1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern struct kmem_cache *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 gfp_t gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __be16 types[2]; 187 sctp_adaptation_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 kfree(addrs.v); 258 return retval; 259 } 260 261 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 262 const struct sctp_chunk *chunk, 263 gfp_t gfp, int unkparam_len) 264 { 265 sctp_inithdr_t initack; 266 struct sctp_chunk *retval; 267 union sctp_params addrs; 268 int addrs_len; 269 sctp_cookie_param_t *cookie; 270 int cookie_len; 271 size_t chunksize; 272 sctp_adaptation_ind_param_t aiparam; 273 274 retval = NULL; 275 276 /* Note: there may be no addresses to embed. */ 277 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 278 279 initack.init_tag = htonl(asoc->c.my_vtag); 280 initack.a_rwnd = htonl(asoc->rwnd); 281 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 282 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 283 initack.initial_tsn = htonl(asoc->c.initial_tsn); 284 285 /* FIXME: We really ought to build the cookie right 286 * into the packet instead of allocating more fresh memory. 287 */ 288 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 289 addrs.v, addrs_len); 290 if (!cookie) 291 goto nomem_cookie; 292 293 /* Calculate the total size of allocation, include the reserved 294 * space for reporting unknown parameters if it is specified. 295 */ 296 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 297 298 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 299 if (asoc->peer.ecn_capable) 300 chunksize += sizeof(ecap_param); 301 302 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 303 if (asoc->peer.prsctp_capable) 304 chunksize += sizeof(prsctp_param); 305 306 chunksize += sizeof(aiparam); 307 308 /* Now allocate and fill out the chunk. */ 309 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 310 if (!retval) 311 goto nomem_chunk; 312 313 /* Per the advice in RFC 2960 6.4, send this reply to 314 * the source of the INIT packet. 315 */ 316 retval->transport = chunk->transport; 317 retval->subh.init_hdr = 318 sctp_addto_chunk(retval, sizeof(initack), &initack); 319 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 320 sctp_addto_chunk(retval, cookie_len, cookie); 321 if (asoc->peer.ecn_capable) 322 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 323 if (asoc->peer.prsctp_capable) 324 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 325 326 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 327 aiparam.param_hdr.length = htons(sizeof(aiparam)); 328 aiparam.adaptation_ind = htonl(sctp_sk(asoc->base.sk)->adaptation_ind); 329 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 330 331 /* We need to remove the const qualifier at this point. */ 332 retval->asoc = (struct sctp_association *) asoc; 333 334 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 335 * 336 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 337 * HEARTBEAT ACK, * etc.) to the same destination transport 338 * address from which it received the DATA or control chunk 339 * to which it is replying. 340 * 341 * [INIT ACK back to where the INIT came from.] 342 */ 343 if (chunk) 344 retval->transport = chunk->transport; 345 346 nomem_chunk: 347 kfree(cookie); 348 nomem_cookie: 349 kfree(addrs.v); 350 return retval; 351 } 352 353 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 354 * 355 * This chunk is used only during the initialization of an association. 356 * It is sent by the initiator of an association to its peer to complete 357 * the initialization process. This chunk MUST precede any DATA chunk 358 * sent within the association, but MAY be bundled with one or more DATA 359 * chunks in the same packet. 360 * 361 * 0 1 2 3 362 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 363 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 * | Type = 10 |Chunk Flags | Length | 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * / Cookie / 367 * \ \ 368 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 * 370 * Chunk Flags: 8 bit 371 * 372 * Set to zero on transmit and ignored on receipt. 373 * 374 * Length: 16 bits (unsigned integer) 375 * 376 * Set to the size of the chunk in bytes, including the 4 bytes of 377 * the chunk header and the size of the Cookie. 378 * 379 * Cookie: variable size 380 * 381 * This field must contain the exact cookie received in the 382 * State Cookie parameter from the previous INIT ACK. 383 * 384 * An implementation SHOULD make the cookie as small as possible 385 * to insure interoperability. 386 */ 387 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 388 const struct sctp_chunk *chunk) 389 { 390 struct sctp_chunk *retval; 391 void *cookie; 392 int cookie_len; 393 394 cookie = asoc->peer.cookie; 395 cookie_len = asoc->peer.cookie_len; 396 397 /* Build a cookie echo chunk. */ 398 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 399 if (!retval) 400 goto nodata; 401 retval->subh.cookie_hdr = 402 sctp_addto_chunk(retval, cookie_len, cookie); 403 404 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 405 * 406 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 407 * HEARTBEAT ACK, * etc.) to the same destination transport 408 * address from which it * received the DATA or control chunk 409 * to which it is replying. 410 * 411 * [COOKIE ECHO back to where the INIT ACK came from.] 412 */ 413 if (chunk) 414 retval->transport = chunk->transport; 415 416 nodata: 417 return retval; 418 } 419 420 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 421 * 422 * This chunk is used only during the initialization of an 423 * association. It is used to acknowledge the receipt of a COOKIE 424 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 425 * within the association, but MAY be bundled with one or more DATA 426 * chunks or SACK chunk in the same SCTP packet. 427 * 428 * 0 1 2 3 429 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 430 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 431 * | Type = 11 |Chunk Flags | Length = 4 | 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * 434 * Chunk Flags: 8 bits 435 * 436 * Set to zero on transmit and ignored on receipt. 437 */ 438 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 439 const struct sctp_chunk *chunk) 440 { 441 struct sctp_chunk *retval; 442 443 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 444 445 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 446 * 447 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 448 * HEARTBEAT ACK, * etc.) to the same destination transport 449 * address from which it * received the DATA or control chunk 450 * to which it is replying. 451 * 452 * [COOKIE ACK back to where the COOKIE ECHO came from.] 453 */ 454 if (retval && chunk) 455 retval->transport = chunk->transport; 456 457 return retval; 458 } 459 460 /* 461 * Appendix A: Explicit Congestion Notification: 462 * CWR: 463 * 464 * RFC 2481 details a specific bit for a sender to send in the header of 465 * its next outbound TCP segment to indicate to its peer that it has 466 * reduced its congestion window. This is termed the CWR bit. For 467 * SCTP the same indication is made by including the CWR chunk. 468 * This chunk contains one data element, i.e. the TSN number that 469 * was sent in the ECNE chunk. This element represents the lowest 470 * TSN number in the datagram that was originally marked with the 471 * CE bit. 472 * 473 * 0 1 2 3 474 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 475 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 476 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Lowest TSN Number | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * 481 * Note: The CWR is considered a Control chunk. 482 */ 483 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 484 const __u32 lowest_tsn, 485 const struct sctp_chunk *chunk) 486 { 487 struct sctp_chunk *retval; 488 sctp_cwrhdr_t cwr; 489 490 cwr.lowest_tsn = htonl(lowest_tsn); 491 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 492 sizeof(sctp_cwrhdr_t)); 493 494 if (!retval) 495 goto nodata; 496 497 retval->subh.ecn_cwr_hdr = 498 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 499 500 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 501 * 502 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 503 * HEARTBEAT ACK, * etc.) to the same destination transport 504 * address from which it * received the DATA or control chunk 505 * to which it is replying. 506 * 507 * [Report a reduced congestion window back to where the ECNE 508 * came from.] 509 */ 510 if (chunk) 511 retval->transport = chunk->transport; 512 513 nodata: 514 return retval; 515 } 516 517 /* Make an ECNE chunk. This is a congestion experienced report. */ 518 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 519 const __u32 lowest_tsn) 520 { 521 struct sctp_chunk *retval; 522 sctp_ecnehdr_t ecne; 523 524 ecne.lowest_tsn = htonl(lowest_tsn); 525 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 526 sizeof(sctp_ecnehdr_t)); 527 if (!retval) 528 goto nodata; 529 retval->subh.ecne_hdr = 530 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 531 532 nodata: 533 return retval; 534 } 535 536 /* Make a DATA chunk for the given association from the provided 537 * parameters. However, do not populate the data payload. 538 */ 539 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 540 const struct sctp_sndrcvinfo *sinfo, 541 int data_len, __u8 flags, __u16 ssn) 542 { 543 struct sctp_chunk *retval; 544 struct sctp_datahdr dp; 545 int chunk_len; 546 547 /* We assign the TSN as LATE as possible, not here when 548 * creating the chunk. 