xref: /linux/net/sctp/sm_make_chunk.c (revision f3d9478b2ce468c3115b02ecae7e975990697f15)
1 /* SCTP kernel reference Implementation
2  * (C) Copyright IBM Corp. 2001, 2004
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001-2002 Intel Corp.
6  *
7  * This file is part of the SCTP kernel reference Implementation
8  *
9  * These functions work with the state functions in sctp_sm_statefuns.c
10  * to implement the state operations.  These functions implement the
11  * steps which require modifying existing data structures.
12  *
13  * The SCTP reference implementation is free software;
14  * you can redistribute it and/or modify it under the terms of
15  * the GNU General Public License as published by
16  * the Free Software Foundation; either version 2, or (at your option)
17  * any later version.
18  *
19  * The SCTP reference implementation is distributed in the hope that it
20  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
21  *                 ************************
22  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23  * See the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with GNU CC; see the file COPYING.  If not, write to
27  * the Free Software Foundation, 59 Temple Place - Suite 330,
28  * Boston, MA 02111-1307, USA.
29  *
30  * Please send any bug reports or fixes you make to the
31  * email address(es):
32  *    lksctp developers <lksctp-developers@lists.sourceforge.net>
33  *
34  * Or submit a bug report through the following website:
35  *    http://www.sf.net/projects/lksctp
36  *
37  * Written or modified by:
38  *    La Monte H.P. Yarroll <piggy@acm.org>
39  *    Karl Knutson          <karl@athena.chicago.il.us>
40  *    C. Robin              <chris@hundredacre.ac.uk>
41  *    Jon Grimm             <jgrimm@us.ibm.com>
42  *    Xingang Guo           <xingang.guo@intel.com>
43  *    Dajiang Zhang	    <dajiang.zhang@nokia.com>
44  *    Sridhar Samudrala	    <sri@us.ibm.com>
45  *    Daisy Chang	    <daisyc@us.ibm.com>
46  *    Ardelle Fan	    <ardelle.fan@intel.com>
47  *    Kevin Gao             <kevin.gao@intel.com>
48  *
49  * Any bugs reported given to us we will try to fix... any fixes shared will
50  * be incorporated into the next SCTP release.
51  */
52 
53 #include <linux/types.h>
54 #include <linux/kernel.h>
55 #include <linux/ip.h>
56 #include <linux/ipv6.h>
57 #include <linux/net.h>
58 #include <linux/inet.h>
59 #include <asm/scatterlist.h>
60 #include <linux/crypto.h>
61 #include <net/sock.h>
62 
63 #include <linux/skbuff.h>
64 #include <linux/random.h>	/* for get_random_bytes */
65 #include <net/sctp/sctp.h>
66 #include <net/sctp/sm.h>
67 
68 extern kmem_cache_t *sctp_chunk_cachep;
69 
70 SCTP_STATIC
71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
72 				   __u8 type, __u8 flags, int paylen);
73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
74 					const struct sctp_association *asoc,
75 					const struct sctp_chunk *init_chunk,
76 					int *cookie_len,
77 					const __u8 *raw_addrs, int addrs_len);
78 static int sctp_process_param(struct sctp_association *asoc,
79 			      union sctp_params param,
80 			      const union sctp_addr *peer_addr,
81 			      gfp_t gfp);
82 
83 /* What was the inbound interface for this chunk? */
84 int sctp_chunk_iif(const struct sctp_chunk *chunk)
85 {
86 	struct sctp_af *af;
87 	int iif = 0;
88 
89 	af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version));
90 	if (af)
91 		iif = af->skb_iif(chunk->skb);
92 
93 	return iif;
94 }
95 
96 /* RFC 2960 3.3.2 Initiation (INIT) (1)
97  *
98  * Note 2: The ECN capable field is reserved for future use of
99  * Explicit Congestion Notification.
100  */
101 static const struct sctp_paramhdr ecap_param = {
102 	SCTP_PARAM_ECN_CAPABLE,
103 	__constant_htons(sizeof(struct sctp_paramhdr)),
104 };
105 static const struct sctp_paramhdr prsctp_param = {
106 	SCTP_PARAM_FWD_TSN_SUPPORT,
107 	__constant_htons(sizeof(struct sctp_paramhdr)),
108 };
109 
110 /* A helper to initialize to initialize an op error inside a
111  * provided chunk, as most cause codes will be embedded inside an
112  * abort chunk.
113  */
114 void  sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code,
115 		      const void *payload, size_t paylen)
116 {
117 	sctp_errhdr_t err;
118 	int padlen;
119 	__u16 len;
120 
121         /* Cause code constants are now defined in network order.  */
122 	err.cause = cause_code;
123 	len = sizeof(sctp_errhdr_t) + paylen;
124 	padlen = len % 4;
125 	err.length  = htons(len);
126 	len += padlen;
127 	sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
128 	chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload);
129 }
130 
131 /* 3.3.2 Initiation (INIT) (1)
132  *
133  * This chunk is used to initiate a SCTP association between two
134  * endpoints. The format of the INIT chunk is shown below:
135  *
136  *     0                   1                   2                   3
137  *     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
138  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
139  *    |   Type = 1    |  Chunk Flags  |      Chunk Length             |
140  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
141  *    |                         Initiate Tag                          |
142  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
143  *    |           Advertised Receiver Window Credit (a_rwnd)          |
144  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
145  *    |  Number of Outbound Streams   |  Number of Inbound Streams    |
146  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
147  *    |                          Initial TSN                          |
148  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
149  *    \                                                               \
150  *    /              Optional/Variable-Length Parameters              /
151  *    \                                                               \
152  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
153  *
154  *
155  * The INIT chunk contains the following parameters. Unless otherwise
156  * noted, each parameter MUST only be included once in the INIT chunk.
157  *
158  * Fixed Parameters                     Status
159  * ----------------------------------------------
160  * Initiate Tag                        Mandatory
161  * Advertised Receiver Window Credit   Mandatory
162  * Number of Outbound Streams          Mandatory
163  * Number of Inbound Streams           Mandatory
164  * Initial TSN                         Mandatory
165  *
166  * Variable Parameters                  Status     Type Value
167  * -------------------------------------------------------------
168  * IPv4 Address (Note 1)               Optional    5
169  * IPv6 Address (Note 1)               Optional    6
170  * Cookie Preservative                 Optional    9
171  * Reserved for ECN Capable (Note 2)   Optional    32768 (0x8000)
172  * Host Name Address (Note 3)          Optional    11
173  * Supported Address Types (Note 4)    Optional    12
174  */
175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
176 			     const struct sctp_bind_addr *bp,
177 			     gfp_t gfp, int vparam_len)
178 {
179 	sctp_inithdr_t init;
180 	union sctp_params addrs;
181 	size_t chunksize;
182 	struct sctp_chunk *retval = NULL;
183 	int num_types, addrs_len = 0;
184 	struct sctp_sock *sp;
185 	sctp_supported_addrs_param_t sat;
186 	__u16 types[2];
187 	sctp_adaption_ind_param_t aiparam;
188 
189 	/* RFC 2960 3.3.2 Initiation (INIT) (1)
190 	 *
191 	 * Note 1: The INIT chunks can contain multiple addresses that
192 	 * can be IPv4 and/or IPv6 in any combination.
193 	 */
194 	retval = NULL;
195 
196 	/* Convert the provided bind address list to raw format. */
197 	addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
198 
199 	init.init_tag		   = htonl(asoc->c.my_vtag);
200 	init.a_rwnd		   = htonl(asoc->rwnd);
201 	init.num_outbound_streams  = htons(asoc->c.sinit_num_ostreams);
202 	init.num_inbound_streams   = htons(asoc->c.sinit_max_instreams);
203 	init.initial_tsn	   = htonl(asoc->c.initial_tsn);
204 
205 	/* How many address types are needed? */
206 	sp = sctp_sk(asoc->base.sk);
207 	num_types = sp->pf->supported_addrs(sp, types);
208 
209 	chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types);
210 	chunksize += sizeof(ecap_param);
211 	if (sctp_prsctp_enable)
212 		chunksize += sizeof(prsctp_param);
213 	chunksize += sizeof(aiparam);
214 	chunksize += vparam_len;
215 
216 	/* RFC 2960 3.3.2 Initiation (INIT) (1)
217 	 *
218 	 * Note 3: An INIT chunk MUST NOT contain more than one Host
219 	 * Name address parameter. Moreover, the sender of the INIT
220 	 * MUST NOT combine any other address types with the Host Name
221 	 * address in the INIT. The receiver of INIT MUST ignore any
222 	 * other address types if the Host Name address parameter is
223 	 * present in the received INIT chunk.
224 	 *
225 	 * PLEASE DO NOT FIXME [This version does not support Host Name.]
226 	 */
227 
228 	retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize);
229 	if (!retval)
230 		goto nodata;
231 
232 	retval->subh.init_hdr =
233 		sctp_addto_chunk(retval, sizeof(init), &init);
234 	retval->param_hdr.v =
235 		sctp_addto_chunk(retval, addrs_len, addrs.v);
236 
237 	/* RFC 2960 3.3.2 Initiation (INIT) (1)
238 	 *
239 	 * Note 4: This parameter, when present, specifies all the
240 	 * address types the sending endpoint can support. The absence
241 	 * of this parameter indicates that the sending endpoint can
242 	 * support any address type.
243 	 */
244 	sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
245 	sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
246 	sctp_addto_chunk(retval, sizeof(sat), &sat);
247 	sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
248 
249 	sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
250 	if (sctp_prsctp_enable)
251 		sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
252 	aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND;
253 	aiparam.param_hdr.length = htons(sizeof(aiparam));
254 	aiparam.adaption_ind = htonl(sp->adaption_ind);
255 	sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
256 nodata:
257 	kfree(addrs.v);
258 	return retval;
259 }
260 
261 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
262 				 const struct sctp_chunk *chunk,
263 				 gfp_t gfp, int unkparam_len)
264 {
265 	sctp_inithdr_t initack;
266 	struct sctp_chunk *retval;
267 	union sctp_params addrs;
268 	int addrs_len;
269 	sctp_cookie_param_t *cookie;
270 	int cookie_len;
271 	size_t chunksize;
272 	sctp_adaption_ind_param_t aiparam;
273 
274 	retval = NULL;
275 
276 	/* Note: there may be no addresses to embed. */
277 	addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
278 
279 	initack.init_tag	        = htonl(asoc->c.my_vtag);
280 	initack.a_rwnd			= htonl(asoc->rwnd);
281 	initack.num_outbound_streams	= htons(asoc->c.sinit_num_ostreams);
282 	initack.num_inbound_streams	= htons(asoc->c.sinit_max_instreams);
283 	initack.initial_tsn		= htonl(asoc->c.initial_tsn);
284 
285 	/* FIXME:  We really ought to build the cookie right
286 	 * into the packet instead of allocating more fresh memory.
287 	 */
288 	cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
289 				  addrs.v, addrs_len);
290 	if (!cookie)
291 		goto nomem_cookie;
292 
293 	/* Calculate the total size of allocation, include the reserved
294 	 * space for reporting unknown parameters if it is specified.
295 	 */
296 	chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
297 
298         /* Tell peer that we'll do ECN only if peer advertised such cap.  */
299 	if (asoc->peer.ecn_capable)
300 		chunksize += sizeof(ecap_param);
301 
302         /* Tell peer that we'll do PR-SCTP only if peer advertised.  */
303 	if (asoc->peer.prsctp_capable)
304 		chunksize += sizeof(prsctp_param);
305 
306 	chunksize += sizeof(aiparam);
307 
308 	/* Now allocate and fill out the chunk.  */
309 	retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
310 	if (!retval)
311 		goto nomem_chunk;
312 
313 	/* Per the advice in RFC 2960 6.4, send this reply to
314 	 * the source of the INIT packet.
315 	 */
316 	retval->transport = chunk->transport;
317 	retval->subh.init_hdr =
318 		sctp_addto_chunk(retval, sizeof(initack), &initack);
319 	retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
320 	sctp_addto_chunk(retval, cookie_len, cookie);
321 	if (asoc->peer.ecn_capable)
322 		sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
323 	if (asoc->peer.prsctp_capable)
324 		sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
325 
326 	aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND;
327 	aiparam.param_hdr.length = htons(sizeof(aiparam));
328 	aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind);
329 	sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
330 
331 	/* We need to remove the const qualifier at this point.  */
332 	retval->asoc = (struct sctp_association *) asoc;
333 
334 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
335 	 *
336 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
337 	 * HEARTBEAT ACK, * etc.) to the same destination transport
338 	 * address from which it received the DATA or control chunk
339 	 * to which it is replying.
