1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, see 27 * <http://www.gnu.org/licenses/>. 28 * 29 * Please send any bug reports or fixes you make to the 30 * email address(es): 31 * lksctp developers <linux-sctp@vger.kernel.org> 32 * 33 * Written or modified by: 34 * La Monte H.P. Yarroll <piggy@acm.org> 35 * Karl Knutson <karl@athena.chicago.il.us> 36 * C. Robin <chris@hundredacre.ac.uk> 37 * Jon Grimm <jgrimm@us.ibm.com> 38 * Xingang Guo <xingang.guo@intel.com> 39 * Dajiang Zhang <dajiang.zhang@nokia.com> 40 * Sridhar Samudrala <sri@us.ibm.com> 41 * Daisy Chang <daisyc@us.ibm.com> 42 * Ardelle Fan <ardelle.fan@intel.com> 43 * Kevin Gao <kevin.gao@intel.com> 44 */ 45 46 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 47 48 #include <crypto/hash.h> 49 #include <linux/types.h> 50 #include <linux/kernel.h> 51 #include <linux/ip.h> 52 #include <linux/ipv6.h> 53 #include <linux/net.h> 54 #include <linux/inet.h> 55 #include <linux/scatterlist.h> 56 #include <linux/slab.h> 57 #include <net/sock.h> 58 59 #include <linux/skbuff.h> 60 #include <linux/random.h> /* for get_random_bytes */ 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 65 __u8 type, __u8 flags, int paylen, 66 gfp_t gfp); 67 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 68 __u8 flags, int paylen, gfp_t gfp); 69 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen, 71 gfp_t gfp); 72 static struct sctp_cookie_param *sctp_pack_cookie( 73 const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 83 const void *data); 84 static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len, 85 const void *data); 86 87 /* Control chunk destructor */ 88 static void sctp_control_release_owner(struct sk_buff *skb) 89 { 90 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg; 91 92 if (chunk->shkey) { 93 struct sctp_shared_key *shkey = chunk->shkey; 94 struct sctp_association *asoc = chunk->asoc; 95 96 /* refcnt == 2 and !list_empty mean after this release, it's 97 * not being used anywhere, and it's time to notify userland 98 * that this shkey can be freed if it's been deactivated. 99 */ 100 if (shkey->deactivated && !list_empty(&shkey->key_list) && 101 refcount_read(&shkey->refcnt) == 2) { 102 struct sctp_ulpevent *ev; 103 104 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id, 105 SCTP_AUTH_FREE_KEY, 106 GFP_KERNEL); 107 if (ev) 108 asoc->stream.si->enqueue_event(&asoc->ulpq, ev); 109 } 110 sctp_auth_shkey_release(chunk->shkey); 111 } 112 } 113 114 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 115 { 116 struct sctp_association *asoc = chunk->asoc; 117 struct sk_buff *skb = chunk->skb; 118 119 /* TODO: properly account for control chunks. 120 * To do it right we'll need: 121 * 1) endpoint if association isn't known. 122 * 2) proper memory accounting. 123 * 124 * For now don't do anything for now. 125 */ 126 if (chunk->auth) { 127 chunk->shkey = asoc->shkey; 128 sctp_auth_shkey_hold(chunk->shkey); 129 } 130 skb->sk = asoc ? asoc->base.sk : NULL; 131 skb_shinfo(skb)->destructor_arg = chunk; 132 skb->destructor = sctp_control_release_owner; 133 } 134 135 /* What was the inbound interface for this chunk? */ 136 int sctp_chunk_iif(const struct sctp_chunk *chunk) 137 { 138 struct sk_buff *skb = chunk->skb; 139 140 return SCTP_INPUT_CB(skb)->af->skb_iif(skb); 141 } 142 143 /* RFC 2960 3.3.2 Initiation (INIT) (1) 144 * 145 * Note 2: The ECN capable field is reserved for future use of 146 * Explicit Congestion Notification. 147 */ 148 static const struct sctp_paramhdr ecap_param = { 149 SCTP_PARAM_ECN_CAPABLE, 150 cpu_to_be16(sizeof(struct sctp_paramhdr)), 151 }; 152 static const struct sctp_paramhdr prsctp_param = { 153 SCTP_PARAM_FWD_TSN_SUPPORT, 154 cpu_to_be16(sizeof(struct sctp_paramhdr)), 155 }; 156 157 /* A helper to initialize an op error inside a 158 * provided chunk, as most cause codes will be embedded inside an 159 * abort chunk. 160 */ 161 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 162 size_t paylen) 163 { 164 struct sctp_errhdr err; 165 __u16 len; 166 167 /* Cause code constants are now defined in network order. */ 168 err.cause = cause_code; 169 len = sizeof(err) + paylen; 170 err.length = htons(len); 171 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err); 172 } 173 174 /* A helper to initialize an op error inside a 175 * provided chunk, as most cause codes will be embedded inside an 176 * abort chunk. Differs from sctp_init_cause in that it won't oops 177 * if there isn't enough space in the op error chunk 178 */ 179 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 180 size_t paylen) 181 { 182 struct sctp_errhdr err; 183 __u16 len; 184 185 /* Cause code constants are now defined in network order. */ 186 err.cause = cause_code; 187 len = sizeof(err) + paylen; 188 err.length = htons(len); 189 190 if (skb_tailroom(chunk->skb) < len) 191 return -ENOSPC; 192 193 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, sizeof(err), &err); 194 195 return 0; 196 } 197 /* 3.3.2 Initiation (INIT) (1) 198 * 199 * This chunk is used to initiate a SCTP association between two 200 * endpoints. The format of the INIT chunk is shown below: 201 * 202 * 0 1 2 3 203 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 204 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 * | Type = 1 | Chunk Flags | Chunk Length | 206 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 * | Initiate Tag | 208 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 * | Advertised Receiver Window Credit (a_rwnd) | 210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 * | Number of Outbound Streams | Number of Inbound Streams | 212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 * | Initial TSN | 214 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 215 * \ \ 216 * / Optional/Variable-Length Parameters / 217 * \ \ 218 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 * 220 * 221 * The INIT chunk contains the following parameters. Unless otherwise 222 * noted, each parameter MUST only be included once in the INIT chunk. 223 * 224 * Fixed Parameters Status 225 * ---------------------------------------------- 226 * Initiate Tag Mandatory 227 * Advertised Receiver Window Credit Mandatory 228 * Number of Outbound Streams Mandatory 229 * Number of Inbound Streams Mandatory 230 * Initial TSN Mandatory 231 * 232 * Variable Parameters Status Type Value 233 * ------------------------------------------------------------- 234 * IPv4 Address (Note 1) Optional 5 235 * IPv6 Address (Note 1) Optional 6 236 * Cookie Preservative Optional 9 237 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 238 * Host Name Address (Note 3) Optional 11 239 * Supported Address Types (Note 4) Optional 12 240 */ 241 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 242 const struct sctp_bind_addr *bp, 243 gfp_t gfp, int vparam_len) 244 { 245 struct net *net = sock_net(asoc->base.sk); 246 struct sctp_supported_ext_param ext_param; 247 struct sctp_adaptation_ind_param aiparam; 248 struct sctp_paramhdr *auth_chunks = NULL; 249 struct sctp_paramhdr *auth_hmacs = NULL; 250 struct sctp_supported_addrs_param sat; 251 struct sctp_endpoint *ep = asoc->ep; 252 struct sctp_chunk *retval = NULL; 253 int num_types, addrs_len = 0; 254 struct sctp_inithdr init; 255 union sctp_params addrs; 256 struct sctp_sock *sp; 257 __u8 extensions[5]; 258 size_t chunksize; 259 __be16 types[2]; 260 int num_ext = 0; 261 262 /* RFC 2960 3.3.2 Initiation (INIT) (1) 263 * 264 * Note 1: The INIT chunks can contain multiple addresses that 265 * can be IPv4 and/or IPv6 in any combination. 266 */ 267 268 /* Convert the provided bind address list to raw format. */ 269 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 270 271 init.init_tag = htonl(asoc->c.my_vtag); 272 init.a_rwnd = htonl(asoc->rwnd); 273 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 274 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 275 init.initial_tsn = htonl(asoc->c.initial_tsn); 276 277 /* How many address types are needed? */ 278 sp = sctp_sk(asoc->base.sk); 279 num_types = sp->pf->supported_addrs(sp, types); 280 281 chunksize = sizeof(init) + addrs_len; 282 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); 283 chunksize += sizeof(ecap_param); 284 285 if (asoc->prsctp_enable) 286 chunksize += sizeof(prsctp_param); 287 288 /* ADDIP: Section 4.2.7: 289 * An implementation supporting this extension [ADDIP] MUST list 290 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 291 * INIT-ACK parameters. 292 */ 293 if (net->sctp.addip_enable) { 294 extensions[num_ext] = SCTP_CID_ASCONF; 295 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 296 num_ext += 2; 297 } 298 299 if (asoc->reconf_enable) { 300 extensions[num_ext] = SCTP_CID_RECONF; 301 num_ext += 1; 302 } 303 304 if (sp->adaptation_ind) 305 chunksize += sizeof(aiparam); 306 307 if (sp->strm_interleave) { 308 extensions[num_ext] = SCTP_CID_I_DATA; 309 num_ext += 1; 310 } 311 312 chunksize += vparam_len; 313 314 /* Account for AUTH related parameters */ 315 if (ep->auth_enable) { 316 /* Add random parameter length*/ 317 chunksize += sizeof(asoc->c.auth_random); 318 319 /* Add HMACS parameter length if any were defined */ 320 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 321 if (auth_hmacs->length) 322 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 323 else 324 auth_hmacs = NULL; 325 326 /* Add CHUNKS parameter length */ 327 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 328 if (auth_chunks->length) 329 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 330 else 331 auth_chunks = NULL; 332 333 extensions[num_ext] = SCTP_CID_AUTH; 334 num_ext += 1; 335 } 336 337 /* If we have any extensions to report, account for that */ 338 if (num_ext) 339 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 340 341 /* RFC 2960 3.3.2 Initiation (INIT) (1) 342 * 343 * Note 3: An INIT chunk MUST NOT contain more than one Host 344 * Name address parameter. Moreover, the sender of the INIT 345 * MUST NOT combine any other address types with the Host Name 346 * address in the INIT. The receiver of INIT MUST ignore any 347 * other address types if the Host Name address parameter is 348 * present in the received INIT chunk. 349 * 350 * PLEASE DO NOT FIXME [This version does not support Host Name.] 351 */ 352 353 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp); 354 if (!retval) 355 goto nodata; 356 357 retval->subh.init_hdr = 358 sctp_addto_chunk(retval, sizeof(init), &init); 359 retval->param_hdr.v = 360 sctp_addto_chunk(retval, addrs_len, addrs.v); 361 362 /* RFC 2960 3.3.2 Initiation (INIT) (1) 363 * 364 * Note 4: This parameter, when present, specifies all the 365 * address types the sending endpoint can support. The absence 366 * of this parameter indicates that the sending endpoint can 367 * support any address type. 368 */ 369 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 370 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 371 sctp_addto_chunk(retval, sizeof(sat), &sat); 372 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 373 374 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 375 376 /* Add the supported extensions parameter. Be nice and add this 377 * fist before addiding the parameters for the extensions themselves 378 */ 379 if (num_ext) { 380 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 381 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 382 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 383 sctp_addto_param(retval, num_ext, extensions); 384 } 385 386 if (asoc->prsctp_enable) 387 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 388 389 if (sp->adaptation_ind) { 390 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 391 aiparam.param_hdr.length = htons(sizeof(aiparam)); 392 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 393 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 394 } 395 396 /* Add SCTP-AUTH chunks to the parameter list */ 397 if (ep->auth_enable) { 398 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 399 asoc->c.auth_random); 400 if (auth_hmacs) 401 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 402 auth_hmacs); 403 if (auth_chunks) 404 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 405 auth_chunks); 406 } 407 nodata: 408 kfree(addrs.v); 409 return retval; 410 } 411 412 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 413 const struct sctp_chunk *chunk, 414 gfp_t gfp, int unkparam_len) 415 { 416 struct sctp_supported_ext_param ext_param; 417 struct sctp_adaptation_ind_param aiparam; 418 struct sctp_paramhdr *auth_chunks = NULL; 419 struct sctp_paramhdr *auth_random = NULL; 420 struct sctp_paramhdr *auth_hmacs = NULL; 421 struct sctp_chunk *retval = NULL; 422 struct sctp_cookie_param *cookie; 423 struct sctp_inithdr initack; 424 union sctp_params addrs; 425 struct sctp_sock *sp; 426 __u8 extensions[5]; 427 size_t chunksize; 428 int num_ext = 0; 429 int cookie_len; 430 int addrs_len; 431 432 /* Note: there may be no addresses to embed. */ 433 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 434 435 initack.init_tag = htonl(asoc->c.my_vtag); 436 initack.a_rwnd = htonl(asoc->rwnd); 437 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 438 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 439 initack.initial_tsn = htonl(asoc->c.initial_tsn); 440 441 /* FIXME: We really ought to build the cookie right 442 * into the packet instead of allocating more fresh memory. 443 */ 444 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 445 addrs.v, addrs_len); 446 if (!cookie) 447 goto nomem_cookie; 448 449 /* Calculate the total size of allocation, include the reserved 450 * space for reporting unknown parameters if it is specified. 451 */ 452 sp = sctp_sk(asoc->base.sk); 453 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 454 455 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 456 if (asoc->peer.ecn_capable) 457 chunksize += sizeof(ecap_param); 458 459 if (asoc->peer.prsctp_capable) 460 chunksize += sizeof(prsctp_param); 461 462 if (asoc->peer.asconf_capable) { 463 extensions[num_ext] = SCTP_CID_ASCONF; 464 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 465 num_ext += 2; 466 } 467 468 if (asoc->peer.reconf_capable) { 469 extensions[num_ext] = SCTP_CID_RECONF; 470 num_ext += 1; 471 } 472 473 if (sp->adaptation_ind) 474 chunksize += sizeof(aiparam); 475 476 if (asoc->intl_enable) { 477 extensions[num_ext] = SCTP_CID_I_DATA; 478 num_ext += 1; 479 } 480 481 if (asoc->peer.auth_capable) { 482 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random; 483 chunksize += ntohs(auth_random->length); 484 485 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 486 if (auth_hmacs->length) 487 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 488 else 489 auth_hmacs = NULL; 490 491 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 492 if (auth_chunks->length) 493 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 494 else 495 auth_chunks = NULL; 496 497 extensions[num_ext] = SCTP_CID_AUTH; 498 num_ext += 1; 499 } 500 501 if (num_ext) 502 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 503 504 /* Now allocate and fill out the chunk. */ 505 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp); 506 if (!retval) 507 goto nomem_chunk; 508 509 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 510 * 511 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 512 * HEARTBEAT ACK, * etc.) to the same destination transport 513 * address from which it received the DATA or control chunk 514 * to which it is replying. 