549 */ 550 dp.tsn = 0; 551 dp.stream = htons(sinfo->sinfo_stream); 552 dp.ppid = sinfo->sinfo_ppid; 553 554 /* Set the flags for an unordered send. */ 555 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 556 flags |= SCTP_DATA_UNORDERED; 557 dp.ssn = 0; 558 } else 559 dp.ssn = htons(ssn); 560 561 chunk_len = sizeof(dp) + data_len; 562 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 563 if (!retval) 564 goto nodata; 565 566 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 567 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 568 569 nodata: 570 return retval; 571 } 572 573 /* Create a selective ackowledgement (SACK) for the given 574 * association. This reports on which TSN's we've seen to date, 575 * including duplicates and gaps. 576 */ 577 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 578 { 579 struct sctp_chunk *retval; 580 struct sctp_sackhdr sack; 581 int len; 582 __u32 ctsn; 583 __u16 num_gabs, num_dup_tsns; 584 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 585 586 ctsn = sctp_tsnmap_get_ctsn(map); 587 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 588 589 /* How much room is needed in the chunk? */ 590 num_gabs = sctp_tsnmap_num_gabs(map); 591 num_dup_tsns = sctp_tsnmap_num_dups(map); 592 593 /* Initialize the SACK header. */ 594 sack.cum_tsn_ack = htonl(ctsn); 595 sack.a_rwnd = htonl(asoc->a_rwnd); 596 sack.num_gap_ack_blocks = htons(num_gabs); 597 sack.num_dup_tsns = htons(num_dup_tsns); 598 599 len = sizeof(sack) 600 + sizeof(struct sctp_gap_ack_block) * num_gabs 601 + sizeof(__u32) * num_dup_tsns; 602 603 /* Create the chunk. */ 604 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 605 if (!retval) 606 goto nodata; 607 608 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 609 * 610 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 611 * HEARTBEAT ACK, etc.) to the same destination transport 612 * address from which it received the DATA or control chunk to 613 * which it is replying. This rule should also be followed if 614 * the endpoint is bundling DATA chunks together with the 615 * reply chunk. 616 * 617 * However, when acknowledging multiple DATA chunks received 618 * in packets from different source addresses in a single 619 * SACK, the SACK chunk may be transmitted to one of the 620 * destination transport addresses from which the DATA or 621 * control chunks being acknowledged were received. 622 * 623 * [BUG: We do not implement the following paragraph. 624 * Perhaps we should remember the last transport we used for a 625 * SACK and avoid that (if possible) if we have seen any 626 * duplicates. --piggy] 627 * 628 * When a receiver of a duplicate DATA chunk sends a SACK to a 629 * multi- homed endpoint it MAY be beneficial to vary the 630 * destination address and not use the source address of the 631 * DATA chunk. The reason being that receiving a duplicate 632 * from a multi-homed endpoint might indicate that the return 633 * path (as specified in the source address of the DATA chunk) 634 * for the SACK is broken. 635 * 636 * [Send to the address from which we last received a DATA chunk.] 637 */ 638 retval->transport = asoc->peer.last_data_from; 639 640 retval->subh.sack_hdr = 641 sctp_addto_chunk(retval, sizeof(sack), &sack); 642 643 /* Add the gap ack block information. */ 644 if (num_gabs) 645 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 646 sctp_tsnmap_get_gabs(map)); 647 648 /* Add the duplicate TSN information. */ 649 if (num_dup_tsns) 650 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 651 sctp_tsnmap_get_dups(map)); 652 653 nodata: 654 return retval; 655 } 656 657 /* Make a SHUTDOWN chunk. */ 658 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 659 const struct sctp_chunk *chunk) 660 { 661 struct sctp_chunk *retval; 662 sctp_shutdownhdr_t shut; 663 __u32 ctsn; 664 665 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 666 shut.cum_tsn_ack = htonl(ctsn); 667 668 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 669 sizeof(sctp_shutdownhdr_t)); 670 if (!retval) 671 goto nodata; 672 673 retval->subh.shutdown_hdr = 674 sctp_addto_chunk(retval, sizeof(shut), &shut); 675 676 if (chunk) 677 retval->transport = chunk->transport; 678 nodata: 679 return retval; 680 } 681 682 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 683 const struct sctp_chunk *chunk) 684 { 685 struct sctp_chunk *retval; 686 687 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 688 689 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 690 * 691 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 692 * HEARTBEAT ACK, * etc.) to the same destination transport 693 * address from which it * received the DATA or control chunk 694 * to which it is replying. 695 * 696 * [ACK back to where the SHUTDOWN came from.] 697 */ 698 if (retval && chunk) 699 retval->transport = chunk->transport; 700 701 return retval; 702 } 703 704 struct sctp_chunk *sctp_make_shutdown_complete( 705 const struct sctp_association *asoc, 706 const struct sctp_chunk *chunk) 707 { 708 struct sctp_chunk *retval; 709 __u8 flags = 0; 710 711 /* Set the T-bit if we have no association (vtag will be 712 * reflected) 713 */ 714 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 715 716 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 717 718 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 719 * 720 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 721 * HEARTBEAT ACK, * etc.) to the same destination transport 722 * address from which it * received the DATA or control chunk 723 * to which it is replying. 724 * 725 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 726 * came from.] 727 */ 728 if (retval && chunk) 729 retval->transport = chunk->transport; 730 731 return retval; 732 } 733 734 /* Create an ABORT. Note that we set the T bit if we have no 735 * association, except when responding to an INIT (sctpimpguide 2.41). 736 */ 737 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 738 const struct sctp_chunk *chunk, 739 const size_t hint) 740 { 741 struct sctp_chunk *retval; 742 __u8 flags = 0; 743 744 /* Set the T-bit if we have no association and 'chunk' is not 745 * an INIT (vtag will be reflected). 746 */ 747 if (!asoc) { 748 if (chunk && chunk->chunk_hdr && 749 chunk->chunk_hdr->type == SCTP_CID_INIT) 750 flags = 0; 751 else 752 flags = SCTP_CHUNK_FLAG_T; 753 } 754 755 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 756 757 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 758 * 759 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 760 * HEARTBEAT ACK, * etc.) to the same destination transport 761 * address from which it * received the DATA or control chunk 762 * to which it is replying. 763 * 764 * [ABORT back to where the offender came from.] 765 */ 766 if (retval && chunk) 767 retval->transport = chunk->transport; 768 769 return retval; 770 } 771 772 /* Helper to create ABORT with a NO_USER_DATA error. */ 773 struct sctp_chunk *sctp_make_abort_no_data( 774 const struct sctp_association *asoc, 775 const struct sctp_chunk *chunk, __u32 tsn) 776 { 777 struct sctp_chunk *retval; 778 __be32 payload; 779 780 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 781 + sizeof(tsn)); 782 783 if (!retval) 784 goto no_mem; 785 786 /* Put the tsn back into network byte order. */ 787 payload = htonl(tsn); 788 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 789 sizeof(payload)); 790 791 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 792 * 793 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 794 * HEARTBEAT ACK, * etc.) to the same destination transport 795 * address from which it * received the DATA or control chunk 796 * to which it is replying. 797 * 798 * [ABORT back to where the offender came from.] 799 */ 800 if (chunk) 801 retval->transport = chunk->transport; 802 803 no_mem: 804 return retval; 805 } 806 807 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 808 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 809 const struct msghdr *msg, 810 size_t paylen) 811 { 812 struct sctp_chunk *retval; 813 void *payload = NULL; 814 int err; 815 816 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 817 if (!retval) 818 goto err_chunk; 819 820 if (paylen) { 821 /* Put the msg_iov together into payload. */ 822 payload = kmalloc(paylen, GFP_KERNEL); 823 if (!payload) 824 goto err_payload; 825 826 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 827 if (err < 0) 828 goto err_copy; 829 } 830 831 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 832 833 if (paylen) 834 kfree(payload); 835 836 return retval; 837 838 err_copy: 839 kfree(payload); 840 err_payload: 841 sctp_chunk_free(retval); 842 retval = NULL; 843 err_chunk: 844 return retval; 845 } 846 847 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 848 struct sctp_chunk *sctp_make_abort_violation( 849 const struct sctp_association *asoc, 850 const struct sctp_chunk *chunk, 851 const __u8 *payload, 852 const size_t paylen) 853 { 854 struct sctp_chunk *retval; 855 struct sctp_paramhdr phdr; 856 857 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 858 + sizeof(sctp_chunkhdr_t)); 859 if (!retval) 860 goto end; 861 862 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 863 864 phdr.type = htons(chunk->chunk_hdr->type); 865 phdr.length = chunk->chunk_hdr->length; 866 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 867 868 end: 869 return retval; 870 } 871 872 /* Make a HEARTBEAT chunk. */ 873 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 874 const struct sctp_transport *transport, 875 const void *payload, const size_t paylen) 876 { 877 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 878 0, paylen); 879 880 if (!retval) 881 goto nodata; 882 883 /* Cast away the 'const', as this is just telling the chunk 884 * what transport it belongs to. 885 */ 886 retval->transport = (struct sctp_transport *) transport; 887 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 888 889 nodata: 890 return retval; 891 } 892 893 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 894 const struct sctp_chunk *chunk, 895 const void *payload, const size_t paylen) 896 { 897 struct sctp_chunk *retval; 898 899 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 900 if (!retval) 901 goto nodata; 902 903 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 904 905 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 906 * 907 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 908 * HEARTBEAT ACK, * etc.) to the same destination transport 909 * address from which it * received the DATA or control chunk 910 * to which it is replying. 