1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern kmem_cache_t *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 gfp_t gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __u16 types[2]; 187 sctp_adaption_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaption_ind = htonl(sp->adaption_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 kfree(addrs.v); 258 return retval; 259 } 260 261 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 262 const struct sctp_chunk *chunk, 263 gfp_t gfp, int unkparam_len) 264 { 265 sctp_inithdr_t initack; 266 struct sctp_chunk *retval; 267 union sctp_params addrs; 268 int addrs_len; 269 sctp_cookie_param_t *cookie; 270 int cookie_len; 271 size_t chunksize; 272 sctp_adaption_ind_param_t aiparam; 273 274 retval = NULL; 275 276 /* Note: there may be no addresses to embed. */ 277 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 278 279 initack.init_tag = htonl(asoc->c.my_vtag); 280 initack.a_rwnd = htonl(asoc->rwnd); 281 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 282 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 283 initack.initial_tsn = htonl(asoc->c.initial_tsn); 284 285 /* FIXME: We really ought to build the cookie right 286 * into the packet instead of allocating more fresh memory. 287 */ 288 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 289 addrs.v, addrs_len); 290 if (!cookie) 291 goto nomem_cookie; 292 293 /* Calculate the total size of allocation, include the reserved 294 * space for reporting unknown parameters if it is specified. 295 */ 296 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 297 298 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 299 if (asoc->peer.ecn_capable) 300 chunksize += sizeof(ecap_param); 301 302 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 303 if (asoc->peer.prsctp_capable) 304 chunksize += sizeof(prsctp_param); 305 306 chunksize += sizeof(aiparam); 307 308 /* Now allocate and fill out the chunk. */ 309 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 310 if (!retval) 311 goto nomem_chunk; 312 313 /* Per the advice in RFC 2960 6.4, send this reply to 314 * the source of the INIT packet. 315 */ 316 retval->transport = chunk->transport; 317 retval->subh.init_hdr = 318 sctp_addto_chunk(retval, sizeof(initack), &initack); 319 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 320 sctp_addto_chunk(retval, cookie_len, cookie); 321 if (asoc->peer.ecn_capable) 322 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 323 if (asoc->peer.prsctp_capable) 324 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 325 326 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 327 aiparam.param_hdr.length = htons(sizeof(aiparam)); 328 aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind); 329 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 330 331 /* We need to remove the const qualifier at this point. */ 332 retval->asoc = (struct sctp_association *) asoc; 333 334 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 335 * 336 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 337 * HEARTBEAT ACK, * etc.) to the same destination transport 338 * address from which it received the DATA or control chunk 339 * to which it is replying. 340 * 341 * [INIT ACK back to where the INIT came from.] 342 */ 343 if (chunk) 344 retval->transport = chunk->transport; 345 346 nomem_chunk: 347 kfree(cookie); 348 nomem_cookie: 349 kfree(addrs.v); 350 return retval; 351 } 352 353 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 354 * 355 * This chunk is used only during the initialization of an association. 356 * It is sent by the initiator of an association to its peer to complete 357 * the initialization process. This chunk MUST precede any DATA chunk 358 * sent within the association, but MAY be bundled with one or more DATA 359 * chunks in the same packet. 360 * 361 * 0 1 2 3 362 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 363 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 * | Type = 10 |Chunk Flags | Length | 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * / Cookie / 367 * \ \ 368 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 * 370 * Chunk Flags: 8 bit 371 * 372 * Set to zero on transmit and ignored on receipt. 373 * 374 * Length: 16 bits (unsigned integer) 375 * 376 * Set to the size of the chunk in bytes, including the 4 bytes of 377 * the chunk header and the size of the Cookie. 378 * 379 * Cookie: variable size 380 * 381 * This field must contain the exact cookie received in the 382 * State Cookie parameter from the previous INIT ACK. 383 * 384 * An implementation SHOULD make the cookie as small as possible 385 * to insure interoperability. 386 */ 387 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 388 const struct sctp_chunk *chunk) 389 { 390 struct sctp_chunk *retval; 391 void *cookie; 392 int cookie_len; 393 394 cookie = asoc->peer.cookie; 395 cookie_len = asoc->peer.cookie_len; 396 397 /* Build a cookie echo chunk. */ 398 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 399 if (!retval) 400 goto nodata; 401 retval->subh.cookie_hdr = 402 sctp_addto_chunk(retval, cookie_len, cookie); 403 404 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 405 * 406 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 407 * HEARTBEAT ACK, * etc.) to the same destination transport 408 * address from which it * received the DATA or control chunk 409 * to which it is replying. 410 * 411 * [COOKIE ECHO back to where the INIT ACK came from.] 412 */ 413 if (chunk) 414 retval->transport = chunk->transport; 415 416 nodata: 417 return retval; 418 } 419 420 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 421 * 422 * This chunk is used only during the initialization of an 423 * association. It is used to acknowledge the receipt of a COOKIE 424 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 425 * within the association, but MAY be bundled with one or more DATA 426 * chunks or SACK chunk in the same SCTP packet. 427 * 428 * 0 1 2 3 429 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 430 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 431 * | Type = 11 |Chunk Flags | Length = 4 | 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * 434 * Chunk Flags: 8 bits 435 * 436 * Set to zero on transmit and ignored on receipt. 437 */ 438 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 439 const struct sctp_chunk *chunk) 440 { 441 struct sctp_chunk *retval; 442 443 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 444 445 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 446 * 447 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 448 * HEARTBEAT ACK, * etc.) to the same destination transport 449 * address from which it * received the DATA or control chunk 450 * to which it is replying. 451 * 452 * [COOKIE ACK back to where the COOKIE ECHO came from.] 453 */ 454 if (retval && chunk) 455 retval->transport = chunk->transport; 456 457 return retval; 458 } 459 460 /* 461 * Appendix A: Explicit Congestion Notification: 462 * CWR: 463 * 464 * RFC 2481 details a specific bit for a sender to send in the header of 465 * its next outbound TCP segment to indicate to its peer that it has 466 * reduced its congestion window. This is termed the CWR bit. For 467 * SCTP the same indication is made by including the CWR chunk. 468 * This chunk contains one data element, i.e. the TSN number that 469 * was sent in the ECNE chunk. This element represents the lowest 470 * TSN number in the datagram that was originally marked with the 471 * CE bit. 472 * 473 * 0 1 2 3 474 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 475 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 476 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Lowest TSN Number | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * 481 * Note: The CWR is considered a Control chunk. 482 */ 483 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 484 const __u32 lowest_tsn, 485 const struct sctp_chunk *chunk) 486 { 487 struct sctp_chunk *retval; 488 sctp_cwrhdr_t cwr; 489 490 cwr.lowest_tsn = htonl(lowest_tsn); 491 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 492 sizeof(sctp_cwrhdr_t)); 493 494 if (!retval) 495 goto nodata; 496 497 retval->subh.ecn_cwr_hdr = 498 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 499 500 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 501 * 502 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 503 * HEARTBEAT ACK, * etc.) to the same destination transport 504 * address from which it * received the DATA or control chunk 505 * to which it is replying. 506 * 507 * [Report a reduced congestion window back to where the ECNE 508 * came from.] 509 */ 510 if (chunk) 511 retval->transport = chunk->transport; 512 513 nodata: 514 return retval; 515 } 516 517 /* Make an ECNE chunk. This is a congestion experienced report. */ 518 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 519 const __u32 lowest_tsn) 520 { 521 struct sctp_chunk *retval; 522 sctp_ecnehdr_t ecne; 523 524 ecne.lowest_tsn = htonl(lowest_tsn); 525 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 526 sizeof(sctp_ecnehdr_t)); 527 if (!retval) 528 goto nodata; 529 retval->subh.ecne_hdr = 530 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 531 532 nodata: 533 return retval; 534 } 535 536 /* Make a DATA chunk for the given association from the provided 537 * parameters. However, do not populate the data payload. 538 */ 539 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 540 const struct sctp_sndrcvinfo *sinfo, 541 int data_len, __u8 flags, __u16 ssn) 542 { 543 struct sctp_chunk *retval; 544 struct sctp_datahdr dp; 545 int chunk_len; 546 547 /* We assign the TSN as LATE as possible, not here when 548 * creating the chunk. 