 /* TODO: properly account for control chunks. 98 * To do it right we'll need: 99 * 1) endpoint if association isn't known. 100 * 2) proper memory accounting. 101 * 102 * For now don't do anything for now. 103 */ 104 skb->sk = asoc ? asoc->base.sk : NULL; 105 skb->destructor = sctp_control_release_owner; 106 } 107 108 /* What was the inbound interface for this chunk? */ 109 int sctp_chunk_iif(const struct sctp_chunk *chunk) 110 { 111 struct sk_buff *skb = chunk->skb; 112 113 return SCTP_INPUT_CB(skb)->af->skb_iif(skb); 114 } 115 116 /* RFC 2960 3.3.2 Initiation (INIT) (1) 117 * 118 * Note 2: The ECN capable field is reserved for future use of 119 * Explicit Congestion Notification. 120 */ 121 static const struct sctp_paramhdr ecap_param = { 122 SCTP_PARAM_ECN_CAPABLE, 123 cpu_to_be16(sizeof(struct sctp_paramhdr)), 124 }; 125 static const struct sctp_paramhdr prsctp_param = { 126 SCTP_PARAM_FWD_TSN_SUPPORT, 127 cpu_to_be16(sizeof(struct sctp_paramhdr)), 128 }; 129 130 /* A helper to initialize an op error inside a 131 * provided chunk, as most cause codes will be embedded inside an 132 * abort chunk. 133 */ 134 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 135 size_t paylen) 136 { 137 sctp_errhdr_t err; 138 __u16 len; 139 140 /* Cause code constants are now defined in network order. */ 141 err.cause = cause_code; 142 len = sizeof(sctp_errhdr_t) + paylen; 143 err.length = htons(len); 144 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 145 } 146 147 /* A helper to initialize an op error inside a 148 * provided chunk, as most cause codes will be embedded inside an 149 * abort chunk. Differs from sctp_init_cause in that it won't oops 150 * if there isn't enough space in the op error chunk 151 */ 152 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 153 size_t paylen) 154 { 155 sctp_errhdr_t err; 156 __u16 len; 157 158 /* Cause code constants are now defined in network order. */ 159 err.cause = cause_code; 160 len = sizeof(sctp_errhdr_t) + paylen; 161 err.length = htons(len); 162 163 if (skb_tailroom(chunk->skb) < len) 164 return -ENOSPC; 165 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 166 sizeof(sctp_errhdr_t), 167 &err); 168 return 0; 169 } 170 /* 3.3.2 Initiation (INIT) (1) 171 * 172 * This chunk is used to initiate a SCTP association between two 173 * endpoints. The format of the INIT chunk is shown below: 174 * 175 * 0 1 2 3 176 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 177 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 * | Type = 1 | Chunk Flags | Chunk Length | 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * | Initiate Tag | 181 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 * | Advertised Receiver Window Credit (a_rwnd) | 183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 * | Number of Outbound Streams | Number of Inbound Streams | 185 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 * | Initial TSN | 187 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 * \ \ 189 * / Optional/Variable-Length Parameters / 190 * \ \ 191 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 * 193 * 194 * The INIT chunk contains the following parameters. Unless otherwise 195 * noted, each parameter MUST only be included once in the INIT chunk. 196 * 197 * Fixed Parameters Status 198 * ---------------------------------------------- 199 * Initiate Tag Mandatory 200 * Advertised Receiver Window Credit Mandatory 201 * Number of Outbound Streams Mandatory 202 * Number of Inbound Streams Mandatory 203 * Initial TSN Mandatory 204 * 205 * Variable Parameters Status Type Value 206 * ------------------------------------------------------------- 207 * IPv4 Address (Note 1) Optional 5 208 * IPv6 Address (Note 1) Optional 6 209 * Cookie Preservative Optional 9 210 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 211 * Host Name Address (Note 3) Optional 11 212 * Supported Address Types (Note 4) Optional 12 213 */ 214 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 215 const struct sctp_bind_addr *bp, 216 gfp_t gfp, int vparam_len) 217 { 218 struct net *net = sock_net(asoc->base.sk); 219 struct sctp_endpoint *ep = asoc->ep; 220 sctp_inithdr_t init; 221 union sctp_params addrs; 222 size_t chunksize; 223 struct sctp_chunk *retval = NULL; 224 int num_types, addrs_len = 0; 225 struct sctp_sock *sp; 226 sctp_supported_addrs_param_t sat; 227 __be16 types[2]; 228 sctp_adaptation_ind_param_t aiparam; 229 sctp_supported_ext_param_t ext_param; 230 int num_ext = 0; 231 __u8 extensions[3]; 232 sctp_paramhdr_t *auth_chunks = NULL, 233 *auth_hmacs = NULL; 234 235 /* RFC 2960 3.3.2 Initiation (INIT) (1) 236 * 237 * Note 1: The INIT chunks can contain multiple addresses that 238 * can be IPv4 and/or IPv6 in any combination. 239 */ 240 retval = NULL; 241 242 /* Convert the provided bind address list to raw format. */ 243 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 244 245 init.init_tag = htonl(asoc->c.my_vtag); 246 init.a_rwnd = htonl(asoc->rwnd); 247 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 248 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 249 init.initial_tsn = htonl(asoc->c.initial_tsn); 250 251 /* How many address types are needed? */ 252 sp = sctp_sk(asoc->base.sk); 253 num_types = sp->pf->supported_addrs(sp, types); 254 255 chunksize = sizeof(init) + addrs_len; 256 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); 257 chunksize += sizeof(ecap_param); 258 259 if (asoc->prsctp_enable) 260 chunksize += sizeof(prsctp_param); 261 262 /* ADDIP: Section 4.2.7: 263 * An implementation supporting this extension [ADDIP] MUST list 264 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 265 * INIT-ACK parameters. 266 */ 267 if (net->sctp.addip_enable) { 268 extensions[num_ext] = SCTP_CID_ASCONF; 269 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 270 num_ext += 2; 271 } 272 273 if (sp->adaptation_ind) 274 chunksize += sizeof(aiparam); 275 276 chunksize += vparam_len; 277 278 /* Account for AUTH related parameters */ 279 if (ep->auth_enable) { 280 /* Add random parameter length*/ 281 chunksize += sizeof(asoc->c.auth_random); 282 283 /* Add HMACS parameter length if any were defined */ 284 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 285 if (auth_hmacs->length) 286 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 287 else 288 auth_hmacs = NULL; 289 290 /* Add CHUNKS parameter length */ 291 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 292 if (auth_chunks->length) 293 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 294 else 295 auth_chunks = NULL; 296 297 extensions[num_ext] = SCTP_CID_AUTH; 298 num_ext += 1; 299 } 300 301 /* If we have any extensions to report, account for that */ 302 if (num_ext) 303 chunksize += SCTP_PAD4(sizeof(sctp_supported_ext_param_t) + 304 num_ext); 305 306 /* RFC 2960 3.3.2 Initiation (INIT) (1) 307 * 308 * Note 3: An INIT chunk MUST NOT contain more than one Host 309 * Name address parameter. Moreover, the sender of the INIT 310 * MUST NOT combine any other address types with the Host Name 311 * address in the INIT. The receiver of INIT MUST ignore any 312 * other address types if the Host Name address parameter is 313 * present in the received INIT chunk. 314 * 315 * PLEASE DO NOT FIXME [This version does not support Host Name.] 316 */ 317 318 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp); 319 if (!retval) 320 goto nodata; 321 322 retval->subh.init_hdr = 323 sctp_addto_chunk(retval, sizeof(init), &init); 324 retval->param_hdr.v = 325 sctp_addto_chunk(retval, addrs_len, addrs.v); 326 327 /* RFC 2960 3.3.2 Initiation (INIT) (1) 328 * 329 * Note 4: This parameter, when present, specifies all the 330 * address types the sending endpoint can support. The absence 331 * of this parameter indicates that the sending endpoint can 332 * support any address type. 333 */ 334 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 335 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 336 sctp_addto_chunk(retval, sizeof(sat), &sat); 337 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 338 339 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 340 341 /* Add the supported extensions parameter. Be nice and add this 342 * fist before addiding the parameters for the extensions themselves 343 */ 344 if (num_ext) { 345 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 346 ext_param.param_hdr.length = 347 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 348 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 349 &ext_param); 350 sctp_addto_param(retval, num_ext, extensions); 351 } 352 353 if (asoc->prsctp_enable) 354 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 355 356 if (sp->adaptation_ind) { 357 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 358 aiparam.param_hdr.length = htons(sizeof(aiparam)); 359 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 360 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 361 } 362 363 /* Add SCTP-AUTH chunks to the parameter list */ 364 if (ep->auth_enable) { 365 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 366 asoc->c.auth_random); 367 if (auth_hmacs) 368 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 369 auth_hmacs); 370 if (auth_chunks) 371 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 372 auth_chunks); 373 } 374 nodata: 375 kfree(addrs.v); 376 return retval; 377 } 378 379 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 380 const struct sctp_chunk *chunk, 381 gfp_t gfp, int unkparam_len) 382 { 383 sctp_inithdr_t initack; 384 struct sctp_chunk *retval; 385 union sctp_params addrs; 386 struct sctp_sock *sp; 387 int addrs_len; 388 sctp_cookie_param_t *cookie; 389 int cookie_len; 390 size_t chunksize; 391 sctp_adaptation_ind_param_t aiparam; 392 sctp_supported_ext_param_t ext_param; 393 int num_ext = 0; 394 __u8 extensions[3]; 395 sctp_paramhdr_t *auth_chunks = NULL, 396 *auth_hmacs = NULL, 397 *auth_random = NULL; 398 399 retval = NULL; 400 401 /* Note: there may be no addresses to embed. */ 402 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 403 404 initack.init_tag = htonl(asoc->c.my_vtag); 405 initack.a_rwnd = htonl(asoc->rwnd); 406 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 407 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 408 initack.initial_tsn = htonl(asoc->c.initial_tsn); 409 410 /* FIXME: We really ought to build the cookie right 411 * into the packet instead of allocating more fresh memory. 412 */ 413 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 414 addrs.v, addrs_len); 415 if (!cookie) 416 goto nomem_cookie; 417 418 /* Calculate the total size of allocation, include the reserved 419 * space for reporting unknown parameters if it is specified. 420 */ 421 sp = sctp_sk(asoc->base.sk); 422 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 423 424 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 425 if (asoc->peer.ecn_capable) 426 chunksize += sizeof(ecap_param); 427 428 if (asoc->peer.prsctp_capable) 429 chunksize += sizeof(prsctp_param); 430 431 if (asoc->peer.asconf_capable) { 432 extensions[num_ext] = SCTP_CID_ASCONF; 433 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 434 num_ext += 2; 435 } 436 437 if (sp->adaptation_ind) 438 chunksize += sizeof(aiparam); 439 440 if (asoc->peer.auth_capable) { 441 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 442 chunksize += ntohs(auth_random->length); 443 444 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 445 if (auth_hmacs->length) 446 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 447 else 448 auth_hmacs = NULL; 449 450 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 451 if (auth_chunks->length) 452 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 453 else 454 auth_chunks = NULL; 455 456 extensions[num_ext] = SCTP_CID_AUTH; 457 num_ext += 1; 458 } 459 460 if (num_ext) 461 chunksize += SCTP_PAD4(sizeof(sctp_supported_ext_param_t) + 462 num_ext); 463 464 /* Now allocate and fill out the chunk. */ 465 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp); 466 if (!retval) 467 goto nomem_chunk; 468 469 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 470 * 471 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 472 * HEARTBEAT ACK, * etc.) to the same destination transport 473 * address from which it received the DATA or control chunk 474 * to which it is replying. 475 * 476 * [INIT ACK back to where the INIT came from.] 477 */ 478 retval->transport = chunk->transport; 479 480 retval->subh.init_hdr = 481 sctp_addto_chunk(retval, sizeof(initack), &initack); 482 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 483 sctp_addto_chunk(retval, cookie_len, cookie); 484 if (asoc->peer.ecn_capable) 485 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 486 if (num_ext) { 487 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 488 ext_param.param_hdr.length = 489 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 490 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 491 &ext_param); 492 sctp_addto_param(retval, num_ext, extensions); 493 } 494 if (asoc->peer.prsctp_capable) 495 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 496 497 if (sp->adaptation_ind) { 498 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 499 aiparam.param_hdr.length = htons(sizeof(aiparam)); 500 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 501 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 502 } 503 504 if (asoc->peer.auth_capable) { 505 sctp_addto_chunk(retval, ntohs(auth_random->length), 506 auth_random); 507 if (auth_hmacs) 508 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 509 auth_hmacs); 510 if (auth_chunks) 511 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 512 auth_chunks); 513 } 514 515 /* We need to remove the const qualifier at this point. */ 516 retval->asoc = (struct sctp_association *) asoc; 517 518 nomem_chunk: 519 kfree(cookie); 520 nomem_cookie: 521 kfree(addrs.v); 522 return retval; 523 } 524 525 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 526 * 527 * This chunk is used only during the initialization of an association. 