911 * 912 * [HBACK back to where the HEARTBEAT came from.] 913 */ 914 if (chunk) 915 retval->transport = chunk->transport; 916 917 nodata: 918 return retval; 919 } 920 921 /* Create an Operation Error chunk with the specified space reserved. 922 * This routine can be used for containing multiple causes in the chunk. 923 */ 924 static struct sctp_chunk *sctp_make_op_error_space( 925 const struct sctp_association *asoc, 926 const struct sctp_chunk *chunk, 927 size_t size) 928 { 929 struct sctp_chunk *retval; 930 931 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 932 sizeof(sctp_errhdr_t) + size); 933 if (!retval) 934 goto nodata; 935 936 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 937 * 938 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 939 * HEARTBEAT ACK, etc.) to the same destination transport 940 * address from which it received the DATA or control chunk 941 * to which it is replying. 942 * 943 */ 944 if (chunk) 945 retval->transport = chunk->transport; 946 947 nodata: 948 return retval; 949 } 950 951 /* Create an Operation Error chunk. */ 952 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 953 const struct sctp_chunk *chunk, 954 __be16 cause_code, const void *payload, 955 size_t paylen) 956 { 957 struct sctp_chunk *retval; 958 959 retval = sctp_make_op_error_space(asoc, chunk, paylen); 960 if (!retval) 961 goto nodata; 962 963 sctp_init_cause(retval, cause_code, payload, paylen); 964 965 nodata: 966 return retval; 967 } 968 969 /******************************************************************** 970 * 2nd Level Abstractions 971 ********************************************************************/ 972 973 /* Turn an skb into a chunk. 974 * FIXME: Eventually move the structure directly inside the skb->cb[]. 975 */ 976 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 977 const struct sctp_association *asoc, 978 struct sock *sk) 979 { 980 struct sctp_chunk *retval; 981 982 retval = kmem_cache_alloc(sctp_chunk_cachep, GFP_ATOMIC); 983 984 if (!retval) 985 goto nodata; 986 memset(retval, 0, sizeof(struct sctp_chunk)); 987 988 if (!sk) { 989 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 990 } 991 992 INIT_LIST_HEAD(&retval->list); 993 retval->skb = skb; 994 retval->asoc = (struct sctp_association *)asoc; 995 retval->resent = 0; 996 retval->has_tsn = 0; 997 retval->has_ssn = 0; 998 retval->rtt_in_progress = 0; 999 retval->sent_at = 0; 1000 retval->singleton = 1; 1001 retval->end_of_packet = 0; 1002 retval->ecn_ce_done = 0; 1003 retval->pdiscard = 0; 1004 1005 /* sctpimpguide-05.txt Section 2.8.2 1006 * M1) Each time a new DATA chunk is transmitted 1007 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1008 * 'TSN.Missing.Report' count will be used to determine missing chunks 1009 * and when to fast retransmit. 1010 */ 1011 retval->tsn_missing_report = 0; 1012 retval->tsn_gap_acked = 0; 1013 retval->fast_retransmit = 0; 1014 1015 /* If this is a fragmented message, track all fragments 1016 * of the message (for SEND_FAILED). 1017 */ 1018 retval->msg = NULL; 1019 1020 /* Polish the bead hole. */ 1021 INIT_LIST_HEAD(&retval->transmitted_list); 1022 INIT_LIST_HEAD(&retval->frag_list); 1023 SCTP_DBG_OBJCNT_INC(chunk); 1024 atomic_set(&retval->refcnt, 1); 1025 1026 nodata: 1027 return retval; 1028 } 1029 1030 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1031 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1032 union sctp_addr *dest) 1033 { 1034 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1035 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1036 } 1037 1038 /* Extract the source address from a chunk. */ 1039 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1040 { 1041 /* If we have a known transport, use that. */ 1042 if (chunk->transport) { 1043 return &chunk->transport->ipaddr; 1044 } else { 1045 /* Otherwise, extract it from the IP header. */ 1046 return &chunk->source; 1047 } 1048 } 1049 1050 /* Create a new chunk, setting the type and flags headers from the 1051 * arguments, reserving enough space for a 'paylen' byte payload. 1052 */ 1053 SCTP_STATIC 1054 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1055 __u8 type, __u8 flags, int paylen) 1056 { 1057 struct sctp_chunk *retval; 1058 sctp_chunkhdr_t *chunk_hdr; 1059 struct sk_buff *skb; 1060 struct sock *sk; 1061 1062 /* No need to allocate LL here, as this is only a chunk. */ 1063 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1064 GFP_ATOMIC); 1065 if (!skb) 1066 goto nodata; 1067 1068 /* Make room for the chunk header. */ 1069 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1070 chunk_hdr->type = type; 1071 chunk_hdr->flags = flags; 1072 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1073 1074 sk = asoc ? asoc->base.sk : NULL; 1075 retval = sctp_chunkify(skb, asoc, sk); 1076 if (!retval) { 1077 kfree_skb(skb); 1078 goto nodata; 1079 } 1080 1081 retval->chunk_hdr = chunk_hdr; 1082 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1083 1084 /* Set the skb to the belonging sock for accounting. */ 1085 skb->sk = sk; 1086 1087 return retval; 1088 nodata: 1089 return NULL; 1090 } 1091 1092 1093 /* Release the memory occupied by a chunk. */ 1094 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1095 { 1096 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1097 dev_kfree_skb(chunk->skb); 1098 1099 SCTP_DBG_OBJCNT_DEC(chunk); 1100 kmem_cache_free(sctp_chunk_cachep, chunk); 1101 } 1102 1103 /* Possibly, free the chunk. */ 1104 void sctp_chunk_free(struct sctp_chunk *chunk) 1105 { 1106 BUG_ON(!list_empty(&chunk->list)); 1107 list_del_init(&chunk->transmitted_list); 1108 1109 /* Release our reference on the message tracker. */ 1110 if (chunk->msg) 1111 sctp_datamsg_put(chunk->msg); 1112 1113 sctp_chunk_put(chunk); 1114 } 1115 1116 /* Grab a reference to the chunk. */ 1117 void sctp_chunk_hold(struct sctp_chunk *ch) 1118 { 1119 atomic_inc(&ch->refcnt); 1120 } 1121 1122 /* Release a reference to the chunk. */ 1123 void sctp_chunk_put(struct sctp_chunk *ch) 1124 { 1125 if (atomic_dec_and_test(&ch->refcnt)) 1126 sctp_chunk_destroy(ch); 1127 } 1128 1129 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1130 * enough. 1131 */ 1132 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1133 { 1134 void *target; 1135 void *padding; 1136 int chunklen = ntohs(chunk->chunk_hdr->length); 1137 int padlen = chunklen % 4; 1138 1139 padding = skb_put(chunk->skb, padlen); 1140 target = skb_put(chunk->skb, len); 1141 1142 memset(padding, 0, padlen); 1143 memcpy(target, data, len); 1144 1145 /* Adjust the chunk length field. */ 1146 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1147 chunk->chunk_end = chunk->skb->tail; 1148 1149 return target; 1150 } 1151 1152 /* Append bytes from user space to the end of a chunk. Will panic if 1153 * chunk is not big enough. 1154 * Returns a kernel err value. 1155 */ 1156 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1157 struct iovec *data) 1158 { 1159 __u8 *target; 1160 int err = 0; 1161 1162 /* Make room in chunk for data. */ 1163 target = skb_put(chunk->skb, len); 1164 1165 /* Copy data (whole iovec) into chunk */ 1166 if ((err = memcpy_fromiovecend(target, data, off, len))) 1167 goto out; 1168 1169 /* Adjust the chunk length field. */ 1170 chunk->chunk_hdr->length = 1171 htons(ntohs(chunk->chunk_hdr->length) + len); 1172 chunk->chunk_end = chunk->skb->tail; 1173 1174 out: 1175 return err; 1176 } 1177 1178 /* Helper function to assign a TSN if needed. This assumes that both 1179 * the data_hdr and association have already been assigned. 1180 */ 1181 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1182 { 1183 __u16 ssn; 1184 __u16 sid; 1185 1186 if (chunk->has_ssn) 1187 return; 1188 1189 /* This is the last possible instant to assign a SSN. */ 1190 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1191 ssn = 0; 1192 } else { 1193 sid = ntohs(chunk->subh.data_hdr->stream); 1194 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1195 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1196 else 1197 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1198 } 1199 1200 chunk->subh.data_hdr->ssn = htons(ssn); 1201 chunk->has_ssn = 1; 1202 } 1203 1204 /* Helper function to assign a TSN if needed. This assumes that both 1205 * the data_hdr and association have already been assigned. 1206 */ 1207 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1208 { 1209 if (!chunk->has_tsn) { 1210 /* This is the last possible instant to 1211 * assign a TSN. 1212 */ 1213 chunk->subh.data_hdr->tsn = 1214 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1215 chunk->has_tsn = 1; 1216 } 1217 } 1218 1219 /* Create a CLOSED association to use with an incoming packet. */ 1220 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1221 struct sctp_chunk *chunk, 1222 gfp_t gfp) 1223 { 1224 struct sctp_association *asoc; 1225 struct sk_buff *skb; 1226 sctp_scope_t scope; 1227 struct sctp_af *af; 1228 1229 /* Create the bare association. */ 1230 scope = sctp_scope(sctp_source(chunk)); 1231 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1232 if (!asoc) 1233 goto nodata; 1234 asoc->temp = 1; 1235 skb = chunk->skb; 1236 /* Create an entry for the source address of the packet. */ 1237 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1238 if (unlikely(!af)) 1239 goto fail; 1240 af->from_skb(&asoc->c.peer_addr, skb, 1); 1241 nodata: 1242 return asoc; 1243 1244 fail: 1245 sctp_association_free(asoc); 1246 return NULL; 1247 } 1248 1249 /* Build a cookie representing asoc. 1250 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1251 */ 1252 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1253 const struct sctp_association *asoc, 1254 const struct sctp_chunk *init_chunk, 1255 int *cookie_len, 1256 const __u8 *raw_addrs, int addrs_len) 1257 { 1258 sctp_cookie_param_t *retval; 1259 struct sctp_signed_cookie *cookie; 1260 struct scatterlist sg; 1261 int headersize, bodysize; 1262 unsigned int keylen; 1263 char *key; 1264 1265 /* Header size is static data prior to the actual cookie, including 1266 * any padding. 