1 /* SCTP kernel reference Implementation 2 * Copyright (c) 1999-2000 Cisco, Inc. 3 * Copyright (c) 1999-2001 Motorola, Inc. 4 * Copyright (c) 2001-2003 International Business Machines, Corp. 5 * Copyright (c) 2001 Intel Corp. 6 * Copyright (c) 2001 Nokia, Inc. 7 * Copyright (c) 2001 La Monte H.P. Yarroll 8 * 9 * This file is part of the SCTP kernel reference Implementation 10 * 11 * These functions handle all input from the IP layer into SCTP. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * Xingang Guo <xingang.guo@intel.com> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Hui Huang <hui.huang@nokia.com> 43 * Daisy Chang <daisyc@us.ibm.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Ardelle Fan <ardelle.fan@intel.com> 46 * 47 * Any bugs reported given to us we will try to fix... any fixes shared will 48 * be incorporated into the next SCTP release. 49 */ 50 51 #include <linux/types.h> 52 #include <linux/list.h> /* For struct list_head */ 53 #include <linux/socket.h> 54 #include <linux/ip.h> 55 #include <linux/time.h> /* For struct timeval */ 56 #include <net/ip.h> 57 #include <net/icmp.h> 58 #include <net/snmp.h> 59 #include <net/sock.h> 60 #include <net/xfrm.h> 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 /* Forward declarations for internal helpers. */ 65 static int sctp_rcv_ootb(struct sk_buff *); 66 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 67 const union sctp_addr *laddr, 68 const union sctp_addr *paddr, 69 struct sctp_transport **transportp); 70 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr); 71 static struct sctp_association *__sctp_lookup_association( 72 const union sctp_addr *local, 73 const union sctp_addr *peer, 74 struct sctp_transport **pt); 75 76 77 /* Calculate the SCTP checksum of an SCTP packet. */ 78 static inline int sctp_rcv_checksum(struct sk_buff *skb) 79 { 80 struct sctphdr *sh; 81 __u32 cmp, val; 82 struct sk_buff *list = skb_shinfo(skb)->frag_list; 83 84 sh = (struct sctphdr *) skb->h.raw; 85 cmp = ntohl(sh->checksum); 86 87 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb)); 88 89 for (; list; list = list->next) 90 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list), 91 val); 92 93 val = sctp_end_cksum(val); 94 95 if (val != cmp) { 96 /* CRC failure, dump it. */ 97 SCTP_INC_STATS_BH(SCTP_MIB_CHECKSUMERRORS); 98 return -1; 99 } 100 return 0; 101 } 102 103 /* The free routine for skbuffs that sctp receives */ 104 static void sctp_rfree(struct sk_buff *skb) 105 { 106 atomic_sub(sizeof(struct sctp_chunk),&skb->sk->sk_rmem_alloc); 107 sock_rfree(skb); 108 } 109 110 /* The ownership wrapper routine to do receive buffer accounting */ 111 static void sctp_rcv_set_owner_r(struct sk_buff *skb, struct sock *sk) 112 { 113 skb_set_owner_r(skb,sk); 114 skb->destructor = sctp_rfree; 115 atomic_add(sizeof(struct sctp_chunk),&sk->sk_rmem_alloc); 116 } 117 118 /* 119 * This is the routine which IP calls when receiving an SCTP packet. 120 */ 121 int sctp_rcv(struct sk_buff *skb) 122 { 123 struct sock *sk; 124 struct sctp_association *asoc; 125 struct sctp_endpoint *ep = NULL; 126 struct sctp_ep_common *rcvr; 127 struct sctp_transport *transport = NULL; 128 struct sctp_chunk *chunk; 129 struct sctphdr *sh; 130 union sctp_addr src; 131 union sctp_addr dest; 132 int family; 133 struct sctp_af *af; 134 int ret = 0; 135 136 if (skb->pkt_type!