528 * It is sent by the initiator of an association to its peer to complete 529 * the initialization process. This chunk MUST precede any DATA chunk 530 * sent within the association, but MAY be bundled with one or more DATA 531 * chunks in the same packet. 532 * 533 * 0 1 2 3 534 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 535 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 536 * | Type = 10 |Chunk Flags | Length | 537 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 538 * / Cookie / 539 * \ \ 540 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 * 542 * Chunk Flags: 8 bit 543 * 544 * Set to zero on transmit and ignored on receipt. 545 * 546 * Length: 16 bits (unsigned integer) 547 * 548 * Set to the size of the chunk in bytes, including the 4 bytes of 549 * the chunk header and the size of the Cookie. 550 * 551 * Cookie: variable size 552 * 553 * This field must contain the exact cookie received in the 554 * State Cookie parameter from the previous INIT ACK. 555 * 556 * An implementation SHOULD make the cookie as small as possible 557 * to insure interoperability. 558 */ 559 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 560 const struct sctp_chunk *chunk) 561 { 562 struct sctp_chunk *retval; 563 void *cookie; 564 int cookie_len; 565 566 cookie = asoc->peer.cookie; 567 cookie_len = asoc->peer.cookie_len; 568 569 /* Build a cookie echo chunk. */ 570 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, 571 cookie_len, GFP_ATOMIC); 572 if (!retval) 573 goto nodata; 574 retval->subh.cookie_hdr = 575 sctp_addto_chunk(retval, cookie_len, cookie); 576 577 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 578 * 579 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 580 * HEARTBEAT ACK, * etc.) to the same destination transport 581 * address from which it * received the DATA or control chunk 582 * to which it is replying. 583 * 584 * [COOKIE ECHO back to where the INIT ACK came from.] 585 */ 586 if (chunk) 587 retval->transport = chunk->transport; 588 589 nodata: 590 return retval; 591 } 592 593 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 594 * 595 * This chunk is used only during the initialization of an 596 * association. It is used to acknowledge the receipt of a COOKIE 597 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 598 * within the association, but MAY be bundled with one or more DATA 599 * chunks or SACK chunk in the same SCTP packet. 600 * 601 * 0 1 2 3 602 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 604 * | Type = 11 |Chunk Flags | Length = 4 | 605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 606 * 607 * Chunk Flags: 8 bits 608 * 609 * Set to zero on transmit and ignored on receipt. 610 */ 611 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 612 const struct sctp_chunk *chunk) 613 { 614 struct sctp_chunk *retval; 615 616 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC); 617 618 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 619 * 620 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 621 * HEARTBEAT ACK, * etc.) to the same destination transport 622 * address from which it * received the DATA or control chunk 623 * to which it is replying. 624 * 625 * [COOKIE ACK back to where the COOKIE ECHO came from.] 626 */ 627 if (retval && chunk) 628 retval->transport = chunk->transport; 629 630 return retval; 631 } 632 633 /* 634 * Appendix A: Explicit Congestion Notification: 635 * CWR: 636 * 637 * RFC 2481 details a specific bit for a sender to send in the header of 638 * its next outbound TCP segment to indicate to its peer that it has 639 * reduced its congestion window. This is termed the CWR bit. For 640 * SCTP the same indication is made by including the CWR chunk. 641 * This chunk contains one data element, i.e. the TSN number that 642 * was sent in the ECNE chunk. This element represents the lowest 643 * TSN number in the datagram that was originally marked with the 644 * CE bit. 645 * 646 * 0 1 2 3 647 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 648 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 649 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 651 * | Lowest TSN Number | 652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 * 654 * Note: The CWR is considered a Control chunk. 655 */ 656 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 657 const __u32 lowest_tsn, 658 const struct sctp_chunk *chunk) 659 { 660 struct sctp_chunk *retval; 661 sctp_cwrhdr_t cwr; 662 663 cwr.lowest_tsn = htonl(lowest_tsn); 664 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 665 sizeof(sctp_cwrhdr_t), GFP_ATOMIC); 666 667 if (!retval) 668 goto nodata; 669 670 retval->subh.ecn_cwr_hdr = 671 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 672 673 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 674 * 675 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 676 * HEARTBEAT ACK, * etc.) to the same destination transport 677 * address from which it * received the DATA or control chunk 678 * to which it is replying. 679 * 680 * [Report a reduced congestion window back to where the ECNE 681 * came from.] 682 */ 683 if (chunk) 684 retval->transport = chunk->transport; 685 686 nodata: 687 return retval; 688 } 689 690 /* Make an ECNE chunk. This is a congestion experienced report. */ 691 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 692 const __u32 lowest_tsn) 693 { 694 struct sctp_chunk *retval; 695 sctp_ecnehdr_t ecne; 696 697 ecne.lowest_tsn = htonl(lowest_tsn); 698 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 699 sizeof(sctp_ecnehdr_t), GFP_ATOMIC); 700 if (!retval) 701 goto nodata; 702 retval->subh.ecne_hdr = 703 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 704 705 nodata: 706 return retval; 707 } 708 709 /* Make a DATA chunk for the given association from the provided 710 * parameters. However, do not populate the data payload. 711 */ 712 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 713 const struct sctp_sndrcvinfo *sinfo, 714 int data_len, __u8 flags, __u16 ssn, 715 gfp_t gfp) 716 { 717 struct sctp_chunk *retval; 718 struct sctp_datahdr dp; 719 int chunk_len; 720 721 /* We assign the TSN as LATE as possible, not here when 722 * creating the chunk. 723 */ 724 dp.tsn = 0; 725 dp.stream = htons(sinfo->sinfo_stream); 726 dp.ppid = sinfo->sinfo_ppid; 727 728 /* Set the flags for an unordered send. */ 729 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 730 flags |= SCTP_DATA_UNORDERED; 731 dp.ssn = 0; 732 } else 733 dp.ssn = htons(ssn); 734 735 chunk_len = sizeof(dp) + data_len; 736 retval = sctp_make_data(asoc, flags, chunk_len, gfp); 737 if (!retval) 738 goto nodata; 739 740 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 741 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 742 743 nodata: 744 return retval; 745 } 746 747 /* Create a selective ackowledgement (SACK) for the given 748 * association. This reports on which TSN's we've seen to date, 749 * including duplicates and gaps. 750 */ 751 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 752 { 753 struct sctp_chunk *retval; 754 struct sctp_sackhdr sack; 755 int len; 756 __u32 ctsn; 757 __u16 num_gabs, num_dup_tsns; 758 struct sctp_association *aptr = (struct sctp_association *)asoc; 759 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 760 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 761 struct sctp_transport *trans; 762 763 memset(gabs, 0, sizeof(gabs)); 764 ctsn = sctp_tsnmap_get_ctsn(map); 765 766 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 767 768 /* How much room is needed in the chunk? */ 769 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 770 num_dup_tsns = sctp_tsnmap_num_dups(map); 771 772 /* Initialize the SACK header. */ 773 sack.cum_tsn_ack = htonl(ctsn); 774 sack.a_rwnd = htonl(asoc->a_rwnd); 775 sack.num_gap_ack_blocks = htons(num_gabs); 776 sack.num_dup_tsns = htons(num_dup_tsns); 777 778 len = sizeof(sack) 779 + sizeof(struct sctp_gap_ack_block) * num_gabs 780 + sizeof(__u32) * num_dup_tsns; 781 782 /* Create the chunk. */ 783 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC); 784 if (!retval) 785 goto nodata; 786 787 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 788 * 789 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 790 * HEARTBEAT ACK, etc.) to the same destination transport 791 * address from which it received the DATA or control chunk to 792 * which it is replying. This rule should also be followed if 793 * the endpoint is bundling DATA chunks together with the 794 * reply chunk. 795 * 796 * However, when acknowledging multiple DATA chunks received 797 * in packets from different source addresses in a single 798 * SACK, the SACK chunk may be transmitted to one of the 799 * destination transport addresses from which the DATA or 800 * control chunks being acknowledged were received. 801 * 802 * [BUG: We do not implement the following paragraph. 803 * Perhaps we should remember the last transport we used for a 804 * SACK and avoid that (if possible) if we have seen any 805 * duplicates. --piggy] 806 * 807 * When a receiver of a duplicate DATA chunk sends a SACK to a 808 * multi- homed endpoint it MAY be beneficial to vary the 809 * destination address and not use the source address of the 810 * DATA chunk. The reason being that receiving a duplicate 811 * from a multi-homed endpoint might indicate that the return 812 * path (as specified in the source address of the DATA chunk) 813 * for the SACK is broken. 814 * 815 * [Send to the address from which we last received a DATA chunk.] 816 */ 817 retval->transport = asoc->peer.last_data_from; 818 819 retval->subh.sack_hdr = 820 sctp_addto_chunk(retval, sizeof(sack), &sack); 821 822 /* Add the gap ack block information. */ 823 if (num_gabs) 824 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 825 gabs); 826 827 /* Add the duplicate TSN information. */ 828 if (num_dup_tsns) { 829 aptr->stats.idupchunks += num_dup_tsns; 830 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 831 sctp_tsnmap_get_dups(map)); 832 } 833 /* Once we have a sack generated, check to see what our sack 834 * generation is, if its 0, reset the transports to 0, and reset 835 * the association generation to 1 836 * 837 * The idea is that zero is never used as a valid generation for the 838 * association so no transport will match after a wrap event like this, 839 * Until the next sack 840 */ 841 if (++aptr->peer.sack_generation == 0) { 842 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 843 transports) 844 trans->sack_generation = 0; 845 aptr->peer.sack_generation = 1; 846 } 847 nodata: 848 return retval; 849 } 850 851 /* Make a SHUTDOWN chunk. */ 852 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 853 const struct sctp_chunk *chunk) 854 { 855 struct sctp_chunk *retval; 856 sctp_shutdownhdr_t shut; 857 __u32 ctsn; 858 859 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 860 shut.cum_tsn_ack = htonl(ctsn); 861 862 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 863 sizeof(sctp_shutdownhdr_t), GFP_ATOMIC); 864 if (!retval) 865 goto nodata; 866 867 retval->subh.shutdown_hdr = 868 sctp_addto_chunk(retval, sizeof(shut), &shut); 869 870 if (chunk) 871 retval->transport = chunk->transport; 872 nodata: 873 return retval; 874 } 875 876 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 877 const struct sctp_chunk *chunk) 878 { 879 struct sctp_chunk *retval; 880 881 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0, 882 GFP_ATOMIC); 883 884 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 885 * 886 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 887 * HEARTBEAT ACK, * etc.) to the same destination transport 888 * address from which it * received the DATA or control chunk 889 * to which it is replying. 890 * 891 * [ACK back to where the SHUTDOWN came from.] 892 */ 893 if (retval && chunk) 894 retval->transport = chunk->transport; 895 896 return retval; 897 } 898 899 struct sctp_chunk *sctp_make_shutdown_complete( 900 const struct sctp_association *asoc, 901 const struct sctp_chunk *chunk) 902 { 903 struct sctp_chunk *retval; 904 __u8 flags = 0; 905 906 /* Set the T-bit if we have no association (vtag will be 907 * reflected) 908 */ 909 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 910 911 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 912 0, GFP_ATOMIC); 913 914 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 915 * 916 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 917 * HEARTBEAT ACK, * etc.) to the same destination transport 918 * address from which it * received the DATA or control chunk 919 * to which it is replying. 