340 	 *
341 	 * [INIT ACK back to where the INIT came from.]
342 	 */
343 	if (chunk)
344 		retval->transport = chunk->transport;
345 
346 nomem_chunk:
347 	kfree(cookie);
348 nomem_cookie:
349 	kfree(addrs.v);
350 	return retval;
351 }
352 
353 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10):
354  *
355  * This chunk is used only during the initialization of an association.
356  * It is sent by the initiator of an association to its peer to complete
357  * the initialization process. This chunk MUST precede any DATA chunk
358  * sent within the association, but MAY be bundled with one or more DATA
359  * chunks in the same packet.
360  *
361  *      0                   1                   2                   3
362  *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
363  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
364  *     |   Type = 10   |Chunk  Flags   |         Length                |
365  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
366  *     /                     Cookie                                    /
367  *     \                                                               \
368  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
369  *
370  * Chunk Flags: 8 bit
371  *
372  *   Set to zero on transmit and ignored on receipt.
373  *
374  * Length: 16 bits (unsigned integer)
375  *
376  *   Set to the size of the chunk in bytes, including the 4 bytes of
377  *   the chunk header and the size of the Cookie.
378  *
379  * Cookie: variable size
380  *
381  *   This field must contain the exact cookie received in the
382  *   State Cookie parameter from the previous INIT ACK.
383  *
384  *   An implementation SHOULD make the cookie as small as possible
385  *   to insure interoperability.
386  */
387 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
388 				    const struct sctp_chunk *chunk)
389 {
390 	struct sctp_chunk *retval;
391 	void *cookie;
392 	int cookie_len;
393 
394 	cookie = asoc->peer.cookie;
395 	cookie_len = asoc->peer.cookie_len;
396 
397 	/* Build a cookie echo chunk.  */
398 	retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len);
399 	if (!retval)
400 		goto nodata;
401 	retval->subh.cookie_hdr =
402 		sctp_addto_chunk(retval, cookie_len, cookie);
403 
404 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
405 	 *
406 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
407 	 * HEARTBEAT ACK, * etc.) to the same destination transport
408 	 * address from which it * received the DATA or control chunk
409 	 * to which it is replying.
410 	 *
411 	 * [COOKIE ECHO back to where the INIT ACK came from.]
412 	 */
413 	if (chunk)
414 		retval->transport = chunk->transport;
415 
416 nodata:
417 	return retval;
418 }
419 
420 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11):
421  *
422  * This chunk is used only during the initialization of an
423  * association.  It is used to acknowledge the receipt of a COOKIE
424  * ECHO chunk.  This chunk MUST precede any DATA or SACK chunk sent
425  * within the association, but MAY be bundled with one or more DATA
426  * chunks or SACK chunk in the same SCTP packet.
427  *
428  *      0                   1                   2                   3
429  *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
430  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
431  *     |   Type = 11   |Chunk  Flags   |     Length = 4                |
432  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
433  *
434  * Chunk Flags: 8 bits
435  *
436  *   Set to zero on transmit and ignored on receipt.
437  */
438 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
439 				   const struct sctp_chunk *chunk)
440 {
441 	struct sctp_chunk *retval;
442 
443 	retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0);
444 
445 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
446 	 *
447 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
448 	 * HEARTBEAT ACK, * etc.) to the same destination transport
449 	 * address from which it * received the DATA or control chunk
450 	 * to which it is replying.
451 	 *
452 	 * [COOKIE ACK back to where the COOKIE ECHO came from.]
453 	 */
454 	if (retval && chunk)
455 		retval->transport = chunk->transport;
456 
457 	return retval;
458 }
459 
460 /*
461  *  Appendix A: Explicit Congestion Notification:
462  *  CWR:
463  *
464  *  RFC 2481 details a specific bit for a sender to send in the header of
465  *  its next outbound TCP segment to indicate to its peer that it has
466  *  reduced its congestion window.  This is termed the CWR bit.  For
467  *  SCTP the same indication is made by including the CWR chunk.
468  *  This chunk contains one data element, i.e. the TSN number that
469  *  was sent in the ECNE chunk.  This element represents the lowest
470  *  TSN number in the datagram that was originally marked with the
471  *  CE bit.
472  *
473  *     0                   1                   2                   3
474  *     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
475  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
476  *    | Chunk Type=13 | Flags=00000000|    Chunk Length = 8           |
477  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
478  *    |                      Lowest TSN Number                        |
479  *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
480  *
481  *     Note: The CWR is considered a Control chunk.
482  */
483 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
484 			    const __u32 lowest_tsn,
485 			    const struct sctp_chunk *chunk)
486 {
487 	struct sctp_chunk *retval;
488 	sctp_cwrhdr_t cwr;
489 
490 	cwr.lowest_tsn = htonl(lowest_tsn);
491 	retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0,
492 				 sizeof(sctp_cwrhdr_t));
493 
494 	if (!retval)
495 		goto nodata;
496 
497 	retval->subh.ecn_cwr_hdr =
498 		sctp_addto_chunk(retval, sizeof(cwr), &cwr);
499 
500 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
501 	 *
502 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
503 	 * HEARTBEAT ACK, * etc.) to the same destination transport
504 	 * address from which it * received the DATA or control chunk
505 	 * to which it is replying.
506 	 *
507 	 * [Report a reduced congestion window back to where the ECNE
508 	 * came from.]
509 	 */
510 	if (chunk)
511 		retval->transport = chunk->transport;
512 
513 nodata:
514 	return retval;
515 }
516 
517 /* Make an ECNE chunk.  This is a congestion experienced report.  */
518 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
519 			     const __u32 lowest_tsn)
520 {
521 	struct sctp_chunk *retval;
522 	sctp_ecnehdr_t ecne;
523 
524 	ecne.lowest_tsn = htonl(lowest_tsn);
525 	retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0,
526 				 sizeof(sctp_ecnehdr_t));
527 	if (!retval)
528 		goto nodata;
529 	retval->subh.ecne_hdr =
530 		sctp_addto_chunk(retval, sizeof(ecne), &ecne);
531 
532 nodata:
533 	return retval;
534 }
535 
536 /* Make a DATA chunk for the given association from the provided
537  * parameters.  However, do not populate the data payload.
538  */
539 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc,
540 				       const struct sctp_sndrcvinfo *sinfo,
541 				       int data_len, __u8 flags, __u16 ssn)
542 {
543 	struct sctp_chunk *retval;
544 	struct sctp_datahdr dp;
545 	int chunk_len;
546 
547 	/* We assign the TSN as LATE as possible, not here when
548 	 * creating the chunk.
549 	 */
550 	dp.tsn = 0;
551 	dp.stream = htons(sinfo->sinfo_stream);
552 	dp.ppid   = sinfo->sinfo_ppid;
553 
554 	/* Set the flags for an unordered send.  */
555 	if (sinfo->sinfo_flags & SCTP_UNORDERED) {
556 		flags |= SCTP_DATA_UNORDERED;
557 		dp.ssn = 0;
558 	} else
559 		dp.ssn = htons(ssn);
560 
561 	chunk_len = sizeof(dp) + data_len;
562 	retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len);
563 	if (!retval)
564 		goto nodata;
565 
566 	retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
567 	memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
568 
569 nodata:
570 	return retval;
571 }
572 
573 /* Create a selective ackowledgement (SACK) for the given
574  * association.  This reports on which TSN's we've seen to date,
575  * including duplicates and gaps.
576  */
577 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
578 {
579 	struct sctp_chunk *retval;
580 	struct sctp_sackhdr sack;
581 	int len;
582 	__u32 ctsn;
583 	__u16 num_gabs, num_dup_tsns;
584 	struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
585 
586 	ctsn = sctp_tsnmap_get_ctsn(map);
587 	SCTP_DEBUG_PRINTK("sackCTSNAck sent:  0x%x.\n", ctsn);
588 
589 	/* How much room is needed in the chunk? */
590 	num_gabs = sctp_tsnmap_num_gabs(map);
591 	num_dup_tsns = sctp_tsnmap_num_dups(map);
592 
593 	/* Initialize the SACK header.  */
594 	sack.cum_tsn_ack	    = htonl(ctsn);
595 	sack.a_rwnd 		    = htonl(asoc->a_rwnd);
596 	sack.num_gap_ack_blocks     = htons(num_gabs);
597 	sack.num_dup_tsns           = htons(num_dup_tsns);
598 
599 	len = sizeof(sack)
600 		+ sizeof(struct sctp_gap_ack_block) * num_gabs
601 		+ sizeof(__u32) * num_dup_tsns;
602 
603 	/* Create the chunk.  */
604 	retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len);
605 	if (!retval)
606 		goto nodata;
607 
608 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
609 	 *
610 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
611 	 * HEARTBEAT ACK, etc.) to the same destination transport
612 	 * address from which it received the DATA or control chunk to
613 	 * which it is replying.  This rule should also be followed if
614 	 * the endpoint is bundling DATA chunks together with the
615 	 * reply chunk.
616 	 *
617 	 * However, when acknowledging multiple DATA chunks received
618 	 * in packets from different source addresses in a single
619 	 * SACK, the SACK chunk may be transmitted to one of the
620 	 * destination transport addresses from which the DATA or
621 	 * control chunks being acknowledged were received.
622 	 *
623 	 * [BUG:  We do not implement the following paragraph.
624 	 * Perhaps we should remember the last transport we used for a
625 	 * SACK and avoid that (if possible) if we have seen any
626 	 * duplicates. --piggy]
627 	 *
628 	 * When a receiver of a duplicate DATA chunk sends a SACK to a
629 	 * multi- homed endpoint it MAY be beneficial to vary the
630 	 * destination address and not use the source address of the
631 	 * DATA chunk.  The reason being that receiving a duplicate
632 	 * from a multi-homed endpoint might indicate that the return
633 	 * path (as specified in the source address of the DATA chunk)
634 	 * for the SACK is broken.
635 	 *
636 	 * [Send to the address from which we last received a DATA chunk.]
637 	 */
638 	retval->transport = asoc->peer.last_data_from;
639 
640 	retval->subh.sack_hdr =
641 		sctp_addto_chunk(retval, sizeof(sack), &sack);
642 
643 	/* Add the gap ack block information.   */
644 	if (num_gabs)
645 		sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
646 				 sctp_tsnmap_get_gabs(map));
647 
648 	/* Add the duplicate TSN information.  */
649 	if (num_dup_tsns)
650 		sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
651 				 sctp_tsnmap_get_dups(map));
652 
653 nodata:
654 	return retval;
655 }
656 
657 /* Make a SHUTDOWN chunk. */
658 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
659 				      const struct sctp_chunk *chunk)
660 {
661 	struct sctp_chunk *retval;
662 	sctp_shutdownhdr_t shut;
663 	__u32 ctsn;
664 
665 	ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
666 	shut.cum_tsn_ack = htonl(ctsn);
667 
668 	retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0,
669 				 sizeof(sctp_shutdownhdr_t));
670 	if (!retval)
671 		goto nodata;
672 
673 	retval->subh.shutdown_hdr =
674 		sctp_addto_chunk(retval, sizeof(shut), &shut);
675 
676 	if (chunk)
677 		retval->transport = chunk->transport;
678 nodata:
679 	return retval;
680 }
681 
682 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
683 				     const struct sctp_chunk *chunk)
684 {
685 	struct sctp_chunk *retval;
686 
687 	retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0);
688 
689 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
690 	 *
691 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
692 	 * HEARTBEAT ACK, * etc.) to the same destination transport
693 	 * address from which it * received the DATA or control chunk
694 	 * to which it is replying.
695 	 *
696 	 * [ACK back to where the SHUTDOWN came from.]