549 */ 550 dp.tsn = 0; 551 dp.stream = htons(sinfo->sinfo_stream); 552 dp.ppid = sinfo->sinfo_ppid; 553 554 /* Set the flags for an unordered send. */ 555 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 556 flags |= SCTP_DATA_UNORDERED; 557 dp.ssn = 0; 558 } else 559 dp.ssn = htons(ssn); 560 561 chunk_len = sizeof(dp) + data_len; 562 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 563 if (!retval) 564 goto nodata; 565 566 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 567 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 568 569 nodata: 570 return retval; 571 } 572 573 /* Create a selective ackowledgement (SACK) for the given 574 * association. This reports on which TSN's we've seen to date, 575 * including duplicates and gaps. 576 */ 577 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 578 { 579 struct sctp_chunk *retval; 580 struct sctp_sackhdr sack; 581 int len; 582 __u32 ctsn; 583 __u16 num_gabs, num_dup_tsns; 584 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 585 586 ctsn = sctp_tsnmap_get_ctsn(map); 587 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 588 589 /* How much room is needed in the chunk? */ 590 num_gabs = sctp_tsnmap_num_gabs(map); 591 num_dup_tsns = sctp_tsnmap_num_dups(map); 592 593 /* Initialize the SACK header. */ 594 sack.cum_tsn_ack = htonl(ctsn); 595 sack.a_rwnd = htonl(asoc->a_rwnd); 596 sack.num_gap_ack_blocks = htons(num_gabs); 597 sack.num_dup_tsns = htons(num_dup_tsns); 598 599 len = sizeof(sack) 600 + sizeof(struct sctp_gap_ack_block) * num_gabs 601 + sizeof(__u32) * num_dup_tsns; 602 603 /* Create the chunk. */ 604 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 605 if (!retval) 606 goto nodata; 607 608 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 609 * 610 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 611 * HEARTBEAT ACK, etc.) to the same destination transport 612 * address from which it received the DATA or control chunk to 613 * which it is replying. This rule should also be followed if 614 * the endpoint is bundling DATA chunks together with the 615 * reply chunk. 616 * 617 * However, when acknowledging multiple DATA chunks received 618 * in packets from different source addresses in a single 619 * SACK, the SACK chunk may be transmitted to one of the 620 * destination transport addresses from which the DATA or 621 * control chunks being acknowledged were received. 622 * 623 * [BUG: We do not implement the following paragraph. 624 * Perhaps we should remember the last transport we used for a 625 * SACK and avoid that (if possible) if we have seen any 626 * duplicates. --piggy] 627 * 628 * When a receiver of a duplicate DATA chunk sends a SACK to a 629 * multi- homed endpoint it MAY be beneficial to vary the 630 * destination address and not use the source address of the 631 * DATA chunk. The reason being that receiving a duplicate 632 * from a multi-homed endpoint might indicate that the return 633 * path (as specified in the source address of the DATA chunk) 634 * for the SACK is broken. 635 * 636 * [Send to the address from which we last received a DATA chunk.] 637 */ 638 retval->transport = asoc->peer.last_data_from; 639 640 retval->subh.sack_hdr = 641 sctp_addto_chunk(retval, sizeof(sack), &sack); 642 643 /* Add the gap ack block information. */ 644 if (num_gabs) 645 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 646 sctp_tsnmap_get_gabs(map)); 647 648 /* Add the duplicate TSN information. */ 649 if (num_dup_tsns) 650 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 651 sctp_tsnmap_get_dups(map)); 652 653 nodata: 654 return retval; 655 } 656 657 /* Make a SHUTDOWN chunk. */ 658 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 659 const struct sctp_chunk *chunk) 660 { 661 struct sctp_chunk *retval; 662 sctp_shutdownhdr_t shut; 663 __u32 ctsn; 664 665 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 666 shut.cum_tsn_ack = htonl(ctsn); 667 668 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 669 sizeof(sctp_shutdownhdr_t)); 670 if (!retval) 671 goto nodata; 672 673 retval->subh.shutdown_hdr = 674 sctp_addto_chunk(retval, sizeof(shut), &shut); 675 676 if (chunk) 677 retval->transport = chunk->transport; 678 nodata: 679 return retval; 680 } 681 682 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 683 const struct sctp_chunk *chunk) 684 { 685 struct sctp_chunk *retval; 686 687 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 688 689 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 690 * 691 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 692 * HEARTBEAT ACK, * etc.) to the same destination transport 693 * address from which it * received the DATA or control chunk 694 * to which it is replying. 695 * 696 * [ACK back to where the SHUTDOWN came from.] 697 */ 698 if (retval && chunk) 699 retval->transport = chunk->transport; 700 701 return retval; 702 } 703 704 struct sctp_chunk *sctp_make_shutdown_complete( 705 const struct sctp_association *asoc, 706 const struct sctp_chunk *chunk) 707 { 708 struct sctp_chunk *retval; 709 __u8 flags = 0; 710 711 /* Set the T-bit if we have no association (vtag will be 712 * reflected) 713 */ 714 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 715 716 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 717 718 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 719 * 720 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 721 * HEARTBEAT ACK, * etc.) to the same destination transport 722 * address from which it * received the DATA or control chunk 723 * to which it is replying. 724 * 725 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 726 * came from.] 727 */ 728 if (retval && chunk) 729 retval->transport = chunk->transport; 730 731 return retval; 732 } 733 734 /* Create an ABORT. Note that we set the T bit if we have no 735 * association, except when responding to an INIT (sctpimpguide 2.41). 736 */ 737 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 738 const struct sctp_chunk *chunk, 739 const size_t hint) 740 { 741 struct sctp_chunk *retval; 742 __u8 flags = 0; 743 744 /* Set the T-bit if we have no association and 'chunk' is not 745 * an INIT (vtag will be reflected). 746 */ 747 if (!asoc) { 748 if (chunk && chunk->chunk_hdr && 749 chunk->chunk_hdr->type == SCTP_CID_INIT) 750 flags = 0; 751 else 752 flags = SCTP_CHUNK_FLAG_T; 753 } 754 755 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 756 757 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 758 * 759 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 760 * HEARTBEAT ACK, * etc.) to the same destination transport 761 * address from which it * received the DATA or control chunk 762 * to which it is replying. 763 * 764 * [ABORT back to where the offender came from.] 765 */ 766 if (retval && chunk) 767 retval->transport = chunk->transport; 768 769 return retval; 770 } 771 772 /* Helper to create ABORT with a NO_USER_DATA error. */ 773 struct sctp_chunk *sctp_make_abort_no_data( 774 const struct sctp_association *asoc, 775 const struct sctp_chunk *chunk, __u32 tsn) 776 { 777 struct sctp_chunk *retval; 778 __u32 payload; 779 780 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 781 + sizeof(tsn)); 782 783 if (!retval) 784 goto no_mem; 785 786 /* Put the tsn back into network byte order. */ 787 payload = htonl(tsn); 788 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 789 sizeof(payload)); 790 791 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 792 * 793 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 794 * HEARTBEAT ACK, * etc.) to the same destination transport 795 * address from which it * received the DATA or control chunk 796 * to which it is replying. 797 * 798 * [ABORT back to where the offender came from.] 799 */ 800 if (chunk) 801 retval->transport = chunk->transport; 802 803 no_mem: 804 return retval; 805 } 806 807 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 808 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 809 const struct sctp_chunk *chunk, 810 const struct msghdr *msg) 811 { 812 struct sctp_chunk *retval; 813 void *payload = NULL, *payoff; 814 size_t paylen = 0; 815 struct iovec *iov = NULL; 816 int iovlen = 0; 817 818 if (msg) { 819 iov = msg->msg_iov; 820 iovlen = msg->msg_iovlen; 821 paylen = get_user_iov_size(iov, iovlen); 822 } 823 824 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen); 825 if (!retval) 826 goto err_chunk; 827 828 if (paylen) { 829 /* Put the msg_iov together into payload. */ 830 payload = kmalloc(paylen, GFP_ATOMIC); 831 if (!payload) 832 goto err_payload; 833 payoff = payload; 834 835 for (; iovlen > 0; --iovlen) { 836 if (copy_from_user(payoff, iov->iov_base,iov->iov_len)) 837 goto err_copy; 838 payoff += iov->iov_len; 839 iov++; 840 } 841 } 842 843 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 844 845 if (paylen) 846 kfree(payload); 847 848 return retval; 849 850 err_copy: 851 kfree(payload); 852 err_payload: 853 sctp_chunk_free(retval); 854 retval = NULL; 855 err_chunk: 856 return retval; 857 } 858 859 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 860 struct sctp_chunk *sctp_make_abort_violation( 861 const struct sctp_association *asoc, 862 const struct sctp_chunk *chunk, 863 const __u8 *payload, 864 const size_t paylen) 865 { 866 struct sctp_chunk *retval; 867 struct sctp_paramhdr phdr; 868 869 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 870 + sizeof(sctp_chunkhdr_t)); 871 if (!retval) 872 goto end; 873 874 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 875 876 phdr.type = htons(chunk->chunk_hdr->type); 877 phdr.length = chunk->chunk_hdr->length; 878 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 879 880 end: 881 return retval; 882 } 883 884 /* Make a HEARTBEAT chunk. */ 885 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 886 const struct sctp_transport *transport, 887 const void *payload, const size_t paylen) 888 { 889 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 890 0, paylen); 891 892 if (!retval) 893 goto nodata; 894 895 /* Cast away the 'const', as this is just telling the chunk 896 * what transport it belongs to. 897 */ 898 retval->transport = (struct sctp_transport *) transport; 899 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 900 901 nodata: 902 return retval; 903 } 904 905 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 906 const struct sctp_chunk *chunk, 907 const void *payload, const size_t paylen) 908 { 909 struct sctp_chunk *retval; 910 911 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 912 if (!retval) 913 goto nodata; 914 915 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 916 917 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 918 * 919 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 920 * HEARTBEAT ACK, * etc.) to the same destination transport 921 * address from which it * received the DATA or control chunk 922 * to which it is replying. 