515 * 516 * [INIT ACK back to where the INIT came from.] 517 */ 518 retval->transport = chunk->transport; 519 520 retval->subh.init_hdr = 521 sctp_addto_chunk(retval, sizeof(initack), &initack); 522 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 523 sctp_addto_chunk(retval, cookie_len, cookie); 524 if (asoc->peer.ecn_capable) 525 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 526 if (num_ext) { 527 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 528 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 529 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 530 sctp_addto_param(retval, num_ext, extensions); 531 } 532 if (asoc->peer.prsctp_capable) 533 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 534 535 if (sp->adaptation_ind) { 536 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 537 aiparam.param_hdr.length = htons(sizeof(aiparam)); 538 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 539 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 540 } 541 542 if (asoc->peer.auth_capable) { 543 sctp_addto_chunk(retval, ntohs(auth_random->length), 544 auth_random); 545 if (auth_hmacs) 546 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 547 auth_hmacs); 548 if (auth_chunks) 549 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 550 auth_chunks); 551 } 552 553 /* We need to remove the const qualifier at this point. */ 554 retval->asoc = (struct sctp_association *) asoc; 555 556 nomem_chunk: 557 kfree(cookie); 558 nomem_cookie: 559 kfree(addrs.v); 560 return retval; 561 } 562 563 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 564 * 565 * This chunk is used only during the initialization of an association. 566 * It is sent by the initiator of an association to its peer to complete 567 * the initialization process. This chunk MUST precede any DATA chunk 568 * sent within the association, but MAY be bundled with one or more DATA 569 * chunks in the same packet. 570 * 571 * 0 1 2 3 572 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 573 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 574 * | Type = 10 |Chunk Flags | Length | 575 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 576 * / Cookie / 577 * \ \ 578 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 579 * 580 * Chunk Flags: 8 bit 581 * 582 * Set to zero on transmit and ignored on receipt. 583 * 584 * Length: 16 bits (unsigned integer) 585 * 586 * Set to the size of the chunk in bytes, including the 4 bytes of 587 * the chunk header and the size of the Cookie. 588 * 589 * Cookie: variable size 590 * 591 * This field must contain the exact cookie received in the 592 * State Cookie parameter from the previous INIT ACK. 593 * 594 * An implementation SHOULD make the cookie as small as possible 595 * to insure interoperability. 596 */ 597 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 598 const struct sctp_chunk *chunk) 599 { 600 struct sctp_chunk *retval; 601 int cookie_len; 602 void *cookie; 603 604 cookie = asoc->peer.cookie; 605 cookie_len = asoc->peer.cookie_len; 606 607 /* Build a cookie echo chunk. */ 608 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, 609 cookie_len, GFP_ATOMIC); 610 if (!retval) 611 goto nodata; 612 retval->subh.cookie_hdr = 613 sctp_addto_chunk(retval, cookie_len, cookie); 614 615 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 616 * 617 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 618 * HEARTBEAT ACK, * etc.) to the same destination transport 619 * address from which it * received the DATA or control chunk 620 * to which it is replying. 621 * 622 * [COOKIE ECHO back to where the INIT ACK came from.] 623 */ 624 if (chunk) 625 retval->transport = chunk->transport; 626 627 nodata: 628 return retval; 629 } 630 631 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 632 * 633 * This chunk is used only during the initialization of an 634 * association. It is used to acknowledge the receipt of a COOKIE 635 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 636 * within the association, but MAY be bundled with one or more DATA 637 * chunks or SACK chunk in the same SCTP packet. 638 * 639 * 0 1 2 3 640 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 641 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 642 * | Type = 11 |Chunk Flags | Length = 4 | 643 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 644 * 645 * Chunk Flags: 8 bits 646 * 647 * Set to zero on transmit and ignored on receipt. 648 */ 649 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 650 const struct sctp_chunk *chunk) 651 { 652 struct sctp_chunk *retval; 653 654 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC); 655 656 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 657 * 658 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 659 * HEARTBEAT ACK, * etc.) to the same destination transport 660 * address from which it * received the DATA or control chunk 661 * to which it is replying. 662 * 663 * [COOKIE ACK back to where the COOKIE ECHO came from.] 664 */ 665 if (retval && chunk) 666 retval->transport = chunk->transport; 667 668 return retval; 669 } 670 671 /* 672 * Appendix A: Explicit Congestion Notification: 673 * CWR: 674 * 675 * RFC 2481 details a specific bit for a sender to send in the header of 676 * its next outbound TCP segment to indicate to its peer that it has 677 * reduced its congestion window. This is termed the CWR bit. For 678 * SCTP the same indication is made by including the CWR chunk. 679 * This chunk contains one data element, i.e. the TSN number that 680 * was sent in the ECNE chunk. This element represents the lowest 681 * TSN number in the datagram that was originally marked with the 682 * CE bit. 683 * 684 * 0 1 2 3 685 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 686 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 687 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 688 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 689 * | Lowest TSN Number | 690 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 691 * 692 * Note: The CWR is considered a Control chunk. 693 */ 694 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 695 const __u32 lowest_tsn, 696 const struct sctp_chunk *chunk) 697 { 698 struct sctp_chunk *retval; 699 struct sctp_cwrhdr cwr; 700 701 cwr.lowest_tsn = htonl(lowest_tsn); 702 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 703 sizeof(cwr), GFP_ATOMIC); 704 705 if (!retval) 706 goto nodata; 707 708 retval->subh.ecn_cwr_hdr = 709 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 710 711 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 712 * 713 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 714 * HEARTBEAT ACK, * etc.) to the same destination transport 715 * address from which it * received the DATA or control chunk 716 * to which it is replying. 717 * 718 * [Report a reduced congestion window back to where the ECNE 719 * came from.] 720 */ 721 if (chunk) 722 retval->transport = chunk->transport; 723 724 nodata: 725 return retval; 726 } 727 728 /* Make an ECNE chunk. This is a congestion experienced report. */ 729 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 730 const __u32 lowest_tsn) 731 { 732 struct sctp_chunk *retval; 733 struct sctp_ecnehdr ecne; 734 735 ecne.lowest_tsn = htonl(lowest_tsn); 736 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 737 sizeof(ecne), GFP_ATOMIC); 738 if (!retval) 739 goto nodata; 740 retval->subh.ecne_hdr = 741 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 742 743 nodata: 744 return retval; 745 } 746 747 /* Make a DATA chunk for the given association from the provided 748 * parameters. However, do not populate the data payload. 749 */ 750 struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc, 751 const struct sctp_sndrcvinfo *sinfo, 752 int len, __u8 flags, gfp_t gfp) 753 { 754 struct sctp_chunk *retval; 755 struct sctp_datahdr dp; 756 757 /* We assign the TSN as LATE as possible, not here when 758 * creating the chunk. 759 */ 760 memset(&dp, 0, sizeof(dp)); 761 dp.ppid = sinfo->sinfo_ppid; 762 dp.stream = htons(sinfo->sinfo_stream); 763 764 /* Set the flags for an unordered send. */ 765 if (sinfo->sinfo_flags & SCTP_UNORDERED) 766 flags |= SCTP_DATA_UNORDERED; 767 768 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp); 769 if (!retval) 770 return NULL; 771 772 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 773 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 774 775 return retval; 776 } 777 778 /* Create a selective ackowledgement (SACK) for the given 779 * association. This reports on which TSN's we've seen to date, 780 * including duplicates and gaps. 781 */ 782 struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc) 783 { 784 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 785 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 786 __u16 num_gabs, num_dup_tsns; 787 struct sctp_transport *trans; 788 struct sctp_chunk *retval; 789 struct sctp_sackhdr sack; 790 __u32 ctsn; 791 int len; 792 793 memset(gabs, 0, sizeof(gabs)); 794 ctsn = sctp_tsnmap_get_ctsn(map); 795 796 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 797 798 /* How much room is needed in the chunk? */ 799 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 800 num_dup_tsns = sctp_tsnmap_num_dups(map); 801 802 /* Initialize the SACK header. */ 803 sack.cum_tsn_ack = htonl(ctsn); 804 sack.a_rwnd = htonl(asoc->a_rwnd); 805 sack.num_gap_ack_blocks = htons(num_gabs); 806 sack.num_dup_tsns = htons(num_dup_tsns); 807 808 len = sizeof(sack) 809 + sizeof(struct sctp_gap_ack_block) * num_gabs 810 + sizeof(__u32) * num_dup_tsns; 811 812 /* Create the chunk. */ 813 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC); 814 if (!retval) 815 goto nodata; 816 817 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 818 * 819 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 820 * HEARTBEAT ACK, etc.) to the same destination transport 821 * address from which it received the DATA or control chunk to 822 * which it is replying. This rule should also be followed if 823 * the endpoint is bundling DATA chunks together with the 824 * reply chunk. 825 * 826 * However, when acknowledging multiple DATA chunks received 827 * in packets from different source addresses in a single 828 * SACK, the SACK chunk may be transmitted to one of the 829 * destination transport addresses from which the DATA or 830 * control chunks being acknowledged were received. 831 * 832 * [BUG: We do not implement the following paragraph. 833 * Perhaps we should remember the last transport we used for a 834 * SACK and avoid that (if possible) if we have seen any 835 * duplicates. --piggy] 836 * 837 * When a receiver of a duplicate DATA chunk sends a SACK to a 838 * multi- homed endpoint it MAY be beneficial to vary the 839 * destination address and not use the source address of the 840 * DATA chunk. The reason being that receiving a duplicate 841 * from a multi-homed endpoint might indicate that the return 842 * path (as specified in the source address of the DATA chunk) 843 * for the SACK is broken. 844 * 845 * [Send to the address from which we last received a DATA chunk.] 846 */ 847 retval->transport = asoc->peer.last_data_from; 848 849 retval->subh.sack_hdr = 850 sctp_addto_chunk(retval, sizeof(sack), &sack); 851 852 /* Add the gap ack block information. */ 853 if (num_gabs) 854 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 855 gabs); 856 857 /* Add the duplicate TSN information. */ 858 if (num_dup_tsns) { 859 asoc->stats.idupchunks += num_dup_tsns; 860 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 861 sctp_tsnmap_get_dups(map)); 862 } 863 /* Once we have a sack generated, check to see what our sack 864 * generation is, if its 0, reset the transports to 0, and reset 865 * the association generation to 1 866 * 867 * The idea is that zero is never used as a valid generation for the 868 * association so no transport will match after a wrap event like this, 869 * Until the next sack 870 */ 871 if (++asoc->peer.sack_generation == 0) { 872 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 873 transports) 874 trans->sack_generation = 0; 875 asoc->peer.sack_generation = 1; 876 } 877 nodata: 878 return retval; 879 } 880 881 /* Make a SHUTDOWN chunk. */ 882 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 883 const struct sctp_chunk *chunk) 884 { 885 struct sctp_shutdownhdr shut; 886 struct sctp_chunk *retval; 887 __u32 ctsn; 888 889 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 890 shut.cum_tsn_ack = htonl(ctsn); 891 892 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 893 sizeof(shut), GFP_ATOMIC); 894 if (!retval) 895 goto nodata; 896 897 retval->subh.shutdown_hdr = 898 sctp_addto_chunk(retval, sizeof(shut), &shut); 899 900 if (chunk) 901 retval->transport = chunk->transport; 902 nodata: 903 return retval; 904 } 905 906 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 907 const struct sctp_chunk *chunk) 908 { 909 struct sctp_chunk *retval; 910 911 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0, 912 GFP_ATOMIC); 913 914 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 915 * 916 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 917 * HEARTBEAT ACK, * etc.) to the same destination transport 918 * address from which it * received the DATA or control chunk 919 * to which it is replying. 920 * 921 * [ACK back to where the SHUTDOWN came from.] 922 */ 923 if (retval && chunk) 924 retval->transport = chunk->transport; 925 926 return retval; 927 } 928 929 struct sctp_chunk *sctp_make_shutdown_complete( 930 const struct sctp_association *asoc, 931 const struct sctp_chunk *chunk) 932 { 933 struct sctp_chunk *retval; 934 __u8 flags = 0; 935 936 /* Set the T-bit if we have no association (vtag will be 937 * reflected) 938 */ 939 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 940 941 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 942 0, GFP_ATOMIC); 943 944 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 945 * 946 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 947 * HEARTBEAT ACK, * etc.) to the same destination transport 948 * address from which it * received the DATA or control chunk 949 * to which it is replying. 950 * 951 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 952 * came from.] 953 */ 954 if (retval && chunk) 955 retval->transport = chunk->transport; 956 957 return retval; 958 } 959 960 /* Create an ABORT. Note that we set the T bit if we have no 961 * association, except when responding to an INIT (sctpimpguide 2.41). 962 */ 963 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 964 const struct sctp_chunk *chunk, 965 const size_t hint) 966 { 967 struct sctp_chunk *retval; 968 __u8 flags = 0; 969 970 /* Set the T-bit if we have no association and 'chunk' is not 971 * an INIT (vtag will be reflected). 