1267 */ 1268 headersize = sizeof(sctp_paramhdr_t) + 1269 (sizeof(struct sctp_signed_cookie) - 1270 sizeof(struct sctp_cookie)); 1271 bodysize = sizeof(struct sctp_cookie) 1272 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1273 1274 /* Pad out the cookie to a multiple to make the signature 1275 * functions simpler to write. 1276 */ 1277 if (bodysize % SCTP_COOKIE_MULTIPLE) 1278 bodysize += SCTP_COOKIE_MULTIPLE 1279 - (bodysize % SCTP_COOKIE_MULTIPLE); 1280 *cookie_len = headersize + bodysize; 1281 1282 /* Clear this memory since we are sending this data structure 1283 * out on the network. 1284 */ 1285 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1286 if (!retval) 1287 goto nodata; 1288 1289 cookie = (struct sctp_signed_cookie *) retval->body; 1290 1291 /* Set up the parameter header. */ 1292 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1293 retval->p.length = htons(*cookie_len); 1294 1295 /* Copy the cookie part of the association itself. */ 1296 cookie->c = asoc->c; 1297 /* Save the raw address list length in the cookie. */ 1298 cookie->c.raw_addr_list_len = addrs_len; 1299 1300 /* Remember PR-SCTP capability. */ 1301 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1302 1303 /* Save adaptation indication in the cookie. */ 1304 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1305 1306 /* Set an expiration time for the cookie. */ 1307 do_gettimeofday(&cookie->c.expiration); 1308 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1309 1310 /* Copy the peer's init packet. */ 1311 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1312 ntohs(init_chunk->chunk_hdr->length)); 1313 1314 /* Copy the raw local address list of the association. */ 1315 memcpy((__u8 *)&cookie->c.peer_init[0] + 1316 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1317 1318 if (sctp_sk(ep->base.sk)->hmac) { 1319 struct hash_desc desc; 1320 1321 /* Sign the message. */ 1322 sg.page = virt_to_page(&cookie->c); 1323 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1324 sg.length = bodysize; 1325 keylen = SCTP_SECRET_SIZE; 1326 key = (char *)ep->secret_key[ep->current_key]; 1327 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1328 desc.flags = 0; 1329 1330 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1331 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1332 goto free_cookie; 1333 } 1334 1335 return retval; 1336 1337 free_cookie: 1338 kfree(retval); 1339 nodata: 1340 *cookie_len = 0; 1341 return NULL; 1342 } 1343 1344 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1345 struct sctp_association *sctp_unpack_cookie( 1346 const struct sctp_endpoint *ep, 1347 const struct sctp_association *asoc, 1348 struct sctp_chunk *chunk, gfp_t gfp, 1349 int *error, struct sctp_chunk **errp) 1350 { 1351 struct sctp_association *retval = NULL; 1352 struct sctp_signed_cookie *cookie; 1353 struct sctp_cookie *bear_cookie; 1354 int headersize, bodysize, fixed_size; 1355 __u8 *digest = ep->digest; 1356 struct scatterlist sg; 1357 unsigned int keylen, len; 1358 char *key; 1359 sctp_scope_t scope; 1360 struct sk_buff *skb = chunk->skb; 1361 struct timeval tv; 1362 struct hash_desc desc; 1363 1364 /* Header size is static data prior to the actual cookie, including 1365 * any padding. 1366 */ 1367 headersize = sizeof(sctp_chunkhdr_t) + 1368 (sizeof(struct sctp_signed_cookie) - 1369 sizeof(struct sctp_cookie)); 1370 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1371 fixed_size = headersize + sizeof(struct sctp_cookie); 1372 1373 /* Verify that the chunk looks like it even has a cookie. 1374 * There must be enough room for our cookie and our peer's 1375 * INIT chunk. 1376 */ 1377 len = ntohs(chunk->chunk_hdr->length); 1378 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1379 goto malformed; 1380 1381 /* Verify that the cookie has been padded out. */ 1382 if (bodysize % SCTP_COOKIE_MULTIPLE) 1383 goto malformed; 1384 1385 /* Process the cookie. */ 1386 cookie = chunk->subh.cookie_hdr; 1387 bear_cookie = &cookie->c; 1388 1389 if (!sctp_sk(ep->base.sk)->hmac) 1390 goto no_hmac; 1391 1392 /* Check the signature. */ 1393 keylen = SCTP_SECRET_SIZE; 1394 sg.page = virt_to_page(bear_cookie); 1395 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1396 sg.length = bodysize; 1397 key = (char *)ep->secret_key[ep->current_key]; 1398 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1399 desc.flags = 0; 1400 1401 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1402 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1403 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1404 *error = -SCTP_IERROR_NOMEM; 1405 goto fail; 1406 } 1407 1408 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1409 /* Try the previous key. */ 1410 key = (char *)ep->secret_key[ep->last_key]; 1411 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1412 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1413 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1414 *error = -SCTP_IERROR_NOMEM; 1415 goto fail; 1416 } 1417 1418 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1419 /* Yikes! Still bad signature! */ 1420 *error = -SCTP_IERROR_BAD_SIG; 1421 goto fail; 1422 } 1423 } 1424 1425 no_hmac: 1426 /* IG Section 2.35.2: 1427 * 3) Compare the port numbers and the verification tag contained 1428 * within the COOKIE ECHO chunk to the actual port numbers and the 1429 * verification tag within the SCTP common header of the received 1430 * packet. If these values do not match the packet MUST be silently 1431 * discarded, 1432 */ 1433 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1434 *error = -SCTP_IERROR_BAD_TAG; 1435 goto fail; 1436 } 1437 1438 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1439 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1440 *error = -SCTP_IERROR_BAD_PORTS; 1441 goto fail; 1442 } 1443 1444 /* Check to see if the cookie is stale. If there is already 1445 * an association, there is no need to check cookie's expiration 1446 * for init collision case of lost COOKIE ACK. 1447 * If skb has been timestamped, then use the stamp, otherwise 1448 * use current time. This introduces a small possibility that 1449 * that a cookie may be considered expired, but his would only slow 1450 * down the new association establishment instead of every packet. 1451 */ 1452 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1453 skb_get_timestamp(skb, &tv); 1454 else 1455 do_gettimeofday(&tv); 1456 1457 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1458 __u16 len; 1459 /* 1460 * Section 3.3.10.3 Stale Cookie Error (3) 1461 * 1462 * Cause of error 1463 * --------------- 1464 * Stale Cookie Error: Indicates the receipt of a valid State 1465 * Cookie that has expired. 1466 */ 1467 len = ntohs(chunk->chunk_hdr->length); 1468 *errp = sctp_make_op_error_space(asoc, chunk, len); 1469 if (*errp) { 1470 suseconds_t usecs = (tv.tv_sec - 1471 bear_cookie->expiration.tv_sec) * 1000000L + 1472 tv.tv_usec - bear_cookie->expiration.tv_usec; 1473 __be32 n = htonl(usecs); 1474 1475 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1476 &n, sizeof(n)); 1477 *error = -SCTP_IERROR_STALE_COOKIE; 1478 } else 1479 *error = -SCTP_IERROR_NOMEM; 1480 1481 goto fail; 1482 } 1483 1484 /* Make a new base association. */ 1485 scope = sctp_scope(sctp_source(chunk)); 1486 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1487 if (!retval) { 1488 *error = -SCTP_IERROR_NOMEM; 1489 goto fail; 1490 } 1491 1492 /* Set up our peer's port number. */ 1493 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1494 1495 /* Populate the association from the cookie. */ 1496 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1497 1498 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1499 GFP_ATOMIC) < 0) { 1500 *error = -SCTP_IERROR_NOMEM; 1501 goto fail; 1502 } 1503 1504 /* Also, add the destination address. */ 1505 if (list_empty(&retval->base.bind_addr.address_list)) { 1506 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1, 1507 GFP_ATOMIC); 1508 } 1509 1510 retval->next_tsn = retval->c.initial_tsn; 1511 retval->ctsn_ack_point = retval->next_tsn - 1; 1512 retval->addip_serial = retval->c.initial_tsn; 1513 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1514 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1515 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1516 1517 /* The INIT stuff will be done by the side effects. */ 1518 return retval; 1519 1520 fail: 1521 if (retval) 1522 sctp_association_free(retval); 1523 1524 return NULL; 1525 1526 malformed: 1527 /* Yikes! The packet is either corrupt or deliberately 1528 * malformed. 1529 */ 1530 *error = -SCTP_IERROR_MALFORMED; 1531 goto fail; 1532 } 1533 1534 /******************************************************************** 1535 * 3rd Level Abstractions 1536 ********************************************************************/ 1537 1538 struct __sctp_missing { 1539 __be32 num_missing; 1540 __be16 type; 1541 } __attribute__((packed)); 1542 1543 /* 1544 * Report a missing mandatory parameter. 1545 */ 1546 static int sctp_process_missing_param(const struct sctp_association *asoc, 1547 sctp_param_t paramtype, 1548 struct sctp_chunk *chunk, 1549 struct sctp_chunk **errp) 1550 { 1551 struct __sctp_missing report; 1552 __u16 len; 1553 1554 len = WORD_ROUND(sizeof(report)); 1555 1556 /* Make an ERROR chunk, preparing enough room for 1557 * returning multiple unknown parameters. 