1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern kmem_cache_t *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 gfp_t gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __u16 types[2]; 187 sctp_adaption_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaption_ind = htonl(sp->adaption_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 if (addrs.v) 258 kfree(addrs.v); 259 return retval; 260 } 261 262 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 263 const struct sctp_chunk *chunk, 264 gfp_t gfp, int unkparam_len) 265 { 266 sctp_inithdr_t initack; 267 struct sctp_chunk *retval; 268 union sctp_params addrs; 269 int addrs_len; 270 sctp_cookie_param_t *cookie; 271 int cookie_len; 272 size_t chunksize; 273 sctp_adaption_ind_param_t aiparam; 274 275 retval = NULL; 276 277 /* Note: there may be no addresses to embed. */ 278 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 279 280 initack.init_tag = htonl(asoc->c.my_vtag); 281 initack.a_rwnd = htonl(asoc->rwnd); 282 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 283 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 284 initack.initial_tsn = htonl(asoc->c.initial_tsn); 285 286 /* FIXME: We really ought to build the cookie right 287 * into the packet instead of allocating more fresh memory. 288 */ 289 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 290 addrs.v, addrs_len); 291 if (!cookie) 292 goto nomem_cookie; 293 294 /* Calculate the total size of allocation, include the reserved 295 * space for reporting unknown parameters if it is specified. 296 */ 297 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 298 299 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 300 if (asoc->peer.ecn_capable) 301 chunksize += sizeof(ecap_param); 302 303 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 304 if (asoc->peer.prsctp_capable) 305 chunksize += sizeof(prsctp_param); 306 307 chunksize += sizeof(aiparam); 308 309 /* Now allocate and fill out the chunk. */ 310 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 311 if (!retval) 312 goto nomem_chunk; 313 314 /* Per the advice in RFC 2960 6.4, send this reply to 315 * the source of the INIT packet. 316 */ 317 retval->transport = chunk->transport; 318 retval->subh.init_hdr = 319 sctp_addto_chunk(retval, sizeof(initack), &initack); 320 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 321 sctp_addto_chunk(retval, cookie_len, cookie); 322 if (asoc->peer.ecn_capable) 323 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 324 if (asoc->peer.prsctp_capable) 325 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 326 327 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 328 aiparam.param_hdr.length = htons(sizeof(aiparam)); 329 aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind); 330 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 331 332 /* We need to remove the const qualifier at this point. */ 333 retval->asoc = (struct sctp_association *) asoc; 334 335 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 336 * 337 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 338 * HEARTBEAT ACK, * etc.) to the same destination transport 339 * address from which it received the DATA or control chunk 340 * to which it is replying. 341 * 342 * [INIT ACK back to where the INIT came from.] 343 */ 344 if (chunk) 345 retval->transport = chunk->transport; 346 347 nomem_chunk: 348 kfree(cookie); 349 nomem_cookie: 350 if (addrs.v) 351 kfree(addrs.v); 352 return retval; 353 } 354 355 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 356 * 357 * This chunk is used only during the initialization of an association. 358 * It is sent by the initiator of an association to its peer to complete 359 * the initialization process. This chunk MUST precede any DATA chunk 360 * sent within the association, but MAY be bundled with one or more DATA 361 * chunks in the same packet. 362 * 363 * 0 1 2 3 364 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * | Type = 10 |Chunk Flags | Length | 367 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 368 * / Cookie / 369 * \ \ 370 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 * 372 * Chunk Flags: 8 bit 373 * 374 * Set to zero on transmit and ignored on receipt. 375 * 376 * Length: 16 bits (unsigned integer) 377 * 378 * Set to the size of the chunk in bytes, including the 4 bytes of 379 * the chunk header and the size of the Cookie. 380 * 381 * Cookie: variable size 382 * 383 * This field must contain the exact cookie received in the 384 * State Cookie parameter from the previous INIT ACK. 385 * 386 * An implementation SHOULD make the cookie as small as possible 387 * to insure interoperability. 388 */ 389 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 390 const struct sctp_chunk *chunk) 391 { 392 struct sctp_chunk *retval; 393 void *cookie; 394 int cookie_len; 395 396 cookie = asoc->peer.cookie; 397 cookie_len = asoc->peer.cookie_len; 398 399 /* Build a cookie echo chunk. */ 400 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 401 if (!retval) 402 goto nodata; 403 retval->subh.cookie_hdr = 404 sctp_addto_chunk(retval, cookie_len, cookie); 405 406 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 407 * 408 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 409 * HEARTBEAT ACK, * etc.) to the same destination transport 410 * address from which it * received the DATA or control chunk 411 * to which it is replying. 412 * 413 * [COOKIE ECHO back to where the INIT ACK came from.] 414 */ 415 if (chunk) 416 retval->transport = chunk->transport; 417 418 nodata: 419 return retval; 420 } 421 422 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 423 * 424 * This chunk is used only during the initialization of an 425 * association. It is used to acknowledge the receipt of a COOKIE 426 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 427 * within the association, but MAY be bundled with one or more DATA 428 * chunks or SACK chunk in the same SCTP packet. 429 * 430 * 0 1 2 3 431 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * | Type = 11 |Chunk Flags | Length = 4 | 434 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 * 436 * Chunk Flags: 8 bits 437 * 438 * Set to zero on transmit and ignored on receipt. 439 */ 440 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 441 const struct sctp_chunk *chunk) 442 { 443 struct sctp_chunk *retval; 444 445 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 446 447 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 448 * 449 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 450 * HEARTBEAT ACK, * etc.) to the same destination transport 451 * address from which it * received the DATA or control chunk 452 * to which it is replying. 453 * 454 * [COOKIE ACK back to where the COOKIE ECHO came from.] 455 */ 456 if (retval && chunk) 457 retval->transport = chunk->transport; 458 459 return retval; 460 } 461 462 /* 463 * Appendix A: Explicit Congestion Notification: 464 * CWR: 465 * 466 * RFC 2481 details a specific bit for a sender to send in the header of 467 * its next outbound TCP segment to indicate to its peer that it has 468 * reduced its congestion window. This is termed the CWR bit. For 469 * SCTP the same indication is made by including the CWR chunk. 470 * This chunk contains one data element, i.e. the TSN number that 471 * was sent in the ECNE chunk. This element represents the lowest 472 * TSN number in the datagram that was originally marked with the 473 * CE bit. 474 * 475 * 0 1 2 3 476 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * | Lowest TSN Number | 481 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 * 483 * Note: The CWR is considered a Control chunk. 484 */ 485 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 486 const __u32 lowest_tsn, 487 const struct sctp_chunk *chunk) 488 { 489 struct sctp_chunk *retval; 490 sctp_cwrhdr_t cwr; 491 492 cwr.lowest_tsn = htonl(lowest_tsn); 493 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 494 sizeof(sctp_cwrhdr_t)); 495 496 if (!retval) 497 goto nodata; 498 499 retval->subh.ecn_cwr_hdr = 500 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 501 502 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 503 * 504 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 505 * HEARTBEAT ACK, * etc.) to the same destination transport 506 * address from which it * received the DATA or control chunk 507 * to which it is replying. 508 * 509 * [Report a reduced congestion window back to where the ECNE 510 * came from.] 511 */ 512 if (chunk) 513 retval->transport = chunk->transport; 514 515 nodata: 516 return retval; 517 } 518 519 /* Make an ECNE chunk. This is a congestion experienced report. */ 520 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 521 const __u32 lowest_tsn) 522 { 523 struct sctp_chunk *retval; 524 sctp_ecnehdr_t ecne; 525 526 ecne.lowest_tsn = htonl(lowest_tsn); 527 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 528 sizeof(sctp_ecnehdr_t)); 529 if (!retval) 530 goto nodata; 531 retval->subh.ecne_hdr = 532 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 533 534 nodata: 535 return retval; 536 } 537 538 /* Make a DATA chunk for the given association from the provided 539 * parameters. However, do not populate the data payload. 540 */ 541 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 542 const struct sctp_sndrcvinfo *sinfo, 543 int data_len, __u8 flags, __u16 ssn) 544 { 545 struct sctp_chunk *retval; 546 struct sctp_datahdr dp; 547 int chunk_len; 548 549 /* We assign the TSN as LATE as possible, not here when 550 * creating the chunk. 