920 * 921 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 922 * came from.] 923 */ 924 if (retval && chunk) 925 retval->transport = chunk->transport; 926 927 return retval; 928 } 929 930 /* Create an ABORT. Note that we set the T bit if we have no 931 * association, except when responding to an INIT (sctpimpguide 2.41). 932 */ 933 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 934 const struct sctp_chunk *chunk, 935 const size_t hint) 936 { 937 struct sctp_chunk *retval; 938 __u8 flags = 0; 939 940 /* Set the T-bit if we have no association and 'chunk' is not 941 * an INIT (vtag will be reflected). 942 */ 943 if (!asoc) { 944 if (chunk && chunk->chunk_hdr && 945 chunk->chunk_hdr->type == SCTP_CID_INIT) 946 flags = 0; 947 else 948 flags = SCTP_CHUNK_FLAG_T; 949 } 950 951 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint, 952 GFP_ATOMIC); 953 954 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 955 * 956 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 957 * HEARTBEAT ACK, * etc.) to the same destination transport 958 * address from which it * received the DATA or control chunk 959 * to which it is replying. 960 * 961 * [ABORT back to where the offender came from.] 962 */ 963 if (retval && chunk) 964 retval->transport = chunk->transport; 965 966 return retval; 967 } 968 969 /* Helper to create ABORT with a NO_USER_DATA error. */ 970 struct sctp_chunk *sctp_make_abort_no_data( 971 const struct sctp_association *asoc, 972 const struct sctp_chunk *chunk, __u32 tsn) 973 { 974 struct sctp_chunk *retval; 975 __be32 payload; 976 977 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 978 + sizeof(tsn)); 979 980 if (!retval) 981 goto no_mem; 982 983 /* Put the tsn back into network byte order. */ 984 payload = htonl(tsn); 985 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 986 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 987 988 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 989 * 990 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 991 * HEARTBEAT ACK, * etc.) to the same destination transport 992 * address from which it * received the DATA or control chunk 993 * to which it is replying. 994 * 995 * [ABORT back to where the offender came from.] 996 */ 997 if (chunk) 998 retval->transport = chunk->transport; 999 1000 no_mem: 1001 return retval; 1002 } 1003 1004 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1005 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1006 struct msghdr *msg, 1007 size_t paylen) 1008 { 1009 struct sctp_chunk *retval; 1010 void *payload = NULL; 1011 int err; 1012 1013 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 1014 if (!retval) 1015 goto err_chunk; 1016 1017 if (paylen) { 1018 /* Put the msg_iov together into payload. */ 1019 payload = kmalloc(paylen, GFP_KERNEL); 1020 if (!payload) 1021 goto err_payload; 1022 1023 err = memcpy_from_msg(payload, msg, paylen); 1024 if (err < 0) 1025 goto err_copy; 1026 } 1027 1028 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1029 sctp_addto_chunk(retval, paylen, payload); 1030 1031 if (paylen) 1032 kfree(payload); 1033 1034 return retval; 1035 1036 err_copy: 1037 kfree(payload); 1038 err_payload: 1039 sctp_chunk_free(retval); 1040 retval = NULL; 1041 err_chunk: 1042 return retval; 1043 } 1044 1045 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1046 * enough. 1047 */ 1048 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1049 const void *data) 1050 { 1051 void *target; 1052 int chunklen = ntohs(chunk->chunk_hdr->length); 1053 1054 target = skb_put(chunk->skb, len); 1055 1056 if (data) 1057 memcpy(target, data, len); 1058 else 1059 memset(target, 0, len); 1060 1061 /* Adjust the chunk length field. */ 1062 chunk->chunk_hdr->length = htons(chunklen + len); 1063 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1064 1065 return target; 1066 } 1067 1068 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1069 struct sctp_chunk *sctp_make_abort_violation( 1070 const struct sctp_association *asoc, 1071 const struct sctp_chunk *chunk, 1072 const __u8 *payload, 1073 const size_t paylen) 1074 { 1075 struct sctp_chunk *retval; 1076 struct sctp_paramhdr phdr; 1077 1078 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1079 + sizeof(sctp_paramhdr_t)); 1080 if (!retval) 1081 goto end; 1082 1083 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1084 + sizeof(sctp_paramhdr_t)); 1085 1086 phdr.type = htons(chunk->chunk_hdr->type); 1087 phdr.length = chunk->chunk_hdr->length; 1088 sctp_addto_chunk(retval, paylen, payload); 1089 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1090 1091 end: 1092 return retval; 1093 } 1094 1095 struct sctp_chunk *sctp_make_violation_paramlen( 1096 const struct sctp_association *asoc, 1097 const struct sctp_chunk *chunk, 1098 struct sctp_paramhdr *param) 1099 { 1100 struct sctp_chunk *retval; 1101 static const char error[] = "The following parameter had invalid length:"; 1102 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1103 sizeof(sctp_paramhdr_t); 1104 1105 retval = sctp_make_abort(asoc, chunk, payload_len); 1106 if (!retval) 1107 goto nodata; 1108 1109 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1110 sizeof(error) + sizeof(sctp_paramhdr_t)); 1111 sctp_addto_chunk(retval, sizeof(error), error); 1112 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1113 1114 nodata: 1115 return retval; 1116 } 1117 1118 struct sctp_chunk *sctp_make_violation_max_retrans( 1119 const struct sctp_association *asoc, 1120 const struct sctp_chunk *chunk) 1121 { 1122 struct sctp_chunk *retval; 1123 static const char error[] = "Association exceeded its max_retans count"; 1124 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1125 1126 retval = sctp_make_abort(asoc, chunk, payload_len); 1127 if (!retval) 1128 goto nodata; 1129 1130 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1131 sctp_addto_chunk(retval, sizeof(error), error); 1132 1133 nodata: 1134 return retval; 1135 } 1136 1137 /* Make a HEARTBEAT chunk. */ 1138 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1139 const struct sctp_transport *transport) 1140 { 1141 struct sctp_chunk *retval; 1142 sctp_sender_hb_info_t hbinfo; 1143 1144 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, 1145 sizeof(hbinfo), GFP_ATOMIC); 1146 1147 if (!retval) 1148 goto nodata; 1149 1150 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1151 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1152 hbinfo.daddr = transport->ipaddr; 1153 hbinfo.sent_at = jiffies; 1154 hbinfo.hb_nonce = transport->hb_nonce; 1155 1156 /* Cast away the 'const', as this is just telling the chunk 1157 * what transport it belongs to. 1158 */ 1159 retval->transport = (struct sctp_transport *) transport; 1160 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1161 &hbinfo); 1162 1163 nodata: 1164 return retval; 1165 } 1166 1167 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1168 const struct sctp_chunk *chunk, 1169 const void *payload, const size_t paylen) 1170 { 1171 struct sctp_chunk *retval; 1172 1173 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen, 1174 GFP_ATOMIC); 1175 if (!retval) 1176 goto nodata; 1177 1178 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1179 1180 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1181 * 1182 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1183 * HEARTBEAT ACK, * etc.) to the same destination transport 1184 * address from which it * received the DATA or control chunk 1185 * to which it is replying. 1186 * 1187 * [HBACK back to where the HEARTBEAT came from.] 1188 */ 1189 if (chunk) 1190 retval->transport = chunk->transport; 1191 1192 nodata: 1193 return retval; 1194 } 1195 1196 /* Create an Operation Error chunk with the specified space reserved. 1197 * This routine can be used for containing multiple causes in the chunk. 1198 */ 1199 static struct sctp_chunk *sctp_make_op_error_space( 1200 const struct sctp_association *asoc, 1201 const struct sctp_chunk *chunk, 1202 size_t size) 1203 { 1204 struct sctp_chunk *retval; 1205 1206 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1207 sizeof(sctp_errhdr_t) + size, GFP_ATOMIC); 1208 if (!retval) 1209 goto nodata; 1210 1211 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1212 * 1213 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1214 * HEARTBEAT ACK, etc.) to the same destination transport 1215 * address from which it received the DATA or control chunk 1216 * to which it is replying. 1217 * 1218 */ 1219 if (chunk) 1220 retval->transport = chunk->transport; 1221 1222 nodata: 1223 return retval; 1224 } 1225 1226 /* Create an Operation Error chunk of a fixed size, 1227 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1228 * This is a helper function to allocate an error chunk for 1229 * for those invalid parameter codes in which we may not want 1230 * to report all the errors, if the incoming chunk is large 1231 */ 1232 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1233 const struct sctp_association *asoc, 1234 const struct sctp_chunk *chunk) 1235 { 1236 size_t size = asoc ? asoc->pathmtu : 0; 1237 1238 if (!size) 1239 size = SCTP_DEFAULT_MAXSEGMENT; 1240 1241 return sctp_make_op_error_space(asoc, chunk, size); 1242 } 1243 1244 /* Create an Operation Error chunk. */ 1245 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1246 const struct sctp_chunk *chunk, 1247 __be16 cause_code, const void *payload, 1248 size_t paylen, size_t reserve_tail) 1249 { 1250 struct sctp_chunk *retval; 1251 1252 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1253 if (!retval) 1254 goto nodata; 1255 1256 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1257 sctp_addto_chunk(retval, paylen, payload); 1258 if (reserve_tail) 1259 sctp_addto_param(retval, reserve_tail, NULL); 1260 1261 nodata: 1262 return retval; 1263 } 1264 1265 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1266 { 1267 struct sctp_chunk *retval; 1268 struct sctp_hmac *hmac_desc; 1269 struct sctp_authhdr auth_hdr; 1270 __u8 *hmac; 1271 1272 /* Get the first hmac that the peer told us to use */ 1273 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1274 if (unlikely(!hmac_desc)) 1275 return NULL; 1276 1277 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1278 hmac_desc->hmac_len + sizeof(sctp_authhdr_t), 1279 GFP_ATOMIC); 1280 if (!retval) 1281 return NULL; 1282 1283 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1284 auth_hdr.shkey_id = htons(asoc->active_key_id); 1285 1286 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1287 &auth_hdr); 1288 1289 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1290 memset(hmac, 0, hmac_desc->hmac_len); 1291 1292 /* Adjust the chunk header to include the empty MAC */ 1293 retval->chunk_hdr->length = 1294 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1295 retval->chunk_end = skb_tail_pointer(retval->skb); 1296 1297 return retval; 1298 } 1299 1300 1301 /******************************************************************** 1302 * 2nd Level Abstractions 1303 ********************************************************************/ 1304 1305 /* Turn an skb into a chunk. 1306 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1307 * 1308 * sctpimpguide-05.txt Section 2.8.2 1309 * M1) Each time a new DATA chunk is transmitted 1310 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1311 * 'TSN.Missing.Report' count will be used to determine missing chunks 1312 * and when to fast retransmit. 1313 * 1314 */ 1315 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1316 const struct sctp_association *asoc, 1317 struct sock *sk, gfp_t gfp) 1318 { 1319 struct sctp_chunk *retval; 1320 1321 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp); 1322 1323 if (!retval) 1324 goto nodata; 1325 if (!sk) 1326 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1327 1328 INIT_LIST_HEAD(&retval->list); 1329 retval->skb = skb; 1330 retval->asoc = (struct sctp_association *)asoc; 1331 retval->singleton = 1; 1332 1333 retval->fast_retransmit = SCTP_CAN_FRTX; 1334 1335 /* Polish the bead hole. */ 1336 INIT_LIST_HEAD(&retval->transmitted_list); 1337 INIT_LIST_HEAD(&retval->frag_list); 1338 SCTP_DBG_OBJCNT_INC(chunk); 1339 atomic_set(&retval->refcnt, 1); 1340 1341 nodata: 1342 return retval; 1343 } 1344 1345 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1346 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1347 union sctp_addr *dest) 1348 { 1349 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1350 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1351 } 1352 1353 /* Extract the source address from a chunk. */ 1354 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1355 { 1356 /* If we have a known transport, use that. */ 1357 if (chunk->transport) { 1358 return &chunk->transport->ipaddr; 1359 } else { 1360 /* Otherwise, extract it from the IP header. */ 1361 return &chunk->source; 1362 } 1363 } 1364 1365 /* Create a new chunk, setting the type and flags headers from the 1366 * arguments, reserving enough space for a 'paylen' byte payload. 