1558 */ 1559 if (!*errp) 1560 *errp = sctp_make_op_error_space(asoc, chunk, len); 1561 1562 if (*errp) { 1563 report.num_missing = htonl(1); 1564 report.type = paramtype; 1565 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1566 &report, sizeof(report)); 1567 } 1568 1569 /* Stop processing this chunk. */ 1570 return 0; 1571 } 1572 1573 /* Report an Invalid Mandatory Parameter. */ 1574 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1575 struct sctp_chunk *chunk, 1576 struct sctp_chunk **errp) 1577 { 1578 /* Invalid Mandatory Parameter Error has no payload. */ 1579 1580 if (!*errp) 1581 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1582 1583 if (*errp) 1584 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1585 1586 /* Stop processing this chunk. */ 1587 return 0; 1588 } 1589 1590 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1591 struct sctp_paramhdr *param, 1592 const struct sctp_chunk *chunk, 1593 struct sctp_chunk **errp) 1594 { 1595 char error[] = "The following parameter had invalid length:"; 1596 size_t payload_len = WORD_ROUND(sizeof(error)) + 1597 sizeof(sctp_paramhdr_t); 1598 1599 1600 /* Create an error chunk and fill it in with our payload. */ 1601 if (!*errp) 1602 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1603 1604 if (*errp) { 1605 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1606 sizeof(error)); 1607 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1608 } 1609 1610 return 0; 1611 } 1612 1613 1614 /* Do not attempt to handle the HOST_NAME parm. However, do 1615 * send back an indicator to the peer. 1616 */ 1617 static int sctp_process_hn_param(const struct sctp_association *asoc, 1618 union sctp_params param, 1619 struct sctp_chunk *chunk, 1620 struct sctp_chunk **errp) 1621 { 1622 __u16 len = ntohs(param.p->length); 1623 1624 /* Make an ERROR chunk. */ 1625 if (!*errp) 1626 *errp = sctp_make_op_error_space(asoc, chunk, len); 1627 1628 if (*errp) 1629 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1630 param.v, len); 1631 1632 /* Stop processing this chunk. */ 1633 return 0; 1634 } 1635 1636 /* RFC 3.2.1 & the Implementers Guide 2.2. 1637 * 1638 * The Parameter Types are encoded such that the 1639 * highest-order two bits specify the action that must be 1640 * taken if the processing endpoint does not recognize the 1641 * Parameter Type. 1642 * 1643 * 00 - Stop processing this SCTP chunk and discard it, 1644 * do not process any further chunks within it. 1645 * 1646 * 01 - Stop processing this SCTP chunk and discard it, 1647 * do not process any further chunks within it, and report 1648 * the unrecognized parameter in an 'Unrecognized 1649 * Parameter Type' (in either an ERROR or in the INIT ACK). 1650 * 1651 * 10 - Skip this parameter and continue processing. 1652 * 1653 * 11 - Skip this parameter and continue processing but 1654 * report the unrecognized parameter in an 1655 * 'Unrecognized Parameter Type' (in either an ERROR or in 1656 * the INIT ACK). 1657 * 1658 * Return value: 1659 * 0 - discard the chunk 1660 * 1 - continue with the chunk 1661 */ 1662 static int sctp_process_unk_param(const struct sctp_association *asoc, 1663 union sctp_params param, 1664 struct sctp_chunk *chunk, 1665 struct sctp_chunk **errp) 1666 { 1667 int retval = 1; 1668 1669 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1670 case SCTP_PARAM_ACTION_DISCARD: 1671 retval = 0; 1672 break; 1673 case SCTP_PARAM_ACTION_DISCARD_ERR: 1674 retval = 0; 1675 /* Make an ERROR chunk, preparing enough room for 1676 * returning multiple unknown parameters. 1677 */ 1678 if (NULL == *errp) 1679 *errp = sctp_make_op_error_space(asoc, chunk, 1680 ntohs(chunk->chunk_hdr->length)); 1681 1682 if (*errp) 1683 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1684 param.v, 1685 WORD_ROUND(ntohs(param.p->length))); 1686 1687 break; 1688 case SCTP_PARAM_ACTION_SKIP: 1689 break; 1690 case SCTP_PARAM_ACTION_SKIP_ERR: 1691 /* Make an ERROR chunk, preparing enough room for 1692 * returning multiple unknown parameters. 1693 */ 1694 if (NULL == *errp) 1695 *errp = sctp_make_op_error_space(asoc, chunk, 1696 ntohs(chunk->chunk_hdr->length)); 1697 1698 if (*errp) { 1699 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1700 param.v, 1701 WORD_ROUND(ntohs(param.p->length))); 1702 } else { 1703 /* If there is no memory for generating the ERROR 1704 * report as specified, an ABORT will be triggered 1705 * to the peer and the association won't be 1706 * established. 1707 */ 1708 retval = 0; 1709 } 1710 1711 break; 1712 default: 1713 break; 1714 } 1715 1716 return retval; 1717 } 1718 1719 /* Find unrecognized parameters in the chunk. 1720 * Return values: 1721 * 0 - discard the chunk 1722 * 1 - continue with the chunk 1723 */ 1724 static int sctp_verify_param(const struct sctp_association *asoc, 1725 union sctp_params param, 1726 sctp_cid_t cid, 1727 struct sctp_chunk *chunk, 1728 struct sctp_chunk **err_chunk) 1729 { 1730 int retval = 1; 1731 1732 /* FIXME - This routine is not looking at each parameter per the 1733 * chunk type, i.e., unrecognized parameters should be further 1734 * identified based on the chunk id. 1735 */ 1736 1737 switch (param.p->type) { 1738 case SCTP_PARAM_IPV4_ADDRESS: 1739 case SCTP_PARAM_IPV6_ADDRESS: 1740 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1741 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1742 case SCTP_PARAM_STATE_COOKIE: 1743 case SCTP_PARAM_HEARTBEAT_INFO: 1744 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1745 case SCTP_PARAM_ECN_CAPABLE: 1746 case SCTP_PARAM_ADAPTATION_LAYER_IND: 1747 break; 1748 1749 case SCTP_PARAM_HOST_NAME_ADDRESS: 1750 /* Tell the peer, we won't support this param. */ 1751 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1752 case SCTP_PARAM_FWD_TSN_SUPPORT: 1753 if (sctp_prsctp_enable) 1754 break; 1755 /* Fall Through */ 1756 default: 1757 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1758 ntohs(param.p->type), cid); 1759 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1760 1761 break; 1762 } 1763 return retval; 1764 } 1765 1766 /* Verify the INIT packet before we process it. */ 1767 int sctp_verify_init(const struct sctp_association *asoc, 1768 sctp_cid_t cid, 1769 sctp_init_chunk_t *peer_init, 1770 struct sctp_chunk *chunk, 1771 struct sctp_chunk **errp) 1772 { 1773 union sctp_params param; 1774 int has_cookie = 0; 1775 1776 /* Verify stream values are non-zero. */ 1777 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1778 (0 == peer_init->init_hdr.num_inbound_streams) || 1779 (0 == peer_init->init_hdr.init_tag) || 1780 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 1781 1782 sctp_process_inv_mandatory(asoc, chunk, errp); 1783 return 0; 1784 } 1785 1786 /* Check for missing mandatory parameters. */ 1787 sctp_walk_params(param, peer_init, init_hdr.params) { 1788 1789 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1790 has_cookie = 1; 1791 1792 } /* for (loop through all parameters) */ 1793 1794 /* There is a possibility that a parameter length was bad and 1795 * in that case we would have stoped walking the parameters. 1796 * The current param.p would point at the bad one. 1797 * Current consensus on the mailing list is to generate a PROTOCOL 1798 * VIOLATION error. We build the ERROR chunk here and let the normal 1799 * error handling code build and send the packet. 1800 */ 1801 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1802 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1803 return 0; 1804 } 1805 1806 /* The only missing mandatory param possible today is 1807 * the state cookie for an INIT-ACK chunk. 1808 */ 1809 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1810 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1811 chunk, errp); 1812 return 0; 1813 } 1814 1815 /* Find unrecognized parameters. */ 1816 1817 sctp_walk_params(param, peer_init, init_hdr.params) { 1818 1819 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1820 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1821 return 0; 1822 else 1823 return 1; 1824 } 1825 1826 } /* for (loop through all parameters) */ 1827 1828 return 1; 1829 } 1830 1831 /* Unpack the parameters in an INIT packet into an association. 1832 * Returns 0 on failure, else success. 1833 * FIXME: This is an association method. 1834 */ 1835 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1836 const union sctp_addr *peer_addr, 1837 sctp_init_chunk_t *peer_init, gfp_t gfp) 1838 { 1839 union sctp_params param; 1840 struct sctp_transport *transport; 1841 struct list_head *pos, *temp; 1842 char *cookie; 1843 1844 /* We must include the address that the INIT packet came from. 1845 * This is the only address that matters for an INIT packet. 1846 * When processing a COOKIE ECHO, we retrieve the from address 1847 * of the INIT from the cookie. 1848 */ 1849 1850 /* This implementation defaults to making the first transport 1851 * added as the primary transport. The source address seems to 1852 * be a a better choice than any of the embedded addresses. 1853 */ 1854 if (peer_addr) { 1855 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 1856 goto nomem; 1857 } 1858 1859 /* Process the initialization parameters. */ 1860 1861 sctp_walk_params(param, peer_init, init_hdr.params) { 1862 1863 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1864 goto clean_up; 1865 } 1866 1867 /* Walk list of transports, removing transports in the UNKNOWN state. */ 1868 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1869 transport = list_entry(pos, struct sctp_transport, transports); 1870 if (transport->state == SCTP_UNKNOWN) { 1871 sctp_assoc_rm_peer(asoc, transport); 1872 } 1873 } 1874 1875 /* The fixed INIT headers are always in network byte 1876 * order. 