551 */ 552 dp.tsn = 0; 553 dp.stream = htons(sinfo->sinfo_stream); 554 dp.ppid = sinfo->sinfo_ppid; 555 556 /* Set the flags for an unordered send. */ 557 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 558 flags |= SCTP_DATA_UNORDERED; 559 dp.ssn = 0; 560 } else 561 dp.ssn = htons(ssn); 562 563 chunk_len = sizeof(dp) + data_len; 564 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 565 if (!retval) 566 goto nodata; 567 568 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 569 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 570 571 nodata: 572 return retval; 573 } 574 575 /* Create a selective ackowledgement (SACK) for the given 576 * association. This reports on which TSN's we've seen to date, 577 * including duplicates and gaps. 578 */ 579 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 580 { 581 struct sctp_chunk *retval; 582 struct sctp_sackhdr sack; 583 int len; 584 __u32 ctsn; 585 __u16 num_gabs, num_dup_tsns; 586 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 587 588 ctsn = sctp_tsnmap_get_ctsn(map); 589 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 590 591 /* How much room is needed in the chunk? */ 592 num_gabs = sctp_tsnmap_num_gabs(map); 593 num_dup_tsns = sctp_tsnmap_num_dups(map); 594 595 /* Initialize the SACK header. */ 596 sack.cum_tsn_ack = htonl(ctsn); 597 sack.a_rwnd = htonl(asoc->a_rwnd); 598 sack.num_gap_ack_blocks = htons(num_gabs); 599 sack.num_dup_tsns = htons(num_dup_tsns); 600 601 len = sizeof(sack) 602 + sizeof(struct sctp_gap_ack_block) * num_gabs 603 + sizeof(__u32) * num_dup_tsns; 604 605 /* Create the chunk. */ 606 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 607 if (!retval) 608 goto nodata; 609 610 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 611 * 612 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 613 * HEARTBEAT ACK, etc.) to the same destination transport 614 * address from which it received the DATA or control chunk to 615 * which it is replying. This rule should also be followed if 616 * the endpoint is bundling DATA chunks together with the 617 * reply chunk. 618 * 619 * However, when acknowledging multiple DATA chunks received 620 * in packets from different source addresses in a single 621 * SACK, the SACK chunk may be transmitted to one of the 622 * destination transport addresses from which the DATA or 623 * control chunks being acknowledged were received. 624 * 625 * [BUG: We do not implement the following paragraph. 626 * Perhaps we should remember the last transport we used for a 627 * SACK and avoid that (if possible) if we have seen any 628 * duplicates. --piggy] 629 * 630 * When a receiver of a duplicate DATA chunk sends a SACK to a 631 * multi- homed endpoint it MAY be beneficial to vary the 632 * destination address and not use the source address of the 633 * DATA chunk. The reason being that receiving a duplicate 634 * from a multi-homed endpoint might indicate that the return 635 * path (as specified in the source address of the DATA chunk) 636 * for the SACK is broken. 637 * 638 * [Send to the address from which we last received a DATA chunk.] 639 */ 640 retval->transport = asoc->peer.last_data_from; 641 642 retval->subh.sack_hdr = 643 sctp_addto_chunk(retval, sizeof(sack), &sack); 644 645 /* Add the gap ack block information. */ 646 if (num_gabs) 647 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 648 sctp_tsnmap_get_gabs(map)); 649 650 /* Add the duplicate TSN information. */ 651 if (num_dup_tsns) 652 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 653 sctp_tsnmap_get_dups(map)); 654 655 nodata: 656 return retval; 657 } 658 659 /* Make a SHUTDOWN chunk. */ 660 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 661 const struct sctp_chunk *chunk) 662 { 663 struct sctp_chunk *retval; 664 sctp_shutdownhdr_t shut; 665 __u32 ctsn; 666 667 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 668 shut.cum_tsn_ack = htonl(ctsn); 669 670 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 671 sizeof(sctp_shutdownhdr_t)); 672 if (!retval) 673 goto nodata; 674 675 retval->subh.shutdown_hdr = 676 sctp_addto_chunk(retval, sizeof(shut), &shut); 677 678 if (chunk) 679 retval->transport = chunk->transport; 680 nodata: 681 return retval; 682 } 683 684 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 685 const struct sctp_chunk *chunk) 686 { 687 struct sctp_chunk *retval; 688 689 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 690 691 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 692 * 693 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 694 * HEARTBEAT ACK, * etc.) to the same destination transport 695 * address from which it * received the DATA or control chunk 696 * to which it is replying. 697 * 698 * [ACK back to where the SHUTDOWN came from.] 699 */ 700 if (retval && chunk) 701 retval->transport = chunk->transport; 702 703 return retval; 704 } 705 706 struct sctp_chunk *sctp_make_shutdown_complete( 707 const struct sctp_association *asoc, 708 const struct sctp_chunk *chunk) 709 { 710 struct sctp_chunk *retval; 711 __u8 flags = 0; 712 713 /* Set the T-bit if we have no association (vtag will be 714 * reflected) 715 */ 716 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 717 718 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 719 720 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 721 * 722 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 723 * HEARTBEAT ACK, * etc.) to the same destination transport 724 * address from which it * received the DATA or control chunk 725 * to which it is replying. 726 * 727 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 728 * came from.] 729 */ 730 if (retval && chunk) 731 retval->transport = chunk->transport; 732 733 return retval; 734 } 735 736 /* Create an ABORT. Note that we set the T bit if we have no 737 * association, except when responding to an INIT (sctpimpguide 2.41). 738 */ 739 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 740 const struct sctp_chunk *chunk, 741 const size_t hint) 742 { 743 struct sctp_chunk *retval; 744 __u8 flags = 0; 745 746 /* Set the T-bit if we have no association and 'chunk' is not 747 * an INIT (vtag will be reflected). 748 */ 749 if (!asoc) { 750 if (chunk && chunk->chunk_hdr && 751 chunk->chunk_hdr->type == SCTP_CID_INIT) 752 flags = 0; 753 else 754 flags = SCTP_CHUNK_FLAG_T; 755 } 756 757 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 758 759 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 760 * 761 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 762 * HEARTBEAT ACK, * etc.) to the same destination transport 763 * address from which it * received the DATA or control chunk 764 * to which it is replying. 765 * 766 * [ABORT back to where the offender came from.] 767 */ 768 if (retval && chunk) 769 retval->transport = chunk->transport; 770 771 return retval; 772 } 773 774 /* Helper to create ABORT with a NO_USER_DATA error. */ 775 struct sctp_chunk *sctp_make_abort_no_data( 776 const struct sctp_association *asoc, 777 const struct sctp_chunk *chunk, __u32 tsn) 778 { 779 struct sctp_chunk *retval; 780 __u32 payload; 781 782 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 783 + sizeof(tsn)); 784 785 if (!retval) 786 goto no_mem; 787 788 /* Put the tsn back into network byte order. */ 789 payload = htonl(tsn); 790 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 791 sizeof(payload)); 792 793 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 794 * 795 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 796 * HEARTBEAT ACK, * etc.) to the same destination transport 797 * address from which it * received the DATA or control chunk 798 * to which it is replying. 799 * 800 * [ABORT back to where the offender came from.] 801 */ 802 if (chunk) 803 retval->transport = chunk->transport; 804 805 no_mem: 806 return retval; 807 } 808 809 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 810 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 811 const struct sctp_chunk *chunk, 812 const struct msghdr *msg) 813 { 814 struct sctp_chunk *retval; 815 void *payload = NULL, *payoff; 816 size_t paylen = 0; 817 struct iovec *iov = NULL; 818 int iovlen = 0; 819 820 if (msg) { 821 iov = msg->msg_iov; 822 iovlen = msg->msg_iovlen; 823 paylen = get_user_iov_size(iov, iovlen); 824 } 825 826 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen); 827 if (!retval) 828 goto err_chunk; 829 830 if (paylen) { 831 /* Put the msg_iov together into payload. */ 832 payload = kmalloc(paylen, GFP_ATOMIC); 833 if (!payload) 834 goto err_payload; 835 payoff = payload; 836 837 for (; iovlen > 0; --iovlen) { 838 if (copy_from_user(payoff, iov->iov_base,iov->iov_len)) 839 goto err_copy; 840 payoff += iov->iov_len; 841 iov++; 842 } 843 } 844 845 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 846 847 if (paylen) 848 kfree(payload); 849 850 return retval; 851 852 err_copy: 853 kfree(payload); 854 err_payload: 855 sctp_chunk_free(retval); 856 retval = NULL; 857 err_chunk: 858 return retval; 859 } 860 861 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 862 struct sctp_chunk *sctp_make_abort_violation( 863 const struct sctp_association *asoc, 864 const struct sctp_chunk *chunk, 865 const __u8 *payload, 866 const size_t paylen) 867 { 868 struct sctp_chunk *retval; 869 struct sctp_paramhdr phdr; 870 871 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 872 + sizeof(sctp_chunkhdr_t)); 873 if (!retval) 874 goto end; 875 876 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 877 878 phdr.type = htons(chunk->chunk_hdr->type); 879 phdr.length = chunk->chunk_hdr->length; 880 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 881 882 end: 883 return retval; 884 } 885 886 /* Make a HEARTBEAT chunk. */ 887 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 888 const struct sctp_transport *transport, 889 const void *payload, const size_t paylen) 890 { 891 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 892 0, paylen); 893 894 if (!retval) 895 goto nodata; 896 897 /* Cast away the 'const', as this is just telling the chunk 898 * what transport it belongs to. 899 */ 900 retval->transport = (struct sctp_transport *) transport; 901 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 902 903 nodata: 904 return retval; 905 } 906 907 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 908 const struct sctp_chunk *chunk, 909 const void *payload, const size_t paylen) 910 { 911 struct sctp_chunk *retval; 912 913 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 914 if (!retval) 915 goto nodata; 916 917 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 918 919 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 920 * 921 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 922 * HEARTBEAT ACK, * etc.) to the same destination transport 923 * address from which it * received the DATA or control chunk 924 * to which it is replying. 