697 	 */
698 	if (retval && chunk)
699 		retval->transport = chunk->transport;
700 
701 	return retval;
702 }
703 
704 struct sctp_chunk *sctp_make_shutdown_complete(
705 	const struct sctp_association *asoc,
706 	const struct sctp_chunk *chunk)
707 {
708 	struct sctp_chunk *retval;
709 	__u8 flags = 0;
710 
711 	/* Set the T-bit if we have no association (vtag will be
712 	 * reflected)
713 	 */
714 	flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
715 
716 	retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0);
717 
718 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
719 	 *
720 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
721 	 * HEARTBEAT ACK, * etc.) to the same destination transport
722 	 * address from which it * received the DATA or control chunk
723 	 * to which it is replying.
724 	 *
725 	 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK
726 	 * came from.]
727 	 */
728 	if (retval && chunk)
729 		retval->transport = chunk->transport;
730 
731         return retval;
732 }
733 
734 /* Create an ABORT.  Note that we set the T bit if we have no
735  * association, except when responding to an INIT (sctpimpguide 2.41).
736  */
737 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
738 			      const struct sctp_chunk *chunk,
739 			      const size_t hint)
740 {
741 	struct sctp_chunk *retval;
742 	__u8 flags = 0;
743 
744 	/* Set the T-bit if we have no association and 'chunk' is not
745 	 * an INIT (vtag will be reflected).
746 	 */
747 	if (!asoc) {
748 		if (chunk && chunk->chunk_hdr &&
749 		    chunk->chunk_hdr->type == SCTP_CID_INIT)
750 			flags = 0;
751 		else
752 			flags = SCTP_CHUNK_FLAG_T;
753 	}
754 
755 	retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint);
756 
757 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
758 	 *
759 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
760 	 * HEARTBEAT ACK, * etc.) to the same destination transport
761 	 * address from which it * received the DATA or control chunk
762 	 * to which it is replying.
763 	 *
764 	 * [ABORT back to where the offender came from.]
765 	 */
766 	if (retval && chunk)
767 		retval->transport = chunk->transport;
768 
769 	return retval;
770 }
771 
772 /* Helper to create ABORT with a NO_USER_DATA error.  */
773 struct sctp_chunk *sctp_make_abort_no_data(
774 	const struct sctp_association *asoc,
775 	const struct sctp_chunk *chunk, __u32 tsn)
776 {
777 	struct sctp_chunk *retval;
778 	__u32 payload;
779 
780 	retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
781 				 + sizeof(tsn));
782 
783 	if (!retval)
784 		goto no_mem;
785 
786 	/* Put the tsn back into network byte order.  */
787 	payload = htonl(tsn);
788 	sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload,
789 			sizeof(payload));
790 
791 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
792 	 *
793 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
794 	 * HEARTBEAT ACK, * etc.) to the same destination transport
795 	 * address from which it * received the DATA or control chunk
796 	 * to which it is replying.
797 	 *
798 	 * [ABORT back to where the offender came from.]
799 	 */
800 	if (chunk)
801 		retval->transport = chunk->transport;
802 
803 no_mem:
804 	return retval;
805 }
806 
807 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error.  */
808 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
809 				   const struct sctp_chunk *chunk,
810 				   const struct msghdr *msg)
811 {
812 	struct sctp_chunk *retval;
813 	void *payload = NULL, *payoff;
814 	size_t paylen = 0;
815 	struct iovec *iov = NULL;
816 	int iovlen = 0;
817 
818 	if (msg) {
819 		iov = msg->msg_iov;
820 		iovlen = msg->msg_iovlen;
821 		paylen = get_user_iov_size(iov, iovlen);
822 	}
823 
824 	retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen);
825 	if (!retval)
826 		goto err_chunk;
827 
828 	if (paylen) {
829 		/* Put the msg_iov together into payload.  */
830 		payload = kmalloc(paylen, GFP_ATOMIC);
831 		if (!payload)
832 			goto err_payload;
833 		payoff = payload;
834 
835 		for (; iovlen > 0; --iovlen) {
836 			if (copy_from_user(payoff, iov->iov_base,iov->iov_len))
837 				goto err_copy;
838 			payoff += iov->iov_len;
839 			iov++;
840 		}
841 	}
842 
843 	sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen);
844 
845 	if (paylen)
846 		kfree(payload);
847 
848 	return retval;
849 
850 err_copy:
851 	kfree(payload);
852 err_payload:
853 	sctp_chunk_free(retval);
854 	retval = NULL;
855 err_chunk:
856 	return retval;
857 }
858 
859 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */
860 struct sctp_chunk *sctp_make_abort_violation(
861 	const struct sctp_association *asoc,
862 	const struct sctp_chunk *chunk,
863 	const __u8   *payload,
864 	const size_t paylen)
865 {
866 	struct sctp_chunk  *retval;
867 	struct sctp_paramhdr phdr;
868 
869 	retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen
870 					+ sizeof(sctp_chunkhdr_t));
871 	if (!retval)
872 		goto end;
873 
874 	sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen);
875 
876 	phdr.type = htons(chunk->chunk_hdr->type);
877 	phdr.length = chunk->chunk_hdr->length;
878 	sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr);
879 
880 end:
881 	return retval;
882 }
883 
884 /* Make a HEARTBEAT chunk.  */
885 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
886 				  const struct sctp_transport *transport,
887 				  const void *payload, const size_t paylen)
888 {
889 	struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT,
890 						    0, paylen);
891 
892 	if (!retval)
893 		goto nodata;
894 
895 	/* Cast away the 'const', as this is just telling the chunk
896 	 * what transport it belongs to.
897 	 */
898 	retval->transport = (struct sctp_transport *) transport;
899 	retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
900 
901 nodata:
902 	return retval;
903 }
904 
905 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
906 				      const struct sctp_chunk *chunk,
907 				      const void *payload, const size_t paylen)
908 {
909 	struct sctp_chunk *retval;
910 
911 	retval  = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen);
912 	if (!retval)
913 		goto nodata;
914 
915 	retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
916 
917 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
918 	 *
919 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
920 	 * HEARTBEAT ACK, * etc.) to the same destination transport
921 	 * address from which it * received the DATA or control chunk
922 	 * to which it is replying.
923 	 *
924 	 * [HBACK back to where the HEARTBEAT came from.]
925 	 */
926 	if (chunk)
927 		retval->transport = chunk->transport;
928 
929 nodata:
930 	return retval;
931 }
932 
933 /* Create an Operation Error chunk with the specified space reserved.
934  * This routine can be used for containing multiple causes in the chunk.
935  */
936 static struct sctp_chunk *sctp_make_op_error_space(
937 	const struct sctp_association *asoc,
938 	const struct sctp_chunk *chunk,
939 	size_t size)
940 {
941 	struct sctp_chunk *retval;
942 
943 	retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0,
944 				 sizeof(sctp_errhdr_t) + size);
945 	if (!retval)
946 		goto nodata;
947 
948 	/* RFC 2960 6.4 Multi-homed SCTP Endpoints
949 	 *
950 	 * An endpoint SHOULD transmit reply chunks (e.g., SACK,
951 	 * HEARTBEAT ACK, etc.) to the same destination transport
952 	 * address from which it received the DATA or control chunk
953 	 * to which it is replying.
954 	 *
955 	 */
956 	if (chunk)
957 		retval->transport = chunk->transport;
958 
959 nodata:
960 	return retval;
961 }
962 
963 /* Create an Operation Error chunk.  */
964 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
965 				 const struct sctp_chunk *chunk,
966 				 __u16 cause_code, const void *payload,
967 				 size_t paylen)
968 {
969 	struct sctp_chunk *retval;
970 
971 	retval = sctp_make_op_error_space(asoc, chunk, paylen);
972 	if (!retval)
973 		goto nodata;
974 
975 	sctp_init_cause(retval, cause_code, payload, paylen);
976 
977 nodata:
978 	return retval;
979 }
980 
981 /********************************************************************
982  * 2nd Level Abstractions
983  ********************************************************************/
984 
985 /* Turn an skb into a chunk.
986  * FIXME: Eventually move the structure directly inside the skb->cb[].
987  */
988 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
989 			    const struct sctp_association *asoc,
990 			    struct sock *sk)
991 {
992 	struct sctp_chunk *retval;
993 
994 	retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC);
995 
996 	if (!retval)
997 		goto nodata;
998 	memset(retval, 0, sizeof(struct sctp_chunk));
999 
1000 	if (!sk) {
1001 		SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb);
1002 	}
1003 
1004 	INIT_LIST_HEAD(&retval->list);
1005 	retval->skb		= skb;
1006 	retval->asoc		= (struct sctp_association *)asoc;
1007 	retval->resent  	= 0;
1008 	retval->has_tsn		= 0;
1009 	retval->has_ssn         = 0;
1010 	retval->rtt_in_progress	= 0;
1011 	retval->sent_at		= 0;
1012 	retval->singleton	= 1;
1013 	retval->end_of_packet	= 0;
1014 	retval->ecn_ce_done	= 0;
1015 	retval->pdiscard	= 0;
1016 
1017 	/* sctpimpguide-05.txt Section 2.8.2
1018 	 * M1) Each time a new DATA chunk is transmitted
1019 	 * set the 'TSN.Missing.Report' count for that TSN to 0. The
1020 	 * 'TSN.Missing.Report' count will be used to determine missing chunks
1021 	 * and when to fast retransmit.
1022 	 */
1023 	retval->tsn_missing_report = 0;
1024 	retval->tsn_gap_acked = 0;
1025 	retval->fast_retransmit = 0;
1026 
1027 	/* If this is a fragmented message, track all fragments
1028 	 * of the message (for SEND_FAILED).
1029 	 */
1030 	retval->msg = NULL;
1031 
1032 	/* Polish the bead hole.  */
1033 	INIT_LIST_HEAD(&retval->transmitted_list);
1034 	INIT_LIST_HEAD(&retval->frag_list);
1035 	SCTP_DBG_OBJCNT_INC(chunk);
1036 	atomic_set(&retval->refcnt, 1);
1037 
1038 nodata:
1039 	return retval;
1040 }
1041 
1042 /* Set chunk->source and dest based on the IP header in chunk->skb.  */
1043 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1044 		     union sctp_addr *dest)
1045 {
1046 	memcpy(&chunk->source, src, sizeof(union sctp_addr));
1047 	memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1048 }
1049 
1050 /* Extract the source address from a chunk.  */
1051 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1052 {
1053 	/* If we have a known transport, use that.  */
1054 	if (chunk->transport) {
1055 		return &chunk->transport->ipaddr;
1056 	} else {
1057 		/* Otherwise, extract it from the IP header.  */
1058 		return &chunk->source;
1059 	}
1060 }
1061 
1062 /* Create a new chunk, setting the type and flags headers from the
1063  * arguments, reserving enough space for a 'paylen' byte payload.
1064  */
1065 SCTP_STATIC
1066 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1067 				   __u8 type, __u8 flags, int paylen)
1068 {
1069 	struct sctp_chunk *retval;
1070 	sctp_chunkhdr_t *chunk_hdr;
1071 	struct sk_buff *skb;
1072 	struct sock *sk;
1073 
1074 	/* No need to allocate LL here, as this is only a chunk. */
1075 	skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen),
1076 			GFP_ATOMIC);
1077 	if (!skb)
1078 		goto nodata;
1079 
1080 	/* Make room for the chunk header.  */
1081 	chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t));
1082 	chunk_hdr->type	  = type;
1083 	chunk_hdr->flags  = flags;
1084 	chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t));
1085 
1086 	sk = asoc ? asoc->base.sk : NULL;
1087 	retval = sctp_chunkify(skb, asoc, sk);
1088 	if (!retval) {
1089 		kfree_skb(skb);
1090 		goto nodata;
1091 	}
1092 
1093 	retval->chunk_hdr = chunk_hdr;
1094 	retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1095 
1096 	/* Set the skb to the belonging sock for accounting.  */
1097 	skb->sk = sk;
1098 
1099 	return retval;
1100 nodata:
1101 	return NULL;
1102 }
1103 
1104 
1105 /* Release the memory occupied by a chunk.  */
1106 static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1107 {
1108 	/* Free the chunk skb data and the SCTP_chunk stub itself. */
1109 	dev_kfree_skb(chunk->skb);
1110 
1111 	SCTP_DBG_OBJCNT_DEC(chunk);
1112 	kmem_cache_free(sctp_chunk_cachep, chunk);
1113 }
1114 
1115 /* Possibly, free the chunk.  */
1116 void sctp_chunk_free(struct sctp_chunk *chunk)
1117 {
1118 	BUG_ON(!list_empty(&chunk->list));
1119 	list_del_init(&chunk->transmitted_list);
1120 
1121 	/* Release our reference on the message tracker. */
1122 	if (chunk->msg)
1123 		sctp_datamsg_put(chunk->msg);
1124 
1125 	sctp_chunk_put(chunk);
1126 }
1127 
1128 /* Grab a reference to the chunk. */
1129 void sctp_chunk_hold(struct sctp_chunk *ch)
1130 {
1131 	atomic_inc(&ch->refcnt);
1132 }
1133 
1134 /* Release a reference to the chunk. */
1135 void sctp_chunk_put(struct sctp_chunk *ch)
1136 {
1137 	if (atomic_dec_and_test(&ch->refcnt))
1138 		sctp_chunk_destroy(ch);
1139 }
1140 
1141 /* Append bytes to the end of a chunk.  Will panic if chunk is not big
1142  * enough.