=PACKET_HOST) 137 goto discard_it; 138 139 SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); 140 141 sh = (struct sctphdr *) skb->h.raw; 142 143 /* Pull up the IP and SCTP headers. */ 144 __skb_pull(skb, skb->h.raw - skb->data); 145 if (skb->len < sizeof(struct sctphdr)) 146 goto discard_it; 147 if (sctp_rcv_checksum(skb) < 0) 148 goto discard_it; 149 150 skb_pull(skb, sizeof(struct sctphdr)); 151 152 /* Make sure we at least have chunk headers worth of data left. */ 153 if (skb->len < sizeof(struct sctp_chunkhdr)) 154 goto discard_it; 155 156 family = ipver2af(skb->nh.iph->version); 157 af = sctp_get_af_specific(family); 158 if (unlikely(!af)) 159 goto discard_it; 160 161 /* Initialize local addresses for lookups. */ 162 af->from_skb(&src, skb, 1); 163 af->from_skb(&dest, skb, 0); 164 165 /* If the packet is to or from a non-unicast address, 166 * silently discard the packet. 167 * 168 * This is not clearly defined in the RFC except in section 169 * 8.4 - OOTB handling. However, based on the book "Stream Control 170 * Transmission Protocol" 2.1, "It is important to note that the 171 * IP address of an SCTP transport address must be a routable 172 * unicast address. In other words, IP multicast addresses and 173 * IP broadcast addresses cannot be used in an SCTP transport 174 * address." 175 */ 176 if (!af->addr_valid(&src, NULL) || !af->addr_valid(&dest, NULL)) 177 goto discard_it; 178 179 asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport); 180 181 /* 182 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 183 * An SCTP packet is called an "out of the blue" (OOTB) 184 * packet if it is correctly formed, i.e., passed the 185 * receiver's checksum check, but the receiver is not 186 * able to identify the association to which this 187 * packet belongs. 188 */ 189 if (!asoc) { 190 ep = __sctp_rcv_lookup_endpoint(&dest); 191 if (sctp_rcv_ootb(skb)) { 192 SCTP_INC_STATS_BH(SCTP_MIB_OUTOFBLUES); 193 goto discard_release; 194 } 195 } 196 197 /* Retrieve the common input handling substructure. */ 198 rcvr = asoc ? &asoc->base : &ep->base; 199 sk = rcvr->sk; 200 201 if ((sk) && (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)) { 202 goto discard_release; 203 } 204 205 206 /* SCTP seems to always need a timestamp right now (FIXME) */ 207 if (skb->stamp.tv_sec == 0) { 208 do_gettimeofday(&skb->stamp); 209 sock_enable_timestamp(sk); 210 } 211 212 if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family)) 213 goto discard_release; 214 215 ret = sk_filter(sk, skb, 1); 216 if (ret) 217 goto discard_release; 218 219 /* Create an SCTP packet structure. */ 220 chunk = sctp_chunkify(skb, asoc, sk); 221 if (!chunk) { 222 ret = -ENOMEM; 223 goto discard_release; 224 } 225 226 sctp_rcv_set_owner_r(skb,sk); 227 228 /* Remember what endpoint is to handle this packet. */ 229 chunk->rcvr = rcvr; 230 231 /* Remember the SCTP header. */ 232 chunk->sctp_hdr = sh; 233 234 /* Set the source and destination addresses of the incoming chunk. */ 235 sctp_init_addrs(chunk, &src, &dest); 236 237 /* Remember where we came from. */ 238 chunk->transport = transport; 239 240 /* Acquire access to the sock lock. Note: We are safe from other 241 * bottom halves on this lock, but a user may be in the lock too, 242 * so check if it is busy. 243 */ 244 sctp_bh_lock_sock(sk); 245 246 if (sock_owned_by_user(sk)) 247 sk_add_backlog(sk, (struct sk_buff *) chunk); 248 else 249 sctp_backlog_rcv(sk, (struct sk_buff *) chunk); 250 251 /* Release the sock and any reference counts we took in the 252 * lookup calls. 