925 * 926 * [HBACK back to where the HEARTBEAT came from.] 927 */ 928 if (chunk) 929 retval->transport = chunk->transport; 930 931 nodata: 932 return retval; 933 } 934 935 /* Create an Operation Error chunk with the specified space reserved. 936 * This routine can be used for containing multiple causes in the chunk. 937 */ 938 static struct sctp_chunk *sctp_make_op_error_space( 939 const struct sctp_association *asoc, 940 const struct sctp_chunk *chunk, 941 size_t size) 942 { 943 struct sctp_chunk *retval; 944 945 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 946 sizeof(sctp_errhdr_t) + size); 947 if (!retval) 948 goto nodata; 949 950 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 951 * 952 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 953 * HEARTBEAT ACK, etc.) to the same destination transport 954 * address from which it received the DATA or control chunk 955 * to which it is replying. 956 * 957 */ 958 if (chunk) 959 retval->transport = chunk->transport; 960 961 nodata: 962 return retval; 963 } 964 965 /* Create an Operation Error chunk. */ 966 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 967 const struct sctp_chunk *chunk, 968 __u16 cause_code, const void *payload, 969 size_t paylen) 970 { 971 struct sctp_chunk *retval; 972 973 retval = sctp_make_op_error_space(asoc, chunk, paylen); 974 if (!retval) 975 goto nodata; 976 977 sctp_init_cause(retval, cause_code, payload, paylen); 978 979 nodata: 980 return retval; 981 } 982 983 /******************************************************************** 984 * 2nd Level Abstractions 985 ********************************************************************/ 986 987 /* Turn an skb into a chunk. 988 * FIXME: Eventually move the structure directly inside the skb->cb[]. 989 */ 990 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 991 const struct sctp_association *asoc, 992 struct sock *sk) 993 { 994 struct sctp_chunk *retval; 995 996 retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC); 997 998 if (!retval) 999 goto nodata; 1000 memset(retval, 0, sizeof(struct sctp_chunk)); 1001 1002 if (!sk) { 1003 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1004 } 1005 1006 INIT_LIST_HEAD(&retval->list); 1007 retval->skb = skb; 1008 retval->asoc = (struct sctp_association *)asoc; 1009 retval->resent = 0; 1010 retval->has_tsn = 0; 1011 retval->has_ssn = 0; 1012 retval->rtt_in_progress = 0; 1013 retval->sent_at = 0; 1014 retval->singleton = 1; 1015 retval->end_of_packet = 0; 1016 retval->ecn_ce_done = 0; 1017 retval->pdiscard = 0; 1018 1019 /* sctpimpguide-05.txt Section 2.8.2 1020 * M1) Each time a new DATA chunk is transmitted 1021 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1022 * 'TSN.Missing.Report' count will be used to determine missing chunks 1023 * and when to fast retransmit. 1024 */ 1025 retval->tsn_missing_report = 0; 1026 retval->tsn_gap_acked = 0; 1027 retval->fast_retransmit = 0; 1028 1029 /* If this is a fragmented message, track all fragments 1030 * of the message (for SEND_FAILED). 1031 */ 1032 retval->msg = NULL; 1033 1034 /* Polish the bead hole. */ 1035 INIT_LIST_HEAD(&retval->transmitted_list); 1036 INIT_LIST_HEAD(&retval->frag_list); 1037 SCTP_DBG_OBJCNT_INC(chunk); 1038 atomic_set(&retval->refcnt, 1); 1039 1040 nodata: 1041 return retval; 1042 } 1043 1044 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1045 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1046 union sctp_addr *dest) 1047 { 1048 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1049 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1050 } 1051 1052 /* Extract the source address from a chunk. */ 1053 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1054 { 1055 /* If we have a known transport, use that. */ 1056 if (chunk->transport) { 1057 return &chunk->transport->ipaddr; 1058 } else { 1059 /* Otherwise, extract it from the IP header. */ 1060 return &chunk->source; 1061 } 1062 } 1063 1064 /* Create a new chunk, setting the type and flags headers from the 1065 * arguments, reserving enough space for a 'paylen' byte payload. 1066 */ 1067 SCTP_STATIC 1068 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1069 __u8 type, __u8 flags, int paylen) 1070 { 1071 struct sctp_chunk *retval; 1072 sctp_chunkhdr_t *chunk_hdr; 1073 struct sk_buff *skb; 1074 struct sock *sk; 1075 1076 /* No need to allocate LL here, as this is only a chunk. */ 1077 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1078 GFP_ATOMIC); 1079 if (!skb) 1080 goto nodata; 1081 1082 /* Make room for the chunk header. */ 1083 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1084 chunk_hdr->type = type; 1085 chunk_hdr->flags = flags; 1086 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1087 1088 sk = asoc ? asoc->base.sk : NULL; 1089 retval = sctp_chunkify(skb, asoc, sk); 1090 if (!retval) { 1091 kfree_skb(skb); 1092 goto nodata; 1093 } 1094 1095 retval->chunk_hdr = chunk_hdr; 1096 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1097 1098 /* Set the skb to the belonging sock for accounting. */ 1099 skb->sk = sk; 1100 1101 return retval; 1102 nodata: 1103 return NULL; 1104 } 1105 1106 1107 /* Release the memory occupied by a chunk. */ 1108 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1109 { 1110 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1111 dev_kfree_skb(chunk->skb); 1112 1113 SCTP_DBG_OBJCNT_DEC(chunk); 1114 kmem_cache_free(sctp_chunk_cachep, chunk); 1115 } 1116 1117 /* Possibly, free the chunk. */ 1118 void sctp_chunk_free(struct sctp_chunk *chunk) 1119 { 1120 BUG_ON(!list_empty(&chunk->list)); 1121 list_del_init(&chunk->transmitted_list); 1122 1123 /* Release our reference on the message tracker. */ 1124 if (chunk->msg) 1125 sctp_datamsg_put(chunk->msg); 1126 1127 sctp_chunk_put(chunk); 1128 } 1129 1130 /* Grab a reference to the chunk. */ 1131 void sctp_chunk_hold(struct sctp_chunk *ch) 1132 { 1133 atomic_inc(&ch->refcnt); 1134 } 1135 1136 /* Release a reference to the chunk. */ 1137 void sctp_chunk_put(struct sctp_chunk *ch) 1138 { 1139 if (atomic_dec_and_test(&ch->refcnt)) 1140 sctp_chunk_destroy(ch); 1141 } 1142 1143 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1144 * enough. 1145 */ 1146 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1147 { 1148 void *target; 1149 void *padding; 1150 int chunklen = ntohs(chunk->chunk_hdr->length); 1151 int padlen = chunklen % 4; 1152 1153 padding = skb_put(chunk->skb, padlen); 1154 target = skb_put(chunk->skb, len); 1155 1156 memset(padding, 0, padlen); 1157 memcpy(target, data, len); 1158 1159 /* Adjust the chunk length field. */ 1160 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1161 chunk->chunk_end = chunk->skb->tail; 1162 1163 return target; 1164 } 1165 1166 /* Append bytes from user space to the end of a chunk. Will panic if 1167 * chunk is not big enough. 1168 * Returns a kernel err value. 1169 */ 1170 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1171 struct iovec *data) 1172 { 1173 __u8 *target; 1174 int err = 0; 1175 1176 /* Make room in chunk for data. */ 1177 target = skb_put(chunk->skb, len); 1178 1179 /* Copy data (whole iovec) into chunk */ 1180 if ((err = memcpy_fromiovecend(target, data, off, len))) 1181 goto out; 1182 1183 /* Adjust the chunk length field. */ 1184 chunk->chunk_hdr->length = 1185 htons(ntohs(chunk->chunk_hdr->length) + len); 1186 chunk->chunk_end = chunk->skb->tail; 1187 1188 out: 1189 return err; 1190 } 1191 1192 /* Helper function to assign a TSN if needed. This assumes that both 1193 * the data_hdr and association have already been assigned. 1194 */ 1195 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1196 { 1197 __u16 ssn; 1198 __u16 sid; 1199 1200 if (chunk->has_ssn) 1201 return; 1202 1203 /* This is the last possible instant to assign a SSN. */ 1204 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1205 ssn = 0; 1206 } else { 1207 sid = htons(chunk->subh.data_hdr->stream); 1208 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1209 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1210 else 1211 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1212 ssn = htons(ssn); 1213 } 1214 1215 chunk->subh.data_hdr->ssn = ssn; 1216 chunk->has_ssn = 1; 1217 } 1218 1219 /* Helper function to assign a TSN if needed. This assumes that both 1220 * the data_hdr and association have already been assigned. 