1877 */ 1878 asoc->peer.i.init_tag = 1879 ntohl(peer_init->init_hdr.init_tag); 1880 asoc->peer.i.a_rwnd = 1881 ntohl(peer_init->init_hdr.a_rwnd); 1882 asoc->peer.i.num_outbound_streams = 1883 ntohs(peer_init->init_hdr.num_outbound_streams); 1884 asoc->peer.i.num_inbound_streams = 1885 ntohs(peer_init->init_hdr.num_inbound_streams); 1886 asoc->peer.i.initial_tsn = 1887 ntohl(peer_init->init_hdr.initial_tsn); 1888 1889 /* Apply the upper bounds for output streams based on peer's 1890 * number of inbound streams. 1891 */ 1892 if (asoc->c.sinit_num_ostreams > 1893 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1894 asoc->c.sinit_num_ostreams = 1895 ntohs(peer_init->init_hdr.num_inbound_streams); 1896 } 1897 1898 if (asoc->c.sinit_max_instreams > 1899 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1900 asoc->c.sinit_max_instreams = 1901 ntohs(peer_init->init_hdr.num_outbound_streams); 1902 } 1903 1904 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1905 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1906 1907 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1908 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1909 1910 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1911 cookie = asoc->peer.cookie; 1912 if (cookie) { 1913 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 1914 if (!asoc->peer.cookie) 1915 goto clean_up; 1916 } 1917 1918 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1919 * high (for example, implementations MAY use the size of the receiver 1920 * advertised window). 1921 */ 1922 list_for_each(pos, &asoc->peer.transport_addr_list) { 1923 transport = list_entry(pos, struct sctp_transport, transports); 1924 transport->ssthresh = asoc->peer.i.a_rwnd; 1925 } 1926 1927 /* Set up the TSN tracking pieces. */ 1928 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1929 asoc->peer.i.initial_tsn); 1930 1931 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1932 * 1933 * The stream sequence number in all the streams shall start 1934 * from 0 when the association is established. Also, when the 1935 * stream sequence number reaches the value 65535 the next 1936 * stream sequence number shall be set to 0. 1937 */ 1938 1939 /* Allocate storage for the negotiated streams if it is not a temporary 1940 * association. 1941 */ 1942 if (!asoc->temp) { 1943 int assoc_id; 1944 int error; 1945 1946 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1947 asoc->c.sinit_num_ostreams, gfp); 1948 if (!asoc->ssnmap) 1949 goto clean_up; 1950 1951 retry: 1952 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1953 goto clean_up; 1954 spin_lock_bh(&sctp_assocs_id_lock); 1955 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1956 &assoc_id); 1957 spin_unlock_bh(&sctp_assocs_id_lock); 1958 if (error == -EAGAIN) 1959 goto retry; 1960 else if (error) 1961 goto clean_up; 1962 1963 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1964 } 1965 1966 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1967 * 1968 * When an endpoint has an ASCONF signaled change to be sent to the 1969 * remote endpoint it should do the following: 1970 * ... 1971 * A2) A serial number should be assigned to the Chunk. The serial 1972 * number should be a monotonically increasing number. All serial 1973 * numbers are defined to be initialized at the start of the 1974 * association to the same value as the Initial TSN. 1975 */ 1976 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1977 return 1; 1978 1979 clean_up: 1980 /* Release the transport structures. */ 1981 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1982 transport = list_entry(pos, struct sctp_transport, transports); 1983 list_del_init(pos); 1984 sctp_transport_free(transport); 1985 } 1986 1987 asoc->peer.transport_count = 0; 1988 1989 nomem: 1990 return 0; 1991 } 1992 1993 1994 /* Update asoc with the option described in param. 1995 * 1996 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1997 * 1998 * asoc is the association to update. 1999 * param is the variable length parameter to use for update. 2000 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2001 * If the current packet is an INIT we want to minimize the amount of 2002 * work we do. In particular, we should not build transport 2003 * structures for the addresses. 2004 */ 2005 static int sctp_process_param(struct sctp_association *asoc, 2006 union sctp_params param, 2007 const union sctp_addr *peer_addr, 2008 gfp_t gfp) 2009 { 2010 union sctp_addr addr; 2011 int i; 2012 __u16 sat; 2013 int retval = 1; 2014 sctp_scope_t scope; 2015 time_t stale; 2016 struct sctp_af *af; 2017 2018 /* We maintain all INIT parameters in network byte order all the 2019 * time. This allows us to not worry about whether the parameters 2020 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2021 */ 2022 switch (param.p->type) { 2023 case SCTP_PARAM_IPV6_ADDRESS: 2024 if (PF_INET6 != asoc->base.sk->sk_family) 2025 break; 2026 /* Fall through. */ 2027 case SCTP_PARAM_IPV4_ADDRESS: 2028 af = sctp_get_af_specific(param_type2af(param.p->type)); 2029 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2030 scope = sctp_scope(peer_addr); 2031 if (sctp_in_scope(&addr, scope)) 2032 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2033 return 0; 2034 break; 2035 2036 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2037 if (!sctp_cookie_preserve_enable) 2038 break; 2039 2040 stale = ntohl(param.life->lifespan_increment); 2041 2042 /* Suggested Cookie Life span increment's unit is msec, 2043 * (1/1000sec). 2044 */ 2045 asoc->cookie_life.tv_sec += stale / 1000; 2046 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2047 break; 2048 2049 case SCTP_PARAM_HOST_NAME_ADDRESS: 2050 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2051 break; 2052 2053 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2054 /* Turn off the default values first so we'll know which 2055 * ones are really set by the peer. 2056 */ 2057 asoc->peer.ipv4_address = 0; 2058 asoc->peer.ipv6_address = 0; 2059 2060 /* Cycle through address types; avoid divide by 0. */ 2061 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2062 if (sat) 2063 sat /= sizeof(__u16); 2064 2065 for (i = 0; i < sat; ++i) { 2066 switch (param.sat->types[i]) { 2067 case SCTP_PARAM_IPV4_ADDRESS: 2068 asoc->peer.ipv4_address = 1; 2069 break; 2070 2071 case SCTP_PARAM_IPV6_ADDRESS: 2072 asoc->peer.ipv6_address = 1; 2073 break; 2074 2075 case SCTP_PARAM_HOST_NAME_ADDRESS: 2076 asoc->peer.hostname_address = 1; 2077 break; 2078 2079 default: /* Just ignore anything else. */ 2080 break; 2081 }; 2082 } 2083 break; 2084 2085 case SCTP_PARAM_STATE_COOKIE: 2086 asoc->peer.cookie_len = 2087 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2088 asoc->peer.cookie = param.cookie->body; 2089 break; 2090 2091 case SCTP_PARAM_HEARTBEAT_INFO: 2092 /* Would be odd to receive, but it causes no problems. */ 2093 break; 2094 2095 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2096 /* Rejected during verify stage. */ 2097 break; 2098 2099 case SCTP_PARAM_ECN_CAPABLE: 2100 asoc->peer.ecn_capable = 1; 2101 break; 2102 2103 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2104 asoc->peer.adaptation_ind = param.aind->adaptation_ind; 2105 break; 2106 2107 case SCTP_PARAM_FWD_TSN_SUPPORT: 2108 if (sctp_prsctp_enable) { 2109 asoc->peer.prsctp_capable = 1; 2110 break; 2111 } 2112 /* Fall Through */ 2113 default: 2114 /* Any unrecognized parameters should have been caught 2115 * and handled by sctp_verify_param() which should be 2116 * called prior to this routine. Simply log the error 2117 * here. 2118 */ 2119 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2120 ntohs(param.p->type), asoc); 2121 break; 2122 }; 2123 2124 return retval; 2125 } 2126 2127 /* Select a new verification tag. */ 2128 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2129 { 2130 /* I believe that this random number generator complies with RFC1750. 2131 * A tag of 0 is reserved for special cases (e.g. INIT). 2132 */ 2133 __u32 x; 2134 2135 do { 2136 get_random_bytes(&x, sizeof(__u32)); 2137 } while (x == 0); 2138 2139 return x; 2140 } 2141 2142 /* Select an initial TSN to send during startup. */ 2143 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2144 { 2145 __u32 retval; 2146 2147 get_random_bytes(&retval, sizeof(__u32)); 2148 return retval; 2149 } 2150 2151 /* 2152 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2153 * 0 1 2 3 2154 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2155 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2156 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2157 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2158 * | Serial Number | 2159 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2160 * | Address Parameter | 2161 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2162 * | ASCONF Parameter #1 | 2163 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2164 * \ \ 2165 * / .... / 2166 * \ \ 2167 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2168 * | ASCONF Parameter #N | 2169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2170 * 2171 * Address Parameter and other parameter will not be wrapped in this function 2172 */ 2173 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2174 union sctp_addr *addr, 2175 int vparam_len) 2176 { 2177 sctp_addiphdr_t asconf; 2178 struct sctp_chunk *retval; 2179 int length = sizeof(asconf) + vparam_len; 2180 union sctp_addr_param addrparam; 2181 int addrlen; 2182 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2183 2184 addrlen = af->to_addr_param(addr, &addrparam); 2185 if (!addrlen) 2186 return NULL; 2187 length += addrlen; 2188 2189 /* Create the chunk. */ 2190 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2191 if (!retval) 2192 return NULL; 2193 2194 asconf.serial = htonl(asoc->addip_serial++); 2195 2196 retval->subh.addip_hdr = 2197 