1143  */
1144 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1145 {
1146 	void *target;
1147 	void *padding;
1148 	int chunklen = ntohs(chunk->chunk_hdr->length);
1149 	int padlen = chunklen % 4;
1150 
1151 	padding = skb_put(chunk->skb, padlen);
1152 	target = skb_put(chunk->skb, len);
1153 
1154 	memset(padding, 0, padlen);
1155 	memcpy(target, data, len);
1156 
1157 	/* Adjust the chunk length field.  */
1158 	chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1159 	chunk->chunk_end = chunk->skb->tail;
1160 
1161 	return target;
1162 }
1163 
1164 /* Append bytes from user space to the end of a chunk.  Will panic if
1165  * chunk is not big enough.
1166  * Returns a kernel err value.
1167  */
1168 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len,
1169 			  struct iovec *data)
1170 {
1171 	__u8 *target;
1172 	int err = 0;
1173 
1174 	/* Make room in chunk for data.  */
1175 	target = skb_put(chunk->skb, len);
1176 
1177 	/* Copy data (whole iovec) into chunk */
1178 	if ((err = memcpy_fromiovecend(target, data, off, len)))
1179 		goto out;
1180 
1181 	/* Adjust the chunk length field.  */
1182 	chunk->chunk_hdr->length =
1183 		htons(ntohs(chunk->chunk_hdr->length) + len);
1184 	chunk->chunk_end = chunk->skb->tail;
1185 
1186 out:
1187 	return err;
1188 }
1189 
1190 /* Helper function to assign a TSN if needed.  This assumes that both
1191  * the data_hdr and association have already been assigned.
1192  */
1193 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1194 {
1195 	__u16 ssn;
1196 	__u16 sid;
1197 
1198 	if (chunk->has_ssn)
1199 		return;
1200 
1201 	/* This is the last possible instant to assign a SSN. */
1202 	if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1203 		ssn = 0;
1204 	} else {
1205 		sid = htons(chunk->subh.data_hdr->stream);
1206 		if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1207 			ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid);
1208 		else
1209 			ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid);
1210 		ssn = htons(ssn);
1211 	}
1212 
1213 	chunk->subh.data_hdr->ssn = ssn;
1214 	chunk->has_ssn = 1;
1215 }
1216 
1217 /* Helper function to assign a TSN if needed.  This assumes that both
1218  * the data_hdr and association have already been assigned.
1219  */
1220 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1221 {
1222 	if (!chunk->has_tsn) {
1223 		/* This is the last possible instant to
1224 		 * assign a TSN.
1225 		 */
1226 		chunk->subh.data_hdr->tsn =
1227 			htonl(sctp_association_get_next_tsn(chunk->asoc));
1228 		chunk->has_tsn = 1;
1229 	}
1230 }
1231 
1232 /* Create a CLOSED association to use with an incoming packet.  */
1233 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1234 					struct sctp_chunk *chunk,
1235 					gfp_t gfp)
1236 {
1237 	struct sctp_association *asoc;
1238 	struct sk_buff *skb;
1239 	sctp_scope_t scope;
1240 	struct sctp_af *af;
1241 
1242 	/* Create the bare association.  */
1243 	scope = sctp_scope(sctp_source(chunk));
1244 	asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1245 	if (!asoc)
1246 		goto nodata;
1247 	asoc->temp = 1;
1248 	skb = chunk->skb;
1249 	/* Create an entry for the source address of the packet.  */
1250 	af = sctp_get_af_specific(ipver2af(skb->nh.iph->version));
1251 	if (unlikely(!af))
1252 		goto fail;
1253 	af->from_skb(&asoc->c.peer_addr, skb, 1);
1254 nodata:
1255 	return asoc;
1256 
1257 fail:
1258 	sctp_association_free(asoc);
1259 	return NULL;
1260 }
1261 
1262 /* Build a cookie representing asoc.
1263  * This INCLUDES the param header needed to put the cookie in the INIT ACK.
1264  */
1265 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1266 				      const struct sctp_association *asoc,
1267 				      const struct sctp_chunk *init_chunk,
1268 				      int *cookie_len,
1269 				      const __u8 *raw_addrs, int addrs_len)
1270 {
1271 	sctp_cookie_param_t *retval;
1272 	struct sctp_signed_cookie *cookie;
1273 	struct scatterlist sg;
1274 	int headersize, bodysize;
1275 	unsigned int keylen;
1276 	char *key;
1277 
1278 	/* Header size is static data prior to the actual cookie, including
1279 	 * any padding.
1280 	 */
1281 	headersize = sizeof(sctp_paramhdr_t) +
1282 		     (sizeof(struct sctp_signed_cookie) -
1283 		      sizeof(struct sctp_cookie));
1284 	bodysize = sizeof(struct sctp_cookie)
1285 		+ ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1286 
1287 	/* Pad out the cookie to a multiple to make the signature
1288 	 * functions simpler to write.
1289 	 */
1290 	if (bodysize % SCTP_COOKIE_MULTIPLE)
1291 		bodysize += SCTP_COOKIE_MULTIPLE
1292 			- (bodysize % SCTP_COOKIE_MULTIPLE);
1293 	*cookie_len = headersize + bodysize;
1294 
1295 	retval = kmalloc(*cookie_len, GFP_ATOMIC);
1296 
1297 	if (!retval) {
1298 		*cookie_len = 0;
1299 		goto nodata;
1300 	}
1301 
1302 	/* Clear this memory since we are sending this data structure
1303 	 * out on the network.
1304 	 */
1305 	memset(retval, 0x00, *cookie_len);
1306 	cookie = (struct sctp_signed_cookie *) retval->body;
1307 
1308 	/* Set up the parameter header.  */
1309 	retval->p.type = SCTP_PARAM_STATE_COOKIE;
1310 	retval->p.length = htons(*cookie_len);
1311 
1312 	/* Copy the cookie part of the association itself.  */
1313 	cookie->c = asoc->c;
1314 	/* Save the raw address list length in the cookie. */
1315 	cookie->c.raw_addr_list_len = addrs_len;
1316 
1317 	/* Remember PR-SCTP capability. */
1318 	cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1319 
1320 	/* Save adaption indication in the cookie. */
1321 	cookie->c.adaption_ind = asoc->peer.adaption_ind;
1322 
1323 	/* Set an expiration time for the cookie.  */
1324 	do_gettimeofday(&cookie->c.expiration);
1325 	TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration);
1326 
1327 	/* Copy the peer's init packet.  */
1328 	memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1329 	       ntohs(init_chunk->chunk_hdr->length));
1330 
1331 	/* Copy the raw local address list of the association. */
1332 	memcpy((__u8 *)&cookie->c.peer_init[0] +
1333 	       ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1334 
1335   	if (sctp_sk(ep->base.sk)->hmac) {
1336 		/* Sign the message.  */
1337 		sg.page = virt_to_page(&cookie->c);
1338 		sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE;
1339 		sg.length = bodysize;
1340 		keylen = SCTP_SECRET_SIZE;
1341 		key = (char *)ep->secret_key[ep->current_key];
1342 
1343 		sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen,
1344 				 &sg, 1, cookie->signature);
1345 	}
1346 
1347 nodata:
1348 	return retval;
1349 }
1350 
1351 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association.  */
1352 struct sctp_association *sctp_unpack_cookie(
1353 	const struct sctp_endpoint *ep,
1354 	const struct sctp_association *asoc,
1355 	struct sctp_chunk *chunk, gfp_t gfp,
1356 	int *error, struct sctp_chunk **errp)
1357 {
1358 	struct sctp_association *retval = NULL;
1359 	struct sctp_signed_cookie *cookie;
1360 	struct sctp_cookie *bear_cookie;
1361 	int headersize, bodysize, fixed_size;
1362 	__u8 *digest = ep->digest;
1363 	struct scatterlist sg;
1364 	unsigned int keylen, len;
1365 	char *key;
1366 	sctp_scope_t scope;
1367 	struct sk_buff *skb = chunk->skb;
1368 	struct timeval tv;
1369 
1370 	/* Header size is static data prior to the actual cookie, including
1371 	 * any padding.
1372 	 */
1373 	headersize = sizeof(sctp_chunkhdr_t) +
1374 		     (sizeof(struct sctp_signed_cookie) -
1375 		      sizeof(struct sctp_cookie));
1376 	bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1377 	fixed_size = headersize + sizeof(struct sctp_cookie);
1378 
1379 	/* Verify that the chunk looks like it even has a cookie.
1380 	 * There must be enough room for our cookie and our peer's
1381 	 * INIT chunk.
1382 	 */
1383 	len = ntohs(chunk->chunk_hdr->length);
1384 	if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1385 		goto malformed;
1386 
1387 	/* Verify that the cookie has been padded out. */
1388 	if (bodysize % SCTP_COOKIE_MULTIPLE)
1389 		goto malformed;
1390 
1391 	/* Process the cookie.  */
1392 	cookie = chunk->subh.cookie_hdr;
1393 	bear_cookie = &cookie->c;
1394 
1395 	if (!sctp_sk(ep->base.sk)->hmac)
1396 		goto no_hmac;
1397 
1398 	/* Check the signature.  */
1399 	keylen = SCTP_SECRET_SIZE;
1400 	sg.page = virt_to_page(bear_cookie);
1401 	sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE;
1402 	sg.length = bodysize;
1403 	key = (char *)ep->secret_key[ep->current_key];
1404 
1405 	memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1406 	sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg,
1407 			 1, digest);
1408 
1409 	if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1410 		/* Try the previous key. */
1411 		key = (char *)ep->secret_key[ep->last_key];
1412 		memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1413 		sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen,
1414 				 &sg, 1, digest);
1415 
1416 		if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1417 			/* Yikes!  Still bad signature! */
1418 			*error = -SCTP_IERROR_BAD_SIG;
1419 			goto fail;
1420 		}
1421 	}
1422 
1423 no_hmac:
1424 	/* IG Section 2.35.2:
1425 	 *  3) Compare the port numbers and the verification tag contained
1426 	 *     within the COOKIE ECHO chunk to the actual port numbers and the
1427 	 *     verification tag within the SCTP common header of the received
1428 	 *     packet. If these values do not match the packet MUST be silently
1429 	 *     discarded,
1430 	 */
1431 	if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1432 		*error = -SCTP_IERROR_BAD_TAG;
1433 		goto fail;
1434 	}
1435 
1436 	if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port ||
1437 	    ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1438 		*error = -SCTP_IERROR_BAD_PORTS;
1439 		goto fail;
1440 	}
1441 
1442 	/* Check to see if the cookie is stale.  If there is already
1443 	 * an association, there is no need to check cookie's expiration
1444 	 * for init collision case of lost COOKIE ACK.
1445 	 */
1446 	skb_get_timestamp(skb, &tv);
1447 	if (!asoc && tv_lt(bear_cookie->expiration, tv)) {
1448 		__u16 len;
1449 		/*
1450 		 * Section 3.3.10.3 Stale Cookie Error (3)
1451 		 *
1452 		 * Cause of error
1453 		 * ---------------
1454 		 * Stale Cookie Error:  Indicates the receipt of a valid State
1455 		 * Cookie that has expired.