1221 */ 1222 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1223 { 1224 if (!chunk->has_tsn) { 1225 /* This is the last possible instant to 1226 * assign a TSN. 1227 */ 1228 chunk->subh.data_hdr->tsn = 1229 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1230 chunk->has_tsn = 1; 1231 } 1232 } 1233 1234 /* Create a CLOSED association to use with an incoming packet. */ 1235 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1236 struct sctp_chunk *chunk, 1237 gfp_t gfp) 1238 { 1239 struct sctp_association *asoc; 1240 struct sk_buff *skb; 1241 sctp_scope_t scope; 1242 struct sctp_af *af; 1243 1244 /* Create the bare association. */ 1245 scope = sctp_scope(sctp_source(chunk)); 1246 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1247 if (!asoc) 1248 goto nodata; 1249 asoc->temp = 1; 1250 skb = chunk->skb; 1251 /* Create an entry for the source address of the packet. */ 1252 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1253 if (unlikely(!af)) 1254 goto fail; 1255 af->from_skb(&asoc->c.peer_addr, skb, 1); 1256 nodata: 1257 return asoc; 1258 1259 fail: 1260 sctp_association_free(asoc); 1261 return NULL; 1262 } 1263 1264 /* Build a cookie representing asoc. 1265 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1266 */ 1267 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1268 const struct sctp_association *asoc, 1269 const struct sctp_chunk *init_chunk, 1270 int *cookie_len, 1271 const __u8 *raw_addrs, int addrs_len) 1272 { 1273 sctp_cookie_param_t *retval; 1274 struct sctp_signed_cookie *cookie; 1275 struct scatterlist sg; 1276 int headersize, bodysize; 1277 unsigned int keylen; 1278 char *key; 1279 1280 headersize = sizeof(sctp_paramhdr_t) + SCTP_SECRET_SIZE; 1281 bodysize = sizeof(struct sctp_cookie) 1282 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1283 1284 /* Pad out the cookie to a multiple to make the signature 1285 * functions simpler to write. 1286 */ 1287 if (bodysize % SCTP_COOKIE_MULTIPLE) 1288 bodysize += SCTP_COOKIE_MULTIPLE 1289 - (bodysize % SCTP_COOKIE_MULTIPLE); 1290 *cookie_len = headersize + bodysize; 1291 1292 retval = (sctp_cookie_param_t *)kmalloc(*cookie_len, GFP_ATOMIC); 1293 1294 if (!retval) { 1295 *cookie_len = 0; 1296 goto nodata; 1297 } 1298 1299 /* Clear this memory since we are sending this data structure 1300 * out on the network. 1301 */ 1302 memset(retval, 0x00, *cookie_len); 1303 cookie = (struct sctp_signed_cookie *) retval->body; 1304 1305 /* Set up the parameter header. */ 1306 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1307 retval->p.length = htons(*cookie_len); 1308 1309 /* Copy the cookie part of the association itself. */ 1310 cookie->c = asoc->c; 1311 /* Save the raw address list length in the cookie. */ 1312 cookie->c.raw_addr_list_len = addrs_len; 1313 1314 /* Remember PR-SCTP capability. */ 1315 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1316 1317 /* Save adaption indication in the cookie. */ 1318 cookie->c.adaption_ind = asoc->peer.adaption_ind; 1319 1320 /* Set an expiration time for the cookie. */ 1321 do_gettimeofday(&cookie->c.expiration); 1322 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1323 1324 /* Copy the peer's init packet. */ 1325 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1326 ntohs(init_chunk->chunk_hdr->length)); 1327 1328 /* Copy the raw local address list of the association. */ 1329 memcpy((__u8 *)&cookie->c.peer_init[0] + 1330 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1331 1332 if (sctp_sk(ep->base.sk)->hmac) { 1333 /* Sign the message. */ 1334 sg.page = virt_to_page(&cookie->c); 1335 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1336 sg.length = bodysize; 1337 keylen = SCTP_SECRET_SIZE; 1338 key = (char *)ep->secret_key[ep->current_key]; 1339 1340 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1341 &sg, 1, cookie->signature); 1342 } 1343 1344 nodata: 1345 return retval; 1346 } 1347 1348 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1349 struct sctp_association *sctp_unpack_cookie( 1350 const struct sctp_endpoint *ep, 1351 const struct sctp_association *asoc, 1352 struct sctp_chunk *chunk, gfp_t gfp, 1353 int *error, struct sctp_chunk **errp) 1354 { 1355 struct sctp_association *retval = NULL; 1356 struct sctp_signed_cookie *cookie; 1357 struct sctp_cookie *bear_cookie; 1358 int headersize, bodysize, fixed_size; 1359 __u8 digest[SCTP_SIGNATURE_SIZE]; 1360 struct scatterlist sg; 1361 unsigned int keylen, len; 1362 char *key; 1363 sctp_scope_t scope; 1364 struct sk_buff *skb = chunk->skb; 1365 struct timeval tv; 1366 1367 headersize = sizeof(sctp_chunkhdr_t) + SCTP_SECRET_SIZE; 1368 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1369 fixed_size = headersize + sizeof(struct sctp_cookie); 1370 1371 /* Verify that the chunk looks like it even has a cookie. 1372 * There must be enough room for our cookie and our peer's 1373 * INIT chunk. 1374 */ 1375 len = ntohs(chunk->chunk_hdr->length); 1376 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1377 goto malformed; 1378 1379 /* Verify that the cookie has been padded out. */ 1380 if (bodysize % SCTP_COOKIE_MULTIPLE) 1381 goto malformed; 1382 1383 /* Process the cookie. */ 1384 cookie = chunk->subh.cookie_hdr; 1385 bear_cookie = &cookie->c; 1386 1387 if (!sctp_sk(ep->base.sk)->hmac) 1388 goto no_hmac; 1389 1390 /* Check the signature. */ 1391 keylen = SCTP_SECRET_SIZE; 1392 sg.page = virt_to_page(bear_cookie); 1393 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1394 sg.length = bodysize; 1395 key = (char *)ep->secret_key[ep->current_key]; 1396 1397 memset(digest, 0x00, sizeof(digest)); 1398 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg, 1399 1, digest); 1400 1401 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1402 /* Try the previous key. */ 1403 key = (char *)ep->secret_key[ep->last_key]; 1404 memset(digest, 0x00, sizeof(digest)); 1405 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1406 &sg, 1, digest); 1407 1408 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1409 /* Yikes! Still bad signature! */ 1410 *error = -SCTP_IERROR_BAD_SIG; 1411 goto fail; 1412 } 1413 } 1414 1415 no_hmac: 1416 /* IG Section 2.35.2: 1417 * 3) Compare the port numbers and the verification tag contained 1418 * within the COOKIE ECHO chunk to the actual port numbers and the 1419 * verification tag within the SCTP common header of the received 1420 * packet. If these values do not match the packet MUST be silently 1421 * discarded, 1422 */ 1423 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1424 *error = -SCTP_IERROR_BAD_TAG; 1425 goto fail; 1426 } 1427 1428 if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port || 1429 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1430 *error = -SCTP_IERROR_BAD_PORTS; 1431 goto fail; 1432 } 1433 1434 /* Check to see if the cookie is stale. If there is already 1435 * an association, there is no need to check cookie's expiration 1436 * for init collision case of lost COOKIE ACK. 1437 */ 1438 skb_get_timestamp(skb, &tv); 1439 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1440 __u16 len; 1441 /* 1442 * Section 3.3.10.3 Stale Cookie Error (3) 1443 * 1444 * Cause of error 1445 * --------------- 1446 * Stale Cookie Error: Indicates the receipt of a valid State 1447 * Cookie that has expired. 1448 */ 1449 len = ntohs(chunk->chunk_hdr->length); 1450 *errp = sctp_make_op_error_space(asoc, chunk, len); 1451 if (*errp) { 1452 suseconds_t usecs = (tv.tv_sec - 1453 bear_cookie->expiration.tv_sec) * 1000000L + 1454 tv.tv_usec - bear_cookie->expiration.tv_usec; 1455 1456 usecs = htonl(usecs); 1457 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1458 &usecs, sizeof(usecs)); 1459 *error = -SCTP_IERROR_STALE_COOKIE; 1460 } else 1461 *error = -SCTP_IERROR_NOMEM; 1462 1463 goto fail; 1464 } 1465 1466 /* Make a new base association. */ 1467 scope = sctp_scope(sctp_source(chunk)); 1468 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1469 if (!retval) { 1470 *error = -SCTP_IERROR_NOMEM; 1471 goto fail; 1472 } 1473 1474 /* Set up our peer's port number. */ 1475 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1476 1477 /* Populate the association from the cookie. */ 1478 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1479 1480 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1481 GFP_ATOMIC) < 0) { 1482 *error = -SCTP_IERROR_NOMEM; 1483 goto fail; 1484 } 1485 1486 /* Also, add the destination address. */ 1487 if (list_empty(&retval->base.bind_addr.address_list)) { 1488 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1489 GFP_ATOMIC); 1490 } 1491 1492 retval->next_tsn = retval->c.initial_tsn; 1493 retval->ctsn_ack_point = retval->next_tsn - 1; 1494 retval->addip_serial = retval->c.initial_tsn; 1495 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1496 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1497 retval->peer.adaption_ind = retval->c.adaption_ind; 1498 1499 /* The INIT stuff will be done by the side effects. */ 1500 return retval; 1501 1502 fail: 1503 if (retval) 1504 sctp_association_free(retval); 1505 1506 return NULL; 1507 1508 malformed: 1509 /* Yikes! The packet is either corrupt or deliberately 1510 * malformed. 1511 */ 1512 *error = -SCTP_IERROR_MALFORMED; 1513 goto fail; 1514 } 1515 1516 /******************************************************************** 1517 * 3rd Level Abstractions 1518 ********************************************************************/ 1519 1520 struct __sctp_missing { 1521 __u32 num_missing; 1522 __u16 type; 1523 } __attribute__((packed)); 1524 1525 /* 1526 * Report a missing mandatory parameter. 1527 */ 1528 static int sctp_process_missing_param(const struct sctp_association *asoc, 1529 sctp_param_t paramtype, 1530 struct sctp_chunk *chunk, 1531 struct sctp_chunk **errp) 1532 { 1533 struct __sctp_missing report; 1534 __u16 len; 1535 1536 len = WORD_ROUND(sizeof(report)); 1537 1538 /* Make an ERROR chunk, preparing enough room for 1539 * returning multiple unknown parameters. 1540 */ 1541 if (!