1367 */ 1368 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1369 __u8 type, __u8 flags, int paylen, 1370 gfp_t gfp) 1371 { 1372 struct sctp_chunk *retval; 1373 sctp_chunkhdr_t *chunk_hdr; 1374 struct sk_buff *skb; 1375 struct sock *sk; 1376 1377 /* No need to allocate LL here, as this is only a chunk. */ 1378 skb = alloc_skb(SCTP_PAD4(sizeof(sctp_chunkhdr_t) + paylen), gfp); 1379 if (!skb) 1380 goto nodata; 1381 1382 /* Make room for the chunk header. */ 1383 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1384 chunk_hdr->type = type; 1385 chunk_hdr->flags = flags; 1386 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1387 1388 sk = asoc ? asoc->base.sk : NULL; 1389 retval = sctp_chunkify(skb, asoc, sk, gfp); 1390 if (!retval) { 1391 kfree_skb(skb); 1392 goto nodata; 1393 } 1394 1395 retval->chunk_hdr = chunk_hdr; 1396 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1397 1398 /* Determine if the chunk needs to be authenticated */ 1399 if (sctp_auth_send_cid(type, asoc)) 1400 retval->auth = 1; 1401 1402 return retval; 1403 nodata: 1404 return NULL; 1405 } 1406 1407 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1408 __u8 flags, int paylen, gfp_t gfp) 1409 { 1410 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp); 1411 } 1412 1413 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1414 __u8 type, __u8 flags, int paylen, 1415 gfp_t gfp) 1416 { 1417 struct sctp_chunk *chunk; 1418 1419 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); 1420 if (chunk) 1421 sctp_control_set_owner_w(chunk); 1422 1423 return chunk; 1424 } 1425 1426 /* Release the memory occupied by a chunk. */ 1427 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1428 { 1429 BUG_ON(!list_empty(&chunk->list)); 1430 list_del_init(&chunk->transmitted_list); 1431 1432 consume_skb(chunk->skb); 1433 consume_skb(chunk->auth_chunk); 1434 1435 SCTP_DBG_OBJCNT_DEC(chunk); 1436 kmem_cache_free(sctp_chunk_cachep, chunk); 1437 } 1438 1439 /* Possibly, free the chunk. */ 1440 void sctp_chunk_free(struct sctp_chunk *chunk) 1441 { 1442 /* Release our reference on the message tracker. */ 1443 if (chunk->msg) 1444 sctp_datamsg_put(chunk->msg); 1445 1446 sctp_chunk_put(chunk); 1447 } 1448 1449 /* Grab a reference to the chunk. */ 1450 void sctp_chunk_hold(struct sctp_chunk *ch) 1451 { 1452 atomic_inc(&ch->refcnt); 1453 } 1454 1455 /* Release a reference to the chunk. */ 1456 void sctp_chunk_put(struct sctp_chunk *ch) 1457 { 1458 if (atomic_dec_and_test(&ch->refcnt)) 1459 sctp_chunk_destroy(ch); 1460 } 1461 1462 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1463 * enough. 1464 */ 1465 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1466 { 1467 void *target; 1468 void *padding; 1469 int chunklen = ntohs(chunk->chunk_hdr->length); 1470 int padlen = SCTP_PAD4(chunklen) - chunklen; 1471 1472 padding = skb_put(chunk->skb, padlen); 1473 target = skb_put(chunk->skb, len); 1474 1475 memset(padding, 0, padlen); 1476 memcpy(target, data, len); 1477 1478 /* Adjust the chunk length field. */ 1479 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1480 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1481 1482 return target; 1483 } 1484 1485 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1486 * space in the chunk 1487 */ 1488 static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1489 int len, const void *data) 1490 { 1491 if (skb_tailroom(chunk->skb) >= len) 1492 return sctp_addto_chunk(chunk, len, data); 1493 else 1494 return NULL; 1495 } 1496 1497 /* Append bytes from user space to the end of a chunk. Will panic if 1498 * chunk is not big enough. 1499 * Returns a kernel err value. 1500 */ 1501 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1502 struct iov_iter *from) 1503 { 1504 void *target; 1505 ssize_t copied; 1506 1507 /* Make room in chunk for data. */ 1508 target = skb_put(chunk->skb, len); 1509 1510 /* Copy data (whole iovec) into chunk */ 1511 copied = copy_from_iter(target, len, from); 1512 if (copied != len) 1513 return -EFAULT; 1514 1515 /* Adjust the chunk length field. */ 1516 chunk->chunk_hdr->length = 1517 htons(ntohs(chunk->chunk_hdr->length) + len); 1518 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1519 1520 return 0; 1521 } 1522 1523 /* Helper function to assign a TSN if needed. This assumes that both 1524 * the data_hdr and association have already been assigned. 1525 */ 1526 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1527 { 1528 struct sctp_datamsg *msg; 1529 struct sctp_chunk *lchunk; 1530 struct sctp_stream *stream; 1531 __u16 ssn; 1532 __u16 sid; 1533 1534 if (chunk->has_ssn) 1535 return; 1536 1537 /* All fragments will be on the same stream */ 1538 sid = ntohs(chunk->subh.data_hdr->stream); 1539 stream = &chunk->asoc->ssnmap->out; 1540 1541 /* Now assign the sequence number to the entire message. 1542 * All fragments must have the same stream sequence number. 1543 */ 1544 msg = chunk->msg; 1545 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1546 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1547 ssn = 0; 1548 } else { 1549 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1550 ssn = sctp_ssn_next(stream, sid); 1551 else 1552 ssn = sctp_ssn_peek(stream, sid); 1553 } 1554 1555 lchunk->subh.data_hdr->ssn = htons(ssn); 1556 lchunk->has_ssn = 1; 1557 } 1558 } 1559 1560 /* Helper function to assign a TSN if needed. This assumes that both 1561 * the data_hdr and association have already been assigned. 1562 */ 1563 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1564 { 1565 if (!chunk->has_tsn) { 1566 /* This is the last possible instant to 1567 * assign a TSN. 1568 */ 1569 chunk->subh.data_hdr->tsn = 1570 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1571 chunk->has_tsn = 1; 1572 } 1573 } 1574 1575 /* Create a CLOSED association to use with an incoming packet. */ 1576 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1577 struct sctp_chunk *chunk, 1578 gfp_t gfp) 1579 { 1580 struct sctp_association *asoc; 1581 struct sk_buff *skb; 1582 sctp_scope_t scope; 1583 1584 /* Create the bare association. */ 1585 scope = sctp_scope(sctp_source(chunk)); 1586 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1587 if (!asoc) 1588 goto nodata; 1589 asoc->temp = 1; 1590 skb = chunk->skb; 1591 /* Create an entry for the source address of the packet. */ 1592 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); 1593 1594 nodata: 1595 return asoc; 1596 } 1597 1598 /* Build a cookie representing asoc. 1599 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1600 */ 1601 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1602 const struct sctp_association *asoc, 1603 const struct sctp_chunk *init_chunk, 1604 int *cookie_len, 1605 const __u8 *raw_addrs, int addrs_len) 1606 { 1607 sctp_cookie_param_t *retval; 1608 struct sctp_signed_cookie *cookie; 1609 int headersize, bodysize; 1610 1611 /* Header size is static data prior to the actual cookie, including 1612 * any padding. 1613 */ 1614 headersize = sizeof(sctp_paramhdr_t) + 1615 (sizeof(struct sctp_signed_cookie) - 1616 sizeof(struct sctp_cookie)); 1617 bodysize = sizeof(struct sctp_cookie) 1618 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1619 1620 /* Pad out the cookie to a multiple to make the signature 1621 * functions simpler to write. 1622 */ 1623 if (bodysize % SCTP_COOKIE_MULTIPLE) 1624 bodysize += SCTP_COOKIE_MULTIPLE 1625 - (bodysize % SCTP_COOKIE_MULTIPLE); 1626 *cookie_len = headersize + bodysize; 1627 1628 /* Clear this memory since we are sending this data structure 1629 * out on the network. 1630 */ 1631 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1632 if (!retval) 1633 goto nodata; 1634 1635 cookie = (struct sctp_signed_cookie *) retval->body; 1636 1637 /* Set up the parameter header. */ 1638 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1639 retval->p.length = htons(*cookie_len); 1640 1641 /* Copy the cookie part of the association itself. */ 1642 cookie->c = asoc->c; 1643 /* Save the raw address list length in the cookie. */ 1644 cookie->c.raw_addr_list_len = addrs_len; 1645 1646 /* Remember PR-SCTP capability. */ 1647 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1648 1649 /* Save adaptation indication in the cookie. */ 1650 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1651 1652 /* Set an expiration time for the cookie. */ 1653 cookie->c.expiration = ktime_add(asoc->cookie_life, 1654 ktime_get_real()); 1655 1656 /* Copy the peer's init packet. */ 1657 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1658 ntohs(init_chunk->chunk_hdr->length)); 1659 1660 /* Copy the raw local address list of the association. */ 1661 memcpy((__u8 *)&cookie->c.peer_init[0] + 1662 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1663 1664 if (sctp_sk(ep->base.sk)->hmac) { 1665 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1666 int err; 1667 1668 /* Sign the message. */ 1669 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1670 desc->flags = 0; 1671 1672 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1673 sizeof(ep->secret_key)) ?: 1674 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize, 1675 cookie->signature); 1676 shash_desc_zero(desc); 1677 if (err) 1678 goto free_cookie; 1679 } 1680 1681 return retval; 1682 1683 free_cookie: 1684 kfree(retval); 1685 nodata: 1686 *cookie_len = 0; 1687 return NULL; 1688 } 1689 1690 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1691 struct sctp_association *sctp_unpack_cookie( 1692 const struct sctp_endpoint *ep, 1693 const struct sctp_association *asoc, 1694 struct sctp_chunk *chunk, gfp_t gfp, 1695 int *error, struct sctp_chunk **errp) 1696 { 1697 struct sctp_association *retval = NULL; 1698 struct sctp_signed_cookie *cookie; 1699 struct sctp_cookie *bear_cookie; 1700 int headersize, bodysize, fixed_size; 1701 __u8 *digest = ep->digest; 1702 unsigned int len; 1703 sctp_scope_t scope; 1704 struct sk_buff *skb = chunk->skb; 1705 ktime_t kt; 1706 1707 /* Header size is static data prior to the actual cookie, including 1708 * any padding. 1709 */ 1710 headersize = sizeof(sctp_chunkhdr_t) + 1711 (sizeof(struct sctp_signed_cookie) - 1712 sizeof(struct sctp_cookie)); 1713 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1714 fixed_size = headersize + sizeof(struct sctp_cookie); 1715 1716 /* Verify that the chunk looks like it even has a cookie. 1717 * There must be enough room for our cookie and our peer's 1718 * INIT chunk. 1719 */ 1720 len = ntohs(chunk->chunk_hdr->length); 1721 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1722 goto malformed; 1723 1724 /* Verify that the cookie has been padded out. */ 1725 if (bodysize % SCTP_COOKIE_MULTIPLE) 1726 goto malformed; 1727 1728 /* Process the cookie. */ 1729 cookie = chunk->subh.cookie_hdr; 1730 bear_cookie = &cookie->c; 1731 1732 if (!sctp_sk(ep->base.sk)->hmac) 1733 goto no_hmac; 1734 1735 /* Check the signature. */ 1736 { 1737 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1738 int err; 1739 1740 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1741 desc->flags = 0; 1742 1743 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1744 sizeof(ep->secret_key)) ?: 1745 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize, 1746 digest); 1747 shash_desc_zero(desc); 1748 1749 if (err) { 1750 *error = -SCTP_IERROR_NOMEM; 1751 goto fail; 1752 } 1753 } 1754 1755 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1756 *error = -SCTP_IERROR_BAD_SIG; 1757 goto fail; 1758 } 1759 1760 no_hmac: 1761 /* IG Section 2.35.2: 1762 * 3) Compare the port numbers and the verification tag contained 1763 * within the COOKIE ECHO chunk to the actual port numbers and the 1764 * verification tag within the SCTP common header of the received 1765 * packet. If these values do not match the packet MUST be silently 1766 * discarded, 1767 */ 1768 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1769 *error = -SCTP_IERROR_BAD_TAG; 1770 goto fail; 1771 } 1772 1773 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1774 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1775 *error = -SCTP_IERROR_BAD_PORTS; 1776 goto fail; 1777 } 1778 1779 /* Check to see if the cookie is stale. If there is already 1780 * an association, there is no need to check cookie's expiration 1781 * for init collision case of lost COOKIE ACK. 1782 * If skb has been timestamped, then use the stamp, otherwise 1783 * use current time. This introduces a small possibility that 1784 * that a cookie may be considered expired, but his would only slow 1785 * down the new association establishment instead of every packet. 1786 */ 1787 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1788 kt = skb_get_ktime(skb); 1789 else 1790 kt = ktime_get_real(); 1791 1792 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1793 /* 1794 * Section 3.3.10.3 Stale Cookie Error (3) 1795 * 1796 * Cause of error 1797 * --------------- 1798 * Stale Cookie Error: Indicates the receipt of a valid State 1799 * Cookie that has expired. 