972 */ 973 if (!asoc) { 974 if (chunk && chunk->chunk_hdr && 975 chunk->chunk_hdr->type == SCTP_CID_INIT) 976 flags = 0; 977 else 978 flags = SCTP_CHUNK_FLAG_T; 979 } 980 981 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint, 982 GFP_ATOMIC); 983 984 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 985 * 986 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 987 * HEARTBEAT ACK, * etc.) to the same destination transport 988 * address from which it * received the DATA or control chunk 989 * to which it is replying. 990 * 991 * [ABORT back to where the offender came from.] 992 */ 993 if (retval && chunk) 994 retval->transport = chunk->transport; 995 996 return retval; 997 } 998 999 /* Helper to create ABORT with a NO_USER_DATA error. */ 1000 struct sctp_chunk *sctp_make_abort_no_data( 1001 const struct sctp_association *asoc, 1002 const struct sctp_chunk *chunk, 1003 __u32 tsn) 1004 { 1005 struct sctp_chunk *retval; 1006 __be32 payload; 1007 1008 retval = sctp_make_abort(asoc, chunk, 1009 sizeof(struct sctp_errhdr) + sizeof(tsn)); 1010 1011 if (!retval) 1012 goto no_mem; 1013 1014 /* Put the tsn back into network byte order. */ 1015 payload = htonl(tsn); 1016 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 1017 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 1018 1019 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1020 * 1021 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1022 * HEARTBEAT ACK, * etc.) to the same destination transport 1023 * address from which it * received the DATA or control chunk 1024 * to which it is replying. 1025 * 1026 * [ABORT back to where the offender came from.] 1027 */ 1028 if (chunk) 1029 retval->transport = chunk->transport; 1030 1031 no_mem: 1032 return retval; 1033 } 1034 1035 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1036 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1037 struct msghdr *msg, 1038 size_t paylen) 1039 { 1040 struct sctp_chunk *retval; 1041 void *payload = NULL; 1042 int err; 1043 1044 retval = sctp_make_abort(asoc, NULL, 1045 sizeof(struct sctp_errhdr) + paylen); 1046 if (!retval) 1047 goto err_chunk; 1048 1049 if (paylen) { 1050 /* Put the msg_iov together into payload. */ 1051 payload = kmalloc(paylen, GFP_KERNEL); 1052 if (!payload) 1053 goto err_payload; 1054 1055 err = memcpy_from_msg(payload, msg, paylen); 1056 if (err < 0) 1057 goto err_copy; 1058 } 1059 1060 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1061 sctp_addto_chunk(retval, paylen, payload); 1062 1063 if (paylen) 1064 kfree(payload); 1065 1066 return retval; 1067 1068 err_copy: 1069 kfree(payload); 1070 err_payload: 1071 sctp_chunk_free(retval); 1072 retval = NULL; 1073 err_chunk: 1074 return retval; 1075 } 1076 1077 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1078 * enough. 1079 */ 1080 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1081 const void *data) 1082 { 1083 int chunklen = ntohs(chunk->chunk_hdr->length); 1084 void *target; 1085 1086 target = skb_put(chunk->skb, len); 1087 1088 if (data) 1089 memcpy(target, data, len); 1090 else 1091 memset(target, 0, len); 1092 1093 /* Adjust the chunk length field. */ 1094 chunk->chunk_hdr->length = htons(chunklen + len); 1095 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1096 1097 return target; 1098 } 1099 1100 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1101 struct sctp_chunk *sctp_make_abort_violation( 1102 const struct sctp_association *asoc, 1103 const struct sctp_chunk *chunk, 1104 const __u8 *payload, 1105 const size_t paylen) 1106 { 1107 struct sctp_chunk *retval; 1108 struct sctp_paramhdr phdr; 1109 1110 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) + 1111 paylen + sizeof(phdr)); 1112 if (!retval) 1113 goto end; 1114 1115 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen + 1116 sizeof(phdr)); 1117 1118 phdr.type = htons(chunk->chunk_hdr->type); 1119 phdr.length = chunk->chunk_hdr->length; 1120 sctp_addto_chunk(retval, paylen, payload); 1121 sctp_addto_param(retval, sizeof(phdr), &phdr); 1122 1123 end: 1124 return retval; 1125 } 1126 1127 struct sctp_chunk *sctp_make_violation_paramlen( 1128 const struct sctp_association *asoc, 1129 const struct sctp_chunk *chunk, 1130 struct sctp_paramhdr *param) 1131 { 1132 static const char error[] = "The following parameter had invalid length:"; 1133 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) + 1134 sizeof(*param); 1135 struct sctp_chunk *retval; 1136 1137 retval = sctp_make_abort(asoc, chunk, payload_len); 1138 if (!retval) 1139 goto nodata; 1140 1141 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1142 sizeof(error) + sizeof(*param)); 1143 sctp_addto_chunk(retval, sizeof(error), error); 1144 sctp_addto_param(retval, sizeof(*param), param); 1145 1146 nodata: 1147 return retval; 1148 } 1149 1150 struct sctp_chunk *sctp_make_violation_max_retrans( 1151 const struct sctp_association *asoc, 1152 const struct sctp_chunk *chunk) 1153 { 1154 static const char error[] = "Association exceeded its max_retans count"; 1155 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr); 1156 struct sctp_chunk *retval; 1157 1158 retval = sctp_make_abort(asoc, chunk, payload_len); 1159 if (!retval) 1160 goto nodata; 1161 1162 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1163 sctp_addto_chunk(retval, sizeof(error), error); 1164 1165 nodata: 1166 return retval; 1167 } 1168 1169 /* Make a HEARTBEAT chunk. */ 1170 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1171 const struct sctp_transport *transport) 1172 { 1173 struct sctp_sender_hb_info hbinfo; 1174 struct sctp_chunk *retval; 1175 1176 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, 1177 sizeof(hbinfo), GFP_ATOMIC); 1178 1179 if (!retval) 1180 goto nodata; 1181 1182 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1183 hbinfo.param_hdr.length = htons(sizeof(hbinfo)); 1184 hbinfo.daddr = transport->ipaddr; 1185 hbinfo.sent_at = jiffies; 1186 hbinfo.hb_nonce = transport->hb_nonce; 1187 1188 /* Cast away the 'const', as this is just telling the chunk 1189 * what transport it belongs to. 1190 */ 1191 retval->transport = (struct sctp_transport *) transport; 1192 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1193 &hbinfo); 1194 1195 nodata: 1196 return retval; 1197 } 1198 1199 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1200 const struct sctp_chunk *chunk, 1201 const void *payload, 1202 const size_t paylen) 1203 { 1204 struct sctp_chunk *retval; 1205 1206 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen, 1207 GFP_ATOMIC); 1208 if (!retval) 1209 goto nodata; 1210 1211 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1212 1213 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1214 * 1215 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1216 * HEARTBEAT ACK, * etc.) to the same destination transport 1217 * address from which it * received the DATA or control chunk 1218 * to which it is replying. 1219 * 1220 * [HBACK back to where the HEARTBEAT came from.] 1221 */ 1222 if (chunk) 1223 retval->transport = chunk->transport; 1224 1225 nodata: 1226 return retval; 1227 } 1228 1229 /* Create an Operation Error chunk with the specified space reserved. 1230 * This routine can be used for containing multiple causes in the chunk. 1231 */ 1232 static struct sctp_chunk *sctp_make_op_error_space( 1233 const struct sctp_association *asoc, 1234 const struct sctp_chunk *chunk, 1235 size_t size) 1236 { 1237 struct sctp_chunk *retval; 1238 1239 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1240 sizeof(struct sctp_errhdr) + size, 1241 GFP_ATOMIC); 1242 if (!retval) 1243 goto nodata; 1244 1245 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1246 * 1247 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1248 * HEARTBEAT ACK, etc.) to the same destination transport 1249 * address from which it received the DATA or control chunk 1250 * to which it is replying. 1251 * 1252 */ 1253 if (chunk) 1254 retval->transport = chunk->transport; 1255 1256 nodata: 1257 return retval; 1258 } 1259 1260 /* Create an Operation Error chunk of a fixed size, 1261 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1262 * This is a helper function to allocate an error chunk for 1263 * for those invalid parameter codes in which we may not want 1264 * to report all the errors, if the incoming chunk is large 1265 */ 1266 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1267 const struct sctp_association *asoc, 1268 const struct sctp_chunk *chunk) 1269 { 1270 size_t size = asoc ? asoc->pathmtu : 0; 1271 1272 if (!size) 1273 size = SCTP_DEFAULT_MAXSEGMENT; 1274 1275 return sctp_make_op_error_space(asoc, chunk, size); 1276 } 1277 1278 /* Create an Operation Error chunk. */ 1279 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1280 const struct sctp_chunk *chunk, 1281 __be16 cause_code, const void *payload, 1282 size_t paylen, size_t reserve_tail) 1283 { 1284 struct sctp_chunk *retval; 1285 1286 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1287 if (!retval) 1288 goto nodata; 1289 1290 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1291 sctp_addto_chunk(retval, paylen, payload); 1292 if (reserve_tail) 1293 sctp_addto_param(retval, reserve_tail, NULL); 1294 1295 nodata: 1296 return retval; 1297 } 1298 1299 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc, 1300 __u16 key_id) 1301 { 1302 struct sctp_authhdr auth_hdr; 1303 struct sctp_hmac *hmac_desc; 1304 struct sctp_chunk *retval; 1305 1306 /* Get the first hmac that the peer told us to use */ 1307 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1308 if (unlikely(!hmac_desc)) 1309 return NULL; 1310 1311 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1312 hmac_desc->hmac_len + sizeof(auth_hdr), 1313 GFP_ATOMIC); 1314 if (!retval) 1315 return NULL; 1316 1317 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1318 auth_hdr.shkey_id = htons(key_id); 1319 1320 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr), 1321 &auth_hdr); 1322 1323 skb_put_zero(retval->skb, hmac_desc->hmac_len); 1324 1325 /* Adjust the chunk header to include the empty MAC */ 1326 retval->chunk_hdr->length = 1327 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1328 retval->chunk_end = skb_tail_pointer(retval->skb); 1329 1330 return retval; 1331 } 1332 1333 1334 /******************************************************************** 1335 * 2nd Level Abstractions 1336 ********************************************************************/ 1337 1338 /* Turn an skb into a chunk. 1339 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1340 * 1341 * sctpimpguide-05.txt Section 2.8.2 1342 * M1) Each time a new DATA chunk is transmitted 1343 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1344 * 'TSN.Missing.Report' count will be used to determine missing chunks 1345 * and when to fast retransmit. 1346 * 1347 */ 1348 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1349 const struct sctp_association *asoc, 1350 struct sock *sk, gfp_t gfp) 1351 { 1352 struct sctp_chunk *retval; 1353 1354 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp); 1355 1356 if (!retval) 1357 goto nodata; 1358 if (!sk) 1359 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1360 1361 INIT_LIST_HEAD(&retval->list); 1362 retval->skb = skb; 1363 retval->asoc = (struct sctp_association *)asoc; 1364 retval->singleton = 1; 1365 1366 retval->fast_retransmit = SCTP_CAN_FRTX; 1367 1368 /* Polish the bead hole. */ 1369 INIT_LIST_HEAD(&retval->transmitted_list); 1370 INIT_LIST_HEAD(&retval->frag_list); 1371 SCTP_DBG_OBJCNT_INC(chunk); 1372 refcount_set(&retval->refcnt, 1); 1373 1374 nodata: 1375 return retval; 1376 } 1377 1378 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1379 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1380 union sctp_addr *dest) 1381 { 1382 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1383 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1384 } 1385 1386 /* Extract the source address from a chunk. */ 1387 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1388 { 1389 /* If we have a known transport, use that. */ 1390 if (chunk->transport) { 1391 return &chunk->transport->ipaddr; 1392 } else { 1393 /* Otherwise, extract it from the IP header. */ 1394 return &chunk->source; 1395 } 1396 } 1397 1398 /* Create a new chunk, setting the type and flags headers from the 1399 * arguments, reserving enough space for a 'paylen' byte payload. 1400 */ 1401 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1402 __u8 type, __u8 flags, int paylen, 1403 gfp_t gfp) 1404 { 1405 struct sctp_chunkhdr *chunk_hdr; 1406 struct sctp_chunk *retval; 1407 struct sk_buff *skb; 1408 struct sock *sk; 1409 int chunklen; 1410 1411 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen); 1412 if (chunklen > SCTP_MAX_CHUNK_LEN) 1413 goto nodata; 1414 1415 /* No need to allocate LL here, as this is only a chunk. */ 1416 skb = alloc_skb(chunklen, gfp); 1417 if (!skb) 1418 goto nodata; 1419 1420 /* Make room for the chunk header. */ 1421 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr)); 1422 chunk_hdr->type = type; 1423 chunk_hdr->flags = flags; 1424 chunk_hdr->length = htons(sizeof(*chunk_hdr)); 1425 1426 sk = asoc ? asoc->base.sk : NULL; 1427 retval = sctp_chunkify(skb, asoc, sk, gfp); 1428 if (!retval) { 1429 kfree_skb(skb); 1430 goto nodata; 1431 } 1432 1433 retval->chunk_hdr = chunk_hdr; 1434 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr); 1435 1436 /* Determine if the chunk needs to be authenticated */ 1437 if (sctp_auth_send_cid(type, asoc)) 1438 retval->auth = 1; 1439 1440 return retval; 1441 nodata: 1442 return NULL; 1443 } 1444 1445 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1446 __u8 flags, int paylen, gfp_t gfp) 1447 { 1448 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp); 1449 } 1450 1451 struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc, 1452 __u8 flags, int paylen, gfp_t gfp) 1453 { 1454 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp); 1455 } 1456 1457 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1458 __u8 type, __u8 flags, int paylen, 1459 gfp_t gfp) 1460 { 1461 struct sctp_chunk *chunk; 1462 1463 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); 1464 if (chunk) 1465 sctp_control_set_owner_w(chunk); 1466 1467 return chunk; 1468 } 1469 1470 /* Release the memory occupied by a chunk. */ 1471 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1472 { 1473 BUG_ON(!list_empty(&chunk->list)); 1474 list_del_init(&chunk->transmitted_list); 1475 1476 consume_skb(chunk->skb); 1477 consume_skb(chunk->auth_chunk); 1478 1479 SCTP_DBG_OBJCNT_DEC(chunk); 1480 kmem_cache_free(sctp_chunk_cachep, chunk); 1481 } 1482 1483 /* Possibly, free the chunk. */ 1484 void sctp_chunk_free(struct sctp_chunk *chunk) 1485 { 1486 /* Release our reference on the message tracker. */ 1487 if (chunk->msg) 1488 sctp_datamsg_put(chunk->msg); 1489 1490 sctp_chunk_put(chunk); 1491 } 1492 1493 /* Grab a reference to the chunk. */ 1494 void sctp_chunk_hold(struct sctp_chunk *ch) 1495 { 1496 refcount_inc(&ch->refcnt); 1497 } 1498 1499 /* Release a reference to the chunk. */ 1500 void sctp_chunk_put(struct sctp_chunk *ch) 1501 { 1502 if (refcount_dec_and_test(&ch->refcnt)) 1503 sctp_chunk_destroy(ch); 1504 } 1505 1506 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1507 * enough. 