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2198 retval->param_hdr.v = 2199 sctp_addto_chunk(retval, addrlen, &addrparam); 2200 2201 return retval; 2202 } 2203 2204 /* ADDIP 2205 * 3.2.1 Add IP Address 2206 * 0 1 2 3 2207 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2209 * | Type = 0xC001 | Length = Variable | 2210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2211 * | ASCONF-Request Correlation ID | 2212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2213 * | Address Parameter | 2214 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2215 * 2216 * 3.2.2 Delete IP Address 2217 * 0 1 2 3 2218 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2219 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2220 * | Type = 0xC002 | Length = Variable | 2221 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2222 * | ASCONF-Request Correlation ID | 2223 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2224 * | Address Parameter | 2225 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2226 * 2227 */ 2228 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2229 union sctp_addr *laddr, 2230 struct sockaddr *addrs, 2231 int addrcnt, 2232 __be16 flags) 2233 { 2234 sctp_addip_param_t param; 2235 struct sctp_chunk *retval; 2236 union sctp_addr_param addr_param; 2237 union sctp_addr *addr; 2238 void *addr_buf; 2239 struct sctp_af *af; 2240 int paramlen = sizeof(param); 2241 int addr_param_len = 0; 2242 int totallen = 0; 2243 int i; 2244 2245 /* Get total length of all the address parameters. */ 2246 addr_buf = addrs; 2247 for (i = 0; i < addrcnt; i++) { 2248 addr = (union sctp_addr *)addr_buf; 2249 af = sctp_get_af_specific(addr->v4.sin_family); 2250 addr_param_len = af->to_addr_param(addr, &addr_param); 2251 2252 totallen += paramlen; 2253 totallen += addr_param_len; 2254 2255 addr_buf += af->sockaddr_len; 2256 } 2257 2258 /* Create an asconf chunk with the required length. */ 2259 retval = sctp_make_asconf(asoc, laddr, totallen); 2260 if (!retval) 2261 return NULL; 2262 2263 /* Add the address parameters to the asconf chunk. */ 2264 addr_buf = addrs; 2265 for (i = 0; i < addrcnt; i++) { 2266 addr = (union sctp_addr *)addr_buf; 2267 af = sctp_get_af_specific(addr->v4.sin_family); 2268 addr_param_len = af->to_addr_param(addr, &addr_param); 2269 param.param_hdr.type = flags; 2270 param.param_hdr.length = htons(paramlen + addr_param_len); 2271 param.crr_id = i; 2272 2273 sctp_addto_chunk(retval, paramlen, ¶m); 2274 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2275 2276 addr_buf += af->sockaddr_len; 2277 } 2278 return retval; 2279 } 2280 2281 /* ADDIP 2282 * 3.2.4 Set Primary IP Address 2283 * 0 1 2 3 2284 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2285 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2286 * | Type =0xC004 | Length = Variable | 2287 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2288 * | ASCONF-Request Correlation ID | 2289 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2290 * | Address Parameter | 2291 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2292 * 2293 * Create an ASCONF chunk with Set Primary IP address parameter. 2294 */ 2295 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2296 union sctp_addr *addr) 2297 { 2298 sctp_addip_param_t param; 2299 struct sctp_chunk *retval; 2300 int len = sizeof(param); 2301 union sctp_addr_param addrparam; 2302 int addrlen; 2303 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2304 2305 addrlen = af->to_addr_param(addr, &addrparam); 2306 if (!addrlen) 2307 return NULL; 2308 len += addrlen; 2309 2310 /* Create the chunk and make asconf header. */ 2311 retval = sctp_make_asconf(asoc, addr, len); 2312 if (!retval) 2313 return NULL; 2314 2315 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2316 param.param_hdr.length = htons(len); 2317 param.crr_id = 0; 2318 2319 sctp_addto_chunk(retval, sizeof(param), ¶m); 2320 sctp_addto_chunk(retval, addrlen, &addrparam); 2321 2322 return retval; 2323 } 2324 2325 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2326 * 0 1 2 3 2327 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2328 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2329 * | Type = 0x80 | Chunk Flags | Chunk Length | 2330 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2331 * | Serial Number | 2332 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2333 * | ASCONF Parameter Response#1 | 2334 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2335 * \ \ 2336 * / .... / 2337 * \ \ 2338 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2339 * | ASCONF Parameter Response#N | 2340 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2341 * 2342 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2343 */ 2344 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2345 __u32 serial, int vparam_len) 2346 { 2347 sctp_addiphdr_t asconf; 2348 struct sctp_chunk *retval; 2349 int length = sizeof(asconf) + vparam_len; 2350 2351 /* Create the chunk. */ 2352 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2353 if (!retval) 2354 return NULL; 2355 2356 asconf.serial = htonl(serial); 2357 2358 retval->subh.addip_hdr = 2359 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2360 2361 return retval; 2362 } 2363 2364 /* Add response parameters to an ASCONF_ACK chunk. */ 2365 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2366 __be16 err_code, sctp_addip_param_t *asconf_param) 2367 { 2368 sctp_addip_param_t ack_param; 2369 sctp_errhdr_t err_param; 2370 int asconf_param_len = 0; 2371 int err_param_len = 0; 2372 __be16 response_type; 2373 2374 if (SCTP_ERROR_NO_ERROR == err_code) { 2375 response_type = SCTP_PARAM_SUCCESS_REPORT; 2376 } else { 2377 response_type = SCTP_PARAM_ERR_CAUSE; 2378 err_param_len = sizeof(err_param); 2379 if (asconf_param) 2380 asconf_param_len = 2381 ntohs(asconf_param->param_hdr.length); 2382 } 2383 2384 /* Add Success Indication or Error Cause Indication parameter. */ 2385 ack_param.param_hdr.type = response_type; 2386 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2387 err_param_len + 2388 asconf_param_len); 2389 ack_param.crr_id = crr_id; 2390 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2391 2392 if (SCTP_ERROR_NO_ERROR == err_code) 2393 return; 2394 2395 /* Add Error Cause parameter. */ 2396 err_param.cause = err_code; 2397 err_param.length = htons(err_param_len + asconf_param_len); 2398 sctp_addto_chunk(chunk, err_param_len, &err_param); 2399 2400 /* Add the failed TLV copied from ASCONF chunk. */ 2401 if (asconf_param) 2402 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2403 } 2404 2405 /* Process a asconf parameter. */ 2406 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2407 struct sctp_chunk *asconf, 2408 sctp_addip_param_t *asconf_param) 2409 { 2410 struct sctp_transport *peer; 2411 struct sctp_af *af; 2412 union sctp_addr addr; 2413 struct list_head *pos; 2414 union sctp_addr_param *addr_param; 2415 2416 addr_param = (union sctp_addr_param *) 2417 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2418 2419 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2420 if (unlikely(!af)) 2421 return SCTP_ERROR_INV_PARAM; 2422 2423 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2424 switch (asconf_param->param_hdr.type) { 2425 case SCTP_PARAM_ADD_IP: 2426 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2427 * request and does not have the local resources to add this 2428 * new address to the association, it MUST return an Error 2429 * Cause TLV set to the new error code 'Operation Refused 2430 * Due to Resource Shortage'. 2431 */ 2432 2433 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2434 if (!peer) 2435 return SCTP_ERROR_RSRC_LOW; 2436 2437 /* Start the heartbeat timer. */ 2438 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2439 sctp_transport_hold(peer); 2440 break; 2441 case SCTP_PARAM_DEL_IP: 2442 /* ADDIP 4.3 D7) If a request is received to delete the 2443 * last remaining IP address of a peer endpoint, the receiver 2444 * MUST send an Error Cause TLV with the error cause set to the 2445 * new error code 'Request to Delete Last Remaining IP Address'. 2446 */ 2447 pos = asoc->peer.transport_addr_list.next; 2448 if (pos->next == &asoc->peer.transport_addr_list) 2449 return SCTP_ERROR_DEL_LAST_IP; 2450 2451 /* ADDIP 4.3 D8) If a request is received to delete an IP 2452 * address which is also the source address of the IP packet 2453 * which contained the ASCONF chunk, the receiver MUST reject 2454 * this request. To reject the request the receiver MUST send 2455 * an Error Cause TLV set to the new error code 'Request to 2456 * Delete Source IP Address' 2457 */ 2458 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2459 return SCTP_ERROR_DEL_SRC_IP; 2460 2461 sctp_assoc_del_peer(asoc, &addr); 2462 break; 2463 case SCTP_PARAM_SET_PRIMARY: 2464 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2465 if (!peer) 2466 return SCTP_ERROR_INV_PARAM; 2467 2468 sctp_assoc_set_primary(asoc, peer); 2469 break; 2470 default: 2471 return SCTP_ERROR_INV_PARAM; 2472 break; 2473 } 2474 2475 return SCTP_ERROR_NO_ERROR; 2476 } 2477 2478 /* Process an incoming ASCONF chunk with the next expected serial no. and 2479 * return an ASCONF_ACK chunk to be sent in response. 2480 */ 2481 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2482 struct sctp_chunk *asconf) 2483 { 2484 sctp_addiphdr_t *hdr; 2485 union sctp_addr_param *addr_param; 2486 sctp_addip_param_t *asconf_param; 2487 struct sctp_chunk *asconf_ack; 2488 2489 __be16 err_code; 2490 int length = 0; 2491 int chunk_len = asconf->skb->len; 2492 __u32 serial; 2493 int all_param_pass = 1; 2494 2495 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2496 serial = ntohl(hdr->serial); 2497 2498 /* Skip the addiphdr and store a pointer to address parameter. */ 2499 length = sizeof(sctp_addiphdr_t); 2500 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2501 chunk_len -= length; 2502 2503 /* Skip the address parameter and store a pointer to the first 2504 * asconf paramter. 