1800 */ 1801 len = ntohs(chunk->chunk_hdr->length); 1802 *errp = sctp_make_op_error_space(asoc, chunk, len); 1803 if (*errp) { 1804 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1805 __be32 n = htonl(usecs); 1806 1807 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1808 sizeof(n)); 1809 sctp_addto_chunk(*errp, sizeof(n), &n); 1810 *error = -SCTP_IERROR_STALE_COOKIE; 1811 } else 1812 *error = -SCTP_IERROR_NOMEM; 1813 1814 goto fail; 1815 } 1816 1817 /* Make a new base association. */ 1818 scope = sctp_scope(sctp_source(chunk)); 1819 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1820 if (!retval) { 1821 *error = -SCTP_IERROR_NOMEM; 1822 goto fail; 1823 } 1824 1825 /* Set up our peer's port number. */ 1826 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1827 1828 /* Populate the association from the cookie. */ 1829 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1830 1831 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1832 GFP_ATOMIC) < 0) { 1833 *error = -SCTP_IERROR_NOMEM; 1834 goto fail; 1835 } 1836 1837 /* Also, add the destination address. */ 1838 if (list_empty(&retval->base.bind_addr.address_list)) { 1839 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1840 sizeof(chunk->dest), SCTP_ADDR_SRC, 1841 GFP_ATOMIC); 1842 } 1843 1844 retval->next_tsn = retval->c.initial_tsn; 1845 retval->ctsn_ack_point = retval->next_tsn - 1; 1846 retval->addip_serial = retval->c.initial_tsn; 1847 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1848 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1849 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1850 1851 /* The INIT stuff will be done by the side effects. */ 1852 return retval; 1853 1854 fail: 1855 if (retval) 1856 sctp_association_free(retval); 1857 1858 return NULL; 1859 1860 malformed: 1861 /* Yikes! The packet is either corrupt or deliberately 1862 * malformed. 1863 */ 1864 *error = -SCTP_IERROR_MALFORMED; 1865 goto fail; 1866 } 1867 1868 /******************************************************************** 1869 * 3rd Level Abstractions 1870 ********************************************************************/ 1871 1872 struct __sctp_missing { 1873 __be32 num_missing; 1874 __be16 type; 1875 } __packed; 1876 1877 /* 1878 * Report a missing mandatory parameter. 1879 */ 1880 static int sctp_process_missing_param(const struct sctp_association *asoc, 1881 sctp_param_t paramtype, 1882 struct sctp_chunk *chunk, 1883 struct sctp_chunk **errp) 1884 { 1885 struct __sctp_missing report; 1886 __u16 len; 1887 1888 len = SCTP_PAD4(sizeof(report)); 1889 1890 /* Make an ERROR chunk, preparing enough room for 1891 * returning multiple unknown parameters. 1892 */ 1893 if (!*errp) 1894 *errp = sctp_make_op_error_space(asoc, chunk, len); 1895 1896 if (*errp) { 1897 report.num_missing = htonl(1); 1898 report.type = paramtype; 1899 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1900 sizeof(report)); 1901 sctp_addto_chunk(*errp, sizeof(report), &report); 1902 } 1903 1904 /* Stop processing this chunk. */ 1905 return 0; 1906 } 1907 1908 /* Report an Invalid Mandatory Parameter. */ 1909 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1910 struct sctp_chunk *chunk, 1911 struct sctp_chunk **errp) 1912 { 1913 /* Invalid Mandatory Parameter Error has no payload. */ 1914 1915 if (!*errp) 1916 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1917 1918 if (*errp) 1919 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1920 1921 /* Stop processing this chunk. */ 1922 return 0; 1923 } 1924 1925 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1926 struct sctp_paramhdr *param, 1927 const struct sctp_chunk *chunk, 1928 struct sctp_chunk **errp) 1929 { 1930 /* This is a fatal error. Any accumulated non-fatal errors are 1931 * not reported. 1932 */ 1933 if (*errp) 1934 sctp_chunk_free(*errp); 1935 1936 /* Create an error chunk and fill it in with our payload. */ 1937 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1938 1939 return 0; 1940 } 1941 1942 1943 /* Do not attempt to handle the HOST_NAME parm. However, do 1944 * send back an indicator to the peer. 1945 */ 1946 static int sctp_process_hn_param(const struct sctp_association *asoc, 1947 union sctp_params param, 1948 struct sctp_chunk *chunk, 1949 struct sctp_chunk **errp) 1950 { 1951 __u16 len = ntohs(param.p->length); 1952 1953 /* Processing of the HOST_NAME parameter will generate an 1954 * ABORT. If we've accumulated any non-fatal errors, they 1955 * would be unrecognized parameters and we should not include 1956 * them in the ABORT. 1957 */ 1958 if (*errp) 1959 sctp_chunk_free(*errp); 1960 1961 *errp = sctp_make_op_error_space(asoc, chunk, len); 1962 1963 if (*errp) { 1964 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1965 sctp_addto_chunk(*errp, len, param.v); 1966 } 1967 1968 /* Stop processing this chunk. */ 1969 return 0; 1970 } 1971 1972 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1973 { 1974 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1975 int have_auth = 0; 1976 int have_asconf = 0; 1977 int i; 1978 1979 for (i = 0; i < num_ext; i++) { 1980 switch (param.ext->chunks[i]) { 1981 case SCTP_CID_AUTH: 1982 have_auth = 1; 1983 break; 1984 case SCTP_CID_ASCONF: 1985 case SCTP_CID_ASCONF_ACK: 1986 have_asconf = 1; 1987 break; 1988 } 1989 } 1990 1991 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1992 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1993 * only if ADD-IP is turned on and we are not backward-compatible 1994 * mode. 1995 */ 1996 if (net->sctp.addip_noauth) 1997 return 1; 1998 1999 if (net->sctp.addip_enable && !have_auth && have_asconf) 2000 return 0; 2001 2002 return 1; 2003 } 2004 2005 static void sctp_process_ext_param(struct sctp_association *asoc, 2006 union sctp_params param) 2007 { 2008 struct net *net = sock_net(asoc->base.sk); 2009 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2010 int i; 2011 2012 for (i = 0; i < num_ext; i++) { 2013 switch (param.ext->chunks[i]) { 2014 case SCTP_CID_FWD_TSN: 2015 if (asoc->prsctp_enable && !asoc->peer.prsctp_capable) 2016 asoc->peer.prsctp_capable = 1; 2017 break; 2018 case SCTP_CID_AUTH: 2019 /* if the peer reports AUTH, assume that he 2020 * supports AUTH. 2021 */ 2022 if (asoc->ep->auth_enable) 2023 asoc->peer.auth_capable = 1; 2024 break; 2025 case SCTP_CID_ASCONF: 2026 case SCTP_CID_ASCONF_ACK: 2027 if (net->sctp.addip_enable) 2028 asoc->peer.asconf_capable = 1; 2029 break; 2030 default: 2031 break; 2032 } 2033 } 2034 } 2035 2036 /* RFC 3.2.1 & the Implementers Guide 2.2. 2037 * 2038 * The Parameter Types are encoded such that the 2039 * highest-order two bits specify the action that must be 2040 * taken if the processing endpoint does not recognize the 2041 * Parameter Type. 2042 * 2043 * 00 - Stop processing this parameter; do not process any further 2044 * parameters within this chunk 2045 * 2046 * 01 - Stop processing this parameter, do not process any further 2047 * parameters within this chunk, and report the unrecognized 2048 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2049 * 2050 * 10 - Skip this parameter and continue processing. 2051 * 2052 * 11 - Skip this parameter and continue processing but 2053 * report the unrecognized parameter in an 2054 * 'Unrecognized Parameter' ERROR chunk. 2055 * 2056 * Return value: 2057 * SCTP_IERROR_NO_ERROR - continue with the chunk 2058 * SCTP_IERROR_ERROR - stop and report an error. 2059 * SCTP_IERROR_NOMEME - out of memory. 2060 */ 2061 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2062 union sctp_params param, 2063 struct sctp_chunk *chunk, 2064 struct sctp_chunk **errp) 2065 { 2066 int retval = SCTP_IERROR_NO_ERROR; 2067 2068 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2069 case SCTP_PARAM_ACTION_DISCARD: 2070 retval = SCTP_IERROR_ERROR; 2071 break; 2072 case SCTP_PARAM_ACTION_SKIP: 2073 break; 2074 case SCTP_PARAM_ACTION_DISCARD_ERR: 2075 retval = SCTP_IERROR_ERROR; 2076 /* Fall through */ 2077 case SCTP_PARAM_ACTION_SKIP_ERR: 2078 /* Make an ERROR chunk, preparing enough room for 2079 * returning multiple unknown parameters. 2080 */ 2081 if (NULL == *errp) 2082 *errp = sctp_make_op_error_fixed(asoc, chunk); 2083 2084 if (*errp) { 2085 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2086 SCTP_PAD4(ntohs(param.p->length)))) 2087 sctp_addto_chunk_fixed(*errp, 2088 SCTP_PAD4(ntohs(param.p->length)), 2089 param.v); 2090 } else { 2091 /* If there is no memory for generating the ERROR 2092 * report as specified, an ABORT will be triggered 2093 * to the peer and the association won't be 2094 * established. 2095 */ 2096 retval = SCTP_IERROR_NOMEM; 2097 } 2098 break; 2099 default: 2100 break; 2101 } 2102 2103 return retval; 2104 } 2105 2106 /* Verify variable length parameters 2107 * Return values: 2108 * SCTP_IERROR_ABORT - trigger an ABORT 2109 * SCTP_IERROR_NOMEM - out of memory (abort) 2110 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2111 * SCTP_IERROR_NO_ERROR - continue with the chunk 2112 */ 2113 static sctp_ierror_t sctp_verify_param(struct net *net, 2114 const struct sctp_endpoint *ep, 2115 const struct sctp_association *asoc, 2116 union sctp_params param, 2117 sctp_cid_t cid, 2118 struct sctp_chunk *chunk, 2119 struct sctp_chunk **err_chunk) 2120 { 2121 struct sctp_hmac_algo_param *hmacs; 2122 int retval = SCTP_IERROR_NO_ERROR; 2123 __u16 n_elt, id = 0; 2124 int i; 2125 2126 /* FIXME - This routine is not looking at each parameter per the 2127 * chunk type, i.e., unrecognized parameters should be further 2128 * identified based on the chunk id. 2129 */ 2130 2131 switch (param.p->type) { 2132 case SCTP_PARAM_IPV4_ADDRESS: 2133 case SCTP_PARAM_IPV6_ADDRESS: 2134 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2135 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2136 case SCTP_PARAM_STATE_COOKIE: 2137 case SCTP_PARAM_HEARTBEAT_INFO: 2138 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2139 case SCTP_PARAM_ECN_CAPABLE: 2140 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2141 break; 2142 2143 case SCTP_PARAM_SUPPORTED_EXT: 2144 if (!sctp_verify_ext_param(net, param)) 2145 return SCTP_IERROR_ABORT; 2146 break; 2147 2148 case SCTP_PARAM_SET_PRIMARY: 2149 if (net->sctp.addip_enable) 2150 break; 2151 goto fallthrough; 2152 2153 case SCTP_PARAM_HOST_NAME_ADDRESS: 2154 /* Tell the peer, we won't support this param. */ 2155 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2156 retval = SCTP_IERROR_ABORT; 2157 break; 2158 2159 case SCTP_PARAM_FWD_TSN_SUPPORT: 2160 if (ep->prsctp_enable) 2161 break; 2162 goto fallthrough; 2163 2164 case SCTP_PARAM_RANDOM: 2165 if (!ep->auth_enable) 2166 goto fallthrough; 2167 2168 /* SCTP-AUTH: Secion 6.1 2169 * If the random number is not 32 byte long the association 2170 * MUST be aborted. The ABORT chunk SHOULD contain the error 2171 * cause 'Protocol Violation'. 2172 */ 2173 if (SCTP_AUTH_RANDOM_LENGTH != 2174 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2175 sctp_process_inv_paramlength(asoc, param.p, 2176 chunk, err_chunk); 2177 retval = SCTP_IERROR_ABORT; 2178 } 2179 break; 2180 2181 case SCTP_PARAM_CHUNKS: 2182 if (!ep->auth_enable) 2183 goto fallthrough; 2184 2185 /* SCTP-AUTH: Section 3.2 2186 * The CHUNKS parameter MUST be included once in the INIT or 2187 * INIT-ACK chunk if the sender wants to receive authenticated 2188 * chunks. Its maximum length is 260 bytes. 2189 */ 2190 if (260 < ntohs(param.p->length)) { 2191 sctp_process_inv_paramlength(asoc, param.p, 2192 chunk, err_chunk); 2193 retval = SCTP_IERROR_ABORT; 2194 } 2195 break; 2196 2197 case SCTP_PARAM_HMAC_ALGO: 2198 if (!ep->auth_enable) 2199 goto fallthrough; 2200 2201 hmacs = (struct sctp_hmac_algo_param *)param.p; 2202 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2203 2204 /* SCTP-AUTH: Section 6.1 2205 * The HMAC algorithm based on SHA-1 MUST be supported and 2206 * included in the HMAC-ALGO parameter. 2207 */ 2208 for (i = 0; i < n_elt; i++) { 2209 id = ntohs(hmacs->hmac_ids[i]); 2210 2211 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2212 break; 2213 } 2214 2215 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2216 sctp_process_inv_paramlength(asoc, param.p, chunk, 2217 err_chunk); 2218 retval = SCTP_IERROR_ABORT; 2219 } 2220 break; 2221 fallthrough: 2222 default: 2223 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2224 __func__, ntohs(param.p->type), cid); 2225 2226 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2227 break; 2228 } 2229 return retval; 2230 } 2231 2232 /* Verify the INIT packet before we process it. */ 2233 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2234 const struct sctp_association *asoc, sctp_cid_t cid, 2235 sctp_init_chunk_t *peer_init, struct sctp_chunk *chunk, 2236 struct sctp_chunk **errp) 2237 { 2238 union sctp_params param; 2239 bool has_cookie = false; 2240 int result; 2241 2242 /* Check for missing mandatory parameters. Note: Initial TSN is 2243 * also mandatory, but is not checked here since the valid range 2244 * is 0..2**32-1. RFC4960, section 3.3.3. 2245 */ 2246 if (peer_init->init_hdr.num_outbound_streams == 0 || 2247 peer_init->init_hdr.num_inbound_streams == 0 || 2248 peer_init->init_hdr.init_tag == 0 || 2249 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2250 return sctp_process_inv_mandatory(asoc, chunk, errp); 2251 2252 sctp_walk_params(param, peer_init, init_hdr.params) { 2253 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2254 has_cookie = true; 2255 } 2256 2257 /* There is a possibility that a parameter length was bad and 2258 * in that case we would have stoped walking the parameters. 