1508 */ 1509 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1510 { 1511 int chunklen = ntohs(chunk->chunk_hdr->length); 1512 int padlen = SCTP_PAD4(chunklen) - chunklen; 1513 void *target; 1514 1515 skb_put_zero(chunk->skb, padlen); 1516 target = skb_put_data(chunk->skb, data, len); 1517 1518 /* Adjust the chunk length field. */ 1519 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1520 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1521 1522 return target; 1523 } 1524 1525 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1526 * space in the chunk 1527 */ 1528 static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1529 int len, const void *data) 1530 { 1531 if (skb_tailroom(chunk->skb) >= len) 1532 return sctp_addto_chunk(chunk, len, data); 1533 else 1534 return NULL; 1535 } 1536 1537 /* Append bytes from user space to the end of a chunk. Will panic if 1538 * chunk is not big enough. 1539 * Returns a kernel err value. 1540 */ 1541 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1542 struct iov_iter *from) 1543 { 1544 void *target; 1545 1546 /* Make room in chunk for data. */ 1547 target = skb_put(chunk->skb, len); 1548 1549 /* Copy data (whole iovec) into chunk */ 1550 if (!copy_from_iter_full(target, len, from)) 1551 return -EFAULT; 1552 1553 /* Adjust the chunk length field. */ 1554 chunk->chunk_hdr->length = 1555 htons(ntohs(chunk->chunk_hdr->length) + len); 1556 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1557 1558 return 0; 1559 } 1560 1561 /* Helper function to assign a TSN if needed. This assumes that both 1562 * the data_hdr and association have already been assigned. 1563 */ 1564 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1565 { 1566 struct sctp_stream *stream; 1567 struct sctp_chunk *lchunk; 1568 struct sctp_datamsg *msg; 1569 __u16 ssn, sid; 1570 1571 if (chunk->has_ssn) 1572 return; 1573 1574 /* All fragments will be on the same stream */ 1575 sid = ntohs(chunk->subh.data_hdr->stream); 1576 stream = &chunk->asoc->stream; 1577 1578 /* Now assign the sequence number to the entire message. 1579 * All fragments must have the same stream sequence number. 1580 */ 1581 msg = chunk->msg; 1582 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1583 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1584 ssn = 0; 1585 } else { 1586 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1587 ssn = sctp_ssn_next(stream, out, sid); 1588 else 1589 ssn = sctp_ssn_peek(stream, out, sid); 1590 } 1591 1592 lchunk->subh.data_hdr->ssn = htons(ssn); 1593 lchunk->has_ssn = 1; 1594 } 1595 } 1596 1597 /* Helper function to assign a TSN if needed. This assumes that both 1598 * the data_hdr and association have already been assigned. 1599 */ 1600 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1601 { 1602 if (!chunk->has_tsn) { 1603 /* This is the last possible instant to 1604 * assign a TSN. 1605 */ 1606 chunk->subh.data_hdr->tsn = 1607 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1608 chunk->has_tsn = 1; 1609 } 1610 } 1611 1612 /* Create a CLOSED association to use with an incoming packet. */ 1613 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1614 struct sctp_chunk *chunk, 1615 gfp_t gfp) 1616 { 1617 struct sctp_association *asoc; 1618 enum sctp_scope scope; 1619 struct sk_buff *skb; 1620 1621 /* Create the bare association. */ 1622 scope = sctp_scope(sctp_source(chunk)); 1623 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1624 if (!asoc) 1625 goto nodata; 1626 asoc->temp = 1; 1627 skb = chunk->skb; 1628 /* Create an entry for the source address of the packet. */ 1629 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); 1630 1631 nodata: 1632 return asoc; 1633 } 1634 1635 /* Build a cookie representing asoc. 1636 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1637 */ 1638 static struct sctp_cookie_param *sctp_pack_cookie( 1639 const struct sctp_endpoint *ep, 1640 const struct sctp_association *asoc, 1641 const struct sctp_chunk *init_chunk, 1642 int *cookie_len, const __u8 *raw_addrs, 1643 int addrs_len) 1644 { 1645 struct sctp_signed_cookie *cookie; 1646 struct sctp_cookie_param *retval; 1647 int headersize, bodysize; 1648 1649 /* Header size is static data prior to the actual cookie, including 1650 * any padding. 1651 */ 1652 headersize = sizeof(struct sctp_paramhdr) + 1653 (sizeof(struct sctp_signed_cookie) - 1654 sizeof(struct sctp_cookie)); 1655 bodysize = sizeof(struct sctp_cookie) 1656 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1657 1658 /* Pad out the cookie to a multiple to make the signature 1659 * functions simpler to write. 1660 */ 1661 if (bodysize % SCTP_COOKIE_MULTIPLE) 1662 bodysize += SCTP_COOKIE_MULTIPLE 1663 - (bodysize % SCTP_COOKIE_MULTIPLE); 1664 *cookie_len = headersize + bodysize; 1665 1666 /* Clear this memory since we are sending this data structure 1667 * out on the network. 1668 */ 1669 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1670 if (!retval) 1671 goto nodata; 1672 1673 cookie = (struct sctp_signed_cookie *) retval->body; 1674 1675 /* Set up the parameter header. */ 1676 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1677 retval->p.length = htons(*cookie_len); 1678 1679 /* Copy the cookie part of the association itself. */ 1680 cookie->c = asoc->c; 1681 /* Save the raw address list length in the cookie. */ 1682 cookie->c.raw_addr_list_len = addrs_len; 1683 1684 /* Remember PR-SCTP capability. */ 1685 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1686 1687 /* Save adaptation indication in the cookie. */ 1688 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1689 1690 /* Set an expiration time for the cookie. */ 1691 cookie->c.expiration = ktime_add(asoc->cookie_life, 1692 ktime_get_real()); 1693 1694 /* Copy the peer's init packet. */ 1695 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1696 ntohs(init_chunk->chunk_hdr->length)); 1697 1698 /* Copy the raw local address list of the association. */ 1699 memcpy((__u8 *)&cookie->c.peer_init[0] + 1700 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1701 1702 if (sctp_sk(ep->base.sk)->hmac) { 1703 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1704 int err; 1705 1706 /* Sign the message. */ 1707 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1708 desc->flags = 0; 1709 1710 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1711 sizeof(ep->secret_key)) ?: 1712 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize, 1713 cookie->signature); 1714 shash_desc_zero(desc); 1715 if (err) 1716 goto free_cookie; 1717 } 1718 1719 return retval; 1720 1721 free_cookie: 1722 kfree(retval); 1723 nodata: 1724 *cookie_len = 0; 1725 return NULL; 1726 } 1727 1728 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1729 struct sctp_association *sctp_unpack_cookie( 1730 const struct sctp_endpoint *ep, 1731 const struct sctp_association *asoc, 1732 struct sctp_chunk *chunk, gfp_t gfp, 1733 int *error, struct sctp_chunk **errp) 1734 { 1735 struct sctp_association *retval = NULL; 1736 int headersize, bodysize, fixed_size; 1737 struct sctp_signed_cookie *cookie; 1738 struct sk_buff *skb = chunk->skb; 1739 struct sctp_cookie *bear_cookie; 1740 __u8 *digest = ep->digest; 1741 enum sctp_scope scope; 1742 unsigned int len; 1743 ktime_t kt; 1744 1745 /* Header size is static data prior to the actual cookie, including 1746 * any padding. 1747 */ 1748 headersize = sizeof(struct sctp_chunkhdr) + 1749 (sizeof(struct sctp_signed_cookie) - 1750 sizeof(struct sctp_cookie)); 1751 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1752 fixed_size = headersize + sizeof(struct sctp_cookie); 1753 1754 /* Verify that the chunk looks like it even has a cookie. 1755 * There must be enough room for our cookie and our peer's 1756 * INIT chunk. 1757 */ 1758 len = ntohs(chunk->chunk_hdr->length); 1759 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1760 goto malformed; 1761 1762 /* Verify that the cookie has been padded out. */ 1763 if (bodysize % SCTP_COOKIE_MULTIPLE) 1764 goto malformed; 1765 1766 /* Process the cookie. */ 1767 cookie = chunk->subh.cookie_hdr; 1768 bear_cookie = &cookie->c; 1769 1770 if (!sctp_sk(ep->base.sk)->hmac) 1771 goto no_hmac; 1772 1773 /* Check the signature. */ 1774 { 1775 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1776 int err; 1777 1778 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1779 desc->flags = 0; 1780 1781 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1782 sizeof(ep->secret_key)) ?: 1783 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize, 1784 digest); 1785 shash_desc_zero(desc); 1786 1787 if (err) { 1788 *error = -SCTP_IERROR_NOMEM; 1789 goto fail; 1790 } 1791 } 1792 1793 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1794 *error = -SCTP_IERROR_BAD_SIG; 1795 goto fail; 1796 } 1797 1798 no_hmac: 1799 /* IG Section 2.35.2: 1800 * 3) Compare the port numbers and the verification tag contained 1801 * within the COOKIE ECHO chunk to the actual port numbers and the 1802 * verification tag within the SCTP common header of the received 1803 * packet. If these values do not match the packet MUST be silently 1804 * discarded, 1805 */ 1806 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1807 *error = -SCTP_IERROR_BAD_TAG; 1808 goto fail; 1809 } 1810 1811 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1812 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1813 *error = -SCTP_IERROR_BAD_PORTS; 1814 goto fail; 1815 } 1816 1817 /* Check to see if the cookie is stale. If there is already 1818 * an association, there is no need to check cookie's expiration 1819 * for init collision case of lost COOKIE ACK. 1820 * If skb has been timestamped, then use the stamp, otherwise 1821 * use current time. This introduces a small possibility that 1822 * that a cookie may be considered expired, but his would only slow 1823 * down the new association establishment instead of every packet. 1824 */ 1825 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1826 kt = skb_get_ktime(skb); 1827 else 1828 kt = ktime_get_real(); 1829 1830 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1831 /* 1832 * Section 3.3.10.3 Stale Cookie Error (3) 1833 * 1834 * Cause of error 1835 * --------------- 1836 * Stale Cookie Error: Indicates the receipt of a valid State 1837 * Cookie that has expired. 1838 */ 1839 len = ntohs(chunk->chunk_hdr->length); 1840 *errp = sctp_make_op_error_space(asoc, chunk, len); 1841 if (*errp) { 1842 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1843 __be32 n = htonl(usecs); 1844 1845 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1846 sizeof(n)); 1847 sctp_addto_chunk(*errp, sizeof(n), &n); 1848 *error = -SCTP_IERROR_STALE_COOKIE; 1849 } else 1850 *error = -SCTP_IERROR_NOMEM; 1851 1852 goto fail; 1853 } 1854 1855 /* Make a new base association. */ 1856 scope = sctp_scope(sctp_source(chunk)); 1857 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1858 if (!retval) { 1859 *error = -SCTP_IERROR_NOMEM; 1860 goto fail; 1861 } 1862 1863 /* Set up our peer's port number. */ 1864 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1865 1866 /* Populate the association from the cookie. */ 1867 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1868 1869 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1870 GFP_ATOMIC) < 0) { 1871 *error = -SCTP_IERROR_NOMEM; 1872 goto fail; 1873 } 1874 1875 /* Also, add the destination address. */ 1876 if (list_empty(&retval->base.bind_addr.address_list)) { 1877 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1878 sizeof(chunk->dest), SCTP_ADDR_SRC, 1879 GFP_ATOMIC); 1880 } 1881 1882 retval->next_tsn = retval->c.initial_tsn; 1883 retval->ctsn_ack_point = retval->next_tsn - 1; 1884 retval->addip_serial = retval->c.initial_tsn; 1885 retval->strreset_outseq = retval->c.initial_tsn; 1886 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1887 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1888 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1889 1890 /* The INIT stuff will be done by the side effects. */ 1891 return retval; 1892 1893 fail: 1894 if (retval) 1895 sctp_association_free(retval); 1896 1897 return NULL; 1898 1899 malformed: 1900 /* Yikes! The packet is either corrupt or deliberately 1901 * malformed. 1902 */ 1903 *error = -SCTP_IERROR_MALFORMED; 1904 goto fail; 1905 } 1906 1907 /******************************************************************** 1908 * 3rd Level Abstractions 1909 ********************************************************************/ 1910 1911 struct __sctp_missing { 1912 __be32 num_missing; 1913 __be16 type; 1914 } __packed; 1915 1916 /* 1917 * Report a missing mandatory parameter. 1918 */ 1919 static int sctp_process_missing_param(const struct sctp_association *asoc, 1920 enum sctp_param paramtype, 1921 struct sctp_chunk *chunk, 1922 struct sctp_chunk **errp) 1923 { 1924 struct __sctp_missing report; 1925 __u16 len; 1926 1927 len = SCTP_PAD4(sizeof(report)); 1928 1929 /* Make an ERROR chunk, preparing enough room for 1930 * returning multiple unknown parameters. 1931 */ 1932 if (!*errp) 1933 *errp = sctp_make_op_error_space(asoc, chunk, len); 1934 1935 if (*errp) { 1936 report.num_missing = htonl(1); 1937 report.type = paramtype; 1938 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1939 sizeof(report)); 1940 sctp_addto_chunk(*errp, sizeof(report), &report); 1941 } 1942 1943 /* Stop processing this chunk. */ 1944 return 0; 1945 } 1946 1947 /* Report an Invalid Mandatory Parameter. */ 1948 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1949 struct sctp_chunk *chunk, 1950 struct sctp_chunk **errp) 1951 { 1952 /* Invalid Mandatory Parameter Error has no payload. */ 1953 1954 if (!*errp) 1955 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1956 1957 if (*errp) 1958 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1959 1960 /* Stop processing this chunk. */ 1961 return 0; 1962 } 1963 1964 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1965 struct sctp_paramhdr *param, 1966 const struct sctp_chunk *chunk, 1967 struct sctp_chunk **errp) 1968 { 1969 /* This is a fatal error. Any accumulated non-fatal errors are 1970 * not reported. 1971 */ 1972 if (*errp) 1973 sctp_chunk_free(*errp); 1974 1975 /* Create an error chunk and fill it in with our payload. */ 1976 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1977 1978 return 0; 1979 } 1980 1981 1982 /* Do not attempt to handle the HOST_NAME parm. However, do 1983 * send back an indicator to the peer. 1984 */ 1985 static int sctp_process_hn_param(const struct sctp_association *asoc, 1986 union sctp_params param, 1987 struct sctp_chunk *chunk, 1988 struct sctp_chunk **errp) 1989 { 1990 __u16 len = ntohs(param.p->length); 1991 1992 /* Processing of the HOST_NAME parameter will generate an 1993 * ABORT. If we've accumulated any non-fatal errors, they 1994 * would be unrecognized parameters and we should not include 1995 * them in the ABORT. 