923 * 924 * [HBACK back to where the HEARTBEAT came from.] 925 */ 926 if (chunk) 927 retval->transport = chunk->transport; 928 929 nodata: 930 return retval; 931 } 932 933 /* Create an Operation Error chunk with the specified space reserved. 934 * This routine can be used for containing multiple causes in the chunk. 935 */ 936 static struct sctp_chunk *sctp_make_op_error_space( 937 const struct sctp_association *asoc, 938 const struct sctp_chunk *chunk, 939 size_t size) 940 { 941 struct sctp_chunk *retval; 942 943 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 944 sizeof(sctp_errhdr_t) + size); 945 if (!retval) 946 goto nodata; 947 948 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 949 * 950 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 951 * HEARTBEAT ACK, etc.) to the same destination transport 952 * address from which it received the DATA or control chunk 953 * to which it is replying. 954 * 955 */ 956 if (chunk) 957 retval->transport = chunk->transport; 958 959 nodata: 960 return retval; 961 } 962 963 /* Create an Operation Error chunk. */ 964 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 965 const struct sctp_chunk *chunk, 966 __u16 cause_code, const void *payload, 967 size_t paylen) 968 { 969 struct sctp_chunk *retval; 970 971 retval = sctp_make_op_error_space(asoc, chunk, paylen); 972 if (!retval) 973 goto nodata; 974 975 sctp_init_cause(retval, cause_code, payload, paylen); 976 977 nodata: 978 return retval; 979 } 980 981 /******************************************************************** 982 * 2nd Level Abstractions 983 ********************************************************************/ 984 985 /* Turn an skb into a chunk. 986 * FIXME: Eventually move the structure directly inside the skb->cb[]. 987 */ 988 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 989 const struct sctp_association *asoc, 990 struct sock *sk) 991 { 992 struct sctp_chunk *retval; 993 994 retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC); 995 996 if (!retval) 997 goto nodata; 998 memset(retval, 0, sizeof(struct sctp_chunk)); 999 1000 if (!sk) { 1001 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1002 } 1003 1004 INIT_LIST_HEAD(&retval->list); 1005 retval->skb = skb; 1006 retval->asoc = (struct sctp_association *)asoc; 1007 retval->resent = 0; 1008 retval->has_tsn = 0; 1009 retval->has_ssn = 0; 1010 retval->rtt_in_progress = 0; 1011 retval->sent_at = 0; 1012 retval->singleton = 1; 1013 retval->end_of_packet = 0; 1014 retval->ecn_ce_done = 0; 1015 retval->pdiscard = 0; 1016 1017 /* sctpimpguide-05.txt Section 2.8.2 1018 * M1) Each time a new DATA chunk is transmitted 1019 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1020 * 'TSN.Missing.Report' count will be used to determine missing chunks 1021 * and when to fast retransmit. 1022 */ 1023 retval->tsn_missing_report = 0; 1024 retval->tsn_gap_acked = 0; 1025 retval->fast_retransmit = 0; 1026 1027 /* If this is a fragmented message, track all fragments 1028 * of the message (for SEND_FAILED). 1029 */ 1030 retval->msg = NULL; 1031 1032 /* Polish the bead hole. */ 1033 INIT_LIST_HEAD(&retval->transmitted_list); 1034 INIT_LIST_HEAD(&retval->frag_list); 1035 SCTP_DBG_OBJCNT_INC(chunk); 1036 atomic_set(&retval->refcnt, 1); 1037 1038 nodata: 1039 return retval; 1040 } 1041 1042 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1043 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1044 union sctp_addr *dest) 1045 { 1046 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1047 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1048 } 1049 1050 /* Extract the source address from a chunk. */ 1051 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1052 { 1053 /* If we have a known transport, use that. */ 1054 if (chunk->transport) { 1055 return &chunk->transport->ipaddr; 1056 } else { 1057 /* Otherwise, extract it from the IP header. */ 1058 return &chunk->source; 1059 } 1060 } 1061 1062 /* Create a new chunk, setting the type and flags headers from the 1063 * arguments, reserving enough space for a 'paylen' byte payload. 1064 */ 1065 SCTP_STATIC 1066 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1067 __u8 type, __u8 flags, int paylen) 1068 { 1069 struct sctp_chunk *retval; 1070 sctp_chunkhdr_t *chunk_hdr; 1071 struct sk_buff *skb; 1072 struct sock *sk; 1073 1074 /* No need to allocate LL here, as this is only a chunk. */ 1075 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1076 GFP_ATOMIC); 1077 if (!skb) 1078 goto nodata; 1079 1080 /* Make room for the chunk header. */ 1081 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1082 chunk_hdr->type = type; 1083 chunk_hdr->flags = flags; 1084 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1085 1086 sk = asoc ? asoc->base.sk : NULL; 1087 retval = sctp_chunkify(skb, asoc, sk); 1088 if (!retval) { 1089 kfree_skb(skb); 1090 goto nodata; 1091 } 1092 1093 retval->chunk_hdr = chunk_hdr; 1094 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1095 1096 /* Set the skb to the belonging sock for accounting. */ 1097 skb->sk = sk; 1098 1099 return retval; 1100 nodata: 1101 return NULL; 1102 } 1103 1104 1105 /* Release the memory occupied by a chunk. */ 1106 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1107 { 1108 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1109 dev_kfree_skb(chunk->skb); 1110 1111 SCTP_DBG_OBJCNT_DEC(chunk); 1112 kmem_cache_free(sctp_chunk_cachep, chunk); 1113 } 1114 1115 /* Possibly, free the chunk. */ 1116 void sctp_chunk_free(struct sctp_chunk *chunk) 1117 { 1118 BUG_ON(!list_empty(&chunk->list)); 1119 list_del_init(&chunk->transmitted_list); 1120 1121 /* Release our reference on the message tracker. */ 1122 if (chunk->msg) 1123 sctp_datamsg_put(chunk->msg); 1124 1125 sctp_chunk_put(chunk); 1126 } 1127 1128 /* Grab a reference to the chunk. */ 1129 void sctp_chunk_hold(struct sctp_chunk *ch) 1130 { 1131 atomic_inc(&ch->refcnt); 1132 } 1133 1134 /* Release a reference to the chunk. */ 1135 void sctp_chunk_put(struct sctp_chunk *ch) 1136 { 1137 if (atomic_dec_and_test(&ch->refcnt)) 1138 sctp_chunk_destroy(ch); 1139 } 1140 1141 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1142 * enough. 1143 */ 1144 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1145 { 1146 void *target; 1147 void *padding; 1148 int chunklen = ntohs(chunk->chunk_hdr->length); 1149 int padlen = chunklen % 4; 1150 1151 padding = skb_put(chunk->skb, padlen); 1152 target = skb_put(chunk->skb, len); 1153 1154 memset(padding, 0, padlen); 1155 memcpy(target, data, len); 1156 1157 /* Adjust the chunk length field. */ 1158 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1159 chunk->chunk_end = chunk->skb->tail; 1160 1161 return target; 1162 } 1163 1164 /* Append bytes from user space to the end of a chunk. Will panic if 1165 * chunk is not big enough. 1166 * Returns a kernel err value. 1167 */ 1168 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1169 struct iovec *data) 1170 { 1171 __u8 *target; 1172 int err = 0; 1173 1174 /* Make room in chunk for data. */ 1175 target = skb_put(chunk->skb, len); 1176 1177 /* Copy data (whole iovec) into chunk */ 1178 if ((err = memcpy_fromiovecend(target, data, off, len))) 1179 goto out; 1180 1181 /* Adjust the chunk length field. */ 1182 chunk->chunk_hdr->length = 1183 htons(ntohs(chunk->chunk_hdr->length) + len); 1184 chunk->chunk_end = chunk->skb->tail; 1185 1186 out: 1187 return err; 1188 } 1189 1190 /* Helper function to assign a TSN if needed. This assumes that both 1191 * the data_hdr and association have already been assigned. 1192 */ 1193 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1194 { 1195 __u16 ssn; 1196 __u16 sid; 1197 1198 if (chunk->has_ssn) 1199 return; 1200 1201 /* This is the last possible instant to assign a SSN. */ 1202 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1203 ssn = 0; 1204 } else { 1205 sid = htons(chunk->subh.data_hdr->stream); 1206 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1207 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1208 else 1209 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1210 ssn = htons(ssn); 1211 } 1212 1213 chunk->subh.data_hdr->ssn = ssn; 1214 chunk->has_ssn = 1; 1215 } 1216 1217 /* Helper function to assign a TSN if needed. This assumes that both 1218 * the data_hdr and association have already been assigned. 