2259 * The current param.p would point at the bad one. 2260 * Current consensus on the mailing list is to generate a PROTOCOL 2261 * VIOLATION error. We build the ERROR chunk here and let the normal 2262 * error handling code build and send the packet. 2263 */ 2264 if (param.v != (void *)chunk->chunk_end) 2265 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2266 2267 /* The only missing mandatory param possible today is 2268 * the state cookie for an INIT-ACK chunk. 2269 */ 2270 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2271 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2272 chunk, errp); 2273 2274 /* Verify all the variable length parameters */ 2275 sctp_walk_params(param, peer_init, init_hdr.params) { 2276 result = sctp_verify_param(net, ep, asoc, param, cid, 2277 chunk, errp); 2278 switch (result) { 2279 case SCTP_IERROR_ABORT: 2280 case SCTP_IERROR_NOMEM: 2281 return 0; 2282 case SCTP_IERROR_ERROR: 2283 return 1; 2284 case SCTP_IERROR_NO_ERROR: 2285 default: 2286 break; 2287 } 2288 2289 } /* for (loop through all parameters) */ 2290 2291 return 1; 2292 } 2293 2294 /* Unpack the parameters in an INIT packet into an association. 2295 * Returns 0 on failure, else success. 2296 * FIXME: This is an association method. 2297 */ 2298 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2299 const union sctp_addr *peer_addr, 2300 sctp_init_chunk_t *peer_init, gfp_t gfp) 2301 { 2302 struct net *net = sock_net(asoc->base.sk); 2303 union sctp_params param; 2304 struct sctp_transport *transport; 2305 struct list_head *pos, *temp; 2306 struct sctp_af *af; 2307 union sctp_addr addr; 2308 char *cookie; 2309 int src_match = 0; 2310 2311 /* We must include the address that the INIT packet came from. 2312 * This is the only address that matters for an INIT packet. 2313 * When processing a COOKIE ECHO, we retrieve the from address 2314 * of the INIT from the cookie. 2315 */ 2316 2317 /* This implementation defaults to making the first transport 2318 * added as the primary transport. The source address seems to 2319 * be a a better choice than any of the embedded addresses. 2320 */ 2321 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2322 goto nomem; 2323 2324 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2325 src_match = 1; 2326 2327 /* Process the initialization parameters. */ 2328 sctp_walk_params(param, peer_init, init_hdr.params) { 2329 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2330 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2331 af = sctp_get_af_specific(param_type2af(param.p->type)); 2332 af->from_addr_param(&addr, param.addr, 2333 chunk->sctp_hdr->source, 0); 2334 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2335 src_match = 1; 2336 } 2337 2338 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2339 goto clean_up; 2340 } 2341 2342 /* source address of chunk may not match any valid address */ 2343 if (!src_match) 2344 goto clean_up; 2345 2346 /* AUTH: After processing the parameters, make sure that we 2347 * have all the required info to potentially do authentications. 2348 */ 2349 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2350 !asoc->peer.peer_hmacs)) 2351 asoc->peer.auth_capable = 0; 2352 2353 /* In a non-backward compatible mode, if the peer claims 2354 * support for ADD-IP but not AUTH, the ADD-IP spec states 2355 * that we MUST ABORT the association. Section 6. The section 2356 * also give us an option to silently ignore the packet, which 2357 * is what we'll do here. 2358 */ 2359 if (!net->sctp.addip_noauth && 2360 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2361 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2362 SCTP_PARAM_DEL_IP | 2363 SCTP_PARAM_SET_PRIMARY); 2364 asoc->peer.asconf_capable = 0; 2365 goto clean_up; 2366 } 2367 2368 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2369 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2370 transport = list_entry(pos, struct sctp_transport, transports); 2371 if (transport->state == SCTP_UNKNOWN) { 2372 sctp_assoc_rm_peer(asoc, transport); 2373 } 2374 } 2375 2376 /* The fixed INIT headers are always in network byte 2377 * order. 2378 */ 2379 asoc->peer.i.init_tag = 2380 ntohl(peer_init->init_hdr.init_tag); 2381 asoc->peer.i.a_rwnd = 2382 ntohl(peer_init->init_hdr.a_rwnd); 2383 asoc->peer.i.num_outbound_streams = 2384 ntohs(peer_init->init_hdr.num_outbound_streams); 2385 asoc->peer.i.num_inbound_streams = 2386 ntohs(peer_init->init_hdr.num_inbound_streams); 2387 asoc->peer.i.initial_tsn = 2388 ntohl(peer_init->init_hdr.initial_tsn); 2389 2390 /* Apply the upper bounds for output streams based on peer's 2391 * number of inbound streams. 2392 */ 2393 if (asoc->c.sinit_num_ostreams > 2394 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2395 asoc->c.sinit_num_ostreams = 2396 ntohs(peer_init->init_hdr.num_inbound_streams); 2397 } 2398 2399 if (asoc->c.sinit_max_instreams > 2400 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2401 asoc->c.sinit_max_instreams = 2402 ntohs(peer_init->init_hdr.num_outbound_streams); 2403 } 2404 2405 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2406 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2407 2408 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2409 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2410 2411 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2412 cookie = asoc->peer.cookie; 2413 if (cookie) { 2414 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2415 if (!asoc->peer.cookie) 2416 goto clean_up; 2417 } 2418 2419 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2420 * high (for example, implementations MAY use the size of the receiver 2421 * advertised window). 2422 */ 2423 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2424 transports) { 2425 transport->ssthresh = asoc->peer.i.a_rwnd; 2426 } 2427 2428 /* Set up the TSN tracking pieces. */ 2429 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2430 asoc->peer.i.initial_tsn, gfp)) 2431 goto clean_up; 2432 2433 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2434 * 2435 * The stream sequence number in all the streams shall start 2436 * from 0 when the association is established. Also, when the 2437 * stream sequence number reaches the value 65535 the next 2438 * stream sequence number shall be set to 0. 2439 */ 2440 2441 /* Allocate storage for the negotiated streams if it is not a temporary 2442 * association. 2443 */ 2444 if (!asoc->temp) { 2445 int error; 2446 2447 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2448 asoc->c.sinit_num_ostreams, gfp); 2449 if (!asoc->ssnmap) 2450 goto clean_up; 2451 2452 error = sctp_assoc_set_id(asoc, gfp); 2453 if (error) 2454 goto clean_up; 2455 } 2456 2457 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2458 * 2459 * When an endpoint has an ASCONF signaled change to be sent to the 2460 * remote endpoint it should do the following: 2461 * ... 2462 * A2) A serial number should be assigned to the Chunk. The serial 2463 * number should be a monotonically increasing number. All serial 2464 * numbers are defined to be initialized at the start of the 2465 * association to the same value as the Initial TSN. 2466 */ 2467 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2468 return 1; 2469 2470 clean_up: 2471 /* Release the transport structures. */ 2472 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2473 transport = list_entry(pos, struct sctp_transport, transports); 2474 if (transport->state != SCTP_ACTIVE) 2475 sctp_assoc_rm_peer(asoc, transport); 2476 } 2477 2478 nomem: 2479 return 0; 2480 } 2481 2482 2483 /* Update asoc with the option described in param. 2484 * 2485 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2486 * 2487 * asoc is the association to update. 2488 * param is the variable length parameter to use for update. 2489 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2490 * If the current packet is an INIT we want to minimize the amount of 2491 * work we do. In particular, we should not build transport 2492 * structures for the addresses. 2493 */ 2494 static int sctp_process_param(struct sctp_association *asoc, 2495 union sctp_params param, 2496 const union sctp_addr *peer_addr, 2497 gfp_t gfp) 2498 { 2499 struct net *net = sock_net(asoc->base.sk); 2500 union sctp_addr addr; 2501 int i; 2502 __u16 sat; 2503 int retval = 1; 2504 sctp_scope_t scope; 2505 u32 stale; 2506 struct sctp_af *af; 2507 union sctp_addr_param *addr_param; 2508 struct sctp_transport *t; 2509 struct sctp_endpoint *ep = asoc->ep; 2510 2511 /* We maintain all INIT parameters in network byte order all the 2512 * time. This allows us to not worry about whether the parameters 2513 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2514 */ 2515 switch (param.p->type) { 2516 case SCTP_PARAM_IPV6_ADDRESS: 2517 if (PF_INET6 != asoc->base.sk->sk_family) 2518 break; 2519 goto do_addr_param; 2520 2521 case SCTP_PARAM_IPV4_ADDRESS: 2522 /* v4 addresses are not allowed on v6-only socket */ 2523 if (ipv6_only_sock(asoc->base.sk)) 2524 break; 2525 do_addr_param: 2526 af = sctp_get_af_specific(param_type2af(param.p->type)); 2527 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2528 scope = sctp_scope(peer_addr); 2529 if (sctp_in_scope(net, &addr, scope)) 2530 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2531 return 0; 2532 break; 2533 2534 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2535 if (!net->sctp.cookie_preserve_enable) 2536 break; 2537 2538 stale = ntohl(param.life->lifespan_increment); 2539 2540 /* Suggested Cookie Life span increment's unit is msec, 2541 * (1/1000sec). 2542 */ 2543 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2544 break; 2545 2546 case SCTP_PARAM_HOST_NAME_ADDRESS: 2547 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2548 break; 2549 2550 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2551 /* Turn off the default values first so we'll know which 2552 * ones are really set by the peer. 2553 */ 2554 asoc->peer.ipv4_address = 0; 2555 asoc->peer.ipv6_address = 0; 2556 2557 /* Assume that peer supports the address family 2558 * by which it sends a packet. 2559 */ 2560 if (peer_addr->sa.sa_family == AF_INET6) 2561 asoc->peer.ipv6_address = 1; 2562 else if (peer_addr->sa.sa_family == AF_INET) 2563 asoc->peer.ipv4_address = 1; 2564 2565 /* Cycle through address types; avoid divide by 0. */ 2566 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2567 if (sat) 2568 sat /= sizeof(__u16); 2569 2570 for (i = 0; i < sat; ++i) { 2571 switch (param.sat->types[i]) { 2572 case SCTP_PARAM_IPV4_ADDRESS: 2573 asoc->peer.ipv4_address = 1; 2574 break; 2575 2576 case SCTP_PARAM_IPV6_ADDRESS: 2577 if (PF_INET6 == asoc->base.sk->sk_family) 2578 asoc->peer.ipv6_address = 1; 2579 break; 2580 2581 case SCTP_PARAM_HOST_NAME_ADDRESS: 2582 asoc->peer.hostname_address = 1; 2583 break; 2584 2585 default: /* Just ignore anything else. */ 2586 break; 2587 } 2588 } 2589 break; 2590 2591 case SCTP_PARAM_STATE_COOKIE: 2592 asoc->peer.cookie_len = 2593 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2594 asoc->peer.cookie = param.cookie->body; 2595 break; 2596 2597 case SCTP_PARAM_HEARTBEAT_INFO: 2598 /* Would be odd to receive, but it causes no problems. */ 2599 break; 2600 2601 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2602 /* Rejected during verify stage. */ 2603 break; 2604 2605 case SCTP_PARAM_ECN_CAPABLE: 2606 asoc->peer.ecn_capable = 1; 2607 break; 2608 2609 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2610 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2611 break; 2612 2613 case SCTP_PARAM_SET_PRIMARY: 2614 if (!net->sctp.addip_enable) 2615 goto fall_through; 2616 2617 addr_param = param.v + sizeof(sctp_addip_param_t); 2618 2619 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2620 if (af == NULL) 2621 break; 2622 2623 af->from_addr_param(&addr, addr_param, 2624 htons(asoc->peer.port), 0); 2625 2626 /* if the address is invalid, we can't process it. 2627 * XXX: see spec for what to do. 2628 */ 2629 if (!af->addr_valid(&addr, NULL, NULL)) 2630 break; 2631 2632 t = sctp_assoc_lookup_paddr(asoc, &addr); 2633 if (!t) 2634 break; 2635 2636 sctp_assoc_set_primary(asoc, t); 2637 break; 2638 2639 case SCTP_PARAM_SUPPORTED_EXT: 2640 sctp_process_ext_param(asoc, param); 2641 break; 2642 2643 case SCTP_PARAM_FWD_TSN_SUPPORT: 2644 if (asoc->prsctp_enable) { 2645 asoc->peer.prsctp_capable = 1; 2646 break; 2647 } 2648 /* Fall Through */ 2649 goto fall_through; 2650 2651 case SCTP_PARAM_RANDOM: 2652 if (!ep->auth_enable) 2653 goto fall_through; 2654 2655 /* Save peer's random parameter */ 2656 asoc->peer.peer_random = kmemdup(param.p, 2657 ntohs(param.p->length), gfp); 2658 if (!asoc->peer.peer_random) { 2659 retval = 0; 2660 break; 2661 } 2662 break; 2663 2664 case SCTP_PARAM_HMAC_ALGO: 2665 if (!ep->auth_enable) 2666 goto fall_through; 2667 2668 /* Save peer's HMAC list */ 2669 asoc->peer.peer_hmacs = kmemdup(param.p, 2670 ntohs(param.p->length), gfp); 2671 if (!asoc->peer.peer_hmacs) { 2672 retval = 0; 2673 break; 2674 } 2675 2676 /* Set the default HMAC the peer requested*/ 2677 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2678 break; 2679 2680 case SCTP_PARAM_CHUNKS: 2681 if (!ep->auth_enable) 2682 goto fall_through; 2683 2684 asoc->peer.peer_chunks = kmemdup(param.p, 2685 ntohs(param.p->length), gfp); 2686 if (!asoc->peer.peer_chunks) 2687 retval = 0; 2688 break; 2689 fall_through: 2690 default: 2691 /* Any unrecognized parameters should have been caught 2692 * and handled by sctp_verify_param() which should be 2693 * called prior to this routine. Simply log the error 2694 * here. 2695 */ 2696 pr_debug("%s: ignoring param:%d for association:%p.