*errp) 1542 *errp = sctp_make_op_error_space(asoc, chunk, len); 1543 1544 if (*errp) { 1545 report.num_missing = htonl(1); 1546 report.type = paramtype; 1547 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 1548 &report, sizeof(report)); 1549 } 1550 1551 /* Stop processing this chunk. */ 1552 return 0; 1553 } 1554 1555 /* Report an Invalid Mandatory Parameter. */ 1556 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1557 struct sctp_chunk *chunk, 1558 struct sctp_chunk **errp) 1559 { 1560 /* Invalid Mandatory Parameter Error has no payload. */ 1561 1562 if (!*errp) 1563 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1564 1565 if (*errp) 1566 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1567 1568 /* Stop processing this chunk. */ 1569 return 0; 1570 } 1571 1572 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1573 struct sctp_paramhdr *param, 1574 const struct sctp_chunk *chunk, 1575 struct sctp_chunk **errp) 1576 { 1577 char error[] = "The following parameter had invalid length:"; 1578 size_t payload_len = WORD_ROUND(sizeof(error)) + 1579 sizeof(sctp_paramhdr_t); 1580 1581 1582 /* Create an error chunk and fill it in with our payload. */ 1583 if (!*errp) 1584 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1585 1586 if (*errp) { 1587 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1588 sizeof(error)); 1589 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1590 } 1591 1592 return 0; 1593 } 1594 1595 1596 /* Do not attempt to handle the HOST_NAME parm. However, do 1597 * send back an indicator to the peer. 1598 */ 1599 static int sctp_process_hn_param(const struct sctp_association *asoc, 1600 union sctp_params param, 1601 struct sctp_chunk *chunk, 1602 struct sctp_chunk **errp) 1603 { 1604 __u16 len = ntohs(param.p->length); 1605 1606 /* Make an ERROR chunk. */ 1607 if (!*errp) 1608 *errp = sctp_make_op_error_space(asoc, chunk, len); 1609 1610 if (*errp) 1611 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1612 param.v, len); 1613 1614 /* Stop processing this chunk. */ 1615 return 0; 1616 } 1617 1618 /* RFC 3.2.1 & the Implementers Guide 2.2. 1619 * 1620 * The Parameter Types are encoded such that the 1621 * highest-order two bits specify the action that must be 1622 * taken if the processing endpoint does not recognize the 1623 * Parameter Type. 1624 * 1625 * 00 - Stop processing this SCTP chunk and discard it, 1626 * do not process any further chunks within it. 1627 * 1628 * 01 - Stop processing this SCTP chunk and discard it, 1629 * do not process any further chunks within it, and report 1630 * the unrecognized parameter in an 'Unrecognized 1631 * Parameter Type' (in either an ERROR or in the INIT ACK). 1632 * 1633 * 10 - Skip this parameter and continue processing. 1634 * 1635 * 11 - Skip this parameter and continue processing but 1636 * report the unrecognized parameter in an 1637 * 'Unrecognized Parameter Type' (in either an ERROR or in 1638 * the INIT ACK). 1639 * 1640 * Return value: 1641 * 0 - discard the chunk 1642 * 1 - continue with the chunk 1643 */ 1644 static int sctp_process_unk_param(const struct sctp_association *asoc, 1645 union sctp_params param, 1646 struct sctp_chunk *chunk, 1647 struct sctp_chunk **errp) 1648 { 1649 int retval = 1; 1650 1651 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1652 case SCTP_PARAM_ACTION_DISCARD: 1653 retval = 0; 1654 break; 1655 case SCTP_PARAM_ACTION_DISCARD_ERR: 1656 retval = 0; 1657 /* Make an ERROR chunk, preparing enough room for 1658 * returning multiple unknown parameters. 1659 */ 1660 if (NULL == *errp) 1661 *errp = sctp_make_op_error_space(asoc, chunk, 1662 ntohs(chunk->chunk_hdr->length)); 1663 1664 if (*errp) 1665 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1666 param.v, 1667 WORD_ROUND(ntohs(param.p->length))); 1668 1669 break; 1670 case SCTP_PARAM_ACTION_SKIP: 1671 break; 1672 case SCTP_PARAM_ACTION_SKIP_ERR: 1673 /* Make an ERROR chunk, preparing enough room for 1674 * returning multiple unknown parameters. 1675 */ 1676 if (NULL == *errp) 1677 *errp = sctp_make_op_error_space(asoc, chunk, 1678 ntohs(chunk->chunk_hdr->length)); 1679 1680 if (*errp) { 1681 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1682 param.v, 1683 WORD_ROUND(ntohs(param.p->length))); 1684 } else { 1685 /* If there is no memory for generating the ERROR 1686 * report as specified, an ABORT will be triggered 1687 * to the peer and the association won't be 1688 * established. 1689 */ 1690 retval = 0; 1691 } 1692 1693 break; 1694 default: 1695 break; 1696 } 1697 1698 return retval; 1699 } 1700 1701 /* Find unrecognized parameters in the chunk. 1702 * Return values: 1703 * 0 - discard the chunk 1704 * 1 - continue with the chunk 1705 */ 1706 static int sctp_verify_param(const struct sctp_association *asoc, 1707 union sctp_params param, 1708 sctp_cid_t cid, 1709 struct sctp_chunk *chunk, 1710 struct sctp_chunk **err_chunk) 1711 { 1712 int retval = 1; 1713 1714 /* FIXME - This routine is not looking at each parameter per the 1715 * chunk type, i.e., unrecognized parameters should be further 1716 * identified based on the chunk id. 1717 */ 1718 1719 switch (param.p->type) { 1720 case SCTP_PARAM_IPV4_ADDRESS: 1721 case SCTP_PARAM_IPV6_ADDRESS: 1722 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1723 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1724 case SCTP_PARAM_STATE_COOKIE: 1725 case SCTP_PARAM_HEARTBEAT_INFO: 1726 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1727 case SCTP_PARAM_ECN_CAPABLE: 1728 case SCTP_PARAM_ADAPTION_LAYER_IND: 1729 break; 1730 1731 case SCTP_PARAM_HOST_NAME_ADDRESS: 1732 /* Tell the peer, we won't support this param. */ 1733 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1734 case SCTP_PARAM_FWD_TSN_SUPPORT: 1735 if (sctp_prsctp_enable) 1736 break; 1737 /* Fall Through */ 1738 default: 1739 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1740 ntohs(param.p->type), cid); 1741 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1742 1743 break; 1744 } 1745 return retval; 1746 } 1747 1748 /* Verify the INIT packet before we process it. */ 1749 int sctp_verify_init(const struct sctp_association *asoc, 1750 sctp_cid_t cid, 1751 sctp_init_chunk_t *peer_init, 1752 struct sctp_chunk *chunk, 1753 struct sctp_chunk **errp) 1754 { 1755 union sctp_params param; 1756 int has_cookie = 0; 1757 1758 /* Verify stream values are non-zero. */ 1759 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1760 (0 == peer_init->init_hdr.num_inbound_streams)) { 1761 1762 sctp_process_inv_mandatory(asoc, chunk, errp); 1763 return 0; 1764 } 1765 1766 /* Check for missing mandatory parameters. */ 1767 sctp_walk_params(param, peer_init, init_hdr.params) { 1768 1769 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1770 has_cookie = 1; 1771 1772 } /* for (loop through all parameters) */ 1773 1774 /* There is a possibility that a parameter length was bad and 1775 * in that case we would have stoped walking the parameters. 1776 * The current param.p would point at the bad one. 1777 * Current consensus on the mailing list is to generate a PROTOCOL 1778 * VIOLATION error. We build the ERROR chunk here and let the normal 1779 * error handling code build and send the packet. 1780 */ 1781 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1782 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1783 return 0; 1784 } 1785 1786 /* The only missing mandatory param possible today is 1787 * the state cookie for an INIT-ACK chunk. 1788 */ 1789 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1790 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1791 chunk, errp); 1792 return 0; 1793 } 1794 1795 /* Find unrecognized parameters. */ 1796 1797 sctp_walk_params(param, peer_init, init_hdr.params) { 1798 1799 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1800 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1801 return 0; 1802 else 1803 return 1; 1804 } 1805 1806 } /* for (loop through all parameters) */ 1807 1808 return 1; 1809 } 1810 1811 /* Unpack the parameters in an INIT packet into an association. 1812 * Returns 0 on failure, else success. 1813 * FIXME: This is an association method. 1814 */ 1815 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1816 const union sctp_addr *peer_addr, 1817 sctp_init_chunk_t *peer_init, gfp_t gfp) 1818 { 1819 union sctp_params param; 1820 struct sctp_transport *transport; 1821 struct list_head *pos, *temp; 1822 char *cookie; 1823 1824 /* We must include the address that the INIT packet came from. 1825 * This is the only address that matters for an INIT packet. 1826 * When processing a COOKIE ECHO, we retrieve the from address 1827 * of the INIT from the cookie. 1828 */ 1829 1830 /* This implementation defaults to making the first transport 1831 * added as the primary transport. The source address seems to 1832 * be a a better choice than any of the embedded addresses. 1833 */ 1834 if (peer_addr) 1835 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 1836 goto nomem; 1837 1838 /* Process the initialization parameters. */ 1839 1840 sctp_walk_params(param, peer_init, init_hdr.params) { 1841 1842 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1843 goto clean_up; 1844 } 1845 1846 /* Walk list of transports, removing transports in the UNKNOWN state. */ 1847 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1848 transport = list_entry(pos, struct sctp_transport, transports); 1849 if (transport->state == SCTP_UNKNOWN) { 1850 sctp_assoc_rm_peer(asoc, transport); 1851 } 1852 } 1853 1854 /* The fixed INIT headers are always in network byte 1855 * order. 1856 */ 1857 asoc->peer.i.init_tag = 1858 ntohl(peer_init->init_hdr.init_tag); 1859 asoc->peer.i.a_rwnd = 1860 ntohl(peer_init->init_hdr.a_rwnd); 1861 asoc->peer.i.num_outbound_streams = 1862 ntohs(peer_init->init_hdr.num_outbound_streams); 1863 asoc->peer.i.num_inbound_streams = 1864 ntohs(peer_init->init_hdr.num_inbound_streams); 1865 asoc->peer.i.initial_tsn = 1866 ntohl(peer_init->init_hdr.initial_tsn); 1867 1868 /* Apply the upper bounds for output streams based on peer's 1869 * number of inbound streams. 