1219 */ 1220 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1221 { 1222 if (!chunk->has_tsn) { 1223 /* This is the last possible instant to 1224 * assign a TSN. 1225 */ 1226 chunk->subh.data_hdr->tsn = 1227 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1228 chunk->has_tsn = 1; 1229 } 1230 } 1231 1232 /* Create a CLOSED association to use with an incoming packet. */ 1233 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1234 struct sctp_chunk *chunk, 1235 gfp_t gfp) 1236 { 1237 struct sctp_association *asoc; 1238 struct sk_buff *skb; 1239 sctp_scope_t scope; 1240 struct sctp_af *af; 1241 1242 /* Create the bare association. */ 1243 scope = sctp_scope(sctp_source(chunk)); 1244 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1245 if (!asoc) 1246 goto nodata; 1247 asoc->temp = 1; 1248 skb = chunk->skb; 1249 /* Create an entry for the source address of the packet. */ 1250 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1251 if (unlikely(!af)) 1252 goto fail; 1253 af->from_skb(&asoc->c.peer_addr, skb, 1); 1254 nodata: 1255 return asoc; 1256 1257 fail: 1258 sctp_association_free(asoc); 1259 return NULL; 1260 } 1261 1262 /* Build a cookie representing asoc. 1263 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1264 */ 1265 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1266 const struct sctp_association *asoc, 1267 const struct sctp_chunk *init_chunk, 1268 int *cookie_len, 1269 const __u8 *raw_addrs, int addrs_len) 1270 { 1271 sctp_cookie_param_t *retval; 1272 struct sctp_signed_cookie *cookie; 1273 struct scatterlist sg; 1274 int headersize, bodysize; 1275 unsigned int keylen; 1276 char *key; 1277 1278 /* Header size is static data prior to the actual cookie, including 1279 * any padding. 1280 */ 1281 headersize = sizeof(sctp_paramhdr_t) + 1282 (sizeof(struct sctp_signed_cookie) - 1283 sizeof(struct sctp_cookie)); 1284 bodysize = sizeof(struct sctp_cookie) 1285 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1286 1287 /* Pad out the cookie to a multiple to make the signature 1288 * functions simpler to write. 1289 */ 1290 if (bodysize % SCTP_COOKIE_MULTIPLE) 1291 bodysize += SCTP_COOKIE_MULTIPLE 1292 - (bodysize % SCTP_COOKIE_MULTIPLE); 1293 *cookie_len = headersize + bodysize; 1294 1295 retval = kmalloc(*cookie_len, GFP_ATOMIC); 1296 1297 if (!retval) { 1298 *cookie_len = 0; 1299 goto nodata; 1300 } 1301 1302 /* Clear this memory since we are sending this data structure 1303 * out on the network. 1304 */ 1305 memset(retval, 0x00, *cookie_len); 1306 cookie = (struct sctp_signed_cookie *) retval->body; 1307 1308 /* Set up the parameter header. */ 1309 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1310 retval->p.length = htons(*cookie_len); 1311 1312 /* Copy the cookie part of the association itself. */ 1313 cookie->c = asoc->c; 1314 /* Save the raw address list length in the cookie. */ 1315 cookie->c.raw_addr_list_len = addrs_len; 1316 1317 /* Remember PR-SCTP capability. */ 1318 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1319 1320 /* Save adaption indication in the cookie. */ 1321 cookie->c.adaption_ind = asoc->peer.adaption_ind; 1322 1323 /* Set an expiration time for the cookie. */ 1324 do_gettimeofday(&cookie->c.expiration); 1325 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1326 1327 /* Copy the peer's init packet. */ 1328 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1329 ntohs(init_chunk->chunk_hdr->length)); 1330 1331 /* Copy the raw local address list of the association. */ 1332 memcpy((__u8 *)&cookie->c.peer_init[0] + 1333 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1334 1335 if (sctp_sk(ep->base.sk)->hmac) { 1336 /* Sign the message. */ 1337 sg.page = virt_to_page(&cookie->c); 1338 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1339 sg.length = bodysize; 1340 keylen = SCTP_SECRET_SIZE; 1341 key = (char *)ep->secret_key[ep->current_key]; 1342 1343 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1344 &sg, 1, cookie->signature); 1345 } 1346 1347 nodata: 1348 return retval; 1349 } 1350 1351 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1352 struct sctp_association *sctp_unpack_cookie( 1353 const struct sctp_endpoint *ep, 1354 const struct sctp_association *asoc, 1355 struct sctp_chunk *chunk, gfp_t gfp, 1356 int *error, struct sctp_chunk **errp) 1357 { 1358 struct sctp_association *retval = NULL; 1359 struct sctp_signed_cookie *cookie; 1360 struct sctp_cookie *bear_cookie; 1361 int headersize, bodysize, fixed_size; 1362 __u8 *digest = ep->digest; 1363 struct scatterlist sg; 1364 unsigned int keylen, len; 1365 char *key; 1366 sctp_scope_t scope; 1367 struct sk_buff *skb = chunk->skb; 1368 struct timeval tv; 1369 1370 /* Header size is static data prior to the actual cookie, including 1371 * any padding. 1372 */ 1373 headersize = sizeof(sctp_chunkhdr_t) + 1374 (sizeof(struct sctp_signed_cookie) - 1375 sizeof(struct sctp_cookie)); 1376 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1377 fixed_size = headersize + sizeof(struct sctp_cookie); 1378 1379 /* Verify that the chunk looks like it even has a cookie. 1380 * There must be enough room for our cookie and our peer's 1381 * INIT chunk. 1382 */ 1383 len = ntohs(chunk->chunk_hdr->length); 1384 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1385 goto malformed; 1386 1387 /* Verify that the cookie has been padded out. */ 1388 if (bodysize % SCTP_COOKIE_MULTIPLE) 1389 goto malformed; 1390 1391 /* Process the cookie. */ 1392 cookie = chunk->subh.cookie_hdr; 1393 bear_cookie = &cookie->c; 1394 1395 if (!sctp_sk(ep->base.sk)->hmac) 1396 goto no_hmac; 1397 1398 /* Check the signature. */ 1399 keylen = SCTP_SECRET_SIZE; 1400 sg.page = virt_to_page(bear_cookie); 1401 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1402 sg.length = bodysize; 1403 key = (char *)ep->secret_key[ep->current_key]; 1404 1405 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1406 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg, 1407 1, digest); 1408 1409 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1410 /* Try the previous key. */ 1411 key = (char *)ep->secret_key[ep->last_key]; 1412 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1413 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1414 &sg, 1, digest); 1415 1416 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1417 /* Yikes! Still bad signature! */ 1418 *error = -SCTP_IERROR_BAD_SIG; 1419 goto fail; 1420 } 1421 } 1422 1423 no_hmac: 1424 /* IG Section 2.35.2: 1425 * 3) Compare the port numbers and the verification tag contained 1426 * within the COOKIE ECHO chunk to the actual port numbers and the 1427 * verification tag within the SCTP common header of the received 1428 * packet. If these values do not match the packet MUST be silently 1429 * discarded, 1430 */ 1431 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1432 *error = -SCTP_IERROR_BAD_TAG; 1433 goto fail; 1434 } 1435 1436 if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port || 1437 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1438 *error = -SCTP_IERROR_BAD_PORTS; 1439 goto fail; 1440 } 1441 1442 /* Check to see if the cookie is stale. If there is already 1443 * an association, there is no need to check cookie's expiration 1444 * for init collision case of lost COOKIE ACK. 1445 */ 1446 skb_get_timestamp(skb, &tv); 1447 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1448 __u16 len; 1449 /* 1450 * Section 3.3.10.3 Stale Cookie Error (3) 1451 * 1452 * Cause of error 1453 * --------------- 1454 * Stale Cookie Error: Indicates the receipt of a valid State 1455 * Cookie that has expired. 1456 */ 1457 len = ntohs(chunk->chunk_hdr->length); 1458 *errp = sctp_make_op_error_space(asoc, chunk, len); 1459 if (*errp) { 1460 suseconds_t usecs = (tv.tv_sec - 1461 bear_cookie->expiration.tv_sec) * 1000000L + 1462 tv.tv_usec - bear_cookie->expiration.tv_usec; 1463 1464 usecs = htonl(usecs); 1465 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1466 &usecs, sizeof(usecs)); 1467 *error = -SCTP_IERROR_STALE_COOKIE; 1468 } else 1469 *error = -SCTP_IERROR_NOMEM; 1470 1471 goto fail; 1472 } 1473 1474 /* Make a new base association. */ 1475 scope = sctp_scope(sctp_source(chunk)); 1476 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1477 if (!retval) { 1478 *error = -SCTP_IERROR_NOMEM; 1479 goto fail; 1480 } 1481 1482 /* Set up our peer's port number. */ 1483 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1484 1485 /* Populate the association from the cookie. */ 1486 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1487 1488 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1489 GFP_ATOMIC) < 0) { 1490 *error = -SCTP_IERROR_NOMEM; 1491 goto fail; 1492 } 1493 1494 /* Also, add the destination address. */ 1495 if (list_empty(&retval->base.bind_addr.address_list)) { 1496 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1497 GFP_ATOMIC); 1498 } 1499 1500 retval->next_tsn = retval->c.initial_tsn; 1501 retval->ctsn_ack_point = retval->next_tsn - 1; 1502 retval->addip_serial = retval->c.initial_tsn; 1503 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1504 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1505 retval->peer.adaption_ind = retval->c.adaption_ind; 1506 1507 /* The INIT stuff will be done by the side effects. */ 1508 return retval; 1509 1510 fail: 1511 if (retval) 1512 sctp_association_free(retval); 1513 1514 return NULL; 1515 1516 malformed: 1517 /* Yikes! The packet is either corrupt or deliberately 1518 * malformed. 1519 */ 1520 *error = -SCTP_IERROR_MALFORMED; 1521 goto fail; 1522 } 1523 1524 /******************************************************************** 1525 * 3rd Level Abstractions 1526 ********************************************************************/ 1527 1528 struct __sctp_missing { 1529 __u32 num_missing; 1530 __u16 type; 1531 } __attribute__((packed)); 1532 1533 /* 1534 * Report a missing mandatory parameter. 1535 */ 1536 static int sctp_process_missing_param(const struct sctp_association *asoc, 1537 sctp_param_t paramtype, 1538 struct sctp_chunk *chunk, 1539 struct sctp_chunk **errp) 1540 { 1541 struct __sctp_missing report; 1542 __u16 len; 1543 1544 len = WORD_ROUND(sizeof(report)); 1545 1546 /* Make an ERROR chunk, preparing enough room for 1547 * returning multiple unknown parameters. 