1996 */ 1997 if (*errp) 1998 sctp_chunk_free(*errp); 1999 2000 *errp = sctp_make_op_error_space(asoc, chunk, len); 2001 2002 if (*errp) { 2003 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 2004 sctp_addto_chunk(*errp, len, param.v); 2005 } 2006 2007 /* Stop processing this chunk. */ 2008 return 0; 2009 } 2010 2011 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 2012 { 2013 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2014 int have_asconf = 0; 2015 int have_auth = 0; 2016 int i; 2017 2018 for (i = 0; i < num_ext; i++) { 2019 switch (param.ext->chunks[i]) { 2020 case SCTP_CID_AUTH: 2021 have_auth = 1; 2022 break; 2023 case SCTP_CID_ASCONF: 2024 case SCTP_CID_ASCONF_ACK: 2025 have_asconf = 1; 2026 break; 2027 } 2028 } 2029 2030 /* ADD-IP Security: The draft requires us to ABORT or ignore the 2031 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 2032 * only if ADD-IP is turned on and we are not backward-compatible 2033 * mode. 2034 */ 2035 if (net->sctp.addip_noauth) 2036 return 1; 2037 2038 if (net->sctp.addip_enable && !have_auth && have_asconf) 2039 return 0; 2040 2041 return 1; 2042 } 2043 2044 static void sctp_process_ext_param(struct sctp_association *asoc, 2045 union sctp_params param) 2046 { 2047 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2048 struct net *net = sock_net(asoc->base.sk); 2049 int i; 2050 2051 for (i = 0; i < num_ext; i++) { 2052 switch (param.ext->chunks[i]) { 2053 case SCTP_CID_RECONF: 2054 if (asoc->reconf_enable && 2055 !asoc->peer.reconf_capable) 2056 asoc->peer.reconf_capable = 1; 2057 break; 2058 case SCTP_CID_FWD_TSN: 2059 if (asoc->prsctp_enable && !asoc->peer.prsctp_capable) 2060 asoc->peer.prsctp_capable = 1; 2061 break; 2062 case SCTP_CID_AUTH: 2063 /* if the peer reports AUTH, assume that he 2064 * supports AUTH. 2065 */ 2066 if (asoc->ep->auth_enable) 2067 asoc->peer.auth_capable = 1; 2068 break; 2069 case SCTP_CID_ASCONF: 2070 case SCTP_CID_ASCONF_ACK: 2071 if (net->sctp.addip_enable) 2072 asoc->peer.asconf_capable = 1; 2073 break; 2074 case SCTP_CID_I_DATA: 2075 if (sctp_sk(asoc->base.sk)->strm_interleave) 2076 asoc->intl_enable = 1; 2077 break; 2078 default: 2079 break; 2080 } 2081 } 2082 } 2083 2084 /* RFC 3.2.1 & the Implementers Guide 2.2. 2085 * 2086 * The Parameter Types are encoded such that the 2087 * highest-order two bits specify the action that must be 2088 * taken if the processing endpoint does not recognize the 2089 * Parameter Type. 2090 * 2091 * 00 - Stop processing this parameter; do not process any further 2092 * parameters within this chunk 2093 * 2094 * 01 - Stop processing this parameter, do not process any further 2095 * parameters within this chunk, and report the unrecognized 2096 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2097 * 2098 * 10 - Skip this parameter and continue processing. 2099 * 2100 * 11 - Skip this parameter and continue processing but 2101 * report the unrecognized parameter in an 2102 * 'Unrecognized Parameter' ERROR chunk. 2103 * 2104 * Return value: 2105 * SCTP_IERROR_NO_ERROR - continue with the chunk 2106 * SCTP_IERROR_ERROR - stop and report an error. 2107 * SCTP_IERROR_NOMEME - out of memory. 2108 */ 2109 static enum sctp_ierror sctp_process_unk_param( 2110 const struct sctp_association *asoc, 2111 union sctp_params param, 2112 struct sctp_chunk *chunk, 2113 struct sctp_chunk **errp) 2114 { 2115 int retval = SCTP_IERROR_NO_ERROR; 2116 2117 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2118 case SCTP_PARAM_ACTION_DISCARD: 2119 retval = SCTP_IERROR_ERROR; 2120 break; 2121 case SCTP_PARAM_ACTION_SKIP: 2122 break; 2123 case SCTP_PARAM_ACTION_DISCARD_ERR: 2124 retval = SCTP_IERROR_ERROR; 2125 /* Fall through */ 2126 case SCTP_PARAM_ACTION_SKIP_ERR: 2127 /* Make an ERROR chunk, preparing enough room for 2128 * returning multiple unknown parameters. 2129 */ 2130 if (NULL == *errp) 2131 *errp = sctp_make_op_error_fixed(asoc, chunk); 2132 2133 if (*errp) { 2134 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2135 SCTP_PAD4(ntohs(param.p->length)))) 2136 sctp_addto_chunk_fixed(*errp, 2137 SCTP_PAD4(ntohs(param.p->length)), 2138 param.v); 2139 } else { 2140 /* If there is no memory for generating the ERROR 2141 * report as specified, an ABORT will be triggered 2142 * to the peer and the association won't be 2143 * established. 2144 */ 2145 retval = SCTP_IERROR_NOMEM; 2146 } 2147 break; 2148 default: 2149 break; 2150 } 2151 2152 return retval; 2153 } 2154 2155 /* Verify variable length parameters 2156 * Return values: 2157 * SCTP_IERROR_ABORT - trigger an ABORT 2158 * SCTP_IERROR_NOMEM - out of memory (abort) 2159 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2160 * SCTP_IERROR_NO_ERROR - continue with the chunk 2161 */ 2162 static enum sctp_ierror sctp_verify_param(struct net *net, 2163 const struct sctp_endpoint *ep, 2164 const struct sctp_association *asoc, 2165 union sctp_params param, 2166 enum sctp_cid cid, 2167 struct sctp_chunk *chunk, 2168 struct sctp_chunk **err_chunk) 2169 { 2170 struct sctp_hmac_algo_param *hmacs; 2171 int retval = SCTP_IERROR_NO_ERROR; 2172 __u16 n_elt, id = 0; 2173 int i; 2174 2175 /* FIXME - This routine is not looking at each parameter per the 2176 * chunk type, i.e., unrecognized parameters should be further 2177 * identified based on the chunk id. 2178 */ 2179 2180 switch (param.p->type) { 2181 case SCTP_PARAM_IPV4_ADDRESS: 2182 case SCTP_PARAM_IPV6_ADDRESS: 2183 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2184 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2185 case SCTP_PARAM_STATE_COOKIE: 2186 case SCTP_PARAM_HEARTBEAT_INFO: 2187 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2188 case SCTP_PARAM_ECN_CAPABLE: 2189 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2190 break; 2191 2192 case SCTP_PARAM_SUPPORTED_EXT: 2193 if (!sctp_verify_ext_param(net, param)) 2194 return SCTP_IERROR_ABORT; 2195 break; 2196 2197 case SCTP_PARAM_SET_PRIMARY: 2198 if (net->sctp.addip_enable) 2199 break; 2200 goto fallthrough; 2201 2202 case SCTP_PARAM_HOST_NAME_ADDRESS: 2203 /* Tell the peer, we won't support this param. */ 2204 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2205 retval = SCTP_IERROR_ABORT; 2206 break; 2207 2208 case SCTP_PARAM_FWD_TSN_SUPPORT: 2209 if (ep->prsctp_enable) 2210 break; 2211 goto fallthrough; 2212 2213 case SCTP_PARAM_RANDOM: 2214 if (!ep->auth_enable) 2215 goto fallthrough; 2216 2217 /* SCTP-AUTH: Secion 6.1 2218 * If the random number is not 32 byte long the association 2219 * MUST be aborted. The ABORT chunk SHOULD contain the error 2220 * cause 'Protocol Violation'. 2221 */ 2222 if (SCTP_AUTH_RANDOM_LENGTH != 2223 ntohs(param.p->length) - sizeof(struct sctp_paramhdr)) { 2224 sctp_process_inv_paramlength(asoc, param.p, 2225 chunk, err_chunk); 2226 retval = SCTP_IERROR_ABORT; 2227 } 2228 break; 2229 2230 case SCTP_PARAM_CHUNKS: 2231 if (!ep->auth_enable) 2232 goto fallthrough; 2233 2234 /* SCTP-AUTH: Section 3.2 2235 * The CHUNKS parameter MUST be included once in the INIT or 2236 * INIT-ACK chunk if the sender wants to receive authenticated 2237 * chunks. Its maximum length is 260 bytes. 2238 */ 2239 if (260 < ntohs(param.p->length)) { 2240 sctp_process_inv_paramlength(asoc, param.p, 2241 chunk, err_chunk); 2242 retval = SCTP_IERROR_ABORT; 2243 } 2244 break; 2245 2246 case SCTP_PARAM_HMAC_ALGO: 2247 if (!ep->auth_enable) 2248 goto fallthrough; 2249 2250 hmacs = (struct sctp_hmac_algo_param *)param.p; 2251 n_elt = (ntohs(param.p->length) - 2252 sizeof(struct sctp_paramhdr)) >> 1; 2253 2254 /* SCTP-AUTH: Section 6.1 2255 * The HMAC algorithm based on SHA-1 MUST be supported and 2256 * included in the HMAC-ALGO parameter. 2257 */ 2258 for (i = 0; i < n_elt; i++) { 2259 id = ntohs(hmacs->hmac_ids[i]); 2260 2261 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2262 break; 2263 } 2264 2265 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2266 sctp_process_inv_paramlength(asoc, param.p, chunk, 2267 err_chunk); 2268 retval = SCTP_IERROR_ABORT; 2269 } 2270 break; 2271 fallthrough: 2272 default: 2273 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2274 __func__, ntohs(param.p->type), cid); 2275 2276 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2277 break; 2278 } 2279 return retval; 2280 } 2281 2282 /* Verify the INIT packet before we process it. */ 2283 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2284 const struct sctp_association *asoc, enum sctp_cid cid, 2285 struct sctp_init_chunk *peer_init, 2286 struct sctp_chunk *chunk, struct sctp_chunk **errp) 2287 { 2288 union sctp_params param; 2289 bool has_cookie = false; 2290 int result; 2291 2292 /* Check for missing mandatory parameters. Note: Initial TSN is 2293 * also mandatory, but is not checked here since the valid range 2294 * is 0..2**32-1. RFC4960, section 3.3.3. 2295 */ 2296 if (peer_init->init_hdr.num_outbound_streams == 0 || 2297 peer_init->init_hdr.num_inbound_streams == 0 || 2298 peer_init->init_hdr.init_tag == 0 || 2299 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2300 return sctp_process_inv_mandatory(asoc, chunk, errp); 2301 2302 sctp_walk_params(param, peer_init, init_hdr.params) { 2303 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2304 has_cookie = true; 2305 } 2306 2307 /* There is a possibility that a parameter length was bad and 2308 * in that case we would have stoped walking the parameters. 2309 * The current param.p would point at the bad one. 2310 * Current consensus on the mailing list is to generate a PROTOCOL 2311 * VIOLATION error. We build the ERROR chunk here and let the normal 2312 * error handling code build and send the packet. 2313 */ 2314 if (param.v != (void *)chunk->chunk_end) 2315 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2316 2317 /* The only missing mandatory param possible today is 2318 * the state cookie for an INIT-ACK chunk. 2319 */ 2320 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2321 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2322 chunk, errp); 2323 2324 /* Verify all the variable length parameters */ 2325 sctp_walk_params(param, peer_init, init_hdr.params) { 2326 result = sctp_verify_param(net, ep, asoc, param, cid, 2327 chunk, errp); 2328 switch (result) { 2329 case SCTP_IERROR_ABORT: 2330 case SCTP_IERROR_NOMEM: 2331 return 0; 2332 case SCTP_IERROR_ERROR: 2333 return 1; 2334 case SCTP_IERROR_NO_ERROR: 2335 default: 2336 break; 2337 } 2338 2339 } /* for (loop through all parameters) */ 2340 2341 return 1; 2342 } 2343 2344 /* Unpack the parameters in an INIT packet into an association. 2345 * Returns 0 on failure, else success. 2346 * FIXME: This is an association method. 2347 */ 2348 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2349 const union sctp_addr *peer_addr, 2350 struct sctp_init_chunk *peer_init, gfp_t gfp) 2351 { 2352 struct net *net = sock_net(asoc->base.sk); 2353 struct sctp_transport *transport; 2354 struct list_head *pos, *temp; 2355 union sctp_params param; 2356 union sctp_addr addr; 2357 struct sctp_af *af; 2358 int src_match = 0; 2359 char *cookie; 2360 2361 /* We must include the address that the INIT packet came from. 2362 * This is the only address that matters for an INIT packet. 2363 * When processing a COOKIE ECHO, we retrieve the from address 2364 * of the INIT from the cookie. 2365 */ 2366 2367 /* This implementation defaults to making the first transport 2368 * added as the primary transport. The source address seems to 2369 * be a a better choice than any of the embedded addresses. 2370 */ 2371 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2372 goto nomem; 2373 2374 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2375 src_match = 1; 2376 2377 /* Process the initialization parameters. */ 2378 sctp_walk_params(param, peer_init, init_hdr.params) { 2379 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2380 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2381 af = sctp_get_af_specific(param_type2af(param.p->type)); 2382 af->from_addr_param(&addr, param.addr, 2383 chunk->sctp_hdr->source, 0); 2384 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2385 src_match = 1; 2386 } 2387 2388 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2389 goto clean_up; 2390 } 2391 2392 /* source address of chunk may not match any valid address */ 2393 if (!src_match) 2394 goto clean_up; 2395 2396 /* AUTH: After processing the parameters, make sure that we 2397 * have all the required info to potentially do authentications. 2398 */ 2399 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2400 !asoc->peer.peer_hmacs)) 2401 asoc->peer.auth_capable = 0; 2402 2403 /* In a non-backward compatible mode, if the peer claims 2404 * support for ADD-IP but not AUTH, the ADD-IP spec states 2405 * that we MUST ABORT the association. Section 6. The section 2406 * also give us an option to silently ignore the packet, which 2407 * is what we'll do here. 2408 */ 2409 if (!net->sctp.addip_noauth && 2410 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2411 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2412 SCTP_PARAM_DEL_IP | 2413 SCTP_PARAM_SET_PRIMARY); 2414 asoc->peer.asconf_capable = 0; 2415 goto clean_up; 2416 } 2417 2418 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2419 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2420 transport = list_entry(pos, struct sctp_transport, transports); 2421 if (transport->state == SCTP_UNKNOWN) { 2422 sctp_assoc_rm_peer(asoc, transport); 2423 } 2424 } 2425 2426 /* The fixed INIT headers are always in network byte 2427 * order. 2428 */ 2429 asoc->peer.i.init_tag = 2430 ntohl(peer_init->init_hdr.init_tag); 2431 asoc->peer.i.a_rwnd = 2432 ntohl(peer_init->init_hdr.a_rwnd); 2433 asoc->peer.i.num_outbound_streams = 2434 ntohs(peer_init->init_hdr.num_outbound_streams); 2435 asoc->peer.i.num_inbound_streams = 2436 ntohs(peer_init->init_hdr.num_inbound_streams); 2437 asoc->peer.i.initial_tsn = 2438 ntohl(peer_init->init_hdr.initial_tsn); 2439 2440 asoc->strreset_inseq = asoc->peer.i.initial_tsn; 2441 2442 /* Apply the upper bounds for output streams based on peer's 2443 * number of inbound streams. 2444 */ 2445 if (asoc->c.sinit_num_ostreams > 2446 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2447 asoc->c.sinit_num_ostreams = 2448 ntohs(peer_init->init_hdr.num_inbound_streams); 2449 } 2450 2451 if (asoc->c.sinit_max_instreams > 2452 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2453 asoc->c.sinit_max_instreams = 2454 ntohs(peer_init->init_hdr.num_outbound_streams); 2455 } 2456 2457 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2458 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2459 2460 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2461 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2462 2463 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2464 cookie = asoc->peer.cookie; 2465 if (cookie) { 2466 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2467 if (!asoc->peer.cookie) 2468 goto clean_up; 2469 } 2470 2471 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2472 * high (for example, implementations MAY use the size of the receiver 2473 * advertised window). 