1456 		 */
1457 		len = ntohs(chunk->chunk_hdr->length);
1458 		*errp = sctp_make_op_error_space(asoc, chunk, len);
1459 		if (*errp) {
1460 			suseconds_t usecs = (tv.tv_sec -
1461 				bear_cookie->expiration.tv_sec) * 1000000L +
1462 				tv.tv_usec - bear_cookie->expiration.tv_usec;
1463 
1464 			usecs = htonl(usecs);
1465 			sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1466 					&usecs, sizeof(usecs));
1467 			*error = -SCTP_IERROR_STALE_COOKIE;
1468 		} else
1469 			*error = -SCTP_IERROR_NOMEM;
1470 
1471 		goto fail;
1472 	}
1473 
1474 	/* Make a new base association.  */
1475 	scope = sctp_scope(sctp_source(chunk));
1476 	retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1477 	if (!retval) {
1478 		*error = -SCTP_IERROR_NOMEM;
1479 		goto fail;
1480 	}
1481 
1482 	/* Set up our peer's port number.  */
1483 	retval->peer.port = ntohs(chunk->sctp_hdr->source);
1484 
1485 	/* Populate the association from the cookie.  */
1486 	memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1487 
1488 	if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1489 						 GFP_ATOMIC) < 0) {
1490 		*error = -SCTP_IERROR_NOMEM;
1491 		goto fail;
1492 	}
1493 
1494 	/* Also, add the destination address. */
1495 	if (list_empty(&retval->base.bind_addr.address_list)) {
1496 		sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1497 				   GFP_ATOMIC);
1498 	}
1499 
1500 	retval->next_tsn = retval->c.initial_tsn;
1501 	retval->ctsn_ack_point = retval->next_tsn - 1;
1502 	retval->addip_serial = retval->c.initial_tsn;
1503 	retval->adv_peer_ack_point = retval->ctsn_ack_point;
1504 	retval->peer.prsctp_capable = retval->c.prsctp_capable;
1505 	retval->peer.adaption_ind = retval->c.adaption_ind;
1506 
1507 	/* The INIT stuff will be done by the side effects.  */
1508 	return retval;
1509 
1510 fail:
1511 	if (retval)
1512 		sctp_association_free(retval);
1513 
1514 	return NULL;
1515 
1516 malformed:
1517 	/* Yikes!  The packet is either corrupt or deliberately
1518 	 * malformed.
1519 	 */
1520 	*error = -SCTP_IERROR_MALFORMED;
1521 	goto fail;
1522 }
1523 
1524 /********************************************************************
1525  * 3rd Level Abstractions
1526  ********************************************************************/
1527 
1528 struct __sctp_missing {
1529 	__u32 num_missing;
1530 	__u16 type;
1531 }  __attribute__((packed));
1532 
1533 /*
1534  * Report a missing mandatory parameter.
1535  */
1536 static int sctp_process_missing_param(const struct sctp_association *asoc,
1537 				      sctp_param_t paramtype,
1538 				      struct sctp_chunk *chunk,
1539 				      struct sctp_chunk **errp)
1540 {
1541 	struct __sctp_missing report;
1542 	__u16 len;
1543 
1544 	len = WORD_ROUND(sizeof(report));
1545 
1546 	/* Make an ERROR chunk, preparing enough room for
1547 	 * returning multiple unknown parameters.
1548 	 */
1549 	if (!*errp)
1550 		*errp = sctp_make_op_error_space(asoc, chunk, len);
1551 
1552 	if (*errp) {
1553 		report.num_missing = htonl(1);
1554 		report.type = paramtype;
1555 		sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM,
1556 				&report, sizeof(report));
1557 	}
1558 
1559 	/* Stop processing this chunk. */
1560 	return 0;
1561 }
1562 
1563 /* Report an Invalid Mandatory Parameter.  */
1564 static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1565 				      struct sctp_chunk *chunk,
1566 				      struct sctp_chunk **errp)
1567 {
1568 	/* Invalid Mandatory Parameter Error has no payload. */
1569 
1570 	if (!*errp)
1571 		*errp = sctp_make_op_error_space(asoc, chunk, 0);
1572 
1573 	if (*errp)
1574 		sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0);
1575 
1576 	/* Stop processing this chunk. */
1577 	return 0;
1578 }
1579 
1580 static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1581 					struct sctp_paramhdr *param,
1582 					const struct sctp_chunk *chunk,
1583 					struct sctp_chunk **errp)
1584 {
1585 	char		error[] = "The following parameter had invalid length:";
1586 	size_t		payload_len = WORD_ROUND(sizeof(error)) +
1587 						sizeof(sctp_paramhdr_t);
1588 
1589 
1590 	/* Create an error chunk and fill it in with our payload. */
1591 	if (!*errp)
1592 		*errp = sctp_make_op_error_space(asoc, chunk, payload_len);
1593 
1594 	if (*errp) {
1595 		sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error,
1596 				sizeof(error));
1597 		sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param);
1598 	}
1599 
1600 	return 0;
1601 }
1602 
1603 
1604 /* Do not attempt to handle the HOST_NAME parm.  However, do
1605  * send back an indicator to the peer.
1606  */
1607 static int sctp_process_hn_param(const struct sctp_association *asoc,
1608 				 union sctp_params param,
1609 				 struct sctp_chunk *chunk,
1610 				 struct sctp_chunk **errp)
1611 {
1612 	__u16 len = ntohs(param.p->length);
1613 
1614 	/* Make an ERROR chunk. */
1615 	if (!*errp)
1616 		*errp = sctp_make_op_error_space(asoc, chunk, len);
1617 
1618 	if (*errp)
1619 		sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED,
1620 				param.v, len);
1621 
1622 	/* Stop processing this chunk. */
1623 	return 0;
1624 }
1625 
1626 /* RFC 3.2.1 & the Implementers Guide 2.2.
1627  *
1628  * The Parameter Types are encoded such that the
1629  * highest-order two bits specify the action that must be
1630  * taken if the processing endpoint does not recognize the
1631  * Parameter Type.
1632  *
1633  * 00 - Stop processing this SCTP chunk and discard it,
1634  *	do not process any further chunks within it.
1635  *
1636  * 01 - Stop processing this SCTP chunk and discard it,
1637  *	do not process any further chunks within it, and report
1638  *	the unrecognized parameter in an 'Unrecognized
1639  *	Parameter Type' (in either an ERROR or in the INIT ACK).
1640  *
1641  * 10 - Skip this parameter and continue processing.
1642  *
1643  * 11 - Skip this parameter and continue processing but
1644  *	report the unrecognized parameter in an
1645  *	'Unrecognized Parameter Type' (in either an ERROR or in
1646  *	the INIT ACK).
1647  *
1648  * Return value:
1649  * 	0 - discard the chunk
1650  * 	1 - continue with the chunk
1651  */
1652 static int sctp_process_unk_param(const struct sctp_association *asoc,
1653 				  union sctp_params param,
1654 				  struct sctp_chunk *chunk,
1655 				  struct sctp_chunk **errp)
1656 {
1657 	int retval = 1;
1658 
1659 	switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
1660 	case SCTP_PARAM_ACTION_DISCARD:
1661 		retval =  0;
1662 		break;
1663 	case SCTP_PARAM_ACTION_DISCARD_ERR:
1664 		retval =  0;
1665 		/* Make an ERROR chunk, preparing enough room for
1666 		 * returning multiple unknown parameters.
1667 		 */
1668 		if (NULL == *errp)
1669 			*errp = sctp_make_op_error_space(asoc, chunk,
1670 					ntohs(chunk->chunk_hdr->length));
1671 
1672 		if (*errp)
1673 			sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
1674 					param.v,
1675 					WORD_ROUND(ntohs(param.p->length)));
1676 
1677 		break;
1678 	case SCTP_PARAM_ACTION_SKIP:
1679 		break;
1680 	case SCTP_PARAM_ACTION_SKIP_ERR:
1681 		/* Make an ERROR chunk, preparing enough room for
1682 		 * returning multiple unknown parameters.
1683 		 */
1684 		if (NULL == *errp)
1685 			*errp = sctp_make_op_error_space(asoc, chunk,
1686 					ntohs(chunk->chunk_hdr->length));
1687 
1688 		if (*errp) {
1689 			sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
1690 					param.v,
1691 					WORD_ROUND(ntohs(param.p->length)));
1692 		} else {
1693 			/* If there is no memory for generating the ERROR
1694 			 * report as specified, an ABORT will be triggered
1695 			 * to the peer and the association won't be
1696 			 * established.
1697 			 */
1698 			retval = 0;
1699 		}
1700 
1701 		break;
1702 	default:
1703 		break;
1704 	}
1705 
1706 	return retval;
1707 }
1708 
1709 /* Find unrecognized parameters in the chunk.
1710  * Return values:
1711  * 	0 - discard the chunk
1712  * 	1 - continue with the chunk
1713  */
1714 static int sctp_verify_param(const struct sctp_association *asoc,
1715 			     union sctp_params param,
1716 			     sctp_cid_t cid,
1717 			     struct sctp_chunk *chunk,
1718 			     struct sctp_chunk **err_chunk)
1719 {
1720 	int retval = 1;
1721 
1722 	/* FIXME - This routine is not looking at each parameter per the
1723 	 * chunk type, i.e., unrecognized parameters should be further
1724 	 * identified based on the chunk id.
1725 	 */
1726 
1727 	switch (param.p->type) {
1728 	case SCTP_PARAM_IPV4_ADDRESS:
1729 	case SCTP_PARAM_IPV6_ADDRESS:
1730 	case SCTP_PARAM_COOKIE_PRESERVATIVE:
1731 	case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
1732 	case SCTP_PARAM_STATE_COOKIE:
1733 	case SCTP_PARAM_HEARTBEAT_INFO:
1734 	case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
1735 	case SCTP_PARAM_ECN_CAPABLE:
1736 	case SCTP_PARAM_ADAPTION_LAYER_IND:
1737 		break;
1738 
1739 	case SCTP_PARAM_HOST_NAME_ADDRESS:
1740 		/* Tell the peer, we won't support this param.  */
1741 		return sctp_process_hn_param(asoc, param, chunk, err_chunk);
1742 	case SCTP_PARAM_FWD_TSN_SUPPORT:
1743 		if (sctp_prsctp_enable)
1744 			break;
1745 		/* Fall Through */
1746 	default:
1747 		SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
1748 				ntohs(param.p->type), cid);
1749 		return sctp_process_unk_param(asoc, param, chunk, err_chunk);
1750 
1751 		break;
1752 	}
1753 	return retval;
1754 }
1755 
1756 /* Verify the INIT packet before we process it.  */
1757 int sctp_verify_init(const struct sctp_association *asoc,
1758 		     sctp_cid_t cid,
1759 		     sctp_init_chunk_t *peer_init,
1760 		     struct sctp_chunk *chunk,
1761 		     struct sctp_chunk **errp)
1762 {
1763 	union sctp_params param;
1764 	int has_cookie = 0;
1765 
1766 	/* Verify stream values are non-zero. */
1767 	if ((0 == peer_init->init_hdr.num_outbound_streams) ||
1768 	    (0 == peer_init->init_hdr.num_inbound_streams)) {
1769 
1770 		sctp_process_inv_mandatory(asoc, chunk, errp);
1771 		return 0;
1772 	}
1773 
1774 	/* Check for missing mandatory parameters.  */
1775 	sctp_walk_params(param, peer_init, init_hdr.params) {
1776 
1777 		if (SCTP_PARAM_STATE_COOKIE == param.p->type)
1778 			has_cookie = 1;
1779 
1780 	} /* for (loop through all parameters) */
1781 
1782 	/* There is a possibility that a parameter length was bad and
1783 	 * in that case we would have stoped walking the parameters.
1784 	 * The current param.p would point at the bad one.
1785 	 * Current consensus on the mailing list is to generate a PROTOCOL
1786 	 * VIOLATION error.  We build the ERROR chunk here and let the normal
1787 	 * error handling code build and send the packet.
1788 	 */
1789 	if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) {
1790 		sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
1791 		return 0;
1792 	}
1793 
1794 	/* The only missing mandatory param possible today is
1795 	 * the state cookie for an INIT-ACK chunk.