2505 */ 2506 length = ntohs(addr_param->v4.param_hdr.length); 2507 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2508 chunk_len -= length; 2509 2510 /* create an ASCONF_ACK chunk. 2511 * Based on the definitions of parameters, we know that the size of 2512 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2513 * paramters. 2514 */ 2515 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2516 if (!asconf_ack) 2517 goto done; 2518 2519 /* Process the TLVs contained within the ASCONF chunk. */ 2520 while (chunk_len > 0) { 2521 err_code = sctp_process_asconf_param(asoc, asconf, 2522 asconf_param); 2523 /* ADDIP 4.1 A7) 2524 * If an error response is received for a TLV parameter, 2525 * all TLVs with no response before the failed TLV are 2526 * considered successful if not reported. All TLVs after 2527 * the failed response are considered unsuccessful unless 2528 * a specific success indication is present for the parameter. 2529 */ 2530 if (SCTP_ERROR_NO_ERROR != err_code) 2531 all_param_pass = 0; 2532 2533 if (!all_param_pass) 2534 sctp_add_asconf_response(asconf_ack, 2535 asconf_param->crr_id, err_code, 2536 asconf_param); 2537 2538 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2539 * an IP address sends an 'Out of Resource' in its response, it 2540 * MUST also fail any subsequent add or delete requests bundled 2541 * in the ASCONF. 2542 */ 2543 if (SCTP_ERROR_RSRC_LOW == err_code) 2544 goto done; 2545 2546 /* Move to the next ASCONF param. */ 2547 length = ntohs(asconf_param->param_hdr.length); 2548 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2549 length); 2550 chunk_len -= length; 2551 } 2552 2553 done: 2554 asoc->peer.addip_serial++; 2555 2556 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2557 * after freeing the reference to old asconf ack if any. 2558 */ 2559 if (asconf_ack) { 2560 if (asoc->addip_last_asconf_ack) 2561 sctp_chunk_free(asoc->addip_last_asconf_ack); 2562 2563 sctp_chunk_hold(asconf_ack); 2564 asoc->addip_last_asconf_ack = asconf_ack; 2565 } 2566 2567 return asconf_ack; 2568 } 2569 2570 /* Process a asconf parameter that is successfully acked. */ 2571 static int sctp_asconf_param_success(struct sctp_association *asoc, 2572 sctp_addip_param_t *asconf_param) 2573 { 2574 struct sctp_af *af; 2575 union sctp_addr addr; 2576 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2577 union sctp_addr_param *addr_param; 2578 struct list_head *pos; 2579 struct sctp_transport *transport; 2580 struct sctp_sockaddr_entry *saddr; 2581 int retval = 0; 2582 2583 addr_param = (union sctp_addr_param *) 2584 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2585 2586 /* We have checked the packet before, so we do not check again. */ 2587 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2588 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 2589 2590 switch (asconf_param->param_hdr.type) { 2591 case SCTP_PARAM_ADD_IP: 2592 sctp_local_bh_disable(); 2593 sctp_write_lock(&asoc->base.addr_lock); 2594 list_for_each(pos, &bp->address_list) { 2595 saddr = list_entry(pos, struct sctp_sockaddr_entry, list); 2596 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 2597 saddr->use_as_src = 1; 2598 } 2599 sctp_write_unlock(&asoc->base.addr_lock); 2600 sctp_local_bh_enable(); 2601 break; 2602 case SCTP_PARAM_DEL_IP: 2603 sctp_local_bh_disable(); 2604 sctp_write_lock(&asoc->base.addr_lock); 2605 retval = sctp_del_bind_addr(bp, &addr); 2606 sctp_write_unlock(&asoc->base.addr_lock); 2607 sctp_local_bh_enable(); 2608 list_for_each(pos, &asoc->peer.transport_addr_list) { 2609 transport = list_entry(pos, struct sctp_transport, 2610 transports); 2611 dst_release(transport->dst); 2612 sctp_transport_route(transport, NULL, 2613 sctp_sk(asoc->base.sk)); 2614 } 2615 break; 2616 default: 2617 break; 2618 } 2619 2620 return retval; 2621 } 2622 2623 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2624 * for the given asconf parameter. If there is no response for this parameter, 2625 * return the error code based on the third argument 'no_err'. 2626 * ADDIP 4.1 2627 * A7) If an error response is received for a TLV parameter, all TLVs with no 2628 * response before the failed TLV are considered successful if not reported. 2629 * All TLVs after the failed response are considered unsuccessful unless a 2630 * specific success indication is present for the parameter. 2631 */ 2632 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2633 sctp_addip_param_t *asconf_param, 2634 int no_err) 2635 { 2636 sctp_addip_param_t *asconf_ack_param; 2637 sctp_errhdr_t *err_param; 2638 int length; 2639 int asconf_ack_len = asconf_ack->skb->len; 2640 __be16 err_code; 2641 2642 if (no_err) 2643 err_code = SCTP_ERROR_NO_ERROR; 2644 else 2645 err_code = SCTP_ERROR_REQ_REFUSED; 2646 2647 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2648 * the first asconf_ack parameter. 2649 */ 2650 length = sizeof(sctp_addiphdr_t); 2651 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2652 length); 2653 asconf_ack_len -= length; 2654 2655 while (asconf_ack_len > 0) { 2656 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2657 switch(asconf_ack_param->param_hdr.type) { 2658 case SCTP_PARAM_SUCCESS_REPORT: 2659 return SCTP_ERROR_NO_ERROR; 2660 case SCTP_PARAM_ERR_CAUSE: 2661 length = sizeof(sctp_addip_param_t); 2662 err_param = (sctp_errhdr_t *) 2663 ((void *)asconf_ack_param + length); 2664 asconf_ack_len -= length; 2665 if (asconf_ack_len > 0) 2666 return err_param->cause; 2667 else 2668 return SCTP_ERROR_INV_PARAM; 2669 break; 2670 default: 2671 return SCTP_ERROR_INV_PARAM; 2672 } 2673 } 2674 2675 length = ntohs(asconf_ack_param->param_hdr.length); 2676 asconf_ack_param = (sctp_addip_param_t *) 2677 ((void *)asconf_ack_param + length); 2678 asconf_ack_len -= length; 2679 } 2680 2681 return err_code; 2682 } 2683 2684 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2685 int sctp_process_asconf_ack(struct sctp_association *asoc, 2686 struct sctp_chunk *asconf_ack) 2687 { 2688 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2689 union sctp_addr_param *addr_param; 2690 sctp_addip_param_t *asconf_param; 2691 int length = 0; 2692 int asconf_len = asconf->skb->len; 2693 int all_param_pass = 0; 2694 int no_err = 1; 2695 int retval = 0; 2696 __be16 err_code = SCTP_ERROR_NO_ERROR; 2697 2698 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2699 * a pointer to address parameter. 2700 */ 2701 length = sizeof(sctp_addip_chunk_t); 2702 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2703 asconf_len -= length; 2704 2705 /* Skip the address parameter in the last asconf sent and store a 2706 * pointer to the first asconf paramter. 2707 */ 2708 length = ntohs(addr_param->v4.param_hdr.length); 2709 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2710 asconf_len -= length; 2711 2712 /* ADDIP 4.1 2713 * A8) If there is no response(s) to specific TLV parameter(s), and no 2714 * failures are indicated, then all request(s) are considered 2715 * successful. 2716 */ 2717 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2718 all_param_pass = 1; 2719 2720 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2721 while (asconf_len > 0) { 2722 if (all_param_pass) 2723 err_code = SCTP_ERROR_NO_ERROR; 2724 else { 2725 err_code = sctp_get_asconf_response(asconf_ack, 2726 asconf_param, 2727 no_err); 2728 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2729 no_err = 0; 2730 } 2731 2732 switch (err_code) { 2733 case SCTP_ERROR_NO_ERROR: 2734 retval = sctp_asconf_param_success(asoc, asconf_param); 2735 break; 2736 2737 case SCTP_ERROR_RSRC_LOW: 2738 retval = 1; 2739 break; 2740 2741 case SCTP_ERROR_INV_PARAM: 2742 /* Disable sending this type of asconf parameter in 2743 * future. 2744 */ 2745 asoc->peer.addip_disabled_mask |= 2746 asconf_param->param_hdr.type; 2747 break; 2748 2749 case SCTP_ERROR_REQ_REFUSED: 2750 case SCTP_ERROR_DEL_LAST_IP: 2751 case SCTP_ERROR_DEL_SRC_IP: 2752 default: 2753 break; 2754 } 2755 2756 /* Skip the processed asconf parameter and move to the next 2757 * one. 2758 */ 2759 length = ntohs(asconf_param->param_hdr.length); 2760 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2761 length); 2762 asconf_len -= length; 2763 } 2764 2765 /* Free the cached last sent asconf chunk. */ 2766 sctp_chunk_free(asconf); 2767 asoc->addip_last_asconf = NULL; 2768 2769 /* Send the next asconf chunk from the addip chunk queue. */ 2770 if (!list_empty(&asoc->addip_chunk_list)) { 2771 struct list_head *entry = asoc->addip_chunk_list.next; 2772 asconf = list_entry(entry, struct sctp_chunk, list); 2773 2774 list_del_init(entry); 2775 2776 /* Hold the chunk until an ASCONF_ACK is received. */ 2777 sctp_chunk_hold(asconf); 2778 if (sctp_primitive_ASCONF(asoc, asconf)) 2779 sctp_chunk_free(asconf); 2780 else 2781 asoc->addip_last_asconf = asconf; 2782 } 2783 2784 return retval; 2785 } 2786 2787 /* Make a FWD TSN chunk. */ 2788 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2789 __u32 new_cum_tsn, size_t nstreams, 2790 struct sctp_fwdtsn_skip *skiplist) 2791 { 2792 struct sctp_chunk *retval = NULL; 2793 struct sctp_fwdtsn_chunk *ftsn_chunk; 2794 struct sctp_fwdtsn_hdr ftsn_hdr; 2795 struct sctp_fwdtsn_skip skip; 2796 size_t hint; 2797 int i; 2798 2799 hint = (nstreams + 1) * sizeof(__u32); 2800 2801 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2802 2803 if (!retval) 2804 return NULL; 2805 2806 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2807 2808 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2809 retval->subh.fwdtsn_hdr = 2810 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2811 2812 for (i = 0; i < nstreams; i++) { 2813 skip.stream = skiplist[i].stream; 2814 skip.ssn = skiplist[i].ssn; 2815 sctp_addto_chunk(retval, sizeof(skip), &skip); 2816 } 2817 2818 return retval; 2819 } 2820