2474 */ 2475 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2476 transports) { 2477 transport->ssthresh = asoc->peer.i.a_rwnd; 2478 } 2479 2480 /* Set up the TSN tracking pieces. */ 2481 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2482 asoc->peer.i.initial_tsn, gfp)) 2483 goto clean_up; 2484 2485 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2486 * 2487 * The stream sequence number in all the streams shall start 2488 * from 0 when the association is established. Also, when the 2489 * stream sequence number reaches the value 65535 the next 2490 * stream sequence number shall be set to 0. 2491 */ 2492 2493 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 2494 asoc->c.sinit_max_instreams, gfp)) 2495 goto clean_up; 2496 2497 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp)) 2498 goto clean_up; 2499 2500 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2501 * 2502 * When an endpoint has an ASCONF signaled change to be sent to the 2503 * remote endpoint it should do the following: 2504 * ... 2505 * A2) A serial number should be assigned to the Chunk. The serial 2506 * number should be a monotonically increasing number. All serial 2507 * numbers are defined to be initialized at the start of the 2508 * association to the same value as the Initial TSN. 2509 */ 2510 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2511 return 1; 2512 2513 clean_up: 2514 /* Release the transport structures. */ 2515 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2516 transport = list_entry(pos, struct sctp_transport, transports); 2517 if (transport->state != SCTP_ACTIVE) 2518 sctp_assoc_rm_peer(asoc, transport); 2519 } 2520 2521 nomem: 2522 return 0; 2523 } 2524 2525 2526 /* Update asoc with the option described in param. 2527 * 2528 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2529 * 2530 * asoc is the association to update. 2531 * param is the variable length parameter to use for update. 2532 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2533 * If the current packet is an INIT we want to minimize the amount of 2534 * work we do. In particular, we should not build transport 2535 * structures for the addresses. 2536 */ 2537 static int sctp_process_param(struct sctp_association *asoc, 2538 union sctp_params param, 2539 const union sctp_addr *peer_addr, 2540 gfp_t gfp) 2541 { 2542 struct net *net = sock_net(asoc->base.sk); 2543 struct sctp_endpoint *ep = asoc->ep; 2544 union sctp_addr_param *addr_param; 2545 struct sctp_transport *t; 2546 enum sctp_scope scope; 2547 union sctp_addr addr; 2548 struct sctp_af *af; 2549 int retval = 1, i; 2550 u32 stale; 2551 __u16 sat; 2552 2553 /* We maintain all INIT parameters in network byte order all the 2554 * time. This allows us to not worry about whether the parameters 2555 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2556 */ 2557 switch (param.p->type) { 2558 case SCTP_PARAM_IPV6_ADDRESS: 2559 if (PF_INET6 != asoc->base.sk->sk_family) 2560 break; 2561 goto do_addr_param; 2562 2563 case SCTP_PARAM_IPV4_ADDRESS: 2564 /* v4 addresses are not allowed on v6-only socket */ 2565 if (ipv6_only_sock(asoc->base.sk)) 2566 break; 2567 do_addr_param: 2568 af = sctp_get_af_specific(param_type2af(param.p->type)); 2569 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2570 scope = sctp_scope(peer_addr); 2571 if (sctp_in_scope(net, &addr, scope)) 2572 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2573 return 0; 2574 break; 2575 2576 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2577 if (!net->sctp.cookie_preserve_enable) 2578 break; 2579 2580 stale = ntohl(param.life->lifespan_increment); 2581 2582 /* Suggested Cookie Life span increment's unit is msec, 2583 * (1/1000sec). 2584 */ 2585 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2586 break; 2587 2588 case SCTP_PARAM_HOST_NAME_ADDRESS: 2589 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2590 break; 2591 2592 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2593 /* Turn off the default values first so we'll know which 2594 * ones are really set by the peer. 2595 */ 2596 asoc->peer.ipv4_address = 0; 2597 asoc->peer.ipv6_address = 0; 2598 2599 /* Assume that peer supports the address family 2600 * by which it sends a packet. 2601 */ 2602 if (peer_addr->sa.sa_family == AF_INET6) 2603 asoc->peer.ipv6_address = 1; 2604 else if (peer_addr->sa.sa_family == AF_INET) 2605 asoc->peer.ipv4_address = 1; 2606 2607 /* Cycle through address types; avoid divide by 0. */ 2608 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2609 if (sat) 2610 sat /= sizeof(__u16); 2611 2612 for (i = 0; i < sat; ++i) { 2613 switch (param.sat->types[i]) { 2614 case SCTP_PARAM_IPV4_ADDRESS: 2615 asoc->peer.ipv4_address = 1; 2616 break; 2617 2618 case SCTP_PARAM_IPV6_ADDRESS: 2619 if (PF_INET6 == asoc->base.sk->sk_family) 2620 asoc->peer.ipv6_address = 1; 2621 break; 2622 2623 case SCTP_PARAM_HOST_NAME_ADDRESS: 2624 asoc->peer.hostname_address = 1; 2625 break; 2626 2627 default: /* Just ignore anything else. */ 2628 break; 2629 } 2630 } 2631 break; 2632 2633 case SCTP_PARAM_STATE_COOKIE: 2634 asoc->peer.cookie_len = 2635 ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2636 asoc->peer.cookie = param.cookie->body; 2637 break; 2638 2639 case SCTP_PARAM_HEARTBEAT_INFO: 2640 /* Would be odd to receive, but it causes no problems. */ 2641 break; 2642 2643 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2644 /* Rejected during verify stage. */ 2645 break; 2646 2647 case SCTP_PARAM_ECN_CAPABLE: 2648 asoc->peer.ecn_capable = 1; 2649 break; 2650 2651 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2652 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2653 break; 2654 2655 case SCTP_PARAM_SET_PRIMARY: 2656 if (!net->sctp.addip_enable) 2657 goto fall_through; 2658 2659 addr_param = param.v + sizeof(struct sctp_addip_param); 2660 2661 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2662 if (af == NULL) 2663 break; 2664 2665 af->from_addr_param(&addr, addr_param, 2666 htons(asoc->peer.port), 0); 2667 2668 /* if the address is invalid, we can't process it. 2669 * XXX: see spec for what to do. 2670 */ 2671 if (!af->addr_valid(&addr, NULL, NULL)) 2672 break; 2673 2674 t = sctp_assoc_lookup_paddr(asoc, &addr); 2675 if (!t) 2676 break; 2677 2678 sctp_assoc_set_primary(asoc, t); 2679 break; 2680 2681 case SCTP_PARAM_SUPPORTED_EXT: 2682 sctp_process_ext_param(asoc, param); 2683 break; 2684 2685 case SCTP_PARAM_FWD_TSN_SUPPORT: 2686 if (asoc->prsctp_enable) { 2687 asoc->peer.prsctp_capable = 1; 2688 break; 2689 } 2690 /* Fall Through */ 2691 goto fall_through; 2692 2693 case SCTP_PARAM_RANDOM: 2694 if (!ep->auth_enable) 2695 goto fall_through; 2696 2697 /* Save peer's random parameter */ 2698 asoc->peer.peer_random = kmemdup(param.p, 2699 ntohs(param.p->length), gfp); 2700 if (!asoc->peer.peer_random) { 2701 retval = 0; 2702 break; 2703 } 2704 break; 2705 2706 case SCTP_PARAM_HMAC_ALGO: 2707 if (!ep->auth_enable) 2708 goto fall_through; 2709 2710 /* Save peer's HMAC list */ 2711 asoc->peer.peer_hmacs = kmemdup(param.p, 2712 ntohs(param.p->length), gfp); 2713 if (!asoc->peer.peer_hmacs) { 2714 retval = 0; 2715 break; 2716 } 2717 2718 /* Set the default HMAC the peer requested*/ 2719 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2720 break; 2721 2722 case SCTP_PARAM_CHUNKS: 2723 if (!ep->auth_enable) 2724 goto fall_through; 2725 2726 asoc->peer.peer_chunks = kmemdup(param.p, 2727 ntohs(param.p->length), gfp); 2728 if (!asoc->peer.peer_chunks) 2729 retval = 0; 2730 break; 2731 fall_through: 2732 default: 2733 /* Any unrecognized parameters should have been caught 2734 * and handled by sctp_verify_param() which should be 2735 * called prior to this routine. Simply log the error 2736 * here. 2737 */ 2738 pr_debug("%s: ignoring param:%d for association:%p.\n", 2739 __func__, ntohs(param.p->type), asoc); 2740 break; 2741 } 2742 2743 return retval; 2744 } 2745 2746 /* Select a new verification tag. */ 2747 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2748 { 2749 /* I believe that this random number generator complies with RFC1750. 2750 * A tag of 0 is reserved for special cases (e.g. INIT). 2751 */ 2752 __u32 x; 2753 2754 do { 2755 get_random_bytes(&x, sizeof(__u32)); 2756 } while (x == 0); 2757 2758 return x; 2759 } 2760 2761 /* Select an initial TSN to send during startup. */ 2762 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2763 { 2764 __u32 retval; 2765 2766 get_random_bytes(&retval, sizeof(__u32)); 2767 return retval; 2768 } 2769 2770 /* 2771 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2772 * 0 1 2 3 2773 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2774 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2775 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2776 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2777 * | Serial Number | 2778 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2779 * | Address Parameter | 2780 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2781 * | ASCONF Parameter #1 | 2782 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2783 * \ \ 2784 * / .... / 2785 * \ \ 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * | ASCONF Parameter #N | 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * 2790 * Address Parameter and other parameter will not be wrapped in this function 2791 */ 2792 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2793 union sctp_addr *addr, 2794 int vparam_len) 2795 { 2796 struct sctp_addiphdr asconf; 2797 struct sctp_chunk *retval; 2798 int length = sizeof(asconf) + vparam_len; 2799 union sctp_addr_param addrparam; 2800 int addrlen; 2801 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2802 2803 addrlen = af->to_addr_param(addr, &addrparam); 2804 if (!addrlen) 2805 return NULL; 2806 length += addrlen; 2807 2808 /* Create the chunk. */ 2809 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length, 2810 GFP_ATOMIC); 2811 if (!retval) 2812 return NULL; 2813 2814 asconf.serial = htonl(asoc->addip_serial++); 2815 2816 retval->subh.addip_hdr = 2817 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2818 retval->param_hdr.v = 2819 sctp_addto_chunk(retval, addrlen, &addrparam); 2820 2821 return retval; 2822 } 2823 2824 /* ADDIP 2825 * 3.2.1 Add IP Address 2826 * 0 1 2 3 2827 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2828 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2829 * | Type = 0xC001 | Length = Variable | 2830 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2831 * | ASCONF-Request Correlation ID | 2832 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2833 * | Address Parameter | 2834 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2835 * 2836 * 3.2.2 Delete IP Address 2837 * 0 1 2 3 2838 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2839 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2840 * | Type = 0xC002 | Length = Variable | 2841 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2842 * | ASCONF-Request Correlation ID | 2843 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2844 * | Address Parameter | 2845 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2846 * 2847 */ 2848 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2849 union sctp_addr *laddr, 2850 struct sockaddr *addrs, 2851 int addrcnt, __be16 flags) 2852 { 2853 union sctp_addr_param addr_param; 2854 struct sctp_addip_param param; 2855 int paramlen = sizeof(param); 2856 struct sctp_chunk *retval; 2857 int addr_param_len = 0; 2858 union sctp_addr *addr; 2859 int totallen = 0, i; 2860 int del_pickup = 0; 2861 struct sctp_af *af; 2862 void *addr_buf; 2863 2864 /* Get total length of all the address parameters. */ 2865 addr_buf = addrs; 2866 for (i = 0; i < addrcnt; i++) { 2867 addr = addr_buf; 2868 af = sctp_get_af_specific(addr->v4.sin_family); 2869 addr_param_len = af->to_addr_param(addr, &addr_param); 2870 2871 totallen += paramlen; 2872 totallen += addr_param_len; 2873 2874 addr_buf += af->sockaddr_len; 2875 if (asoc->asconf_addr_del_pending && !del_pickup) { 2876 /* reuse the parameter length from the same scope one */ 2877 totallen += paramlen; 2878 totallen += addr_param_len; 2879 del_pickup = 1; 2880 2881 pr_debug("%s: picked same-scope del_pending addr, " 2882 "totallen for all addresses is %d\n", 2883 __func__, totallen); 2884 } 2885 } 2886 2887 /* Create an asconf chunk with the required length. */ 2888 retval = sctp_make_asconf(asoc, laddr, totallen); 2889 if (!retval) 2890 return NULL; 2891 2892 /* Add the address parameters to the asconf chunk. */ 2893 addr_buf = addrs; 2894 for (i = 0; i < addrcnt; i++) { 2895 addr = addr_buf; 2896 af = sctp_get_af_specific(addr->v4.sin_family); 2897 addr_param_len = af->to_addr_param(addr, &addr_param); 2898 param.param_hdr.type = flags; 2899 param.param_hdr.length = htons(paramlen + addr_param_len); 2900 param.crr_id = htonl(i); 2901 2902 sctp_addto_chunk(retval, paramlen, ¶m); 2903 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2904 2905 addr_buf += af->sockaddr_len; 2906 } 2907 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2908 addr = asoc->asconf_addr_del_pending; 2909 af = sctp_get_af_specific(addr->v4.sin_family); 2910 addr_param_len = af->to_addr_param(addr, &addr_param); 2911 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2912 param.param_hdr.length = htons(paramlen + addr_param_len); 2913 param.crr_id = htonl(i); 2914 2915 sctp_addto_chunk(retval, paramlen, ¶m); 2916 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2917 } 2918 return retval; 2919 } 2920 2921 /* ADDIP 2922 * 3.2.4 Set Primary IP Address 2923 * 0 1 2 3 2924 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2925 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2926 * | Type =0xC004 | Length = Variable | 2927 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2928 * | ASCONF-Request Correlation ID | 2929 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2930 * | Address Parameter | 2931 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2932 * 2933 * Create an ASCONF chunk with Set Primary IP address parameter. 