1796 	 */
1797 	if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) {
1798 		sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
1799 					   chunk, errp);
1800 		return 0;
1801 	}
1802 
1803 	/* Find unrecognized parameters. */
1804 
1805 	sctp_walk_params(param, peer_init, init_hdr.params) {
1806 
1807 		if (!sctp_verify_param(asoc, param, cid, chunk, errp)) {
1808 			if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type)
1809 				return 0;
1810 			else
1811 				return 1;
1812 		}
1813 
1814 	} /* for (loop through all parameters) */
1815 
1816 	return 1;
1817 }
1818 
1819 /* Unpack the parameters in an INIT packet into an association.
1820  * Returns 0 on failure, else success.
1821  * FIXME:  This is an association method.
1822  */
1823 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
1824 		      const union sctp_addr *peer_addr,
1825 		      sctp_init_chunk_t *peer_init, gfp_t gfp)
1826 {
1827 	union sctp_params param;
1828 	struct sctp_transport *transport;
1829 	struct list_head *pos, *temp;
1830 	char *cookie;
1831 
1832 	/* We must include the address that the INIT packet came from.
1833 	 * This is the only address that matters for an INIT packet.
1834 	 * When processing a COOKIE ECHO, we retrieve the from address
1835 	 * of the INIT from the cookie.
1836 	 */
1837 
1838 	/* This implementation defaults to making the first transport
1839 	 * added as the primary transport.  The source address seems to
1840 	 * be a a better choice than any of the embedded addresses.
1841 	 */
1842 	if (peer_addr)
1843 		if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
1844 			goto nomem;
1845 
1846 	/* Process the initialization parameters.  */
1847 
1848 	sctp_walk_params(param, peer_init, init_hdr.params) {
1849 
1850 		if (!sctp_process_param(asoc, param, peer_addr, gfp))
1851                         goto clean_up;
1852 	}
1853 
1854 	/* Walk list of transports, removing transports in the UNKNOWN state. */
1855 	list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
1856 		transport = list_entry(pos, struct sctp_transport, transports);
1857 		if (transport->state == SCTP_UNKNOWN) {
1858 			sctp_assoc_rm_peer(asoc, transport);
1859 		}
1860 	}
1861 
1862 	/* The fixed INIT headers are always in network byte
1863 	 * order.
1864 	 */
1865 	asoc->peer.i.init_tag =
1866 		ntohl(peer_init->init_hdr.init_tag);
1867 	asoc->peer.i.a_rwnd =
1868 		ntohl(peer_init->init_hdr.a_rwnd);
1869 	asoc->peer.i.num_outbound_streams =
1870 		ntohs(peer_init->init_hdr.num_outbound_streams);
1871 	asoc->peer.i.num_inbound_streams =
1872 		ntohs(peer_init->init_hdr.num_inbound_streams);
1873 	asoc->peer.i.initial_tsn =
1874 		ntohl(peer_init->init_hdr.initial_tsn);
1875 
1876 	/* Apply the upper bounds for output streams based on peer's
1877 	 * number of inbound streams.
1878 	 */
1879 	if (asoc->c.sinit_num_ostreams  >
1880 	    ntohs(peer_init->init_hdr.num_inbound_streams)) {
1881 		asoc->c.sinit_num_ostreams =
1882 			ntohs(peer_init->init_hdr.num_inbound_streams);
1883 	}
1884 
1885 	if (asoc->c.sinit_max_instreams >
1886 	    ntohs(peer_init->init_hdr.num_outbound_streams)) {
1887 		asoc->c.sinit_max_instreams =
1888 			ntohs(peer_init->init_hdr.num_outbound_streams);
1889 	}
1890 
1891 	/* Copy Initiation tag from INIT to VT_peer in cookie.   */
1892 	asoc->c.peer_vtag = asoc->peer.i.init_tag;
1893 
1894 	/* Peer Rwnd   : Current calculated value of the peer's rwnd.  */
1895 	asoc->peer.rwnd = asoc->peer.i.a_rwnd;
1896 
1897 	/* Copy cookie in case we need to resend COOKIE-ECHO. */
1898 	cookie = asoc->peer.cookie;
1899 	if (cookie) {
1900 		asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp);
1901 		if (!asoc->peer.cookie)
1902 			goto clean_up;
1903 		memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len);
1904 	}
1905 
1906 	/* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily
1907 	 * high (for example, implementations MAY use the size of the receiver
1908 	 * advertised window).
1909 	 */
1910 	list_for_each(pos, &asoc->peer.transport_addr_list) {
1911 		transport = list_entry(pos, struct sctp_transport, transports);
1912 		transport->ssthresh = asoc->peer.i.a_rwnd;
1913 	}
1914 
1915 	/* Set up the TSN tracking pieces.  */
1916 	sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE,
1917 			 asoc->peer.i.initial_tsn);
1918 
1919 	/* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
1920 	 *
1921 	 * The stream sequence number in all the streams shall start
1922 	 * from 0 when the association is established.  Also, when the
1923 	 * stream sequence number reaches the value 65535 the next
1924 	 * stream sequence number shall be set to 0.
1925 	 */
1926 
1927 	/* Allocate storage for the negotiated streams if it is not a temporary
1928  	 * association.
1929 	 */
1930 	if (!asoc->temp) {
1931 		int assoc_id;
1932 		int error;
1933 
1934 		asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams,
1935 					       asoc->c.sinit_num_ostreams, gfp);
1936 		if (!asoc->ssnmap)
1937 			goto clean_up;
1938 
1939 	retry:
1940 		if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp)))
1941 			goto clean_up;
1942 		spin_lock_bh(&sctp_assocs_id_lock);
1943 		error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1,
1944 					  &assoc_id);
1945 		spin_unlock_bh(&sctp_assocs_id_lock);
1946 		if (error == -EAGAIN)
1947 			goto retry;
1948 		else if (error)
1949 			goto clean_up;
1950 
1951 		asoc->assoc_id = (sctp_assoc_t) assoc_id;
1952 	}
1953 
1954 	/* ADDIP Section 4.1 ASCONF Chunk Procedures
1955 	 *
1956 	 * When an endpoint has an ASCONF signaled change to be sent to the
1957 	 * remote endpoint it should do the following:
1958 	 * ...
1959 	 * A2) A serial number should be assigned to the Chunk. The serial
1960 	 * number should be a monotonically increasing number. All serial
1961 	 * numbers are defined to be initialized at the start of the
1962 	 * association to the same value as the Initial TSN.
1963 	 */
1964 	asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
1965 	return 1;
1966 
1967 clean_up:
1968 	/* Release the transport structures. */
1969 	list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
1970 		transport = list_entry(pos, struct sctp_transport, transports);
1971 		list_del_init(pos);
1972 		sctp_transport_free(transport);
1973 	}
1974 
1975 	asoc->peer.transport_count = 0;
1976 
1977 nomem:
1978 	return 0;
1979 }
1980 
1981 
1982 /* Update asoc with the option described in param.
1983  *
1984  * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT
1985  *
1986  * asoc is the association to update.
1987  * param is the variable length parameter to use for update.
1988  * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO.
1989  * If the current packet is an INIT we want to minimize the amount of
1990  * work we do.  In particular, we should not build transport
1991  * structures for the addresses.
1992  */
1993 static int sctp_process_param(struct sctp_association *asoc,
1994 			      union sctp_params param,
1995 			      const union sctp_addr *peer_addr,
1996 			      gfp_t gfp)
1997 {
1998 	union sctp_addr addr;
1999 	int i;
2000 	__u16 sat;
2001 	int retval = 1;
2002 	sctp_scope_t scope;
2003 	time_t stale;
2004 	struct sctp_af *af;
2005 
2006 	/* We maintain all INIT parameters in network byte order all the
2007 	 * time.  This allows us to not worry about whether the parameters
2008 	 * came from a fresh INIT, and INIT ACK, or were stored in a cookie.
2009 	 */
2010 	switch (param.p->type) {
2011 	case SCTP_PARAM_IPV6_ADDRESS:
2012 		if (PF_INET6 != asoc->base.sk->sk_family)
2013 			break;
2014 		/* Fall through. */
2015 	case SCTP_PARAM_IPV4_ADDRESS:
2016 		af = sctp_get_af_specific(param_type2af(param.p->type));
2017 		af->from_addr_param(&addr, param.addr, asoc->peer.port, 0);
2018 		scope = sctp_scope(peer_addr);
2019 		if (sctp_in_scope(&addr, scope))
2020 			if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_ACTIVE))
2021 				return 0;
2022 		break;
2023 
2024 	case SCTP_PARAM_COOKIE_PRESERVATIVE:
2025 		if (!sctp_cookie_preserve_enable)
2026 			break;
2027 
2028 		stale = ntohl(param.life->lifespan_increment);
2029 
2030 		/* Suggested Cookie Life span increment's unit is msec,
2031 		 * (1/1000sec).
2032 		 */
2033 		asoc->cookie_life.tv_sec += stale / 1000;
2034 		asoc->cookie_life.tv_usec += (stale % 1000) * 1000;
2035 		break;
2036 
2037 	case SCTP_PARAM_HOST_NAME_ADDRESS:
2038 		SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n");
2039 		break;
2040 
2041 	case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2042 		/* Turn off the default values first so we'll know which
2043 		 * ones are really set by the peer.
2044 		 */
2045 		asoc->peer.ipv4_address = 0;
2046 		asoc->peer.ipv6_address = 0;
2047 
2048 		/* Cycle through address types; avoid divide by 0. */
2049 		sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2050 		if (sat)
2051 			sat /= sizeof(__u16);
2052 
2053 		for (i = 0; i < sat; ++i) {
2054 			switch (param.sat->types[i]) {
2055 			case SCTP_PARAM_IPV4_ADDRESS:
2056 				asoc->peer.ipv4_address = 1;
2057 				break;
2058 
2059 			case SCTP_PARAM_IPV6_ADDRESS:
2060 				asoc->peer.ipv6_address = 1;
2061 				break;
2062 
2063 			case SCTP_PARAM_HOST_NAME_ADDRESS:
2064 				asoc->peer.hostname_address = 1;
2065 				break;
2066 
2067 			default: /* Just ignore anything else.  */
2068 				break;
2069 			};
2070 		}
2071 		break;
2072 
2073 	case SCTP_PARAM_STATE_COOKIE:
2074 		asoc->peer.cookie_len =
2075 			ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2076 		asoc->peer.cookie = param.cookie->body;
2077 		break;
2078 
2079 	case SCTP_PARAM_HEARTBEAT_INFO:
2080 		/* Would be odd to receive, but it causes no problems. */
2081 		break;
2082 
2083 	case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2084 		/* Rejected during verify stage. */
2085 		break;
2086 
2087 	case SCTP_PARAM_ECN_CAPABLE:
2088 		asoc->peer.ecn_capable = 1;
2089 		break;
2090 
2091 	case SCTP_PARAM_ADAPTION_LAYER_IND:
2092 		asoc->peer.adaption_ind = param.aind->adaption_ind;
2093 		break;
2094 
2095 	case SCTP_PARAM_FWD_TSN_SUPPORT:
2096 		if (sctp_prsctp_enable) {
2097 			asoc->peer.prsctp_capable = 1;
2098 			break;
2099 		}
2100 		/* Fall Through */
2101 	default:
2102 		/* Any unrecognized parameters should have been caught
2103 		 * and handled by sctp_verify_param() which should be
2104 		 * called prior to this routine.  Simply log the error
2105 		 * here.
2106 		 */
2107 		SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n",
2108 				  ntohs(param.p->type), asoc);
2109 		break;
2110 	};
2111 
2112 	return retval;
2113 }
2114 
2115 /* Select a new verification tag.  */
2116 __u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2117 {
2118 	/* I believe that this random number generator complies with RFC1750.
2119 	 * A tag of 0 is reserved for special cases (e.g. INIT).