\n", 2697 __func__, ntohs(param.p->type), asoc); 2698 break; 2699 } 2700 2701 return retval; 2702 } 2703 2704 /* Select a new verification tag. */ 2705 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2706 { 2707 /* I believe that this random number generator complies with RFC1750. 2708 * A tag of 0 is reserved for special cases (e.g. INIT). 2709 */ 2710 __u32 x; 2711 2712 do { 2713 get_random_bytes(&x, sizeof(__u32)); 2714 } while (x == 0); 2715 2716 return x; 2717 } 2718 2719 /* Select an initial TSN to send during startup. */ 2720 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2721 { 2722 __u32 retval; 2723 2724 get_random_bytes(&retval, sizeof(__u32)); 2725 return retval; 2726 } 2727 2728 /* 2729 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2730 * 0 1 2 3 2731 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2732 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2733 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2734 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2735 * | Serial Number | 2736 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2737 * | Address Parameter | 2738 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2739 * | ASCONF Parameter #1 | 2740 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2741 * \ \ 2742 * / .... / 2743 * \ \ 2744 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2745 * | ASCONF Parameter #N | 2746 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2747 * 2748 * Address Parameter and other parameter will not be wrapped in this function 2749 */ 2750 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2751 union sctp_addr *addr, 2752 int vparam_len) 2753 { 2754 sctp_addiphdr_t asconf; 2755 struct sctp_chunk *retval; 2756 int length = sizeof(asconf) + vparam_len; 2757 union sctp_addr_param addrparam; 2758 int addrlen; 2759 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2760 2761 addrlen = af->to_addr_param(addr, &addrparam); 2762 if (!addrlen) 2763 return NULL; 2764 length += addrlen; 2765 2766 /* Create the chunk. */ 2767 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length, 2768 GFP_ATOMIC); 2769 if (!retval) 2770 return NULL; 2771 2772 asconf.serial = htonl(asoc->addip_serial++); 2773 2774 retval->subh.addip_hdr = 2775 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2776 retval->param_hdr.v = 2777 sctp_addto_chunk(retval, addrlen, &addrparam); 2778 2779 return retval; 2780 } 2781 2782 /* ADDIP 2783 * 3.2.1 Add IP Address 2784 * 0 1 2 3 2785 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * | Type = 0xC001 | Length = Variable | 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * | ASCONF-Request Correlation ID | 2790 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2791 * | Address Parameter | 2792 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2793 * 2794 * 3.2.2 Delete IP Address 2795 * 0 1 2 3 2796 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2797 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2798 * | Type = 0xC002 | Length = Variable | 2799 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2800 * | ASCONF-Request Correlation ID | 2801 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2802 * | Address Parameter | 2803 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2804 * 2805 */ 2806 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2807 union sctp_addr *laddr, 2808 struct sockaddr *addrs, 2809 int addrcnt, 2810 __be16 flags) 2811 { 2812 sctp_addip_param_t param; 2813 struct sctp_chunk *retval; 2814 union sctp_addr_param addr_param; 2815 union sctp_addr *addr; 2816 void *addr_buf; 2817 struct sctp_af *af; 2818 int paramlen = sizeof(param); 2819 int addr_param_len = 0; 2820 int totallen = 0; 2821 int i; 2822 int del_pickup = 0; 2823 2824 /* Get total length of all the address parameters. */ 2825 addr_buf = addrs; 2826 for (i = 0; i < addrcnt; i++) { 2827 addr = addr_buf; 2828 af = sctp_get_af_specific(addr->v4.sin_family); 2829 addr_param_len = af->to_addr_param(addr, &addr_param); 2830 2831 totallen += paramlen; 2832 totallen += addr_param_len; 2833 2834 addr_buf += af->sockaddr_len; 2835 if (asoc->asconf_addr_del_pending && !del_pickup) { 2836 /* reuse the parameter length from the same scope one */ 2837 totallen += paramlen; 2838 totallen += addr_param_len; 2839 del_pickup = 1; 2840 2841 pr_debug("%s: picked same-scope del_pending addr, " 2842 "totallen for all addresses is %d\n", 2843 __func__, totallen); 2844 } 2845 } 2846 2847 /* Create an asconf chunk with the required length. */ 2848 retval = sctp_make_asconf(asoc, laddr, totallen); 2849 if (!retval) 2850 return NULL; 2851 2852 /* Add the address parameters to the asconf chunk. */ 2853 addr_buf = addrs; 2854 for (i = 0; i < addrcnt; i++) { 2855 addr = addr_buf; 2856 af = sctp_get_af_specific(addr->v4.sin_family); 2857 addr_param_len = af->to_addr_param(addr, &addr_param); 2858 param.param_hdr.type = flags; 2859 param.param_hdr.length = htons(paramlen + addr_param_len); 2860 param.crr_id = i; 2861 2862 sctp_addto_chunk(retval, paramlen, ¶m); 2863 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2864 2865 addr_buf += af->sockaddr_len; 2866 } 2867 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2868 addr = asoc->asconf_addr_del_pending; 2869 af = sctp_get_af_specific(addr->v4.sin_family); 2870 addr_param_len = af->to_addr_param(addr, &addr_param); 2871 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2872 param.param_hdr.length = htons(paramlen + addr_param_len); 2873 param.crr_id = i; 2874 2875 sctp_addto_chunk(retval, paramlen, ¶m); 2876 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2877 } 2878 return retval; 2879 } 2880 2881 /* ADDIP 2882 * 3.2.4 Set Primary IP Address 2883 * 0 1 2 3 2884 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2885 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2886 * | Type =0xC004 | Length = Variable | 2887 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2888 * | ASCONF-Request Correlation ID | 2889 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2890 * | Address Parameter | 2891 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2892 * 2893 * Create an ASCONF chunk with Set Primary IP address parameter. 2894 */ 2895 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2896 union sctp_addr *addr) 2897 { 2898 sctp_addip_param_t param; 2899 struct sctp_chunk *retval; 2900 int len = sizeof(param); 2901 union sctp_addr_param addrparam; 2902 int addrlen; 2903 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2904 2905 addrlen = af->to_addr_param(addr, &addrparam); 2906 if (!addrlen) 2907 return NULL; 2908 len += addrlen; 2909 2910 /* Create the chunk and make asconf header. */ 2911 retval = sctp_make_asconf(asoc, addr, len); 2912 if (!retval) 2913 return NULL; 2914 2915 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2916 param.param_hdr.length = htons(len); 2917 param.crr_id = 0; 2918 2919 sctp_addto_chunk(retval, sizeof(param), ¶m); 2920 sctp_addto_chunk(retval, addrlen, &addrparam); 2921 2922 return retval; 2923 } 2924 2925 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2926 * 0 1 2 3 2927 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2928 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2929 * | Type = 0x80 | Chunk Flags | Chunk Length | 2930 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2931 * | Serial Number | 2932 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2933 * | ASCONF Parameter Response#1 | 2934 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2935 * \ \ 2936 * / .... / 2937 * \ \ 2938 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2939 * | ASCONF Parameter Response#N | 2940 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2941 * 2942 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2943 */ 2944 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2945 __u32 serial, int vparam_len) 2946 { 2947 sctp_addiphdr_t asconf; 2948 struct sctp_chunk *retval; 2949 int length = sizeof(asconf) + vparam_len; 2950 2951 /* Create the chunk. */ 2952 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length, 2953 GFP_ATOMIC); 2954 if (!retval) 2955 return NULL; 2956 2957 asconf.serial = htonl(serial); 2958 2959 retval->subh.addip_hdr = 2960 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2961 2962 return retval; 2963 } 2964 2965 /* Add response parameters to an ASCONF_ACK chunk. */ 2966 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2967 __be16 err_code, sctp_addip_param_t *asconf_param) 2968 { 2969 sctp_addip_param_t ack_param; 2970 sctp_errhdr_t err_param; 2971 int asconf_param_len = 0; 2972 int err_param_len = 0; 2973 __be16 response_type; 2974 2975 if (SCTP_ERROR_NO_ERROR == err_code) { 2976 response_type = SCTP_PARAM_SUCCESS_REPORT; 2977 } else { 2978 response_type = SCTP_PARAM_ERR_CAUSE; 2979 err_param_len = sizeof(err_param); 2980 if (asconf_param) 2981 asconf_param_len = 2982 ntohs(asconf_param->param_hdr.length); 2983 } 2984 2985 /* Add Success Indication or Error Cause Indication parameter. */ 2986 ack_param.param_hdr.type = response_type; 2987 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2988 err_param_len + 2989 asconf_param_len); 2990 ack_param.crr_id = crr_id; 2991 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2992 2993 if (SCTP_ERROR_NO_ERROR == err_code) 2994 return; 2995 2996 /* Add Error Cause parameter. */ 2997 err_param.cause = err_code; 2998 err_param.length = htons(err_param_len + asconf_param_len); 2999 sctp_addto_chunk(chunk, err_param_len, &err_param); 3000 3001 /* Add the failed TLV copied from ASCONF chunk. */ 3002 if (asconf_param) 3003 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3004 } 3005 3006 /* Process a asconf parameter. */ 3007 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3008 struct sctp_chunk *asconf, 3009 sctp_addip_param_t *asconf_param) 3010 { 3011 struct sctp_transport *peer; 3012 struct sctp_af *af; 3013 union sctp_addr addr; 3014 union sctp_addr_param *addr_param; 3015 3016 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3017 3018 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3019 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3020 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3021 return SCTP_ERROR_UNKNOWN_PARAM; 3022 3023 switch (addr_param->p.type) { 3024 case SCTP_PARAM_IPV6_ADDRESS: 3025 if (!asoc->peer.ipv6_address) 3026 return SCTP_ERROR_DNS_FAILED; 3027 break; 3028 case SCTP_PARAM_IPV4_ADDRESS: 3029 if (!asoc->peer.ipv4_address) 3030 return SCTP_ERROR_DNS_FAILED; 3031 break; 3032 default: 3033 return SCTP_ERROR_DNS_FAILED; 3034 } 3035 3036 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3037 if (unlikely(!af)) 3038 return SCTP_ERROR_DNS_FAILED; 3039 3040 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3041 3042 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3043 * or multicast address. 3044 * (note: wildcard is permitted and requires special handling so 3045 * make sure we check for that) 3046 */ 3047 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3048 return SCTP_ERROR_DNS_FAILED; 3049 3050 switch (asconf_param->param_hdr.type) { 3051 case SCTP_PARAM_ADD_IP: 3052 /* Section 4.2.1: 3053 * If the address 0.0.0.0 or ::0 is provided, the source 3054 * address of the packet MUST be added. 3055 */ 3056 if (af->is_any(&addr)) 3057 memcpy(&addr, &asconf->source, sizeof(addr)); 3058 3059 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3060 * request and does not have the local resources to add this 3061 * new address to the association, it MUST return an Error 3062 * Cause TLV set to the new error code 'Operation Refused 3063 * Due to Resource Shortage'. 3064 */ 3065 3066 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3067 if (!peer) 3068 return SCTP_ERROR_RSRC_LOW; 3069 3070 /* Start the heartbeat timer. */ 3071 sctp_transport_reset_hb_timer(peer); 3072 asoc->new_transport = peer; 3073 break; 3074 case SCTP_PARAM_DEL_IP: 3075 /* ADDIP 4.3 D7) If a request is received to delete the 3076 * last remaining IP address of a peer endpoint, the receiver 3077 * MUST send an Error Cause TLV with the error cause set to the 3078 * new error code 'Request to Delete Last Remaining IP Address'. 3079 */ 3080 if (asoc->peer.transport_count == 1) 3081 return SCTP_ERROR_DEL_LAST_IP; 3082 3083 /* ADDIP 4.3 D8) If a request is received to delete an IP 3084 * address which is also the source address of the IP packet 3085 * which contained the ASCONF chunk, the receiver MUST reject 3086 * this request. To reject the request the receiver MUST send 3087 * an Error Cause TLV set to the new error code 'Request to 3088 * Delete Source IP Address' 3089 */ 3090 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3091 return SCTP_ERROR_DEL_SRC_IP; 3092 3093 /* Section 4.2.2 3094 * If the address 0.0.0.0 or ::0 is provided, all 3095 * addresses of the peer except the source address of the 3096 * packet MUST be deleted. 