2934 */ 2935 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2936 union sctp_addr *addr) 2937 { 2938 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2939 union sctp_addr_param addrparam; 2940 struct sctp_addip_param param; 2941 struct sctp_chunk *retval; 2942 int len = sizeof(param); 2943 int addrlen; 2944 2945 addrlen = af->to_addr_param(addr, &addrparam); 2946 if (!addrlen) 2947 return NULL; 2948 len += addrlen; 2949 2950 /* Create the chunk and make asconf header. */ 2951 retval = sctp_make_asconf(asoc, addr, len); 2952 if (!retval) 2953 return NULL; 2954 2955 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2956 param.param_hdr.length = htons(len); 2957 param.crr_id = 0; 2958 2959 sctp_addto_chunk(retval, sizeof(param), ¶m); 2960 sctp_addto_chunk(retval, addrlen, &addrparam); 2961 2962 return retval; 2963 } 2964 2965 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2966 * 0 1 2 3 2967 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2968 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2969 * | Type = 0x80 | Chunk Flags | Chunk Length | 2970 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2971 * | Serial Number | 2972 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2973 * | ASCONF Parameter Response#1 | 2974 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2975 * \ \ 2976 * / .... / 2977 * \ \ 2978 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2979 * | ASCONF Parameter Response#N | 2980 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2981 * 2982 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2983 */ 2984 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2985 __u32 serial, int vparam_len) 2986 { 2987 struct sctp_addiphdr asconf; 2988 struct sctp_chunk *retval; 2989 int length = sizeof(asconf) + vparam_len; 2990 2991 /* Create the chunk. */ 2992 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length, 2993 GFP_ATOMIC); 2994 if (!retval) 2995 return NULL; 2996 2997 asconf.serial = htonl(serial); 2998 2999 retval->subh.addip_hdr = 3000 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 3001 3002 return retval; 3003 } 3004 3005 /* Add response parameters to an ASCONF_ACK chunk. */ 3006 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 3007 __be16 err_code, 3008 struct sctp_addip_param *asconf_param) 3009 { 3010 struct sctp_addip_param ack_param; 3011 struct sctp_errhdr err_param; 3012 int asconf_param_len = 0; 3013 int err_param_len = 0; 3014 __be16 response_type; 3015 3016 if (SCTP_ERROR_NO_ERROR == err_code) { 3017 response_type = SCTP_PARAM_SUCCESS_REPORT; 3018 } else { 3019 response_type = SCTP_PARAM_ERR_CAUSE; 3020 err_param_len = sizeof(err_param); 3021 if (asconf_param) 3022 asconf_param_len = 3023 ntohs(asconf_param->param_hdr.length); 3024 } 3025 3026 /* Add Success Indication or Error Cause Indication parameter. */ 3027 ack_param.param_hdr.type = response_type; 3028 ack_param.param_hdr.length = htons(sizeof(ack_param) + 3029 err_param_len + 3030 asconf_param_len); 3031 ack_param.crr_id = crr_id; 3032 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 3033 3034 if (SCTP_ERROR_NO_ERROR == err_code) 3035 return; 3036 3037 /* Add Error Cause parameter. */ 3038 err_param.cause = err_code; 3039 err_param.length = htons(err_param_len + asconf_param_len); 3040 sctp_addto_chunk(chunk, err_param_len, &err_param); 3041 3042 /* Add the failed TLV copied from ASCONF chunk. */ 3043 if (asconf_param) 3044 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3045 } 3046 3047 /* Process a asconf parameter. */ 3048 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3049 struct sctp_chunk *asconf, 3050 struct sctp_addip_param *asconf_param) 3051 { 3052 union sctp_addr_param *addr_param; 3053 struct sctp_transport *peer; 3054 union sctp_addr addr; 3055 struct sctp_af *af; 3056 3057 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3058 3059 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3060 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3061 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3062 return SCTP_ERROR_UNKNOWN_PARAM; 3063 3064 switch (addr_param->p.type) { 3065 case SCTP_PARAM_IPV6_ADDRESS: 3066 if (!asoc->peer.ipv6_address) 3067 return SCTP_ERROR_DNS_FAILED; 3068 break; 3069 case SCTP_PARAM_IPV4_ADDRESS: 3070 if (!asoc->peer.ipv4_address) 3071 return SCTP_ERROR_DNS_FAILED; 3072 break; 3073 default: 3074 return SCTP_ERROR_DNS_FAILED; 3075 } 3076 3077 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3078 if (unlikely(!af)) 3079 return SCTP_ERROR_DNS_FAILED; 3080 3081 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3082 3083 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3084 * or multicast address. 3085 * (note: wildcard is permitted and requires special handling so 3086 * make sure we check for that) 3087 */ 3088 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3089 return SCTP_ERROR_DNS_FAILED; 3090 3091 switch (asconf_param->param_hdr.type) { 3092 case SCTP_PARAM_ADD_IP: 3093 /* Section 4.2.1: 3094 * If the address 0.0.0.0 or ::0 is provided, the source 3095 * address of the packet MUST be added. 3096 */ 3097 if (af->is_any(&addr)) 3098 memcpy(&addr, &asconf->source, sizeof(addr)); 3099 3100 if (security_sctp_bind_connect(asoc->ep->base.sk, 3101 SCTP_PARAM_ADD_IP, 3102 (struct sockaddr *)&addr, 3103 af->sockaddr_len)) 3104 return SCTP_ERROR_REQ_REFUSED; 3105 3106 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3107 * request and does not have the local resources to add this 3108 * new address to the association, it MUST return an Error 3109 * Cause TLV set to the new error code 'Operation Refused 3110 * Due to Resource Shortage'. 3111 */ 3112 3113 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3114 if (!peer) 3115 return SCTP_ERROR_RSRC_LOW; 3116 3117 /* Start the heartbeat timer. */ 3118 sctp_transport_reset_hb_timer(peer); 3119 asoc->new_transport = peer; 3120 break; 3121 case SCTP_PARAM_DEL_IP: 3122 /* ADDIP 4.3 D7) If a request is received to delete the 3123 * last remaining IP address of a peer endpoint, the receiver 3124 * MUST send an Error Cause TLV with the error cause set to the 3125 * new error code 'Request to Delete Last Remaining IP Address'. 3126 */ 3127 if (asoc->peer.transport_count == 1) 3128 return SCTP_ERROR_DEL_LAST_IP; 3129 3130 /* ADDIP 4.3 D8) If a request is received to delete an IP 3131 * address which is also the source address of the IP packet 3132 * which contained the ASCONF chunk, the receiver MUST reject 3133 * this request. To reject the request the receiver MUST send 3134 * an Error Cause TLV set to the new error code 'Request to 3135 * Delete Source IP Address' 3136 */ 3137 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3138 return SCTP_ERROR_DEL_SRC_IP; 3139 3140 /* Section 4.2.2 3141 * If the address 0.0.0.0 or ::0 is provided, all 3142 * addresses of the peer except the source address of the 3143 * packet MUST be deleted. 3144 */ 3145 if (af->is_any(&addr)) { 3146 sctp_assoc_set_primary(asoc, asconf->transport); 3147 sctp_assoc_del_nonprimary_peers(asoc, 3148 asconf->transport); 3149 return SCTP_ERROR_NO_ERROR; 3150 } 3151 3152 /* If the address is not part of the association, the 3153 * ASCONF-ACK with Error Cause Indication Parameter 3154 * which including cause of Unresolvable Address should 3155 * be sent. 3156 */ 3157 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3158 if (!peer) 3159 return SCTP_ERROR_DNS_FAILED; 3160 3161 sctp_assoc_rm_peer(asoc, peer); 3162 break; 3163 case SCTP_PARAM_SET_PRIMARY: 3164 /* ADDIP Section 4.2.4 3165 * If the address 0.0.0.0 or ::0 is provided, the receiver 3166 * MAY mark the source address of the packet as its 3167 * primary. 3168 */ 3169 if (af->is_any(&addr)) 3170 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3171 3172 if (security_sctp_bind_connect(asoc->ep->base.sk, 3173 SCTP_PARAM_SET_PRIMARY, 3174 (struct sockaddr *)&addr, 3175 af->sockaddr_len)) 3176 return SCTP_ERROR_REQ_REFUSED; 3177 3178 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3179 if (!peer) 3180 return SCTP_ERROR_DNS_FAILED; 3181 3182 sctp_assoc_set_primary(asoc, peer); 3183 break; 3184 } 3185 3186 return SCTP_ERROR_NO_ERROR; 3187 } 3188 3189 /* Verify the ASCONF packet before we process it. */ 3190 bool sctp_verify_asconf(const struct sctp_association *asoc, 3191 struct sctp_chunk *chunk, bool addr_param_needed, 3192 struct sctp_paramhdr **errp) 3193 { 3194 struct sctp_addip_chunk *addip; 3195 bool addr_param_seen = false; 3196 union sctp_params param; 3197 3198 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr; 3199 sctp_walk_params(param, addip, addip_hdr.params) { 3200 size_t length = ntohs(param.p->length); 3201 3202 *errp = param.p; 3203 switch (param.p->type) { 3204 case SCTP_PARAM_ERR_CAUSE: 3205 break; 3206 case SCTP_PARAM_IPV4_ADDRESS: 3207 if (length != sizeof(struct sctp_ipv4addr_param)) 3208 return false; 3209 /* ensure there is only one addr param and it's in the 3210 * beginning of addip_hdr params, or we reject it. 3211 */ 3212 if (param.v != addip->addip_hdr.params) 3213 return false; 3214 addr_param_seen = true; 3215 break; 3216 case SCTP_PARAM_IPV6_ADDRESS: 3217 if (length != sizeof(struct sctp_ipv6addr_param)) 3218 return false; 3219 if (param.v != addip->addip_hdr.params) 3220 return false; 3221 addr_param_seen = true; 3222 break; 3223 case SCTP_PARAM_ADD_IP: 3224 case SCTP_PARAM_DEL_IP: 3225 case SCTP_PARAM_SET_PRIMARY: 3226 /* In ASCONF chunks, these need to be first. */ 3227 if (addr_param_needed && !addr_param_seen) 3228 return false; 3229 length = ntohs(param.addip->param_hdr.length); 3230 if (length < sizeof(struct sctp_addip_param) + 3231 sizeof(**errp)) 3232 return false; 3233 break; 3234 case SCTP_PARAM_SUCCESS_REPORT: 3235 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3236 if (length != sizeof(struct sctp_addip_param)) 3237 return false; 3238 break; 3239 default: 3240 /* This is unkown to us, reject! */ 3241 return false; 3242 } 3243 } 3244 3245 /* Remaining sanity checks. */ 3246 if (addr_param_needed && !addr_param_seen) 3247 return false; 3248 if (!addr_param_needed && addr_param_seen) 3249 return false; 3250 if (param.v != chunk->chunk_end) 3251 return false; 3252 3253 return true; 3254 } 3255 3256 /* Process an incoming ASCONF chunk with the next expected serial no. and 3257 * return an ASCONF_ACK chunk to be sent in response. 3258 */ 3259 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3260 struct sctp_chunk *asconf) 3261 { 3262 union sctp_addr_param *addr_param; 3263 struct sctp_addip_chunk *addip; 3264 struct sctp_chunk *asconf_ack; 3265 bool all_param_pass = true; 3266 struct sctp_addiphdr *hdr; 3267 int length = 0, chunk_len; 3268 union sctp_params param; 3269 __be16 err_code; 3270 __u32 serial; 3271 3272 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr; 3273 chunk_len = ntohs(asconf->chunk_hdr->length) - 3274 sizeof(struct sctp_chunkhdr); 3275 hdr = (struct sctp_addiphdr *)asconf->skb->data; 3276 serial = ntohl(hdr->serial); 3277 3278 /* Skip the addiphdr and store a pointer to address parameter. */ 3279 length = sizeof(*hdr); 3280 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3281 chunk_len -= length; 3282 3283 /* Skip the address parameter and store a pointer to the first 3284 * asconf parameter. 3285 */ 3286 length = ntohs(addr_param->p.length); 3287 chunk_len -= length; 3288 3289 /* create an ASCONF_ACK chunk. 3290 * Based on the definitions of parameters, we know that the size of 3291 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3292 * parameters. 3293 */ 3294 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3295 if (!asconf_ack) 3296 goto done; 3297 3298 /* Process the TLVs contained within the ASCONF chunk. */ 3299 sctp_walk_params(param, addip, addip_hdr.params) { 3300 /* Skip preceeding address parameters. */ 3301 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3302 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3303 continue; 3304 3305 err_code = sctp_process_asconf_param(asoc, asconf, 3306 param.addip); 3307 /* ADDIP 4.1 A7) 3308 * If an error response is received for a TLV parameter, 3309 * all TLVs with no response before the failed TLV are 3310 * considered successful if not reported. All TLVs after 3311 * the failed response are considered unsuccessful unless 3312 * a specific success indication is present for the parameter. 3313 */ 3314 if (err_code != SCTP_ERROR_NO_ERROR) 3315 all_param_pass = false; 3316 if (!all_param_pass) 3317 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3318 err_code, param.addip); 3319 3320 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3321 * an IP address sends an 'Out of Resource' in its response, it 3322 * MUST also fail any subsequent add or delete requests bundled 3323 * in the ASCONF. 3324 */ 3325 if (err_code == SCTP_ERROR_RSRC_LOW) 3326 goto done; 3327 } 3328 done: 3329 asoc->peer.addip_serial++; 3330 3331 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3332 * after freeing the reference to old asconf ack if any. 3333 */ 3334 if (asconf_ack) { 3335 sctp_chunk_hold(asconf_ack); 3336 list_add_tail(&asconf_ack->transmitted_list, 3337 &asoc->asconf_ack_list); 3338 } 3339 3340 return asconf_ack; 3341 } 3342 3343 /* Process a asconf parameter that is successfully acked. */ 3344 static void sctp_asconf_param_success(struct sctp_association *asoc, 3345 struct sctp_addip_param *asconf_param) 3346 { 3347 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3348 union sctp_addr_param *addr_param; 3349 struct sctp_sockaddr_entry *saddr; 3350 struct sctp_transport *transport; 3351 union sctp_addr addr; 3352 struct sctp_af *af; 3353 3354 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3355 3356 /* We have checked the packet before, so we do not check again. */ 3357 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3358 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3359 3360 switch (asconf_param->param_hdr.type) { 3361 case SCTP_PARAM_ADD_IP: 3362 /* This is always done in BH context with a socket lock 3363 * held, so the list can not change. 3364 */ 3365 local_bh_disable(); 3366 list_for_each_entry(saddr, &bp->address_list, list) { 3367 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3368 saddr->state = SCTP_ADDR_SRC; 3369 } 3370 local_bh_enable(); 3371 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3372 transports) { 3373 sctp_transport_dst_release(transport); 3374 } 3375 break; 3376 case SCTP_PARAM_DEL_IP: 3377 local_bh_disable(); 3378 sctp_del_bind_addr(bp, &addr); 3379 if (asoc->asconf_addr_del_pending != NULL && 3380 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3381 kfree(asoc->asconf_addr_del_pending); 3382 asoc->asconf_addr_del_pending = NULL; 3383 } 3384 local_bh_enable(); 3385 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3386 transports) { 3387 sctp_transport_dst_release(transport); 3388 } 3389 break; 3390 default: 3391 break; 3392 } 3393 } 3394 3395 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3396 * for the given asconf parameter. If there is no response for this parameter, 3397 * return the error code based on the third argument 'no_err'. 3398 * ADDIP 4.1 3399 * A7) If an error response is received for a TLV parameter, all TLVs with no 3400 * response before the failed TLV are considered successful if not reported. 3401 * All TLVs after the failed response are considered unsuccessful unless a 3402 * specific success indication is present for the parameter. 3403 */ 3404 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3405 struct sctp_addip_param *asconf_param, 3406 int no_err) 3407 { 3408 struct sctp_addip_param *asconf_ack_param; 3409 struct sctp_errhdr *err_param; 3410 int asconf_ack_len; 3411 __be16 err_code; 3412 int length; 3413 3414 if (no_err) 3415 err_code = SCTP_ERROR_NO_ERROR; 3416 else 3417 err_code = SCTP_ERROR_REQ_REFUSED; 3418 3419 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3420 sizeof(struct sctp_chunkhdr); 3421 3422 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3423 * the first asconf_ack parameter. 