1870 */ 1871 if (asoc->c.sinit_num_ostreams > 1872 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1873 asoc->c.sinit_num_ostreams = 1874 ntohs(peer_init->init_hdr.num_inbound_streams); 1875 } 1876 1877 if (asoc->c.sinit_max_instreams > 1878 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1879 asoc->c.sinit_max_instreams = 1880 ntohs(peer_init->init_hdr.num_outbound_streams); 1881 } 1882 1883 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1884 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1885 1886 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1887 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1888 1889 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1890 cookie = asoc->peer.cookie; 1891 if (cookie) { 1892 asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp); 1893 if (!asoc->peer.cookie) 1894 goto clean_up; 1895 memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len); 1896 } 1897 1898 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1899 * high (for example, implementations MAY use the size of the receiver 1900 * advertised window). 1901 */ 1902 list_for_each(pos, &asoc->peer.transport_addr_list) { 1903 transport = list_entry(pos, struct sctp_transport, transports); 1904 transport->ssthresh = asoc->peer.i.a_rwnd; 1905 } 1906 1907 /* Set up the TSN tracking pieces. */ 1908 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1909 asoc->peer.i.initial_tsn); 1910 1911 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1912 * 1913 * The stream sequence number in all the streams shall start 1914 * from 0 when the association is established. Also, when the 1915 * stream sequence number reaches the value 65535 the next 1916 * stream sequence number shall be set to 0. 1917 */ 1918 1919 /* Allocate storage for the negotiated streams if it is not a temporary 1920 * association. 1921 */ 1922 if (!asoc->temp) { 1923 int assoc_id; 1924 int error; 1925 1926 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1927 asoc->c.sinit_num_ostreams, gfp); 1928 if (!asoc->ssnmap) 1929 goto clean_up; 1930 1931 retry: 1932 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1933 goto clean_up; 1934 spin_lock_bh(&sctp_assocs_id_lock); 1935 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1936 &assoc_id); 1937 spin_unlock_bh(&sctp_assocs_id_lock); 1938 if (error == -EAGAIN) 1939 goto retry; 1940 else if (error) 1941 goto clean_up; 1942 1943 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1944 } 1945 1946 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1947 * 1948 * When an endpoint has an ASCONF signaled change to be sent to the 1949 * remote endpoint it should do the following: 1950 * ... 1951 * A2) A serial number should be assigned to the Chunk. The serial 1952 * number should be a monotonically increasing number. All serial 1953 * numbers are defined to be initialized at the start of the 1954 * association to the same value as the Initial TSN. 1955 */ 1956 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1957 return 1; 1958 1959 clean_up: 1960 /* Release the transport structures. */ 1961 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1962 transport = list_entry(pos, struct sctp_transport, transports); 1963 list_del_init(pos); 1964 sctp_transport_free(transport); 1965 } 1966 1967 asoc->peer.transport_count = 0; 1968 1969 nomem: 1970 return 0; 1971 } 1972 1973 1974 /* Update asoc with the option described in param. 1975 * 1976 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1977 * 1978 * asoc is the association to update. 1979 * param is the variable length parameter to use for update. 1980 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 1981 * If the current packet is an INIT we want to minimize the amount of 1982 * work we do. In particular, we should not build transport 1983 * structures for the addresses. 1984 */ 1985 static int sctp_process_param(struct sctp_association *asoc, 1986 union sctp_params param, 1987 const union sctp_addr *peer_addr, 1988 gfp_t gfp) 1989 { 1990 union sctp_addr addr; 1991 int i; 1992 __u16 sat; 1993 int retval = 1; 1994 sctp_scope_t scope; 1995 time_t stale; 1996 struct sctp_af *af; 1997 1998 /* We maintain all INIT parameters in network byte order all the 1999 * time. This allows us to not worry about whether the parameters 2000 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2001 */ 2002 switch (param.p->type) { 2003 case SCTP_PARAM_IPV6_ADDRESS: 2004 if (PF_INET6 != asoc->base.sk->sk_family) 2005 break; 2006 /* Fall through. */ 2007 case SCTP_PARAM_IPV4_ADDRESS: 2008 af = sctp_get_af_specific(param_type2af(param.p->type)); 2009 af->from_addr_param(&addr, param.addr, asoc->peer.port, 0); 2010 scope = sctp_scope(peer_addr); 2011 if (sctp_in_scope(&addr, scope)) 2012 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_ACTIVE)) 2013 return 0; 2014 break; 2015 2016 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2017 if (!sctp_cookie_preserve_enable) 2018 break; 2019 2020 stale = ntohl(param.life->lifespan_increment); 2021 2022 /* Suggested Cookie Life span increment's unit is msec, 2023 * (1/1000sec). 2024 */ 2025 asoc->cookie_life.tv_sec += stale / 1000; 2026 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2027 break; 2028 2029 case SCTP_PARAM_HOST_NAME_ADDRESS: 2030 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2031 break; 2032 2033 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2034 /* Turn off the default values first so we'll know which 2035 * ones are really set by the peer. 2036 */ 2037 asoc->peer.ipv4_address = 0; 2038 asoc->peer.ipv6_address = 0; 2039 2040 /* Cycle through address types; avoid divide by 0. */ 2041 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2042 if (sat) 2043 sat /= sizeof(__u16); 2044 2045 for (i = 0; i < sat; ++i) { 2046 switch (param.sat->types[i]) { 2047 case SCTP_PARAM_IPV4_ADDRESS: 2048 asoc->peer.ipv4_address = 1; 2049 break; 2050 2051 case SCTP_PARAM_IPV6_ADDRESS: 2052 asoc->peer.ipv6_address = 1; 2053 break; 2054 2055 case SCTP_PARAM_HOST_NAME_ADDRESS: 2056 asoc->peer.hostname_address = 1; 2057 break; 2058 2059 default: /* Just ignore anything else. */ 2060 break; 2061 }; 2062 } 2063 break; 2064 2065 case SCTP_PARAM_STATE_COOKIE: 2066 asoc->peer.cookie_len = 2067 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2068 asoc->peer.cookie = param.cookie->body; 2069 break; 2070 2071 case SCTP_PARAM_HEARTBEAT_INFO: 2072 /* Would be odd to receive, but it causes no problems. */ 2073 break; 2074 2075 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2076 /* Rejected during verify stage. */ 2077 break; 2078 2079 case SCTP_PARAM_ECN_CAPABLE: 2080 asoc->peer.ecn_capable = 1; 2081 break; 2082 2083 case SCTP_PARAM_ADAPTION_LAYER_IND: 2084 asoc->peer.adaption_ind = param.aind->adaption_ind; 2085 break; 2086 2087 case SCTP_PARAM_FWD_TSN_SUPPORT: 2088 if (sctp_prsctp_enable) { 2089 asoc->peer.prsctp_capable = 1; 2090 break; 2091 } 2092 /* Fall Through */ 2093 default: 2094 /* Any unrecognized parameters should have been caught 2095 * and handled by sctp_verify_param() which should be 2096 * called prior to this routine. Simply log the error 2097 * here. 2098 */ 2099 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2100 ntohs(param.p->type), asoc); 2101 break; 2102 }; 2103 2104 return retval; 2105 } 2106 2107 /* Select a new verification tag. */ 2108 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2109 { 2110 /* I believe that this random number generator complies with RFC1750. 2111 * A tag of 0 is reserved for special cases (e.g. INIT). 2112 */ 2113 __u32 x; 2114 2115 do { 2116 get_random_bytes(&x, sizeof(__u32)); 2117 } while (x == 0); 2118 2119 return x; 2120 } 2121 2122 /* Select an initial TSN to send during startup. */ 2123 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2124 { 2125 __u32 retval; 2126 2127 get_random_bytes(&retval, sizeof(__u32)); 2128 return retval; 2129 } 2130 2131 /* 2132 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2133 * 0 1 2 3 2134 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2135 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2136 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2137 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2138 * | Serial Number | 2139 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2140 * | Address Parameter | 2141 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2142 * | ASCONF Parameter #1 | 2143 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2144 * \ \ 2145 * / .... / 2146 * \ \ 2147 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2148 * | ASCONF Parameter #N | 2149 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2150 * 2151 * Address Parameter and other parameter will not be wrapped in this function 2152 */ 2153 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2154 union sctp_addr *addr, 2155 int vparam_len) 2156 { 2157 sctp_addiphdr_t asconf; 2158 struct sctp_chunk *retval; 2159 int length = sizeof(asconf) + vparam_len; 2160 union sctp_addr_param addrparam; 2161 int addrlen; 2162 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2163 2164 addrlen = af->to_addr_param(addr, &addrparam); 2165 if (!addrlen) 2166 return NULL; 2167 length += addrlen; 2168 2169 /* Create the chunk. */ 2170 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2171 if (!retval) 2172 return NULL; 2173 2174 asconf.serial = htonl(asoc->addip_serial++); 2175 2176 retval->subh.addip_hdr = 2177 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2178 retval->param_hdr.v = 2179 sctp_addto_chunk(retval, addrlen, &addrparam); 