2120 	 */
2121 	__u32 x;
2122 
2123 	do {
2124 		get_random_bytes(&x, sizeof(__u32));
2125 	} while (x == 0);
2126 
2127 	return x;
2128 }
2129 
2130 /* Select an initial TSN to send during startup.  */
2131 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2132 {
2133 	__u32 retval;
2134 
2135 	get_random_bytes(&retval, sizeof(__u32));
2136 	return retval;
2137 }
2138 
2139 /*
2140  * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF)
2141  *      0                   1                   2                   3
2142  *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2143  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2144  *     | Type = 0xC1   |  Chunk Flags  |      Chunk Length             |
2145  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2146  *     |                       Serial Number                           |
2147  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2148  *     |                    Address Parameter                          |
2149  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2150  *     |                     ASCONF Parameter #1                       |
2151  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2152  *     \                                                               \
2153  *     /                             ....                              /
2154  *     \                                                               \
2155  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2156  *     |                     ASCONF Parameter #N                       |
2157  *      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2158  *
2159  * Address Parameter and other parameter will not be wrapped in this function
2160  */
2161 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2162 					   union sctp_addr *addr,
2163 					   int vparam_len)
2164 {
2165 	sctp_addiphdr_t asconf;
2166 	struct sctp_chunk *retval;
2167 	int length = sizeof(asconf) + vparam_len;
2168 	union sctp_addr_param addrparam;
2169 	int addrlen;
2170 	struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2171 
2172 	addrlen = af->to_addr_param(addr, &addrparam);
2173 	if (!addrlen)
2174 		return NULL;
2175 	length += addrlen;
2176 
2177 	/* Create the chunk.  */
2178 	retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length);
2179 	if (!retval)
2180 		return NULL;
2181 
2182 	asconf.serial = htonl(asoc->addip_serial++);
2183 
2184 	retval->subh.addip_hdr =
2185 		sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2186 	retval->param_hdr.v =
2187 		sctp_addto_chunk(retval, addrlen, &addrparam);
2188 
2189 	return retval;
2190 }
2191 
2192 /* ADDIP
2193  * 3.2.1 Add IP Address
2194  * 	0                   1                   2                   3
2195  * 	0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2196  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2197  *     |        Type = 0xC001          |    Length = Variable          |
2198  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2199  *     |               ASCONF-Request Correlation ID                   |
2200  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2201  *     |                       Address Parameter                       |
2202  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2203  *
2204  * 3.2.2 Delete IP Address
2205  * 	0                   1                   2                   3
2206  * 	0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2207  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2208  *     |        Type = 0xC002          |    Length = Variable          |
2209  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2210  *     |               ASCONF-Request Correlation ID                   |
2211  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2212  *     |                       Address Parameter                       |
2213  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2214  *
2215  */
2216 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2217 					      union sctp_addr	      *laddr,
2218 					      struct sockaddr	      *addrs,
2219 					      int		      addrcnt,
2220 					      __u16		      flags)
2221 {
2222 	sctp_addip_param_t	param;
2223 	struct sctp_chunk	*retval;
2224 	union sctp_addr_param	addr_param;
2225 	union sctp_addr		*addr;
2226 	void			*addr_buf;
2227 	struct sctp_af		*af;
2228 	int			paramlen = sizeof(param);
2229 	int			addr_param_len = 0;
2230 	int 			totallen = 0;
2231 	int 			i;
2232 
2233 	/* Get total length of all the address parameters. */
2234 	addr_buf = addrs;
2235 	for (i = 0; i < addrcnt; i++) {
2236 		addr = (union sctp_addr *)addr_buf;
2237 		af = sctp_get_af_specific(addr->v4.sin_family);
2238 		addr_param_len = af->to_addr_param(addr, &addr_param);
2239 
2240 		totallen += paramlen;
2241 		totallen += addr_param_len;
2242 
2243 		addr_buf += af->sockaddr_len;
2244 	}
2245 
2246 	/* Create an asconf chunk with the required length. */
2247 	retval = sctp_make_asconf(asoc, laddr, totallen);
2248 	if (!retval)
2249 		return NULL;
2250 
2251 	/* Add the address parameters to the asconf chunk. */
2252 	addr_buf = addrs;
2253 	for (i = 0; i < addrcnt; i++) {
2254 		addr = (union sctp_addr *)addr_buf;
2255 		af = sctp_get_af_specific(addr->v4.sin_family);
2256 		addr_param_len = af->to_addr_param(addr, &addr_param);
2257 		param.param_hdr.type = flags;
2258 		param.param_hdr.length = htons(paramlen + addr_param_len);
2259 		param.crr_id = i;
2260 
2261 		sctp_addto_chunk(retval, paramlen, &param);
2262 		sctp_addto_chunk(retval, addr_param_len, &addr_param);
2263 
2264 		addr_buf += af->sockaddr_len;
2265 	}
2266 	return retval;
2267 }
2268 
2269 /* ADDIP
2270  * 3.2.4 Set Primary IP Address
2271  *	0                   1                   2                   3
2272  *	0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2273  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2274  *     |        Type =0xC004           |    Length = Variable          |
2275  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2276  *     |               ASCONF-Request Correlation ID                   |
2277  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2278  *     |                       Address Parameter                       |
2279  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2280  *
2281  * Create an ASCONF chunk with Set Primary IP address parameter.
2282  */
2283 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2284 					     union sctp_addr *addr)
2285 {
2286 	sctp_addip_param_t	param;
2287 	struct sctp_chunk 	*retval;
2288 	int 			len = sizeof(param);
2289 	union sctp_addr_param	addrparam;
2290 	int			addrlen;
2291 	struct sctp_af		*af = sctp_get_af_specific(addr->v4.sin_family);
2292 
2293 	addrlen = af->to_addr_param(addr, &addrparam);
2294 	if (!addrlen)
2295 		return NULL;
2296 	len += addrlen;
2297 
2298 	/* Create the chunk and make asconf header. */
2299 	retval = sctp_make_asconf(asoc, addr, len);
2300 	if (!retval)
2301 		return NULL;
2302 
2303 	param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2304 	param.param_hdr.length = htons(len);
2305 	param.crr_id = 0;
2306 
2307 	sctp_addto_chunk(retval, sizeof(param), &param);
2308 	sctp_addto_chunk(retval, addrlen, &addrparam);
2309 
2310 	return retval;
2311 }
2312 
2313 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK)
2314  *      0                   1                   2                   3
2315  *      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2316  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2317  *     | Type = 0x80   |  Chunk Flags  |      Chunk Length             |
2318  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2319  *     |                       Serial Number                           |
2320  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2321  *     |                 ASCONF Parameter Response#1                   |
2322  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2323  *     \                                                               \
2324  *     /                             ....                              /
2325  *     \                                                               \
2326  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2327  *     |                 ASCONF Parameter Response#N                   |
2328  *     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2329  *
2330  * Create an ASCONF_ACK chunk with enough space for the parameter responses.
2331  */
2332 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2333 					       __u32 serial, int vparam_len)
2334 {
2335 	sctp_addiphdr_t		asconf;
2336 	struct sctp_chunk	*retval;
2337 	int			length = sizeof(asconf) + vparam_len;
2338 
2339 	/* Create the chunk.  */
2340 	retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length);
2341 	if (!retval)
2342 		return NULL;
2343 
2344 	asconf.serial = htonl(serial);
2345 
2346 	retval->subh.addip_hdr =
2347 		sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2348 
2349 	return retval;
2350 }
2351 
2352 /* Add response parameters to an ASCONF_ACK chunk. */
2353 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id,
2354 			      __u16 err_code, sctp_addip_param_t *asconf_param)
2355 {
2356 	sctp_addip_param_t 	ack_param;
2357 	sctp_errhdr_t		err_param;
2358 	int			asconf_param_len = 0;
2359 	int			err_param_len = 0;
2360 	__u16			response_type;
2361 
2362 	if (SCTP_ERROR_NO_ERROR == err_code) {
2363 		response_type = SCTP_PARAM_SUCCESS_REPORT;
2364 	} else {
2365 		response_type = SCTP_PARAM_ERR_CAUSE;
2366 		err_param_len = sizeof(err_param);
2367 		if (asconf_param)
2368 			asconf_param_len =
2369 				 ntohs(asconf_param->param_hdr.length);
2370 	}
2371 
2372 	/* Add Success Indication or Error Cause Indication parameter. */
2373 	ack_param.param_hdr.type = response_type;
2374 	ack_param.param_hdr.length = htons(sizeof(ack_param) +
2375 					   err_param_len +
2376 					   asconf_param_len);
2377 	ack_param.crr_id = crr_id;
2378 	sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2379 
2380 	if (SCTP_ERROR_NO_ERROR == err_code)
2381 		return;
2382 
2383 	/* Add Error Cause parameter. */
2384 	err_param.cause = err_code;
2385 	err_param.length = htons(err_param_len + asconf_param_len);
2386 	sctp_addto_chunk(chunk, err_param_len, &err_param);
2387 
2388 	/* Add the failed TLV copied from ASCONF chunk. */
2389 	if (asconf_param)
2390 		sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
2391 }
2392 
2393 /* Process a asconf parameter. */
2394 static __u16 sctp_process_asconf_param(struct sctp_association *asoc,
2395 				       struct sctp_chunk *asconf,
2396 				       sctp_addip_param_t *asconf_param)
2397 {
2398 	struct sctp_transport *peer;
2399 	struct sctp_af *af;
2400 	union sctp_addr	addr;
2401 	struct list_head *pos;
2402 	union sctp_addr_param *addr_param;
2403 
2404 	addr_param = (union sctp_addr_param *)
2405 			((void *)asconf_param + sizeof(sctp_addip_param_t));
2406 
2407 	af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
2408 	if (unlikely(!af))
2409 		return SCTP_ERROR_INV_PARAM;
2410 
2411 	af->from_addr_param(&addr, addr_param, asoc->peer.port, 0);
2412 	switch (asconf_param->param_hdr.type) {
2413 	case SCTP_PARAM_ADD_IP:
2414 		/* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
2415 	 	 * request and does not have the local resources to add this
2416 	 	 * new address to the association, it MUST return an Error
2417 	 	 * Cause TLV set to the new error code 'Operation Refused
2418 	 	 * Due to Resource Shortage'.
2419 	 	 */
2420 
2421 		peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_ACTIVE);
2422 		if (!peer)
2423 			return SCTP_ERROR_RSRC_LOW;
2424 
2425 		/* Start the heartbeat timer. */
2426 		if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
2427 			sctp_transport_hold(peer);
2428 		break;
2429 	case SCTP_PARAM_DEL_IP:
2430 		/* ADDIP 4.3 D7) If a request is received to delete the
2431 	 	 * last remaining IP address of a peer endpoint, the receiver
2432 	 	 * MUST send an Error Cause TLV with the error cause set to the
2433 	 	 * new error code 'Request to Delete Last Remaining IP Address'.
2434 	 	 */
2435 		pos = asoc->peer.transport_addr_list.next;
2436 		if (pos->next == &asoc->peer.transport_addr_list)
2437 			return SCTP_ERROR_DEL_LAST_IP;
2438 
2439 		/* ADDIP 4.3 D8) If a request is received to delete an IP
2440 		 * address which is also the source address of the IP packet
2441 		 * which contained the ASCONF chunk, the receiver MUST reject
2442 		 * this request. To reject the request the receiver MUST send
2443 		 * an Error Cause TLV set to the new error code 'Request to
2444 		 * Delete Source IP Address'
2445 		 */
2446 		if (sctp_cmp_addr_exact(sctp_source(asconf), &addr))
2447 			return SCTP_ERROR_DEL_SRC_IP;
2448 
2449 		sctp_assoc_del_peer(asoc, &addr);
2450 		break;
2451 	case SCTP_PARAM_SET_PRIMARY:
2452 		peer = sctp_assoc_lookup_paddr(asoc, &addr);
2453 		if (!peer)
2454 			return SCTP_ERROR_INV_PARAM;
2455 
2456 		sctp_assoc_set_primary(asoc, peer);
2457 		break;
2458 	default:
2459 		return SCTP_ERROR_INV_PARAM;
2460 		break;
2461 	}
2462 
2463 	return SCTP_ERROR_NO_ERROR;
2464 }
2465 
2466 /* Process an incoming ASCONF chunk with the next expected serial no. and
2467  * return an ASCONF_ACK chunk to be sent in response.
2468  */
2469 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
2470 				       struct sctp_chunk *asconf)
2471 {
2472 	sctp_addiphdr_t		*hdr;
2473 	union sctp_addr_param	*addr_param;
2474 	sctp_addip_param_t	*asconf_param;
2475 	struct sctp_chunk	*asconf_ack;
2476 
2477 	__u16	err_code;
2478 	int	length = 0;
2479 	int	chunk_len = asconf->skb->len;
2480 	__u32	serial;
2481 	int	all_param_pass = 1;
2482 
2483 	hdr = (sctp_addiphdr_t *)asconf->skb->data;
2484 	serial = ntohl(hdr->serial);
2485 
2486 	/* Skip the addiphdr and store a pointer to address parameter.  */
2487 	length = sizeof(sctp_addiphdr_t);
2488 	addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
2489 	chunk_len -= length;
2490 
2491 	/* Skip the address parameter and store a pointer to the first
2492 	 * asconf paramter.