253 */ 254 sctp_bh_unlock_sock(sk); 255 if (asoc) 256 sctp_association_put(asoc); 257 else 258 sctp_endpoint_put(ep); 259 sock_put(sk); 260 return ret; 261 262 discard_it: 263 kfree_skb(skb); 264 return ret; 265 266 discard_release: 267 /* Release any structures we may be holding. */ 268 if (asoc) { 269 sock_put(asoc->base.sk); 270 sctp_association_put(asoc); 271 } else { 272 sock_put(ep->base.sk); 273 sctp_endpoint_put(ep); 274 } 275 276 goto discard_it; 277 } 278 279 /* Handle second half of inbound skb processing. If the sock was busy, 280 * we may have need to delay processing until later when the sock is 281 * released (on the backlog). If not busy, we call this routine 282 * directly from the bottom half. 283 */ 284 int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb) 285 { 286 struct sctp_chunk *chunk; 287 struct sctp_inq *inqueue; 288 289 /* One day chunk will live inside the skb, but for 290 * now this works. 291 */ 292 chunk = (struct sctp_chunk *) skb; 293 inqueue = &chunk->rcvr->inqueue; 294 295 sctp_inq_push(inqueue, chunk); 296 return 0; 297 } 298 299 /* Handle icmp frag needed error. */ 300 void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc, 301 struct sctp_transport *t, __u32 pmtu) 302 { 303 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { 304 printk(KERN_WARNING "%s: Reported pmtu %d too low, " 305 "using default minimum of %d\n", __FUNCTION__, pmtu, 306 SCTP_DEFAULT_MINSEGMENT); 307 pmtu = SCTP_DEFAULT_MINSEGMENT; 308 } 309 310 if (!sock_owned_by_user(sk) && t && (t->pmtu != pmtu)) { 311 t->pmtu = pmtu; 312 sctp_assoc_sync_pmtu(asoc); 313 sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); 314 } 315 } 316 317 /* 318 * SCTP Implementer's Guide, 2.37 ICMP handling procedures 319 * 320 * ICMP8) If the ICMP code is a "Unrecognized next header type encountered" 321 * or a "Protocol Unreachable" treat this message as an abort 322 * with the T bit set. 323 * 324 * This function sends an event to the state machine, which will abort the 325 * association. 326 * 327 */ 328 void sctp_icmp_proto_unreachable(struct sock *sk, 329 struct sctp_endpoint *ep, 330 struct sctp_association *asoc, 331 struct sctp_transport *t) 332 { 333 SCTP_DEBUG_PRINTK("%s\n", __FUNCTION__); 334 335 sctp_do_sm(SCTP_EVENT_T_OTHER, 336 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH), 337 asoc->state, asoc->ep, asoc, NULL, 338 GFP_ATOMIC); 339 340 } 341 342 /* Common lookup code for icmp/icmpv6 error handler. */ 343 struct sock *sctp_err_lookup(int family, struct sk_buff *skb, 344 struct sctphdr *sctphdr, 345 struct sctp_endpoint **epp, 346 struct sctp_association **app, 347 struct sctp_transport **tpp) 348 { 349 union sctp_addr saddr; 350 union sctp_addr daddr; 351 struct sctp_af *af; 352 struct sock *sk = NULL; 353 struct sctp_endpoint *ep = NULL; 354 struct sctp_association *asoc = NULL; 355 struct sctp_transport *transport = NULL; 356 357 *app = NULL; *epp = NULL; *tpp = NULL; 358 359 af = sctp_get_af_specific(family); 360 if (unlikely(!af)) { 361 return NULL; 362 } 363 364 /* Initialize local addresses for lookups. */ 365 af->from_skb(&saddr, skb, 1); 366 af->from_skb(&daddr, skb, 0); 367 368 /* Look for an association that matches the incoming ICMP error 369 * packet. 370 */ 371 asoc = __sctp_lookup_association(&saddr, &daddr, &transport); 372 if (!asoc) { 373 /* If there is no matching association, see if it matches any 374 * endpoint. This may happen for an ICMP error generated in 375 * response to an INIT_ACK. 376 */ 377 ep = __sctp_rcv_lookup_endpoint(&daddr); 378 if (!ep) { 379 return NULL; 380 } 381 } 382 383 if (asoc) { 384 sk = asoc->base.sk; 385 386 if (ntohl(sctphdr->vtag) != asoc->c.peer_vtag) { 387 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 388 goto out; 389 } 390 } else 391 sk = ep->base.sk; 392 393 sctp_bh_lock_sock(sk); 394 395 /* If too many ICMPs get dropped on busy 396 * servers this needs to be solved differently. 