2180 2181 return retval; 2182 } 2183 2184 /* ADDIP 2185 * 3.2.1 Add IP Address 2186 * 0 1 2 3 2187 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2189 * | Type = 0xC001 | Length = Variable | 2190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2191 * | ASCONF-Request Correlation ID | 2192 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2193 * | Address Parameter | 2194 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2195 * 2196 * 3.2.2 Delete IP Address 2197 * 0 1 2 3 2198 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2199 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2200 * | Type = 0xC002 | Length = Variable | 2201 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2202 * | ASCONF-Request Correlation ID | 2203 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2204 * | Address Parameter | 2205 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2206 * 2207 */ 2208 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2209 union sctp_addr *laddr, 2210 struct sockaddr *addrs, 2211 int addrcnt, 2212 __u16 flags) 2213 { 2214 sctp_addip_param_t param; 2215 struct sctp_chunk *retval; 2216 union sctp_addr_param addr_param; 2217 union sctp_addr *addr; 2218 void *addr_buf; 2219 struct sctp_af *af; 2220 int paramlen = sizeof(param); 2221 int addr_param_len = 0; 2222 int totallen = 0; 2223 int i; 2224 2225 /* Get total length of all the address parameters. */ 2226 addr_buf = addrs; 2227 for (i = 0; i < addrcnt; i++) { 2228 addr = (union sctp_addr *)addr_buf; 2229 af = sctp_get_af_specific(addr->v4.sin_family); 2230 addr_param_len = af->to_addr_param(addr, &addr_param); 2231 2232 totallen += paramlen; 2233 totallen += addr_param_len; 2234 2235 addr_buf += af->sockaddr_len; 2236 } 2237 2238 /* Create an asconf chunk with the required length. */ 2239 retval = sctp_make_asconf(asoc, laddr, totallen); 2240 if (!retval) 2241 return NULL; 2242 2243 /* Add the address parameters to the asconf chunk. */ 2244 addr_buf = addrs; 2245 for (i = 0; i < addrcnt; i++) { 2246 addr = (union sctp_addr *)addr_buf; 2247 af = sctp_get_af_specific(addr->v4.sin_family); 2248 addr_param_len = af->to_addr_param(addr, &addr_param); 2249 param.param_hdr.type = flags; 2250 param.param_hdr.length = htons(paramlen + addr_param_len); 2251 param.crr_id = i; 2252 2253 sctp_addto_chunk(retval, paramlen, ¶m); 2254 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2255 2256 addr_buf += af->sockaddr_len; 2257 } 2258 return retval; 2259 } 2260 2261 /* ADDIP 2262 * 3.2.4 Set Primary IP Address 2263 * 0 1 2 3 2264 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2265 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2266 * | Type =0xC004 | Length = Variable | 2267 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2268 * | ASCONF-Request Correlation ID | 2269 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2270 * | Address Parameter | 2271 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2272 * 2273 * Create an ASCONF chunk with Set Primary IP address parameter. 2274 */ 2275 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2276 union sctp_addr *addr) 2277 { 2278 sctp_addip_param_t param; 2279 struct sctp_chunk *retval; 2280 int len = sizeof(param); 2281 union sctp_addr_param addrparam; 2282 int addrlen; 2283 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2284 2285 addrlen = af->to_addr_param(addr, &addrparam); 2286 if (!addrlen) 2287 return NULL; 2288 len += addrlen; 2289 2290 /* Create the chunk and make asconf header. */ 2291 retval = sctp_make_asconf(asoc, addr, len); 2292 if (!retval) 2293 return NULL; 2294 2295 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2296 param.param_hdr.length = htons(len); 2297 param.crr_id = 0; 2298 2299 sctp_addto_chunk(retval, sizeof(param), ¶m); 2300 sctp_addto_chunk(retval, addrlen, &addrparam); 2301 2302 return retval; 2303 } 2304 2305 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2306 * 0 1 2 3 2307 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2308 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2309 * | Type = 0x80 | Chunk Flags | Chunk Length | 2310 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2311 * | Serial Number | 2312 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2313 * | ASCONF Parameter Response#1 | 2314 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2315 * \ \ 2316 * / .... / 2317 * \ \ 2318 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2319 * | ASCONF Parameter Response#N | 2320 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2321 * 2322 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2323 */ 2324 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2325 __u32 serial, int vparam_len) 2326 { 2327 sctp_addiphdr_t asconf; 2328 struct sctp_chunk *retval; 2329 int length = sizeof(asconf) + vparam_len; 2330 2331 /* Create the chunk. */ 2332 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2333 if (!retval) 2334 return NULL; 2335 2336 asconf.serial = htonl(serial); 2337 2338 retval->subh.addip_hdr = 2339 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2340 2341 return retval; 2342 } 2343 2344 /* Add response parameters to an ASCONF_ACK chunk. */ 2345 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id, 2346 __u16 err_code, sctp_addip_param_t *asconf_param) 2347 { 2348 sctp_addip_param_t ack_param; 2349 sctp_errhdr_t err_param; 2350 int asconf_param_len = 0; 2351 int err_param_len = 0; 2352 __u16 response_type; 2353 2354 if (SCTP_ERROR_NO_ERROR == err_code) { 2355 response_type = SCTP_PARAM_SUCCESS_REPORT; 2356 } else { 2357 response_type = SCTP_PARAM_ERR_CAUSE; 2358 err_param_len = sizeof(err_param); 2359 if (asconf_param) 2360 asconf_param_len = 2361 ntohs(asconf_param->param_hdr.length); 2362 } 2363 2364 /* Add Success Indication or Error Cause Indication parameter. */ 2365 ack_param.param_hdr.type = response_type; 2366 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2367 err_param_len + 2368 asconf_param_len); 2369 ack_param.crr_id = crr_id; 2370 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2371 2372 if (SCTP_ERROR_NO_ERROR == err_code) 2373 return; 2374 2375 /* Add Error Cause parameter. */ 2376 err_param.cause = err_code; 2377 err_param.length = htons(err_param_len + asconf_param_len); 2378 sctp_addto_chunk(chunk, err_param_len, &err_param); 2379 2380 /* Add the failed TLV copied from ASCONF chunk. */ 2381 if (asconf_param) 2382 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2383 } 2384 2385 /* Process a asconf parameter. */ 2386 static __u16 sctp_process_asconf_param(struct sctp_association *asoc, 2387 struct sctp_chunk *asconf, 2388 sctp_addip_param_t *asconf_param) 2389 { 2390 struct sctp_transport *peer; 2391 struct sctp_af *af; 2392 union sctp_addr addr; 2393 struct list_head *pos; 2394 union sctp_addr_param *addr_param; 2395 2396 addr_param = (union sctp_addr_param *) 2397 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2398 2399 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2400 if (unlikely(!af)) 2401 return SCTP_ERROR_INV_PARAM; 2402 2403 af->from_addr_param(&addr, addr_param, asoc->peer.port, 0); 2404 switch (asconf_param->param_hdr.type) { 2405 case SCTP_PARAM_ADD_IP: 2406 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2407 * request and does not have the local resources to add this 2408 * new address to the association, it MUST return an Error 2409 * Cause TLV set to the new error code 'Operation Refused 2410 * Due to Resource Shortage'. 2411 */ 2412 2413 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_ACTIVE); 2414 if (!peer) 2415 return SCTP_ERROR_RSRC_LOW; 2416 2417 /* Start the heartbeat timer. */ 2418 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2419 sctp_transport_hold(peer); 2420 break; 2421 case SCTP_PARAM_DEL_IP: 2422 /* ADDIP 4.3 D7) If a request is received to delete the 2423 * last remaining IP address of a peer endpoint, the receiver 2424 * MUST send an Error Cause TLV with the error cause set to the 2425 * new error code 'Request to Delete Last Remaining IP Address'. 2426 */ 2427 pos = asoc->peer.transport_addr_list.next; 2428 if (pos->next == &asoc->peer.transport_addr_list) 2429 return SCTP_ERROR_DEL_LAST_IP; 2430 2431 /* ADDIP 4.3 D8) If a request is received to delete an IP 2432 * address which is also the source address of the IP packet 2433 * which contained the ASCONF chunk, the receiver MUST reject 2434 * this request. To reject the request the receiver MUST send 2435 * an Error Cause TLV set to the new error code 'Request to 2436 * Delete Source IP Address' 2437 */ 2438 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2439 return SCTP_ERROR_DEL_SRC_IP; 2440 2441 sctp_assoc_del_peer(asoc, &addr); 2442 break; 2443 case SCTP_PARAM_SET_PRIMARY: 2444 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2445 if (!peer) 2446 return SCTP_ERROR_INV_PARAM; 2447 2448 sctp_assoc_set_primary(asoc, peer); 2449 break; 2450 default: 2451 return SCTP_ERROR_INV_PARAM; 2452 break; 2453 } 2454 2455 return SCTP_ERROR_NO_ERROR; 2456 } 2457 2458 /* Process an incoming ASCONF chunk with the next expected serial no. and 2459 * return an ASCONF_ACK chunk to be sent in response. 2460 */ 2461 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2462 struct sctp_chunk *asconf) 2463 { 2464 sctp_addiphdr_t *hdr; 2465 union sctp_addr_param *addr_param; 2466 sctp_addip_param_t *asconf_param; 2467 struct sctp_chunk *asconf_ack; 2468 2469 __u16 err_code; 2470 int length = 0; 2471 int chunk_len = asconf->skb->len; 2472 __u32 serial; 2473 int all_param_pass = 1; 2474 2475 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2476 serial = ntohl(hdr->serial); 2477 2478 /* Skip the addiphdr and store a pointer to address parameter. */ 2479 length = sizeof(sctp_addiphdr_t); 2480 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2481 chunk_len -= length; 2482 2483 /* Skip the address parameter and store a pointer to the first 2484 * asconf paramter. 