2493 	 */
2494 	length = ntohs(addr_param->v4.param_hdr.length);
2495 	asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
2496 	chunk_len -= length;
2497 
2498 	/* create an ASCONF_ACK chunk.
2499 	 * Based on the definitions of parameters, we know that the size of
2500 	 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF
2501 	 * paramters.
2502 	 */
2503 	asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2);
2504 	if (!asconf_ack)
2505 		goto done;
2506 
2507 	/* Process the TLVs contained within the ASCONF chunk. */
2508 	while (chunk_len > 0) {
2509 		err_code = sctp_process_asconf_param(asoc, asconf,
2510 						     asconf_param);
2511 		/* ADDIP 4.1 A7)
2512 		 * If an error response is received for a TLV parameter,
2513 		 * all TLVs with no response before the failed TLV are
2514 		 * considered successful if not reported.  All TLVs after
2515 		 * the failed response are considered unsuccessful unless
2516 		 * a specific success indication is present for the parameter.
2517 		 */
2518 		if (SCTP_ERROR_NO_ERROR != err_code)
2519 			all_param_pass = 0;
2520 
2521 		if (!all_param_pass)
2522 			sctp_add_asconf_response(asconf_ack,
2523 						 asconf_param->crr_id, err_code,
2524 						 asconf_param);
2525 
2526 		/* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
2527 		 * an IP address sends an 'Out of Resource' in its response, it
2528 		 * MUST also fail any subsequent add or delete requests bundled
2529 		 * in the ASCONF.
2530 		 */
2531 		if (SCTP_ERROR_RSRC_LOW == err_code)
2532 			goto done;
2533 
2534 		/* Move to the next ASCONF param. */
2535 		length = ntohs(asconf_param->param_hdr.length);
2536 		asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
2537 						      length);
2538 		chunk_len -= length;
2539 	}
2540 
2541 done:
2542 	asoc->peer.addip_serial++;
2543 
2544 	/* If we are sending a new ASCONF_ACK hold a reference to it in assoc
2545 	 * after freeing the reference to old asconf ack if any.
2546 	 */
2547 	if (asconf_ack) {
2548 		if (asoc->addip_last_asconf_ack)
2549 			sctp_chunk_free(asoc->addip_last_asconf_ack);
2550 
2551 		sctp_chunk_hold(asconf_ack);
2552 		asoc->addip_last_asconf_ack = asconf_ack;
2553 	}
2554 
2555 	return asconf_ack;
2556 }
2557 
2558 /* Process a asconf parameter that is successfully acked. */
2559 static int sctp_asconf_param_success(struct sctp_association *asoc,
2560 				     sctp_addip_param_t *asconf_param)
2561 {
2562 	struct sctp_af *af;
2563 	union sctp_addr	addr;
2564 	struct sctp_bind_addr *bp = &asoc->base.bind_addr;
2565 	union sctp_addr_param *addr_param;
2566 	struct list_head *pos;
2567 	struct sctp_transport *transport;
2568 	int retval = 0;
2569 
2570 	addr_param = (union sctp_addr_param *)
2571 			((void *)asconf_param + sizeof(sctp_addip_param_t));
2572 
2573 	/* We have checked the packet before, so we do not check again.	*/
2574 	af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
2575 	af->from_addr_param(&addr, addr_param, bp->port, 0);
2576 
2577 	switch (asconf_param->param_hdr.type) {
2578 	case SCTP_PARAM_ADD_IP:
2579 		sctp_local_bh_disable();
2580 		sctp_write_lock(&asoc->base.addr_lock);
2581 		retval = sctp_add_bind_addr(bp, &addr, GFP_ATOMIC);
2582 		sctp_write_unlock(&asoc->base.addr_lock);
2583 		sctp_local_bh_enable();
2584 		break;
2585 	case SCTP_PARAM_DEL_IP:
2586 		sctp_local_bh_disable();
2587 		sctp_write_lock(&asoc->base.addr_lock);
2588 		retval = sctp_del_bind_addr(bp, &addr);
2589 		sctp_write_unlock(&asoc->base.addr_lock);
2590 		sctp_local_bh_enable();
2591 		list_for_each(pos, &asoc->peer.transport_addr_list) {
2592 			transport = list_entry(pos, struct sctp_transport,
2593 						 transports);
2594 			sctp_transport_route(transport, NULL,
2595 					     sctp_sk(asoc->base.sk));
2596 		}
2597 		break;
2598 	default:
2599 		break;
2600 	}
2601 
2602 	return retval;
2603 }
2604 
2605 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk
2606  * for the given asconf parameter.  If there is no response for this parameter,
2607  * return the error code based on the third argument 'no_err'.
2608  * ADDIP 4.1
2609  * A7) If an error response is received for a TLV parameter, all TLVs with no
2610  * response before the failed TLV are considered successful if not reported.
2611  * All TLVs after the failed response are considered unsuccessful unless a
2612  * specific success indication is present for the parameter.
2613  */
2614 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
2615 				      sctp_addip_param_t *asconf_param,
2616 				      int no_err)
2617 {
2618 	sctp_addip_param_t	*asconf_ack_param;
2619 	sctp_errhdr_t		*err_param;
2620 	int			length;
2621 	int			asconf_ack_len = asconf_ack->skb->len;
2622 	__u16			err_code;
2623 
2624 	if (no_err)
2625 		err_code = SCTP_ERROR_NO_ERROR;
2626 	else
2627 		err_code = SCTP_ERROR_REQ_REFUSED;
2628 
2629 	/* Skip the addiphdr from the asconf_ack chunk and store a pointer to
2630 	 * the first asconf_ack parameter.
2631 	 */
2632 	length = sizeof(sctp_addiphdr_t);
2633 	asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
2634 						  length);
2635 	asconf_ack_len -= length;
2636 
2637 	while (asconf_ack_len > 0) {
2638 		if (asconf_ack_param->crr_id == asconf_param->crr_id) {
2639 			switch(asconf_ack_param->param_hdr.type) {
2640 			case SCTP_PARAM_SUCCESS_REPORT:
2641 				return SCTP_ERROR_NO_ERROR;
2642 			case SCTP_PARAM_ERR_CAUSE:
2643 				length = sizeof(sctp_addip_param_t);
2644 				err_param = (sctp_errhdr_t *)
2645 					   ((void *)asconf_ack_param + length);
2646 				asconf_ack_len -= length;
2647 				if (asconf_ack_len > 0)
2648 					return err_param->cause;
2649 				else
2650 					return SCTP_ERROR_INV_PARAM;
2651 				break;
2652 			default:
2653 				return SCTP_ERROR_INV_PARAM;
2654 			}
2655 		}
2656 
2657 		length = ntohs(asconf_ack_param->param_hdr.length);
2658 		asconf_ack_param = (sctp_addip_param_t *)
2659 					((void *)asconf_ack_param + length);
2660 		asconf_ack_len -= length;
2661 	}
2662 
2663 	return err_code;
2664 }
2665 
2666 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */
2667 int sctp_process_asconf_ack(struct sctp_association *asoc,
2668 			    struct sctp_chunk *asconf_ack)
2669 {
2670 	struct sctp_chunk	*asconf = asoc->addip_last_asconf;
2671 	union sctp_addr_param	*addr_param;
2672 	sctp_addip_param_t	*asconf_param;
2673 	int	length = 0;
2674 	int	asconf_len = asconf->skb->len;
2675 	int	all_param_pass = 0;
2676 	int	no_err = 1;
2677 	int	retval = 0;
2678 	__u16	err_code = SCTP_ERROR_NO_ERROR;
2679 
2680 	/* Skip the chunkhdr and addiphdr from the last asconf sent and store
2681 	 * a pointer to address parameter.
2682 	 */
2683 	length = sizeof(sctp_addip_chunk_t);
2684 	addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
2685 	asconf_len -= length;
2686 
2687 	/* Skip the address parameter in the last asconf sent and store a
2688 	 * pointer to the first asconf paramter.
2689 	 */
2690 	length = ntohs(addr_param->v4.param_hdr.length);
2691 	asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
2692 	asconf_len -= length;
2693 
2694 	/* ADDIP 4.1
2695 	 * A8) If there is no response(s) to specific TLV parameter(s), and no
2696 	 * failures are indicated, then all request(s) are considered
2697 	 * successful.
2698 	 */
2699 	if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
2700 		all_param_pass = 1;
2701 
2702 	/* Process the TLVs contained in the last sent ASCONF chunk. */
2703 	while (asconf_len > 0) {
2704 		if (all_param_pass)
2705 			err_code = SCTP_ERROR_NO_ERROR;
2706 		else {
2707 			err_code = sctp_get_asconf_response(asconf_ack,
2708 							    asconf_param,
2709 							    no_err);
2710 			if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
2711 				no_err = 0;
2712 		}
2713 
2714 		switch (err_code) {
2715 		case SCTP_ERROR_NO_ERROR:
2716 			retval = sctp_asconf_param_success(asoc, asconf_param);
2717 			break;
2718 
2719 		case SCTP_ERROR_RSRC_LOW:
2720 			retval = 1;
2721 			break;
2722 
2723 		case SCTP_ERROR_INV_PARAM:
2724 			/* Disable sending this type of asconf parameter in
2725 			 * future.
2726 			 */
2727 			asoc->peer.addip_disabled_mask |=
2728 				asconf_param->param_hdr.type;
2729 			break;
2730 
2731 		case SCTP_ERROR_REQ_REFUSED:
2732 		case SCTP_ERROR_DEL_LAST_IP:
2733 		case SCTP_ERROR_DEL_SRC_IP:
2734 		default:
2735 			 break;
2736 		}
2737 
2738 		/* Skip the processed asconf parameter and move to the next
2739 		 * one.
2740 	 	 */
2741 		length = ntohs(asconf_param->param_hdr.length);
2742 		asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
2743 						      length);
2744 		asconf_len -= length;
2745 	}
2746 
2747 	/* Free the cached last sent asconf chunk. */
2748 	sctp_chunk_free(asconf);
2749 	asoc->addip_last_asconf = NULL;
2750 
2751 	/* Send the next asconf chunk from the addip chunk queue. */
2752 	if (!list_empty(&asoc->addip_chunk_list)) {
2753 		struct list_head *entry = asoc->addip_chunk_list.next;
2754 		asconf = list_entry(entry, struct sctp_chunk, list);
2755 
2756 		list_del_init(entry);
2757 
2758 		/* Hold the chunk until an ASCONF_ACK is received. */
2759 		sctp_chunk_hold(asconf);
2760 		if (sctp_primitive_ASCONF(asoc, asconf))
2761 			sctp_chunk_free(asconf);
2762 		else
2763 			asoc->addip_last_asconf = asconf;
2764 	}
2765 
2766 	return retval;
2767 }
2768 
2769 /* Make a FWD TSN chunk. */
2770 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
2771 				    __u32 new_cum_tsn, size_t nstreams,
2772 				    struct sctp_fwdtsn_skip *skiplist)
2773 {
2774 	struct sctp_chunk *retval = NULL;
2775 	struct sctp_fwdtsn_chunk *ftsn_chunk;
2776 	struct sctp_fwdtsn_hdr ftsn_hdr;
2777 	struct sctp_fwdtsn_skip skip;
2778 	size_t hint;
2779 	int i;
2780 
2781 	hint = (nstreams + 1) * sizeof(__u32);
2782 
2783 	retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint);
2784 
2785 	if (!retval)
2786 		return NULL;
2787 
2788 	ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr;
2789 
2790 	ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
2791 	retval->subh.fwdtsn_hdr =
2792 		sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
2793 
2794 	for (i = 0; i < nstreams; i++) {
2795 		skip.stream = skiplist[i].stream;
2796 		skip.ssn = skiplist[i].ssn;
2797 		sctp_addto_chunk(retval, sizeof(skip), &skip);
2798 	}
2799 
2800 	return retval;
2801 }
2802