397 */ 398 if (sock_owned_by_user(sk)) 399 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 400 401 *epp = ep; 402 *app = asoc; 403 *tpp = transport; 404 return sk; 405 406 out: 407 sock_put(sk); 408 if (asoc) 409 sctp_association_put(asoc); 410 if (ep) 411 sctp_endpoint_put(ep); 412 return NULL; 413 } 414 415 /* Common cleanup code for icmp/icmpv6 error handler. */ 416 void sctp_err_finish(struct sock *sk, struct sctp_endpoint *ep, 417 struct sctp_association *asoc) 418 { 419 sctp_bh_unlock_sock(sk); 420 sock_put(sk); 421 if (asoc) 422 sctp_association_put(asoc); 423 if (ep) 424 sctp_endpoint_put(ep); 425 } 426 427 /* 428 * This routine is called by the ICMP module when it gets some 429 * sort of error condition. If err < 0 then the socket should 430 * be closed and the error returned to the user. If err > 0 431 * it's just the icmp type << 8 | icmp code. After adjustment 432 * header points to the first 8 bytes of the sctp header. We need 433 * to find the appropriate port. 434 * 435 * The locking strategy used here is very "optimistic". When 436 * someone else accesses the socket the ICMP is just dropped 437 * and for some paths there is no check at all. 438 * A more general error queue to queue errors for later handling 439 * is probably better. 440 * 441 */ 442 void sctp_v4_err(struct sk_buff *skb, __u32 info) 443 { 444 struct iphdr *iph = (struct iphdr *)skb->data; 445 struct sctphdr *sh = (struct sctphdr *)(skb->data + (iph->ihl <<2)); 446 int type = skb->h.icmph->type; 447 int code = skb->h.icmph->code; 448 struct sock *sk; 449 struct sctp_endpoint *ep; 450 struct sctp_association *asoc; 451 struct sctp_transport *transport; 452 struct inet_sock *inet; 453 char *saveip, *savesctp; 454 int err; 455 456 if (skb->len < ((iph->ihl << 2) + 8)) { 457 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 458 return; 459 } 460 461 /* Fix up skb to look at the embedded net header. */ 462 saveip = skb->nh.raw; 463 savesctp = skb->h.raw; 464 skb->nh.iph = iph; 465 skb->h.raw = (char *)sh; 466 sk = sctp_err_lookup(AF_INET, skb, sh, &ep, &asoc, &transport); 467 /* Put back, the original pointers. */ 468 skb->nh.raw = saveip; 469 skb->h.raw = savesctp; 470 if (!sk) { 471 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 472 return; 473 } 474 /* Warning: The sock lock is held. Remember to call 475 * sctp_err_finish! 476 */ 477 478 switch (type) { 479 case ICMP_PARAMETERPROB: 480 err = EPROTO; 481 break; 482 case ICMP_DEST_UNREACH: 483 if (code > NR_ICMP_UNREACH) 484 goto out_unlock; 485 486 /* PMTU discovery (RFC1191) */ 487 if (ICMP_FRAG_NEEDED == code) { 488 sctp_icmp_frag_needed(sk, asoc, transport, info); 489 goto out_unlock; 490 } 491 else { 492 if (ICMP_PROT_UNREACH == code) { 493 sctp_icmp_proto_unreachable(sk, ep, asoc, 494 transport); 495 goto out_unlock; 496 } 497 } 498 err = icmp_err_convert[code].errno; 499 break; 500 case ICMP_TIME_EXCEEDED: 501 /* Ignore any time exceeded errors due to fragment reassembly 502 * timeouts. 503 */ 504 if (ICMP_EXC_FRAGTIME == code) 505 goto out_unlock; 506 507 err = EHOSTUNREACH; 508 break; 509 default: 510 goto out_unlock; 511 } 512 513 inet = inet_sk(sk); 514 if (!sock_owned_by_user(sk) && inet->recverr) { 515 sk->sk_err = err; 516 sk->sk_error_report(sk); 517 } else { /* Only an error on timeout */ 518 sk->sk_err_soft = err; 519 } 520 521 out_unlock: 522 sctp_err_finish(sk, ep, asoc); 523 } 524 525 /* 526 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 527 * 528 * This function scans all the chunks in the OOTB packet to determine if 529 * the packet should be discarded right away. If a response might be needed 530 * for this packet, or, if further processing is possible, the packet will 531 * be queued to a proper inqueue for the next phase of handling. 