2485 */ 2486 length = ntohs(addr_param->v4.param_hdr.length); 2487 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2488 chunk_len -= length; 2489 2490 /* create an ASCONF_ACK chunk. 2491 * Based on the definitions of parameters, we know that the size of 2492 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2493 * paramters. 2494 */ 2495 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2496 if (!asconf_ack) 2497 goto done; 2498 2499 /* Process the TLVs contained within the ASCONF chunk. */ 2500 while (chunk_len > 0) { 2501 err_code = sctp_process_asconf_param(asoc, asconf, 2502 asconf_param); 2503 /* ADDIP 4.1 A7) 2504 * If an error response is received for a TLV parameter, 2505 * all TLVs with no response before the failed TLV are 2506 * considered successful if not reported. All TLVs after 2507 * the failed response are considered unsuccessful unless 2508 * a specific success indication is present for the parameter. 2509 */ 2510 if (SCTP_ERROR_NO_ERROR != err_code) 2511 all_param_pass = 0; 2512 2513 if (!all_param_pass) 2514 sctp_add_asconf_response(asconf_ack, 2515 asconf_param->crr_id, err_code, 2516 asconf_param); 2517 2518 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2519 * an IP address sends an 'Out of Resource' in its response, it 2520 * MUST also fail any subsequent add or delete requests bundled 2521 * in the ASCONF. 2522 */ 2523 if (SCTP_ERROR_RSRC_LOW == err_code) 2524 goto done; 2525 2526 /* Move to the next ASCONF param. */ 2527 length = ntohs(asconf_param->param_hdr.length); 2528 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2529 length); 2530 chunk_len -= length; 2531 } 2532 2533 done: 2534 asoc->peer.addip_serial++; 2535 2536 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2537 * after freeing the reference to old asconf ack if any. 2538 */ 2539 if (asconf_ack) { 2540 if (asoc->addip_last_asconf_ack) 2541 sctp_chunk_free(asoc->addip_last_asconf_ack); 2542 2543 sctp_chunk_hold(asconf_ack); 2544 asoc->addip_last_asconf_ack = asconf_ack; 2545 } 2546 2547 return asconf_ack; 2548 } 2549 2550 /* Process a asconf parameter that is successfully acked. */ 2551 static int sctp_asconf_param_success(struct sctp_association *asoc, 2552 sctp_addip_param_t *asconf_param) 2553 { 2554 struct sctp_af *af; 2555 union sctp_addr addr; 2556 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2557 union sctp_addr_param *addr_param; 2558 struct list_head *pos; 2559 struct sctp_transport *transport; 2560 int retval = 0; 2561 2562 addr_param = (union sctp_addr_param *) 2563 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2564 2565 /* We have checked the packet before, so we do not check again. */ 2566 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2567 af->from_addr_param(&addr, addr_param, bp->port, 0); 2568 2569 switch (asconf_param->param_hdr.type) { 2570 case SCTP_PARAM_ADD_IP: 2571 sctp_local_bh_disable(); 2572 sctp_write_lock(&asoc->base.addr_lock); 2573 retval = sctp_add_bind_addr(bp, &addr, GFP_ATOMIC); 2574 sctp_write_unlock(&asoc->base.addr_lock); 2575 sctp_local_bh_enable(); 2576 break; 2577 case SCTP_PARAM_DEL_IP: 2578 sctp_local_bh_disable(); 2579 sctp_write_lock(&asoc->base.addr_lock); 2580 retval = sctp_del_bind_addr(bp, &addr); 2581 sctp_write_unlock(&asoc->base.addr_lock); 2582 sctp_local_bh_enable(); 2583 list_for_each(pos, &asoc->peer.transport_addr_list) { 2584 transport = list_entry(pos, struct sctp_transport, 2585 transports); 2586 sctp_transport_route(transport, NULL, 2587 sctp_sk(asoc->base.sk)); 2588 } 2589 break; 2590 default: 2591 break; 2592 } 2593 2594 return retval; 2595 } 2596 2597 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2598 * for the given asconf parameter. If there is no response for this parameter, 2599 * return the error code based on the third argument 'no_err'. 2600 * ADDIP 4.1 2601 * A7) If an error response is received for a TLV parameter, all TLVs with no 2602 * response before the failed TLV are considered successful if not reported. 2603 * All TLVs after the failed response are considered unsuccessful unless a 2604 * specific success indication is present for the parameter. 2605 */ 2606 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2607 sctp_addip_param_t *asconf_param, 2608 int no_err) 2609 { 2610 sctp_addip_param_t *asconf_ack_param; 2611 sctp_errhdr_t *err_param; 2612 int length; 2613 int asconf_ack_len = asconf_ack->skb->len; 2614 __u16 err_code; 2615 2616 if (no_err) 2617 err_code = SCTP_ERROR_NO_ERROR; 2618 else 2619 err_code = SCTP_ERROR_REQ_REFUSED; 2620 2621 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2622 * the first asconf_ack parameter. 2623 */ 2624 length = sizeof(sctp_addiphdr_t); 2625 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2626 length); 2627 asconf_ack_len -= length; 2628 2629 while (asconf_ack_len > 0) { 2630 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2631 switch(asconf_ack_param->param_hdr.type) { 2632 case SCTP_PARAM_SUCCESS_REPORT: 2633 return SCTP_ERROR_NO_ERROR; 2634 case SCTP_PARAM_ERR_CAUSE: 2635 length = sizeof(sctp_addip_param_t); 2636 err_param = (sctp_errhdr_t *) 2637 ((void *)asconf_ack_param + length); 2638 asconf_ack_len -= length; 2639 if (asconf_ack_len > 0) 2640 return err_param->cause; 2641 else 2642 return SCTP_ERROR_INV_PARAM; 2643 break; 2644 default: 2645 return SCTP_ERROR_INV_PARAM; 2646 } 2647 } 2648 2649 length = ntohs(asconf_ack_param->param_hdr.length); 2650 asconf_ack_param = (sctp_addip_param_t *) 2651 ((void *)asconf_ack_param + length); 2652 asconf_ack_len -= length; 2653 } 2654 2655 return err_code; 2656 } 2657 2658 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2659 int sctp_process_asconf_ack(struct sctp_association *asoc, 2660 struct sctp_chunk *asconf_ack) 2661 { 2662 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2663 union sctp_addr_param *addr_param; 2664 sctp_addip_param_t *asconf_param; 2665 int length = 0; 2666 int asconf_len = asconf->skb->len; 2667 int all_param_pass = 0; 2668 int no_err = 1; 2669 int retval = 0; 2670 __u16 err_code = SCTP_ERROR_NO_ERROR; 2671 2672 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2673 * a pointer to address parameter. 2674 */ 2675 length = sizeof(sctp_addip_chunk_t); 2676 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2677 asconf_len -= length; 2678 2679 /* Skip the address parameter in the last asconf sent and store a 2680 * pointer to the first asconf paramter. 2681 */ 2682 length = ntohs(addr_param->v4.param_hdr.length); 2683 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2684 asconf_len -= length; 2685 2686 /* ADDIP 4.1 2687 * A8) If there is no response(s) to specific TLV parameter(s), and no 2688 * failures are indicated, then all request(s) are considered 2689 * successful. 2690 */ 2691 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2692 all_param_pass = 1; 2693 2694 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2695 while (asconf_len > 0) { 2696 if (all_param_pass) 2697 err_code = SCTP_ERROR_NO_ERROR; 2698 else { 2699 err_code = sctp_get_asconf_response(asconf_ack, 2700 asconf_param, 2701 no_err); 2702 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2703 no_err = 0; 2704 } 2705 2706 switch (err_code) { 2707 case SCTP_ERROR_NO_ERROR: 2708 retval = sctp_asconf_param_success(asoc, asconf_param); 2709 break; 2710 2711 case SCTP_ERROR_RSRC_LOW: 2712 retval = 1; 2713 break; 2714 2715 case SCTP_ERROR_INV_PARAM: 2716 /* Disable sending this type of asconf parameter in 2717 * future. 2718 */ 2719 asoc->peer.addip_disabled_mask |= 2720 asconf_param->param_hdr.type; 2721 break; 2722 2723 case SCTP_ERROR_REQ_REFUSED: 2724 case SCTP_ERROR_DEL_LAST_IP: 2725 case SCTP_ERROR_DEL_SRC_IP: 2726 default: 2727 break; 2728 } 2729 2730 /* Skip the processed asconf parameter and move to the next 2731 * one. 2732 */ 2733 length = ntohs(asconf_param->param_hdr.length); 2734 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2735 length); 2736 asconf_len -= length; 2737 } 2738 2739 /* Free the cached last sent asconf chunk. */ 2740 sctp_chunk_free(asconf); 2741 asoc->addip_last_asconf = NULL; 2742 2743 /* Send the next asconf chunk from the addip chunk queue. */ 2744 if (!list_empty(&asoc->addip_chunk_list)) { 2745 struct list_head *entry = asoc->addip_chunk_list.next; 2746 asconf = list_entry(entry, struct sctp_chunk, list); 2747 2748 list_del_init(entry); 2749 2750 /* Hold the chunk until an ASCONF_ACK is received. */ 2751 sctp_chunk_hold(asconf); 2752 if (sctp_primitive_ASCONF(asoc, asconf)) 2753 sctp_chunk_free(asconf); 2754 else 2755 asoc->addip_last_asconf = asconf; 2756 } 2757 2758 return retval; 2759 } 2760 2761 /* Make a FWD TSN chunk. */ 2762 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2763 __u32 new_cum_tsn, size_t nstreams, 2764 struct sctp_fwdtsn_skip *skiplist) 2765 { 2766 struct sctp_chunk *retval = NULL; 2767 struct sctp_fwdtsn_chunk *ftsn_chunk; 2768 struct sctp_fwdtsn_hdr ftsn_hdr; 2769 struct sctp_fwdtsn_skip skip; 2770 size_t hint; 2771 int i; 2772 2773 hint = (nstreams + 1) * sizeof(__u32); 2774 2775 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2776 2777 if (!retval) 2778 return NULL; 2779 2780 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2781 2782 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2783 retval->subh.fwdtsn_hdr = 2784 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2785 2786 for (i = 0; i < nstreams; i++) { 2787 skip.stream = skiplist[i].stream; 2788 skip.ssn = skiplist[i].ssn; 2789 sctp_addto_chunk(retval, sizeof(skip), &skip); 2790 } 2791 2792 return retval; 2793 } 2794