1548 */ 1549 if (!*errp) 1550 *errp = sctp_make_op_error_space(asoc, chunk, len); 1551 1552 if (*errp) { 1553 report.num_missing = htonl(1); 1554 report.type = paramtype; 1555 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 1556 &report, sizeof(report)); 1557 } 1558 1559 /* Stop processing this chunk. */ 1560 return 0; 1561 } 1562 1563 /* Report an Invalid Mandatory Parameter. */ 1564 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1565 struct sctp_chunk *chunk, 1566 struct sctp_chunk **errp) 1567 { 1568 /* Invalid Mandatory Parameter Error has no payload. */ 1569 1570 if (!*errp) 1571 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1572 1573 if (*errp) 1574 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1575 1576 /* Stop processing this chunk. */ 1577 return 0; 1578 } 1579 1580 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1581 struct sctp_paramhdr *param, 1582 const struct sctp_chunk *chunk, 1583 struct sctp_chunk **errp) 1584 { 1585 char error[] = "The following parameter had invalid length:"; 1586 size_t payload_len = WORD_ROUND(sizeof(error)) + 1587 sizeof(sctp_paramhdr_t); 1588 1589 1590 /* Create an error chunk and fill it in with our payload. */ 1591 if (!*errp) 1592 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1593 1594 if (*errp) { 1595 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1596 sizeof(error)); 1597 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1598 } 1599 1600 return 0; 1601 } 1602 1603 1604 /* Do not attempt to handle the HOST_NAME parm. However, do 1605 * send back an indicator to the peer. 1606 */ 1607 static int sctp_process_hn_param(const struct sctp_association *asoc, 1608 union sctp_params param, 1609 struct sctp_chunk *chunk, 1610 struct sctp_chunk **errp) 1611 { 1612 __u16 len = ntohs(param.p->length); 1613 1614 /* Make an ERROR chunk. */ 1615 if (!*errp) 1616 *errp = sctp_make_op_error_space(asoc, chunk, len); 1617 1618 if (*errp) 1619 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1620 param.v, len); 1621 1622 /* Stop processing this chunk. */ 1623 return 0; 1624 } 1625 1626 /* RFC 3.2.1 & the Implementers Guide 2.2. 1627 * 1628 * The Parameter Types are encoded such that the 1629 * highest-order two bits specify the action that must be 1630 * taken if the processing endpoint does not recognize the 1631 * Parameter Type. 1632 * 1633 * 00 - Stop processing this SCTP chunk and discard it, 1634 * do not process any further chunks within it. 1635 * 1636 * 01 - Stop processing this SCTP chunk and discard it, 1637 * do not process any further chunks within it, and report 1638 * the unrecognized parameter in an 'Unrecognized 1639 * Parameter Type' (in either an ERROR or in the INIT ACK). 1640 * 1641 * 10 - Skip this parameter and continue processing. 1642 * 1643 * 11 - Skip this parameter and continue processing but 1644 * report the unrecognized parameter in an 1645 * 'Unrecognized Parameter Type' (in either an ERROR or in 1646 * the INIT ACK). 1647 * 1648 * Return value: 1649 * 0 - discard the chunk 1650 * 1 - continue with the chunk 1651 */ 1652 static int sctp_process_unk_param(const struct sctp_association *asoc, 1653 union sctp_params param, 1654 struct sctp_chunk *chunk, 1655 struct sctp_chunk **errp) 1656 { 1657 int retval = 1; 1658 1659 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1660 case SCTP_PARAM_ACTION_DISCARD: 1661 retval = 0; 1662 break; 1663 case SCTP_PARAM_ACTION_DISCARD_ERR: 1664 retval = 0; 1665 /* Make an ERROR chunk, preparing enough room for 1666 * returning multiple unknown parameters. 1667 */ 1668 if (NULL == *errp) 1669 *errp = sctp_make_op_error_space(asoc, chunk, 1670 ntohs(chunk->chunk_hdr->length)); 1671 1672 if (*errp) 1673 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1674 param.v, 1675 WORD_ROUND(ntohs(param.p->length))); 1676 1677 break; 1678 case SCTP_PARAM_ACTION_SKIP: 1679 break; 1680 case SCTP_PARAM_ACTION_SKIP_ERR: 1681 /* Make an ERROR chunk, preparing enough room for 1682 * returning multiple unknown parameters. 1683 */ 1684 if (NULL == *errp) 1685 *errp = sctp_make_op_error_space(asoc, chunk, 1686 ntohs(chunk->chunk_hdr->length)); 1687 1688 if (*errp) { 1689 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1690 param.v, 1691 WORD_ROUND(ntohs(param.p->length))); 1692 } else { 1693 /* If there is no memory for generating the ERROR 1694 * report as specified, an ABORT will be triggered 1695 * to the peer and the association won't be 1696 * established. 1697 */ 1698 retval = 0; 1699 } 1700 1701 break; 1702 default: 1703 break; 1704 } 1705 1706 return retval; 1707 } 1708 1709 /* Find unrecognized parameters in the chunk. 1710 * Return values: 1711 * 0 - discard the chunk 1712 * 1 - continue with the chunk 1713 */ 1714 static int sctp_verify_param(const struct sctp_association *asoc, 1715 union sctp_params param, 1716 sctp_cid_t cid, 1717 struct sctp_chunk *chunk, 1718 struct sctp_chunk **err_chunk) 1719 { 1720 int retval = 1; 1721 1722 /* FIXME - This routine is not looking at each parameter per the 1723 * chunk type, i.e., unrecognized parameters should be further 1724 * identified based on the chunk id. 1725 */ 1726 1727 switch (param.p->type) { 1728 case SCTP_PARAM_IPV4_ADDRESS: 1729 case SCTP_PARAM_IPV6_ADDRESS: 1730 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1731 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1732 case SCTP_PARAM_STATE_COOKIE: 1733 case SCTP_PARAM_HEARTBEAT_INFO: 1734 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1735 case SCTP_PARAM_ECN_CAPABLE: 1736 case SCTP_PARAM_ADAPTION_LAYER_IND: 1737 break; 1738 1739 case SCTP_PARAM_HOST_NAME_ADDRESS: 1740 /* Tell the peer, we won't support this param. */ 1741 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1742 case SCTP_PARAM_FWD_TSN_SUPPORT: 1743 if (sctp_prsctp_enable) 1744 break; 1745 /* Fall Through */ 1746 default: 1747 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1748 ntohs(param.p->type), cid); 1749 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1750 1751 break; 1752 } 1753 return retval; 1754 } 1755 1756 /* Verify the INIT packet before we process it. */ 1757 int sctp_verify_init(const struct sctp_association *asoc, 1758 sctp_cid_t cid, 1759 sctp_init_chunk_t *peer_init, 1760 struct sctp_chunk *chunk, 1761 struct sctp_chunk **errp) 1762 { 1763 union sctp_params param; 1764 int has_cookie = 0; 1765 1766 /* Verify stream values are non-zero. */ 1767 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1768 (0 == peer_init->init_hdr.num_inbound_streams)) { 1769 1770 sctp_process_inv_mandatory(asoc, chunk, errp); 1771 return 0; 1772 } 1773 1774 /* Check for missing mandatory parameters. */ 1775 sctp_walk_params(param, peer_init, init_hdr.params) { 1776 1777 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1778 has_cookie = 1; 1779 1780 } /* for (loop through all parameters) */ 1781 1782 /* There is a possibility that a parameter length was bad and 1783 * in that case we would have stoped walking the parameters. 1784 * The current param.p would point at the bad one. 1785 * Current consensus on the mailing list is to generate a PROTOCOL 1786 * VIOLATION error. We build the ERROR chunk here and let the normal 1787 * error handling code build and send the packet. 1788 */ 1789 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1790 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1791 return 0; 1792 } 1793 1794 /* The only missing mandatory param possible today is 1795 * the state cookie for an INIT-ACK chunk. 1796 */ 1797 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1798 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1799 chunk, errp); 1800 return 0; 1801 } 1802 1803 /* Find unrecognized parameters. */ 1804 1805 sctp_walk_params(param, peer_init, init_hdr.params) { 1806 1807 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1808 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1809 return 0; 1810 else 1811 return 1; 1812 } 1813 1814 } /* for (loop through all parameters) */ 1815 1816 return 1; 1817 } 1818 1819 /* Unpack the parameters in an INIT packet into an association. 1820 * Returns 0 on failure, else success. 1821 * FIXME: This is an association method. 1822 */ 1823 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1824 const union sctp_addr *peer_addr, 1825 sctp_init_chunk_t *peer_init, gfp_t gfp) 1826 { 1827 union sctp_params param; 1828 struct sctp_transport *transport; 1829 struct list_head *pos, *temp; 1830 char *cookie; 1831 1832 /* We must include the address that the INIT packet came from. 1833 * This is the only address that matters for an INIT packet. 1834 * When processing a COOKIE ECHO, we retrieve the from address 1835 * of the INIT from the cookie. 1836 */ 1837 1838 /* This implementation defaults to making the first transport 1839 * added as the primary transport. The source address seems to 1840 * be a a better choice than any of the embedded addresses. 1841 */ 1842 if (peer_addr) 1843 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 1844 goto nomem; 1845 1846 /* Process the initialization parameters. */ 1847 1848 sctp_walk_params(param, peer_init, init_hdr.params) { 1849 1850 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1851 goto clean_up; 1852 } 1853 1854 /* Walk list of transports, removing transports in the UNKNOWN state. */ 1855 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1856 transport = list_entry(pos, struct sctp_transport, transports); 1857 if (transport->state == SCTP_UNKNOWN) { 1858 sctp_assoc_rm_peer(asoc, transport); 1859 } 1860 } 1861 1862 /* The fixed INIT headers are always in network byte 1863 * order. 