532 * 533 * Output: 534 * Return 0 - If further processing is needed. 535 * Return 1 - If the packet can be discarded right away. 536 */ 537 int sctp_rcv_ootb(struct sk_buff *skb) 538 { 539 sctp_chunkhdr_t *ch; 540 __u8 *ch_end; 541 sctp_errhdr_t *err; 542 543 ch = (sctp_chunkhdr_t *) skb->data; 544 ch_end = ((__u8 *) ch) + WORD_ROUND(ntohs(ch->length)); 545 546 /* Scan through all the chunks in the packet. */ 547 while (ch_end > (__u8 *)ch && ch_end < skb->tail) { 548 549 /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the 550 * receiver MUST silently discard the OOTB packet and take no 551 * further action. 552 */ 553 if (SCTP_CID_ABORT == ch->type) 554 goto discard; 555 556 /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE 557 * chunk, the receiver should silently discard the packet 558 * and take no further action. 559 */ 560 if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type) 561 goto discard; 562 563 /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR 564 * or a COOKIE ACK the SCTP Packet should be silently 565 * discarded. 566 */ 567 if (SCTP_CID_COOKIE_ACK == ch->type) 568 goto discard; 569 570 if (SCTP_CID_ERROR == ch->type) { 571 sctp_walk_errors(err, ch) { 572 if (SCTP_ERROR_STALE_COOKIE == err->cause) 573 goto discard; 574 } 575 } 576 577 ch = (sctp_chunkhdr_t *) ch_end; 578 ch_end = ((__u8 *) ch) + WORD_ROUND(ntohs(ch->length)); 579 } 580 581 return 0; 582 583 discard: 584 return 1; 585 } 586 587 /* Insert endpoint into the hash table. */ 588 static void __sctp_hash_endpoint(struct sctp_endpoint *ep) 589 { 590 struct sctp_ep_common **epp; 591 struct sctp_ep_common *epb; 592 struct sctp_hashbucket *head; 593 594 epb = &ep->base; 595 596 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 597 head = &sctp_ep_hashtable[epb->hashent]; 598 599 sctp_write_lock(&head->lock); 600 epp = &head->chain; 601 epb->next = *epp; 602 if (epb->next) 603 (*epp)->pprev = &epb->next; 604 *epp = epb; 605 epb->pprev = epp; 606 sctp_write_unlock(&head->lock); 607 } 608 609 /* Add an endpoint to the hash. Local BH-safe. */ 610 void sctp_hash_endpoint(struct sctp_endpoint *ep) 611 { 612 sctp_local_bh_disable(); 613 __sctp_hash_endpoint(ep); 614 sctp_local_bh_enable(); 615 } 616 617 /* Remove endpoint from the hash table. */ 618 static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) 619 { 620 struct sctp_hashbucket *head; 621 struct sctp_ep_common *epb; 622 623 epb = &ep->base; 624 625 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 626 627 head = &sctp_ep_hashtable[epb->hashent]; 628 629 sctp_write_lock(&head->lock); 630 631 if (epb->pprev) { 632 if (epb->next) 633 epb->next->pprev = epb->pprev; 634 *epb->pprev = epb->next; 635 epb->pprev = NULL; 636 } 637 638 sctp_write_unlock(&head->lock); 639 } 640 641 /* Remove endpoint from the hash. Local BH-safe. */ 642 void sctp_unhash_endpoint(struct sctp_endpoint *ep) 643 { 644 sctp_local_bh_disable(); 645 __sctp_unhash_endpoint(ep); 646 sctp_local_bh_enable(); 647 } 648 649 /* Look up an endpoint. */ 650 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr) 651 { 652 struct sctp_hashbucket *head; 653 struct sctp_ep_common *epb; 654 struct sctp_endpoint *ep; 655 int hash; 656 657 hash = sctp_ep_hashfn(laddr->v4.sin_port); 658 head = &sctp_ep_hashtable[hash]; 659 read_lock(&head->lock); 660 for (epb = head->chain; epb; epb = epb->next) { 661 ep = sctp_ep(epb); 662 if (sctp_endpoint_is_match(ep, laddr)) 663 goto hit; 664 } 665 666 ep = sctp_sk((sctp_get_ctl_sock()))->ep; 667 epb = &ep->base; 668 669 hit: 670 sctp_endpoint_hold(ep); 671 sock_hold(epb->sk); 672 read_unlock(&head->lock); 673 return ep; 674 } 675 676 /* Insert association into the hash table. */ 677 static void __sctp_hash_established(struct sctp_association *asoc) 678 { 679 struct sctp_ep_common **epp; 680 struct sctp_ep_common *epb; 681 struct sctp_hashbucket *head; 682 683 epb = &asoc->base; 684 685 /* Calculate which chain this entry will belong to. */ 686 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, asoc->peer.port); 687 688 head = &sctp_assoc_hashtable[epb->hashent]; 689 690 sctp_write_lock(&head->lock); 691 epp = &head->chain; 692 epb->next = *epp; 693 if (epb->next) 694 (*epp)->pprev = &epb->next; 695 *epp = epb; 696 epb->pprev = epp; 697 sctp_write_unlock(&head->lock); 698 } 699 700 /* Add an association to the hash. Local BH-safe. */ 701 void sctp_hash_established(struct sctp_association *asoc) 702 { 703 sctp_local_bh_disable(); 704 __sctp_hash_established(asoc); 705 sctp_local_bh_enable(); 706 } 707 708 /* Remove association from the hash table. */ 709 static void __sctp_unhash_established(struct sctp_association *asoc) 710 { 711 struct sctp_hashbucket *head; 712 struct sctp_ep_common *epb; 713 714 epb = &asoc->base; 715 716 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, 717 asoc->peer.port); 718 719 head = &sctp_assoc_hashtable[epb->hashent]; 720 721 sctp_write_lock(&head->lock); 722 723 if (epb->pprev) { 724 if (epb->next) 725 epb->next->pprev = epb->pprev; 726 *epb->pprev = epb->next; 727 epb->pprev = NULL; 728 } 729 730 sctp_write_unlock(&head->lock); 731 } 732 733 /* Remove association from the hash table. Local BH-safe. */ 734 void sctp_unhash_established(struct sctp_association *asoc) 735 { 736 sctp_local_bh_disable(); 737 __sctp_unhash_established(asoc); 738 sctp_local_bh_enable(); 739 } 740 741 /* Look up an association. */ 742 static struct sctp_association *__sctp_lookup_association( 743 const union sctp_addr *local, 744 const union sctp_addr *peer, 745 struct sctp_transport **pt) 746 { 747 struct sctp_hashbucket *head; 748 struct sctp_ep_common *epb; 749 struct sctp_association *asoc; 750 struct sctp_transport *transport; 751 int hash; 752 753 /* Optimize here for direct hit, only listening connections can 754 * have wildcards anyways. 755 */ 756 hash = sctp_assoc_hashfn(local->v4.sin_port, peer->v4.sin_port); 757 head = &sctp_assoc_hashtable[hash]; 758 read_lock(&head->lock); 759 for (epb = head->chain; epb; epb = epb->next) { 760 asoc = sctp_assoc(epb); 761 transport = sctp_assoc_is_match(asoc, local, peer); 762 if (transport) 763 goto hit; 764 } 765 766 read_unlock(&head->lock); 767 768 return NULL; 769 770 hit: 771 *pt = transport; 772 sctp_association_hold(asoc); 773 sock_hold(epb->sk); 774 read_unlock(&head->lock); 775 return asoc; 776 } 777 778 /* Look up an association. BH-safe. */ 779 SCTP_STATIC 780 struct sctp_association *sctp_lookup_association(const union sctp_addr *laddr, 781 const union sctp_addr *paddr, 782 struct sctp_transport **transportp) 783 { 784 struct sctp_association *asoc; 785 786 sctp_local_bh_disable(); 787 asoc = __sctp_lookup_association(laddr, paddr, transportp); 788 sctp_local_bh_enable(); 789 790 return asoc; 791 } 792 793 /* Is there an association matching the given local and peer addresses? */ 794 int sctp_has_association(const union sctp_addr *laddr, 795 const union sctp_addr *paddr) 796 { 797 struct sctp_association *asoc; 798 struct sctp_transport *transport; 799 800 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { 801 sock_put(asoc->base.sk); 802 sctp_association_put(asoc); 803 return 1; 804 } 805 806 return 0; 807 } 808 809 /* 810 * SCTP Implementors Guide, 2.18 Handling of address 811 * parameters within the INIT or INIT-ACK. 812 * 813 * D) When searching for a matching TCB upon reception of an INIT 814 * or INIT-ACK chunk the receiver SHOULD use not only the 815 * source address of the packet (containing the INIT or 816 * INIT-ACK) but the receiver SHOULD also use all valid 817 * address parameters contained within the chunk. 818 * 819 * 2.18.3 Solution description 820 * 821 * This new text clearly specifies to an implementor the need 822 * to look within the INIT or INIT-ACK. Any implementation that 823 * does not do this, may not be able to establish associations 824 * in certain circumstances. 825 * 826 */ 827 static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb, 828 const union sctp_addr *laddr, struct sctp_transport **transportp) 829 { 830 struct sctp_association *asoc; 831 union sctp_addr addr; 832 union sctp_addr *paddr = &addr; 833 struct sctphdr *sh = (struct sctphdr *) skb->h.raw; 834 sctp_chunkhdr_t *ch; 835 union sctp_params params; 836 sctp_init_chunk_t *init; 837 struct sctp_transport *transport; 838 struct sctp_af *af; 839 840 ch = (sctp_chunkhdr_t *) skb->data; 841 842 /* If this is INIT/INIT-ACK look inside the chunk too. */ 843 switch (ch->type) { 844 case SCTP_CID_INIT: 845 case SCTP_CID_INIT_ACK: 846 break; 847 default: 848 return NULL; 849 } 850 851 /* The code below will attempt to walk the chunk and extract 852 * parameter information. Before we do that, we need to verify 853 * that the chunk length doesn't cause overflow. Otherwise, we'll 854 * walk off the end. 855 */ 856 if (WORD_ROUND(ntohs(ch->length)) > skb->len) 857 return NULL; 858 859 /* 860 * This code will NOT touch anything inside the chunk--it is 861 * strictly READ-ONLY. 862 * 863 * RFC 2960 3 SCTP packet Format 864 * 865 * Multiple chunks can be bundled into one SCTP packet up to 866 * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN 867 * COMPLETE chunks. These chunks MUST NOT be bundled with any 868 * other chunk in a packet. See Section 6.10 for more details 869 * on chunk bundling. 870 */ 871 872 /* Find the start of the TLVs and the end of the chunk. This is 873 * the region we search for address parameters. 874 */ 875 init = (sctp_init_chunk_t *)skb->data; 876 877 /* Walk the parameters looking for embedded addresses. */ 878 sctp_walk_params(params, init, init_hdr.params) { 879 880 /* Note: Ignoring hostname addresses. */ 881 af = sctp_get_af_specific(param_type2af(params.p->type)); 882 if (!af) 883 continue; 884 885 af->from_addr_param(paddr, params.addr, ntohs(sh->source), 0); 886 887 asoc = __sctp_lookup_association(laddr, paddr, &transport); 888 if (asoc) 889 return asoc; 890 } 891 892 return NULL; 893 } 894 895 /* Lookup an association for an inbound skb. */ 896 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 897 const union sctp_addr *paddr, 898 const union sctp_addr *laddr, 899 struct sctp_transport **transportp) 900 { 901 struct sctp_association *asoc; 902 903 asoc = __sctp_lookup_association(laddr, paddr, transportp); 904 905 /* Further lookup for INIT/INIT-ACK packets. 906 * SCTP Implementors Guide, 2.18 Handling of address 907 * parameters within the INIT or INIT-ACK. 908 */ 909 if (!asoc) 910 asoc = __sctp_rcv_init_lookup(skb, laddr, transportp); 911 912 return asoc; 913 } 914