3097 */ 3098 if (af->is_any(&addr)) { 3099 sctp_assoc_set_primary(asoc, asconf->transport); 3100 sctp_assoc_del_nonprimary_peers(asoc, 3101 asconf->transport); 3102 return SCTP_ERROR_NO_ERROR; 3103 } 3104 3105 /* If the address is not part of the association, the 3106 * ASCONF-ACK with Error Cause Indication Parameter 3107 * which including cause of Unresolvable Address should 3108 * be sent. 3109 */ 3110 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3111 if (!peer) 3112 return SCTP_ERROR_DNS_FAILED; 3113 3114 sctp_assoc_rm_peer(asoc, peer); 3115 break; 3116 case SCTP_PARAM_SET_PRIMARY: 3117 /* ADDIP Section 4.2.4 3118 * If the address 0.0.0.0 or ::0 is provided, the receiver 3119 * MAY mark the source address of the packet as its 3120 * primary. 3121 */ 3122 if (af->is_any(&addr)) 3123 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3124 3125 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3126 if (!peer) 3127 return SCTP_ERROR_DNS_FAILED; 3128 3129 sctp_assoc_set_primary(asoc, peer); 3130 break; 3131 } 3132 3133 return SCTP_ERROR_NO_ERROR; 3134 } 3135 3136 /* Verify the ASCONF packet before we process it. */ 3137 bool sctp_verify_asconf(const struct sctp_association *asoc, 3138 struct sctp_chunk *chunk, bool addr_param_needed, 3139 struct sctp_paramhdr **errp) 3140 { 3141 sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; 3142 union sctp_params param; 3143 bool addr_param_seen = false; 3144 3145 sctp_walk_params(param, addip, addip_hdr.params) { 3146 size_t length = ntohs(param.p->length); 3147 3148 *errp = param.p; 3149 switch (param.p->type) { 3150 case SCTP_PARAM_ERR_CAUSE: 3151 break; 3152 case SCTP_PARAM_IPV4_ADDRESS: 3153 if (length != sizeof(sctp_ipv4addr_param_t)) 3154 return false; 3155 /* ensure there is only one addr param and it's in the 3156 * beginning of addip_hdr params, or we reject it. 3157 */ 3158 if (param.v != addip->addip_hdr.params) 3159 return false; 3160 addr_param_seen = true; 3161 break; 3162 case SCTP_PARAM_IPV6_ADDRESS: 3163 if (length != sizeof(sctp_ipv6addr_param_t)) 3164 return false; 3165 if (param.v != addip->addip_hdr.params) 3166 return false; 3167 addr_param_seen = true; 3168 break; 3169 case SCTP_PARAM_ADD_IP: 3170 case SCTP_PARAM_DEL_IP: 3171 case SCTP_PARAM_SET_PRIMARY: 3172 /* In ASCONF chunks, these need to be first. */ 3173 if (addr_param_needed && !addr_param_seen) 3174 return false; 3175 length = ntohs(param.addip->param_hdr.length); 3176 if (length < sizeof(sctp_addip_param_t) + 3177 sizeof(sctp_paramhdr_t)) 3178 return false; 3179 break; 3180 case SCTP_PARAM_SUCCESS_REPORT: 3181 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3182 if (length != sizeof(sctp_addip_param_t)) 3183 return false; 3184 break; 3185 default: 3186 /* This is unkown to us, reject! */ 3187 return false; 3188 } 3189 } 3190 3191 /* Remaining sanity checks. */ 3192 if (addr_param_needed && !addr_param_seen) 3193 return false; 3194 if (!addr_param_needed && addr_param_seen) 3195 return false; 3196 if (param.v != chunk->chunk_end) 3197 return false; 3198 3199 return true; 3200 } 3201 3202 /* Process an incoming ASCONF chunk with the next expected serial no. and 3203 * return an ASCONF_ACK chunk to be sent in response. 3204 */ 3205 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3206 struct sctp_chunk *asconf) 3207 { 3208 sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; 3209 bool all_param_pass = true; 3210 union sctp_params param; 3211 sctp_addiphdr_t *hdr; 3212 union sctp_addr_param *addr_param; 3213 sctp_addip_param_t *asconf_param; 3214 struct sctp_chunk *asconf_ack; 3215 __be16 err_code; 3216 int length = 0; 3217 int chunk_len; 3218 __u32 serial; 3219 3220 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3221 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3222 serial = ntohl(hdr->serial); 3223 3224 /* Skip the addiphdr and store a pointer to address parameter. */ 3225 length = sizeof(sctp_addiphdr_t); 3226 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3227 chunk_len -= length; 3228 3229 /* Skip the address parameter and store a pointer to the first 3230 * asconf parameter. 3231 */ 3232 length = ntohs(addr_param->p.length); 3233 asconf_param = (void *)addr_param + length; 3234 chunk_len -= length; 3235 3236 /* create an ASCONF_ACK chunk. 3237 * Based on the definitions of parameters, we know that the size of 3238 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3239 * parameters. 3240 */ 3241 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3242 if (!asconf_ack) 3243 goto done; 3244 3245 /* Process the TLVs contained within the ASCONF chunk. */ 3246 sctp_walk_params(param, addip, addip_hdr.params) { 3247 /* Skip preceeding address parameters. */ 3248 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3249 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3250 continue; 3251 3252 err_code = sctp_process_asconf_param(asoc, asconf, 3253 param.addip); 3254 /* ADDIP 4.1 A7) 3255 * If an error response is received for a TLV parameter, 3256 * all TLVs with no response before the failed TLV are 3257 * considered successful if not reported. All TLVs after 3258 * the failed response are considered unsuccessful unless 3259 * a specific success indication is present for the parameter. 3260 */ 3261 if (err_code != SCTP_ERROR_NO_ERROR) 3262 all_param_pass = false; 3263 if (!all_param_pass) 3264 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3265 err_code, param.addip); 3266 3267 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3268 * an IP address sends an 'Out of Resource' in its response, it 3269 * MUST also fail any subsequent add or delete requests bundled 3270 * in the ASCONF. 3271 */ 3272 if (err_code == SCTP_ERROR_RSRC_LOW) 3273 goto done; 3274 } 3275 done: 3276 asoc->peer.addip_serial++; 3277 3278 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3279 * after freeing the reference to old asconf ack if any. 3280 */ 3281 if (asconf_ack) { 3282 sctp_chunk_hold(asconf_ack); 3283 list_add_tail(&asconf_ack->transmitted_list, 3284 &asoc->asconf_ack_list); 3285 } 3286 3287 return asconf_ack; 3288 } 3289 3290 /* Process a asconf parameter that is successfully acked. */ 3291 static void sctp_asconf_param_success(struct sctp_association *asoc, 3292 sctp_addip_param_t *asconf_param) 3293 { 3294 struct sctp_af *af; 3295 union sctp_addr addr; 3296 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3297 union sctp_addr_param *addr_param; 3298 struct sctp_transport *transport; 3299 struct sctp_sockaddr_entry *saddr; 3300 3301 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3302 3303 /* We have checked the packet before, so we do not check again. */ 3304 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3305 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3306 3307 switch (asconf_param->param_hdr.type) { 3308 case SCTP_PARAM_ADD_IP: 3309 /* This is always done in BH context with a socket lock 3310 * held, so the list can not change. 3311 */ 3312 local_bh_disable(); 3313 list_for_each_entry(saddr, &bp->address_list, list) { 3314 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3315 saddr->state = SCTP_ADDR_SRC; 3316 } 3317 local_bh_enable(); 3318 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3319 transports) { 3320 dst_release(transport->dst); 3321 transport->dst = NULL; 3322 } 3323 break; 3324 case SCTP_PARAM_DEL_IP: 3325 local_bh_disable(); 3326 sctp_del_bind_addr(bp, &addr); 3327 if (asoc->asconf_addr_del_pending != NULL && 3328 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3329 kfree(asoc->asconf_addr_del_pending); 3330 asoc->asconf_addr_del_pending = NULL; 3331 } 3332 local_bh_enable(); 3333 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3334 transports) { 3335 dst_release(transport->dst); 3336 transport->dst = NULL; 3337 } 3338 break; 3339 default: 3340 break; 3341 } 3342 } 3343 3344 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3345 * for the given asconf parameter. If there is no response for this parameter, 3346 * return the error code based on the third argument 'no_err'. 3347 * ADDIP 4.1 3348 * A7) If an error response is received for a TLV parameter, all TLVs with no 3349 * response before the failed TLV are considered successful if not reported. 3350 * All TLVs after the failed response are considered unsuccessful unless a 3351 * specific success indication is present for the parameter. 3352 */ 3353 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3354 sctp_addip_param_t *asconf_param, 3355 int no_err) 3356 { 3357 sctp_addip_param_t *asconf_ack_param; 3358 sctp_errhdr_t *err_param; 3359 int length; 3360 int asconf_ack_len; 3361 __be16 err_code; 3362 3363 if (no_err) 3364 err_code = SCTP_ERROR_NO_ERROR; 3365 else 3366 err_code = SCTP_ERROR_REQ_REFUSED; 3367 3368 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3369 sizeof(sctp_chunkhdr_t); 3370 3371 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3372 * the first asconf_ack parameter. 3373 */ 3374 length = sizeof(sctp_addiphdr_t); 3375 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3376 length); 3377 asconf_ack_len -= length; 3378 3379 while (asconf_ack_len > 0) { 3380 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3381 switch (asconf_ack_param->param_hdr.type) { 3382 case SCTP_PARAM_SUCCESS_REPORT: 3383 return SCTP_ERROR_NO_ERROR; 3384 case SCTP_PARAM_ERR_CAUSE: 3385 length = sizeof(sctp_addip_param_t); 3386 err_param = (void *)asconf_ack_param + length; 3387 asconf_ack_len -= length; 3388 if (asconf_ack_len > 0) 3389 return err_param->cause; 3390 else 3391 return SCTP_ERROR_INV_PARAM; 3392 break; 3393 default: 3394 return SCTP_ERROR_INV_PARAM; 3395 } 3396 } 3397 3398 length = ntohs(asconf_ack_param->param_hdr.length); 3399 asconf_ack_param = (void *)asconf_ack_param + length; 3400 asconf_ack_len -= length; 3401 } 3402 3403 return err_code; 3404 } 3405 3406 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3407 int sctp_process_asconf_ack(struct sctp_association *asoc, 3408 struct sctp_chunk *asconf_ack) 3409 { 3410 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3411 union sctp_addr_param *addr_param; 3412 sctp_addip_param_t *asconf_param; 3413 int length = 0; 3414 int asconf_len = asconf->skb->len; 3415 int all_param_pass = 0; 3416 int no_err = 1; 3417 int retval = 0; 3418 __be16 err_code = SCTP_ERROR_NO_ERROR; 3419 3420 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3421 * a pointer to address parameter. 3422 */ 3423 length = sizeof(sctp_addip_chunk_t); 3424 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3425 asconf_len -= length; 3426 3427 /* Skip the address parameter in the last asconf sent and store a 3428 * pointer to the first asconf parameter. 3429 */ 3430 length = ntohs(addr_param->p.length); 3431 asconf_param = (void *)addr_param + length; 3432 asconf_len -= length; 3433 3434 /* ADDIP 4.1 3435 * A8) If there is no response(s) to specific TLV parameter(s), and no 3436 * failures are indicated, then all request(s) are considered 3437 * successful. 3438 */ 3439 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3440 all_param_pass = 1; 3441 3442 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3443 while (asconf_len > 0) { 3444 if (all_param_pass) 3445 err_code = SCTP_ERROR_NO_ERROR; 3446 else { 3447 err_code = sctp_get_asconf_response(asconf_ack, 3448 asconf_param, 3449 no_err); 3450 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3451 no_err = 0; 3452 } 3453 3454 switch (err_code) { 3455 case SCTP_ERROR_NO_ERROR: 3456 sctp_asconf_param_success(asoc, asconf_param); 3457 break; 3458 3459 case SCTP_ERROR_RSRC_LOW: 3460 retval = 1; 3461 break; 3462 3463 case SCTP_ERROR_UNKNOWN_PARAM: 3464 /* Disable sending this type of asconf parameter in 3465 * future. 3466 */ 3467 asoc->peer.addip_disabled_mask |= 3468 asconf_param->param_hdr.type; 3469 break; 3470 3471 case SCTP_ERROR_REQ_REFUSED: 3472 case SCTP_ERROR_DEL_LAST_IP: 3473 case SCTP_ERROR_DEL_SRC_IP: 3474 default: 3475 break; 3476 } 3477 3478 /* Skip the processed asconf parameter and move to the next 3479 * one. 3480 */ 3481 length = ntohs(asconf_param->param_hdr.length); 3482 asconf_param = (void *)asconf_param + length; 3483 asconf_len -= length; 3484 } 3485 3486 if (no_err && asoc->src_out_of_asoc_ok) { 3487 asoc->src_out_of_asoc_ok = 0; 3488 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3489 } 3490 3491 /* Free the cached last sent asconf chunk. */ 3492 list_del_init(&asconf->transmitted_list); 3493 sctp_chunk_free(asconf); 3494 asoc->addip_last_asconf = NULL; 3495 3496 return retval; 3497 } 3498 3499 /* Make a FWD TSN chunk. */ 3500 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3501 __u32 new_cum_tsn, size_t nstreams, 3502 struct sctp_fwdtsn_skip *skiplist) 3503 { 3504 struct sctp_chunk *retval = NULL; 3505 struct sctp_fwdtsn_hdr ftsn_hdr; 3506 struct sctp_fwdtsn_skip skip; 3507 size_t hint; 3508 int i; 3509 3510 hint = (nstreams + 1) * sizeof(__u32); 3511 3512 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC); 3513 3514 if (!retval) 3515 return NULL; 3516 3517 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3518 retval->subh.fwdtsn_hdr = 3519 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3520 3521 for (i = 0; i < nstreams; i++) { 3522 skip.stream = skiplist[i].stream; 3523 skip.ssn = skiplist[i].ssn; 3524 sctp_addto_chunk(retval, sizeof(skip), &skip); 3525 } 3526 3527 return retval; 3528 } 3529