3424 */ 3425 length = sizeof(struct sctp_addiphdr); 3426 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data + 3427 length); 3428 asconf_ack_len -= length; 3429 3430 while (asconf_ack_len > 0) { 3431 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3432 switch (asconf_ack_param->param_hdr.type) { 3433 case SCTP_PARAM_SUCCESS_REPORT: 3434 return SCTP_ERROR_NO_ERROR; 3435 case SCTP_PARAM_ERR_CAUSE: 3436 length = sizeof(*asconf_ack_param); 3437 err_param = (void *)asconf_ack_param + length; 3438 asconf_ack_len -= length; 3439 if (asconf_ack_len > 0) 3440 return err_param->cause; 3441 else 3442 return SCTP_ERROR_INV_PARAM; 3443 break; 3444 default: 3445 return SCTP_ERROR_INV_PARAM; 3446 } 3447 } 3448 3449 length = ntohs(asconf_ack_param->param_hdr.length); 3450 asconf_ack_param = (void *)asconf_ack_param + length; 3451 asconf_ack_len -= length; 3452 } 3453 3454 return err_code; 3455 } 3456 3457 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3458 int sctp_process_asconf_ack(struct sctp_association *asoc, 3459 struct sctp_chunk *asconf_ack) 3460 { 3461 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3462 struct sctp_addip_param *asconf_param; 3463 __be16 err_code = SCTP_ERROR_NO_ERROR; 3464 union sctp_addr_param *addr_param; 3465 int asconf_len = asconf->skb->len; 3466 int all_param_pass = 0; 3467 int length = 0; 3468 int no_err = 1; 3469 int retval = 0; 3470 3471 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3472 * a pointer to address parameter. 3473 */ 3474 length = sizeof(struct sctp_addip_chunk); 3475 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3476 asconf_len -= length; 3477 3478 /* Skip the address parameter in the last asconf sent and store a 3479 * pointer to the first asconf parameter. 3480 */ 3481 length = ntohs(addr_param->p.length); 3482 asconf_param = (void *)addr_param + length; 3483 asconf_len -= length; 3484 3485 /* ADDIP 4.1 3486 * A8) If there is no response(s) to specific TLV parameter(s), and no 3487 * failures are indicated, then all request(s) are considered 3488 * successful. 3489 */ 3490 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr)) 3491 all_param_pass = 1; 3492 3493 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3494 while (asconf_len > 0) { 3495 if (all_param_pass) 3496 err_code = SCTP_ERROR_NO_ERROR; 3497 else { 3498 err_code = sctp_get_asconf_response(asconf_ack, 3499 asconf_param, 3500 no_err); 3501 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3502 no_err = 0; 3503 } 3504 3505 switch (err_code) { 3506 case SCTP_ERROR_NO_ERROR: 3507 sctp_asconf_param_success(asoc, asconf_param); 3508 break; 3509 3510 case SCTP_ERROR_RSRC_LOW: 3511 retval = 1; 3512 break; 3513 3514 case SCTP_ERROR_UNKNOWN_PARAM: 3515 /* Disable sending this type of asconf parameter in 3516 * future. 3517 */ 3518 asoc->peer.addip_disabled_mask |= 3519 asconf_param->param_hdr.type; 3520 break; 3521 3522 case SCTP_ERROR_REQ_REFUSED: 3523 case SCTP_ERROR_DEL_LAST_IP: 3524 case SCTP_ERROR_DEL_SRC_IP: 3525 default: 3526 break; 3527 } 3528 3529 /* Skip the processed asconf parameter and move to the next 3530 * one. 3531 */ 3532 length = ntohs(asconf_param->param_hdr.length); 3533 asconf_param = (void *)asconf_param + length; 3534 asconf_len -= length; 3535 } 3536 3537 if (no_err && asoc->src_out_of_asoc_ok) { 3538 asoc->src_out_of_asoc_ok = 0; 3539 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3540 } 3541 3542 /* Free the cached last sent asconf chunk. */ 3543 list_del_init(&asconf->transmitted_list); 3544 sctp_chunk_free(asconf); 3545 asoc->addip_last_asconf = NULL; 3546 3547 return retval; 3548 } 3549 3550 /* Make a FWD TSN chunk. */ 3551 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3552 __u32 new_cum_tsn, size_t nstreams, 3553 struct sctp_fwdtsn_skip *skiplist) 3554 { 3555 struct sctp_chunk *retval = NULL; 3556 struct sctp_fwdtsn_hdr ftsn_hdr; 3557 struct sctp_fwdtsn_skip skip; 3558 size_t hint; 3559 int i; 3560 3561 hint = (nstreams + 1) * sizeof(__u32); 3562 3563 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC); 3564 3565 if (!retval) 3566 return NULL; 3567 3568 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3569 retval->subh.fwdtsn_hdr = 3570 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3571 3572 for (i = 0; i < nstreams; i++) { 3573 skip.stream = skiplist[i].stream; 3574 skip.ssn = skiplist[i].ssn; 3575 sctp_addto_chunk(retval, sizeof(skip), &skip); 3576 } 3577 3578 return retval; 3579 } 3580 3581 struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc, 3582 __u32 new_cum_tsn, size_t nstreams, 3583 struct sctp_ifwdtsn_skip *skiplist) 3584 { 3585 struct sctp_chunk *retval = NULL; 3586 struct sctp_ifwdtsn_hdr ftsn_hdr; 3587 size_t hint; 3588 3589 hint = (nstreams + 1) * sizeof(__u32); 3590 3591 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint, 3592 GFP_ATOMIC); 3593 if (!retval) 3594 return NULL; 3595 3596 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3597 retval->subh.ifwdtsn_hdr = 3598 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3599 3600 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist); 3601 3602 return retval; 3603 } 3604 3605 /* RE-CONFIG 3.1 (RE-CONFIG chunk) 3606 * 0 1 2 3 3607 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3608 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3609 * | Type = 130 | Chunk Flags | Chunk Length | 3610 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3611 * \ \ 3612 * / Re-configuration Parameter / 3613 * \ \ 3614 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3615 * \ \ 3616 * / Re-configuration Parameter (optional) / 3617 * \ \ 3618 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3619 */ 3620 static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc, 3621 int length) 3622 { 3623 struct sctp_reconf_chunk *reconf; 3624 struct sctp_chunk *retval; 3625 3626 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length, 3627 GFP_ATOMIC); 3628 if (!retval) 3629 return NULL; 3630 3631 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr; 3632 retval->param_hdr.v = reconf->params; 3633 3634 return retval; 3635 } 3636 3637 /* RE-CONFIG 4.1 (STREAM OUT RESET) 3638 * 0 1 2 3 3639 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3640 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3641 * | Parameter Type = 13 | Parameter Length = 16 + 2 * N | 3642 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3643 * | Re-configuration Request Sequence Number | 3644 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3645 * | Re-configuration Response Sequence Number | 3646 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3647 * | Sender's Last Assigned TSN | 3648 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3649 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3651 * / ...... / 3652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3653 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3654 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3655 * 3656 * RE-CONFIG 4.2 (STREAM IN RESET) 3657 * 0 1 2 3 3658 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3659 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3660 * | Parameter Type = 14 | Parameter Length = 8 + 2 * N | 3661 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3662 * | Re-configuration Request Sequence Number | 3663 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3664 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3665 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3666 * / ...... / 3667 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3668 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3669 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3670 */ 3671 struct sctp_chunk *sctp_make_strreset_req( 3672 const struct sctp_association *asoc, 3673 __u16 stream_num, __be16 *stream_list, 3674 bool out, bool in) 3675 { 3676 __u16 stream_len = stream_num * sizeof(__u16); 3677 struct sctp_strreset_outreq outreq; 3678 struct sctp_strreset_inreq inreq; 3679 struct sctp_chunk *retval; 3680 __u16 outlen, inlen; 3681 3682 outlen = (sizeof(outreq) + stream_len) * out; 3683 inlen = (sizeof(inreq) + stream_len) * in; 3684 3685 retval = sctp_make_reconf(asoc, outlen + inlen); 3686 if (!retval) 3687 return NULL; 3688 3689 if (outlen) { 3690 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST; 3691 outreq.param_hdr.length = htons(outlen); 3692 outreq.request_seq = htonl(asoc->strreset_outseq); 3693 outreq.response_seq = htonl(asoc->strreset_inseq - 1); 3694 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1); 3695 3696 sctp_addto_chunk(retval, sizeof(outreq), &outreq); 3697 3698 if (stream_len) 3699 sctp_addto_chunk(retval, stream_len, stream_list); 3700 } 3701 3702 if (inlen) { 3703 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST; 3704 inreq.param_hdr.length = htons(inlen); 3705 inreq.request_seq = htonl(asoc->strreset_outseq + out); 3706 3707 sctp_addto_chunk(retval, sizeof(inreq), &inreq); 3708 3709 if (stream_len) 3710 sctp_addto_chunk(retval, stream_len, stream_list); 3711 } 3712 3713 return retval; 3714 } 3715 3716 /* RE-CONFIG 4.3 (SSN/TSN RESET ALL) 3717 * 0 1 2 3 3718 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3719 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3720 * | Parameter Type = 15 | Parameter Length = 8 | 3721 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3722 * | Re-configuration Request Sequence Number | 3723 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3724 */ 3725 struct sctp_chunk *sctp_make_strreset_tsnreq( 3726 const struct sctp_association *asoc) 3727 { 3728 struct sctp_strreset_tsnreq tsnreq; 3729 __u16 length = sizeof(tsnreq); 3730 struct sctp_chunk *retval; 3731 3732 retval = sctp_make_reconf(asoc, length); 3733 if (!retval) 3734 return NULL; 3735 3736 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST; 3737 tsnreq.param_hdr.length = htons(length); 3738 tsnreq.request_seq = htonl(asoc->strreset_outseq); 3739 3740 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq); 3741 3742 return retval; 3743 } 3744 3745 /* RE-CONFIG 4.5/4.6 (ADD STREAM) 3746 * 0 1 2 3 3747 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3748 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3749 * | Parameter Type = 17 | Parameter Length = 12 | 3750 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3751 * | Re-configuration Request Sequence Number | 3752 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3753 * | Number of new streams | Reserved | 3754 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3755 */ 3756 struct sctp_chunk *sctp_make_strreset_addstrm( 3757 const struct sctp_association *asoc, 3758 __u16 out, __u16 in) 3759 { 3760 struct sctp_strreset_addstrm addstrm; 3761 __u16 size = sizeof(addstrm); 3762 struct sctp_chunk *retval; 3763 3764 retval = sctp_make_reconf(asoc, (!!out + !!in) * size); 3765 if (!retval) 3766 return NULL; 3767 3768 if (out) { 3769 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS; 3770 addstrm.param_hdr.length = htons(size); 3771 addstrm.number_of_streams = htons(out); 3772 addstrm.request_seq = htonl(asoc->strreset_outseq); 3773 addstrm.reserved = 0; 3774 3775 sctp_addto_chunk(retval, size, &addstrm); 3776 } 3777 3778 if (in) { 3779 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS; 3780 addstrm.param_hdr.length = htons(size); 3781 addstrm.number_of_streams = htons(in); 3782 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out); 3783 addstrm.reserved = 0; 3784 3785 sctp_addto_chunk(retval, size, &addstrm); 3786 } 3787 3788 return retval; 3789 } 3790 3791 /* RE-CONFIG 4.4 (RESP) 3792 * 0 1 2 3 3793 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3794 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3795 * | Parameter Type = 16 | Parameter Length | 3796 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3797 * | Re-configuration Response Sequence Number | 3798 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3799 * | Result | 3800 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3801 */ 3802 struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc, 3803 __u32 result, __u32 sn) 3804 { 3805 struct sctp_strreset_resp resp; 3806 __u16 length = sizeof(resp); 3807 struct sctp_chunk *retval; 3808 3809 retval = sctp_make_reconf(asoc, length); 3810 if (!retval) 3811 return NULL; 3812 3813 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3814 resp.param_hdr.length = htons(length); 3815 resp.response_seq = htonl(sn); 3816 resp.result = htonl(result); 3817 3818 sctp_addto_chunk(retval, sizeof(resp), &resp); 3819 3820 return retval; 3821 } 3822 3823 /* RE-CONFIG 4.4 OPTIONAL (TSNRESP) 3824 * 0 1 2 3 3825 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3826 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3827 * | Parameter Type = 16 | Parameter Length | 3828 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3829 * | Re-configuration Response Sequence Number | 3830 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3831 * | Result | 3832 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3833 * | Sender's Next TSN (optional) | 3834 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3835 * | Receiver's Next TSN (optional) | 3836 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3837 */ 3838 struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc, 3839 __u32 result, __u32 sn, 3840 __u32 sender_tsn, 3841 __u32 receiver_tsn) 3842 { 3843 struct sctp_strreset_resptsn tsnresp; 3844 __u16 length = sizeof(tsnresp); 3845 struct sctp_chunk *retval; 3846 3847 retval = sctp_make_reconf(asoc, length); 3848 if (!retval) 3849 return NULL; 3850 3851 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3852 tsnresp.param_hdr.length = htons(length); 3853 3854 tsnresp.response_seq = htonl(sn); 3855 tsnresp.result = htonl(result); 3856 tsnresp.senders_next_tsn = htonl(sender_tsn); 3857 tsnresp.receivers_next_tsn = htonl(receiver_tsn); 3858 3859 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp); 3860 3861 return retval; 3862 } 3863 3864 bool sctp_verify_reconf(const struct sctp_association *asoc, 3865 struct sctp_chunk *chunk, 3866 struct sctp_paramhdr **errp) 3867 { 3868 struct sctp_reconf_chunk *hdr; 3869 union sctp_params param; 3870 __be16 last = 0; 3871 __u16 cnt = 0; 3872 3873 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; 3874 sctp_walk_params(param, hdr, params) { 3875 __u16 length = ntohs(param.p->length); 3876 3877 *errp = param.p; 3878 if (cnt++ > 2) 3879 return false; 3880 switch (param.p->type) { 3881 case SCTP_PARAM_RESET_OUT_REQUEST: 3882 if (length < sizeof(struct sctp_strreset_outreq) || 3883 (last && last != SCTP_PARAM_RESET_RESPONSE && 3884 last != SCTP_PARAM_RESET_IN_REQUEST)) 3885 return false; 3886 break; 3887 case SCTP_PARAM_RESET_IN_REQUEST: 3888 if (length < sizeof(struct sctp_strreset_inreq) || 3889 (last && last != SCTP_PARAM_RESET_OUT_REQUEST)) 3890 return false; 3891 break; 3892 case SCTP_PARAM_RESET_RESPONSE: 3893 if ((length != sizeof(struct sctp_strreset_resp) && 3894 length != sizeof(struct sctp_strreset_resptsn)) || 3895 (last && last != SCTP_PARAM_RESET_RESPONSE && 3896 last != SCTP_PARAM_RESET_OUT_REQUEST)) 3897 return false; 3898 break; 3899 case SCTP_PARAM_RESET_TSN_REQUEST: 3900 if (length != 3901 sizeof(struct sctp_strreset_tsnreq) || last) 3902 return false; 3903 break; 3904 case SCTP_PARAM_RESET_ADD_IN_STREAMS: 3905 if (length != sizeof(struct sctp_strreset_addstrm) || 3906 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS)) 3907 return false; 3908 break; 3909 case SCTP_PARAM_RESET_ADD_OUT_STREAMS: 3910 if (length != sizeof(struct sctp_strreset_addstrm) || 3911 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS)) 3912 return false; 3913 break; 3914 default: 3915 return false; 3916 } 3917 3918 last = param.p->type; 3919 } 3920 3921 return true; 3922 } 3923