1864 */ 1865 asoc->peer.i.init_tag = 1866 ntohl(peer_init->init_hdr.init_tag); 1867 asoc->peer.i.a_rwnd = 1868 ntohl(peer_init->init_hdr.a_rwnd); 1869 asoc->peer.i.num_outbound_streams = 1870 ntohs(peer_init->init_hdr.num_outbound_streams); 1871 asoc->peer.i.num_inbound_streams = 1872 ntohs(peer_init->init_hdr.num_inbound_streams); 1873 asoc->peer.i.initial_tsn = 1874 ntohl(peer_init->init_hdr.initial_tsn); 1875 1876 /* Apply the upper bounds for output streams based on peer's 1877 * number of inbound streams. 1878 */ 1879 if (asoc->c.sinit_num_ostreams > 1880 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1881 asoc->c.sinit_num_ostreams = 1882 ntohs(peer_init->init_hdr.num_inbound_streams); 1883 } 1884 1885 if (asoc->c.sinit_max_instreams > 1886 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1887 asoc->c.sinit_max_instreams = 1888 ntohs(peer_init->init_hdr.num_outbound_streams); 1889 } 1890 1891 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1892 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1893 1894 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1895 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1896 1897 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1898 cookie = asoc->peer.cookie; 1899 if (cookie) { 1900 asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp); 1901 if (!asoc->peer.cookie) 1902 goto clean_up; 1903 memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len); 1904 } 1905 1906 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1907 * high (for example, implementations MAY use the size of the receiver 1908 * advertised window). 1909 */ 1910 list_for_each(pos, &asoc->peer.transport_addr_list) { 1911 transport = list_entry(pos, struct sctp_transport, transports); 1912 transport->ssthresh = asoc->peer.i.a_rwnd; 1913 } 1914 1915 /* Set up the TSN tracking pieces. */ 1916 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1917 asoc->peer.i.initial_tsn); 1918 1919 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1920 * 1921 * The stream sequence number in all the streams shall start 1922 * from 0 when the association is established. Also, when the 1923 * stream sequence number reaches the value 65535 the next 1924 * stream sequence number shall be set to 0. 1925 */ 1926 1927 /* Allocate storage for the negotiated streams if it is not a temporary 1928 * association. 1929 */ 1930 if (!asoc->temp) { 1931 int assoc_id; 1932 int error; 1933 1934 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1935 asoc->c.sinit_num_ostreams, gfp); 1936 if (!asoc->ssnmap) 1937 goto clean_up; 1938 1939 retry: 1940 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1941 goto clean_up; 1942 spin_lock_bh(&sctp_assocs_id_lock); 1943 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1944 &assoc_id); 1945 spin_unlock_bh(&sctp_assocs_id_lock); 1946 if (error == -EAGAIN) 1947 goto retry; 1948 else if (error) 1949 goto clean_up; 1950 1951 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1952 } 1953 1954 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1955 * 1956 * When an endpoint has an ASCONF signaled change to be sent to the 1957 * remote endpoint it should do the following: 1958 * ... 1959 * A2) A serial number should be assigned to the Chunk. The serial 1960 * number should be a monotonically increasing number. All serial 1961 * numbers are defined to be initialized at the start of the 1962 * association to the same value as the Initial TSN. 1963 */ 1964 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1965 return 1; 1966 1967 clean_up: 1968 /* Release the transport structures. */ 1969 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1970 transport = list_entry(pos, struct sctp_transport, transports); 1971 list_del_init(pos); 1972 sctp_transport_free(transport); 1973 } 1974 1975 asoc->peer.transport_count = 0; 1976 1977 nomem: 1978 return 0; 1979 } 1980 1981 1982 /* Update asoc with the option described in param. 1983 * 1984 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1985 * 1986 * asoc is the association to update. 1987 * param is the variable length parameter to use for update. 1988 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 1989 * If the current packet is an INIT we want to minimize the amount of 1990 * work we do. In particular, we should not build transport 1991 * structures for the addresses. 1992 */ 1993 static int sctp_process_param(struct sctp_association *asoc, 1994 union sctp_params param, 1995 const union sctp_addr *peer_addr, 1996 gfp_t gfp) 1997 { 1998 union sctp_addr addr; 1999 int i; 2000 __u16 sat; 2001 int retval = 1; 2002 sctp_scope_t scope; 2003 time_t stale; 2004 struct sctp_af *af; 2005 2006 /* We maintain all INIT parameters in network byte order all the 2007 * time. This allows us to not worry about whether the parameters 2008 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2009 */ 2010 switch (param.p->type) { 2011 case SCTP_PARAM_IPV6_ADDRESS: 2012 if (PF_INET6 != asoc->base.sk->sk_family) 2013 break; 2014 /* Fall through. */ 2015 case SCTP_PARAM_IPV4_ADDRESS: 2016 af = sctp_get_af_specific(param_type2af(param.p->type)); 2017 af->from_addr_param(&addr, param.addr, asoc->peer.port, 0); 2018 scope = sctp_scope(peer_addr); 2019 if (sctp_in_scope(&addr, scope)) 2020 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_ACTIVE)) 2021 return 0; 2022 break; 2023 2024 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2025 if (!sctp_cookie_preserve_enable) 2026 break; 2027 2028 stale = ntohl(param.life->lifespan_increment); 2029 2030 /* Suggested Cookie Life span increment's unit is msec, 2031 * (1/1000sec). 2032 */ 2033 asoc->cookie_life.tv_sec += stale / 1000; 2034 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2035 break; 2036 2037 case SCTP_PARAM_HOST_NAME_ADDRESS: 2038 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2039 break; 2040 2041 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2042 /* Turn off the default values first so we'll know which 2043 * ones are really set by the peer. 2044 */ 2045 asoc->peer.ipv4_address = 0; 2046 asoc->peer.ipv6_address = 0; 2047 2048 /* Cycle through address types; avoid divide by 0. */ 2049 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2050 if (sat) 2051 sat /= sizeof(__u16); 2052 2053 for (i = 0; i < sat; ++i) { 2054 switch (param.sat->types[i]) { 2055 case SCTP_PARAM_IPV4_ADDRESS: 2056 asoc->peer.ipv4_address = 1; 2057 break; 2058 2059 case SCTP_PARAM_IPV6_ADDRESS: 2060 asoc->peer.ipv6_address = 1; 2061 break; 2062 2063 case SCTP_PARAM_HOST_NAME_ADDRESS: 2064 asoc->peer.hostname_address = 1; 2065 break; 2066 2067 default: /* Just ignore anything else. */ 2068 break; 2069 }; 2070 } 2071 break; 2072 2073 case SCTP_PARAM_STATE_COOKIE: 2074 asoc->peer.cookie_len = 2075 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2076 asoc->peer.cookie = param.cookie->body; 2077 break; 2078 2079 case SCTP_PARAM_HEARTBEAT_INFO: 2080 /* Would be odd to receive, but it causes no problems. */ 2081 break; 2082 2083 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2084 /* Rejected during verify stage. */ 2085 break; 2086 2087 case SCTP_PARAM_ECN_CAPABLE: 2088 asoc->peer.ecn_capable = 1; 2089 break; 2090 2091 case SCTP_PARAM_ADAPTION_LAYER_IND: 2092 asoc->peer.adaption_ind = param.aind->adaption_ind; 2093 break; 2094 2095 case SCTP_PARAM_FWD_TSN_SUPPORT: 2096 if (sctp_prsctp_enable) { 2097 asoc->peer.prsctp_capable = 1; 2098 break; 2099 } 2100 /* Fall Through */ 2101 default: 2102 /* Any unrecognized parameters should have been caught 2103 * and handled by sctp_verify_param() which should be 2104 * called prior to this routine. Simply log the error 2105 * here. 2106 */ 2107 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2108 ntohs(param.p->type), asoc); 2109 break; 2110 }; 2111 2112 return retval; 2113 } 2114 2115 /* Select a new verification tag. */ 2116 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2117 { 2118 /* I believe that this random number generator complies with RFC1750. 2119 * A tag of 0 is reserved for special cases (e.g. INIT). 2120 */ 2121 __u32 x; 2122 2123 do { 2124 get_random_bytes(&x, sizeof(__u32)); 2125 } while (x == 0); 2126 2127 return x; 2128 } 2129 2130 /* Select an initial TSN to send during startup. */ 2131 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2132 { 2133 __u32 retval; 2134 2135 get_random_bytes(&retval, sizeof(__u32)); 2136 return retval; 2137 } 2138 2139 /* 2140 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2141 * 0 1 2 3 2142 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2143 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2144 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2145 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2146 * | Serial Number | 2147 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2148 * | Address Parameter | 2149 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2150 * | ASCONF Parameter #1 | 2151 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2152 * \ \ 2153 * / .... / 2154 * \ \ 2155 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2156 * | ASCONF Parameter #N | 2157 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2158 * 2159 * Address Parameter and other parameter will not be wrapped in this function 2160 */ 2161 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2162 union sctp_addr *addr, 2163 int vparam_len) 2164 { 2165 sctp_addiphdr_t asconf; 2166 struct sctp_chunk *retval; 2167 int length = sizeof(asconf) + vparam_len; 2168 union sctp_addr_param addrparam; 2169 int addrlen; 2170 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2171 2172 addrlen = af->to_addr_param(addr, &addrparam); 2173 if (!addrlen) 2174 return NULL; 2175 length += addrlen; 2176 2177 /* Create the chunk. */ 2178 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2179 if (!retval) 2180 return NULL; 2181 2182 asconf.serial = htonl(asoc->addip_serial++); 2183 2184 retval->subh.addip_hdr = 2185 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2186 retval->param_hdr.v = 2187 sctp_addto_chunk(retval, addrlen, &addrparam); 2188 2189 return retval; 2190 } 2191 2192 /* ADDIP 2193 * 3.2.1 Add IP Address 2194 * 0 1 2 3 2195 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2196 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2197 * | Type = 0xC001 | Length = Variable | 2198 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2199 * | ASCONF-Request Correlation ID | 2200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2201 * | Address Parameter | 2202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2203 * 2204 * 3.2.2 Delete IP Address 2205 * 0 1 2 3 2206 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2207 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2208 * | Type = 0xC002 | Length = Variable | 2209 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2210 * | ASCONF-Request Correlation ID | 2211 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2212 * | Address Parameter | 2213 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2214 * 2215 */ 2216 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2217 union sctp_addr *laddr, 2218 struct sockaddr *addrs, 2219 int addrcnt, 2220 __u16 flags) 2221 { 2222 sctp_addip_param_t param; 2223 struct sctp_chunk *retval; 2224 union sctp_addr_param addr_param; 2225 union sctp_addr *addr; 2226 void *addr_buf; 2227 struct sctp_af *af; 2228 int paramlen = sizeof(param); 2229 int addr_param_len = 0; 2230 int totallen = 0; 2231 int i; 2232 2233 /* Get total length of all the address parameters. */ 2234 addr_buf = addrs; 2235 for (i = 0; i < addrcnt; i++) { 2236 addr = (union sctp_addr *)addr_buf; 2237 af = sctp_get_af_specific(addr->v4.sin_family); 2238 addr_param_len = af->to_addr_param(addr, &addr_param); 2239 2240 totallen += paramlen; 2241 totallen += addr_param_len; 2242 2243 addr_buf += af->sockaddr_len; 2244 } 2245 2246 /* Create an asconf chunk with the required length. */ 2247 retval = sctp_make_asconf(asoc, laddr, totallen); 2248 if (!retval) 2249 return NULL; 2250 2251 /* Add the address parameters to the asconf chunk. */ 2252 addr_buf = addrs; 2253 for (i = 0; i < addrcnt; i++) { 2254 addr = (union sctp_addr *)addr_buf; 2255 af = sctp_get_af_specific(addr->v4.sin_family); 2256 addr_param_len = af->to_addr_param(addr, &addr_param); 2257 param.param_hdr.type = flags; 2258 param.param_hdr.length = htons(paramlen + addr_param_len); 2259 param.crr_id = i; 2260 2261 sctp_addto_chunk(retval, paramlen, ¶m); 2262 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2263 2264 addr_buf += af->sockaddr_len; 2265 } 2266 return retval; 2267 } 2268 2269 /* ADDIP 2270 * 3.2.4 Set Primary IP Address 2271 * 0 1 2 3 2272 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2273 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2274 * | Type =0xC004 | Length = Variable | 2275 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2276 * | ASCONF-Request Correlation ID | 2277 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2278 * | Address Parameter | 2279 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2280 * 2281 * Create an ASCONF chunk with Set Primary IP address parameter. 2282 */ 2283 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2284 union sctp_addr *addr) 2285 { 2286 sctp_addip_param_t param; 2287 struct sctp_chunk *retval; 2288 int len = sizeof(param); 2289 union sctp_addr_param addrparam; 2290 int addrlen; 2291 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2292 2293 addrlen = af->to_addr_param(addr, &addrparam); 2294 if (!addrlen) 2295 return NULL; 2296 len += addrlen; 2297 2298 /* Create the chunk and make asconf header. */ 2299 retval = sctp_make_asconf(asoc, addr, len); 2300 if (!retval) 2301 return NULL; 2302 2303 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2304 param.param_hdr.length = htons(len); 2305 param.crr_id = 0; 2306 2307 sctp_addto_chunk(retval, sizeof(param), ¶m); 2308 sctp_addto_chunk(retval, addrlen, &addrparam); 2309 2310 return retval; 2311 } 2312 2313 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2314 * 0 1 2 3 2315 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2316 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2317 * | Type = 0x80 | Chunk Flags | Chunk Length | 2318 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2319 * | Serial Number | 2320 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2321 * | ASCONF Parameter Response#1 | 2322 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2323 * \ \ 2324 * / .... / 2325 * \ \ 2326 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2327 * | ASCONF Parameter Response#N | 2328 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2329 * 2330 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2331 */ 2332 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2333 __u32 serial, int vparam_len) 2334 { 2335 sctp_addiphdr_t asconf; 2336 struct sctp_chunk *retval; 2337 int length = sizeof(asconf) + vparam_len; 2338 2339 /* Create the chunk. */ 2340 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2341 if (!retval) 2342 return NULL; 2343 2344 asconf.serial = htonl(serial); 2345 2346 retval->subh.addip_hdr = 2347 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2348 2349 return retval; 2350 } 2351 2352 /* Add response parameters to an ASCONF_ACK chunk. */ 2353 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id, 2354 __u16 err_code, sctp_addip_param_t *asconf_param) 2355 { 2356 sctp_addip_param_t ack_param; 2357 sctp_errhdr_t err_param; 2358 int asconf_param_len = 0; 2359 int err_param_len = 0; 2360 __u16 response_type; 2361 2362 if (SCTP_ERROR_NO_ERROR == err_code) { 2363 response_type = SCTP_PARAM_SUCCESS_REPORT; 2364 } else { 2365 response_type = SCTP_PARAM_ERR_CAUSE; 2366 err_param_len = sizeof(err_param); 2367 if (asconf_param) 2368 asconf_param_len = 2369 ntohs(asconf_param->param_hdr.length); 2370 } 2371 2372 /* Add Success Indication or Error Cause Indication parameter. */ 2373 ack_param.param_hdr.type = response_type; 2374 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2375 err_param_len + 2376 asconf_param_len); 2377 ack_param.crr_id = crr_id; 2378 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2379 2380 if (SCTP_ERROR_NO_ERROR == err_code) 2381 return; 2382 2383 /* Add Error Cause parameter. */ 2384 err_param.cause = err_code; 2385 err_param.length = htons(err_param_len + asconf_param_len); 2386 sctp_addto_chunk(chunk, err_param_len, &err_param); 2387 2388 /* Add the failed TLV copied from ASCONF chunk. */ 2389 if (asconf_param) 2390 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2391 } 2392 2393 /* Process a asconf parameter. */ 2394 static __u16 sctp_process_asconf_param(struct sctp_association *asoc, 2395 struct sctp_chunk *asconf, 2396 sctp_addip_param_t *asconf_param) 2397 { 2398 struct sctp_transport *peer; 2399 struct sctp_af *af; 2400 union sctp_addr addr; 2401 struct list_head *pos; 2402 union sctp_addr_param *addr_param; 2403 2404 addr_param = (union sctp_addr_param *) 2405 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2406 2407 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2408 if (unlikely(!af)) 2409 return SCTP_ERROR_INV_PARAM; 2410 2411 af->from_addr_param(&addr, addr_param, asoc->peer.port, 0); 2412 switch (asconf_param->param_hdr.type) { 2413 case SCTP_PARAM_ADD_IP: 2414 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2415 * request and does not have the local resources to add this 2416 * new address to the association, it MUST return an Error 2417 * Cause TLV set to the new error code 'Operation Refused 2418 * Due to Resource Shortage'. 2419 */ 2420 2421 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_ACTIVE); 2422 if (!peer) 2423 return SCTP_ERROR_RSRC_LOW; 2424 2425 /* Start the heartbeat timer. */ 2426 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2427 sctp_transport_hold(peer); 2428 break; 2429 case SCTP_PARAM_DEL_IP: 2430 /* ADDIP 4.3 D7) If a request is received to delete the 2431 * last remaining IP address of a peer endpoint, the receiver 2432 * MUST send an Error Cause TLV with the error cause set to the 2433 * new error code 'Request to Delete Last Remaining IP Address'. 2434 */ 2435 pos = asoc->peer.transport_addr_list.next; 2436 if (pos->next == &asoc->peer.transport_addr_list) 2437 return SCTP_ERROR_DEL_LAST_IP; 2438 2439 /* ADDIP 4.3 D8) If a request is received to delete an IP 2440 * address which is also the source address of the IP packet 2441 * which contained the ASCONF chunk, the receiver MUST reject 2442 * this request. To reject the request the receiver MUST send 2443 * an Error Cause TLV set to the new error code 'Request to 2444 * Delete Source IP Address' 2445 */ 2446 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2447 return SCTP_ERROR_DEL_SRC_IP; 2448 2449 sctp_assoc_del_peer(asoc, &addr); 2450 break; 2451 case SCTP_PARAM_SET_PRIMARY: 2452 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2453 if (!peer) 2454 return SCTP_ERROR_INV_PARAM; 2455 2456 sctp_assoc_set_primary(asoc, peer); 2457 break; 2458 default: 2459 return SCTP_ERROR_INV_PARAM; 2460 break; 2461 } 2462 2463 return SCTP_ERROR_NO_ERROR; 2464 } 2465 2466 /* Process an incoming ASCONF chunk with the next expected serial no. and 2467 * return an ASCONF_ACK chunk to be sent in response. 2468 */ 2469 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2470 struct sctp_chunk *asconf) 2471 { 2472 sctp_addiphdr_t *hdr; 2473 union sctp_addr_param *addr_param; 2474 sctp_addip_param_t *asconf_param; 2475 struct sctp_chunk *asconf_ack; 2476 2477 __u16 err_code; 2478 int length = 0; 2479 int chunk_len = asconf->skb->len; 2480 __u32 serial; 2481 int all_param_pass = 1; 2482 2483 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2484 serial = ntohl(hdr->serial); 2485 2486 /* Skip the addiphdr and store a pointer to address parameter. */ 2487 length = sizeof(sctp_addiphdr_t); 2488 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2489 chunk_len -= length; 2490 2491 /* Skip the address parameter and store a pointer to the first 2492 * asconf paramter. 2493 */ 2494 length = ntohs(addr_param->v4.param_hdr.length); 2495 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2496 chunk_len -= length; 2497 2498 /* create an ASCONF_ACK chunk. 2499 * Based on the definitions of parameters, we know that the size of 2500 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2501 * paramters. 2502 */ 2503 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2504 if (!asconf_ack) 2505 goto done; 2506 2507 /* Process the TLVs contained within the ASCONF chunk. */ 2508 while (chunk_len > 0) { 2509 err_code = sctp_process_asconf_param(asoc, asconf, 2510 asconf_param); 2511 /* ADDIP 4.1 A7) 2512 * If an error response is received for a TLV parameter, 2513 * all TLVs with no response before the failed TLV are 2514 * considered successful if not reported. All TLVs after 2515 * the failed response are considered unsuccessful unless 2516 * a specific success indication is present for the parameter. 2517 */ 2518 if (SCTP_ERROR_NO_ERROR != err_code) 2519 all_param_pass = 0; 2520 2521 if (!all_param_pass) 2522 sctp_add_asconf_response(asconf_ack, 2523 asconf_param->crr_id, err_code, 2524 asconf_param); 2525 2526 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2527 * an IP address sends an 'Out of Resource' in its response, it 2528 * MUST also fail any subsequent add or delete requests bundled 2529 * in the ASCONF. 2530 */ 2531 if (SCTP_ERROR_RSRC_LOW == err_code) 2532 goto done; 2533 2534 /* Move to the next ASCONF param. */ 2535 length = ntohs(asconf_param->param_hdr.length); 2536 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2537 length); 2538 chunk_len -= length; 2539 } 2540 2541 done: 2542 asoc->peer.addip_serial++; 2543 2544 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2545 * after freeing the reference to old asconf ack if any. 2546 */ 2547 if (asconf_ack) { 2548 if (asoc->addip_last_asconf_ack) 2549 sctp_chunk_free(asoc->addip_last_asconf_ack); 2550 2551 sctp_chunk_hold(asconf_ack); 2552 asoc->addip_last_asconf_ack = asconf_ack; 2553 } 2554 2555 return asconf_ack; 2556 } 2557 2558 /* Process a asconf parameter that is successfully acked. */ 2559 static int sctp_asconf_param_success(struct sctp_association *asoc, 2560 sctp_addip_param_t *asconf_param) 2561 { 2562 struct sctp_af *af; 2563 union sctp_addr addr; 2564 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2565 union sctp_addr_param *addr_param; 2566 struct list_head *pos; 2567 struct sctp_transport *transport; 2568 int retval = 0; 2569 2570 addr_param = (union sctp_addr_param *) 2571 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2572 2573 /* We have checked the packet before, so we do not check again. */ 2574 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2575 af->from_addr_param(&addr, addr_param, bp->port, 0); 2576 2577 switch (asconf_param->param_hdr.type) { 2578 case SCTP_PARAM_ADD_IP: 2579 sctp_local_bh_disable(); 2580 sctp_write_lock(&asoc->base.addr_lock); 2581 retval = sctp_add_bind_addr(bp, &addr, GFP_ATOMIC); 2582 sctp_write_unlock(&asoc->base.addr_lock); 2583 sctp_local_bh_enable(); 2584 break; 2585 case SCTP_PARAM_DEL_IP: 2586 sctp_local_bh_disable(); 2587 sctp_write_lock(&asoc->base.addr_lock); 2588 retval = sctp_del_bind_addr(bp, &addr); 2589 sctp_write_unlock(&asoc->base.addr_lock); 2590 sctp_local_bh_enable(); 2591 list_for_each(pos, &asoc->peer.transport_addr_list) { 2592 transport = list_entry(pos, struct sctp_transport, 2593 transports); 2594 sctp_transport_route(transport, NULL, 2595 sctp_sk(asoc->base.sk)); 2596 } 2597 break; 2598 default: 2599 break; 2600 } 2601 2602 return retval; 2603 } 2604 2605 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2606 * for the given asconf parameter. If there is no response for this parameter, 2607 * return the error code based on the third argument 'no_err'. 2608 * ADDIP 4.1 2609 * A7) If an error response is received for a TLV parameter, all TLVs with no 2610 * response before the failed TLV are considered successful if not reported. 2611 * All TLVs after the failed response are considered unsuccessful unless a 2612 * specific success indication is present for the parameter. 2613 */ 2614 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2615 sctp_addip_param_t *asconf_param, 2616 int no_err) 2617 { 2618 sctp_addip_param_t *asconf_ack_param; 2619 sctp_errhdr_t *err_param; 2620 int length; 2621 int asconf_ack_len = asconf_ack->skb->len; 2622 __u16 err_code; 2623 2624 if (no_err) 2625 err_code = SCTP_ERROR_NO_ERROR; 2626 else 2627 err_code = SCTP_ERROR_REQ_REFUSED; 2628 2629 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2630 * the first asconf_ack parameter. 2631 */ 2632 length = sizeof(sctp_addiphdr_t); 2633 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2634 length); 2635 asconf_ack_len -= length; 2636 2637 while (asconf_ack_len > 0) { 2638 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2639 switch(asconf_ack_param->param_hdr.type) { 2640 case SCTP_PARAM_SUCCESS_REPORT: 2641 return SCTP_ERROR_NO_ERROR; 2642 case SCTP_PARAM_ERR_CAUSE: 2643 length = sizeof(sctp_addip_param_t); 2644 err_param = (sctp_errhdr_t *) 2645 ((void *)asconf_ack_param + length); 2646 asconf_ack_len -= length; 2647 if (asconf_ack_len > 0) 2648 return err_param->cause; 2649 else 2650 return SCTP_ERROR_INV_PARAM; 2651 break; 2652 default: 2653 return SCTP_ERROR_INV_PARAM; 2654 } 2655 } 2656 2657 length = ntohs(asconf_ack_param->param_hdr.length); 2658 asconf_ack_param = (sctp_addip_param_t *) 2659 ((void *)asconf_ack_param + length); 2660 asconf_ack_len -= length; 2661 } 2662 2663 return err_code; 2664 } 2665 2666 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2667 int sctp_process_asconf_ack(struct sctp_association *asoc, 2668 struct sctp_chunk *asconf_ack) 2669 { 2670 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2671 union sctp_addr_param *addr_param; 2672 sctp_addip_param_t *asconf_param; 2673 int length = 0; 2674 int asconf_len = asconf->skb->len; 2675 int all_param_pass = 0; 2676 int no_err = 1; 2677 int retval = 0; 2678 __u16 err_code = SCTP_ERROR_NO_ERROR; 2679 2680 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2681 * a pointer to address parameter. 2682 */ 2683 length = sizeof(sctp_addip_chunk_t); 2684 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2685 asconf_len -= length; 2686 2687 /* Skip the address parameter in the last asconf sent and store a 2688 * pointer to the first asconf paramter. 2689 */ 2690 length = ntohs(addr_param->v4.param_hdr.length); 2691 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2692 asconf_len -= length; 2693 2694 /* ADDIP 4.1 2695 * A8) If there is no response(s) to specific TLV parameter(s), and no 2696 * failures are indicated, then all request(s) are considered 2697 * successful. 2698 */ 2699 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2700 all_param_pass = 1; 2701 2702 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2703 while (asconf_len > 0) { 2704 if (all_param_pass) 2705 err_code = SCTP_ERROR_NO_ERROR; 2706 else { 2707 err_code = sctp_get_asconf_response(asconf_ack, 2708 asconf_param, 2709 no_err); 2710 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2711 no_err = 0; 2712 } 2713 2714 switch (err_code) { 2715 case SCTP_ERROR_NO_ERROR: 2716 retval = sctp_asconf_param_success(asoc, asconf_param); 2717 break; 2718 2719 case SCTP_ERROR_RSRC_LOW: 2720 retval = 1; 2721 break; 2722 2723 case SCTP_ERROR_INV_PARAM: 2724 /* Disable sending this type of asconf parameter in 2725 * future. 2726 */ 2727 asoc->peer.addip_disabled_mask |= 2728 asconf_param->param_hdr.type; 2729 break; 2730 2731 case SCTP_ERROR_REQ_REFUSED: 2732 case SCTP_ERROR_DEL_LAST_IP: 2733 case SCTP_ERROR_DEL_SRC_IP: 2734 default: 2735 break; 2736 } 2737 2738 /* Skip the processed asconf parameter and move to the next 2739 * one. 2740 */ 2741 length = ntohs(asconf_param->param_hdr.length); 2742 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2743 length); 2744 asconf_len -= length; 2745 } 2746 2747 /* Free the cached last sent asconf chunk. */ 2748 sctp_chunk_free(asconf); 2749 asoc->addip_last_asconf = NULL; 2750 2751 /* Send the next asconf chunk from the addip chunk queue. */ 2752 if (!list_empty(&asoc->addip_chunk_list)) { 2753 struct list_head *entry = asoc->addip_chunk_list.next; 2754 asconf = list_entry(entry, struct sctp_chunk, list); 2755 2756 list_del_init(entry); 2757 2758 /* Hold the chunk until an ASCONF_ACK is received. */ 2759 sctp_chunk_hold(asconf); 2760 if (sctp_primitive_ASCONF(asoc, asconf)) 2761 sctp_chunk_free(asconf); 2762 else 2763 asoc->addip_last_asconf = asconf; 2764 } 2765 2766 return retval; 2767 } 2768 2769 /* Make a FWD TSN chunk. */ 2770 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2771 __u32 new_cum_tsn, size_t nstreams, 2772 struct sctp_fwdtsn_skip *skiplist) 2773 { 2774 struct sctp_chunk *retval = NULL; 2775 struct sctp_fwdtsn_chunk *ftsn_chunk; 2776 struct sctp_fwdtsn_hdr ftsn_hdr; 2777 struct sctp_fwdtsn_skip skip; 2778 size_t hint; 2779 int i; 2780 2781 hint = (nstreams + 1) * sizeof(__u32); 2782 2783 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2784 2785 if (!retval) 2786 return NULL; 2787 2788 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2789 2790 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2791 retval->subh.fwdtsn_hdr = 2792 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2793 2794 for (i = 0; i < nstreams; i++) { 2795 skip.stream = skiplist[i].stream; 2796 skip.ssn = skiplist[i].ssn; 2797 sctp_addto_chunk(retval, sizeof(skip), &skip); 2798 } 2799 2800 return retval; 2801 } 2802