1 /* SCTP kernel implementation 2 * Copyright (c) 1999-2000 Cisco, Inc. 3 * Copyright (c) 1999-2001 Motorola, Inc. 4 * Copyright (c) 2001-2003 International Business Machines, Corp. 5 * Copyright (c) 2001 Intel Corp. 6 * Copyright (c) 2001 Nokia, Inc. 7 * Copyright (c) 2001 La Monte H.P. Yarroll 8 * 9 * This file is part of the SCTP kernel implementation 10 * 11 * These functions handle all input from the IP layer into SCTP. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * Xingang Guo <xingang.guo@intel.com> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Hui Huang <hui.huang@nokia.com> 43 * Daisy Chang <daisyc@us.ibm.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Ardelle Fan <ardelle.fan@intel.com> 46 * 47 * Any bugs reported given to us we will try to fix... any fixes shared will 48 * be incorporated into the next SCTP release. 49 */ 50 51 #include <linux/types.h> 52 #include <linux/list.h> /* For struct list_head */ 53 #include <linux/socket.h> 54 #include <linux/ip.h> 55 #include <linux/time.h> /* For struct timeval */ 56 #include <net/ip.h> 57 #include <net/icmp.h> 58 #include <net/snmp.h> 59 #include <net/sock.h> 60 #include <net/xfrm.h> 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 #include <net/sctp/checksum.h> 64 #include <net/net_namespace.h> 65 66 /* Forward declarations for internal helpers. */ 67 static int sctp_rcv_ootb(struct sk_buff *); 68 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 69 const union sctp_addr *laddr, 70 const union sctp_addr *paddr, 71 struct sctp_transport **transportp); 72 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr); 73 static struct sctp_association *__sctp_lookup_association( 74 const union sctp_addr *local, 75 const union sctp_addr *peer, 76 struct sctp_transport **pt); 77 78 static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb); 79 80 81 /* Calculate the SCTP checksum of an SCTP packet. */ 82 static inline int sctp_rcv_checksum(struct sk_buff *skb) 83 { 84 struct sk_buff *list = skb_shinfo(skb)->frag_list; 85 struct sctphdr *sh = sctp_hdr(skb); 86 __be32 cmp = sh->checksum; 87 __be32 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb)); 88 89 for (; list; list = list->next) 90 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list), 91 val); 92 93 val = sctp_end_cksum(val); 94 95 if (val != cmp) { 96 /* CRC failure, dump it. */ 97 SCTP_INC_STATS_BH(SCTP_MIB_CHECKSUMERRORS); 98 return -1; 99 } 100 return 0; 101 } 102 103 struct sctp_input_cb { 104 union { 105 struct inet_skb_parm h4; 106 #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) 107 struct inet6_skb_parm h6; 108 #endif 109 } header; 110 struct sctp_chunk *chunk; 111 }; 112 #define SCTP_INPUT_CB(__skb) ((struct sctp_input_cb *)&((__skb)->cb[0])) 113 114 /* 115 * This is the routine which IP calls when receiving an SCTP packet. 116 */ 117 int sctp_rcv(struct sk_buff *skb) 118 { 119 struct sock *sk; 120 struct sctp_association *asoc; 121 struct sctp_endpoint *ep = NULL; 122 struct sctp_ep_common *rcvr; 123 struct sctp_transport *transport = NULL; 124 struct sctp_chunk *chunk; 125 struct sctphdr *sh; 126 union sctp_addr src; 127 union sctp_addr dest; 128 int family; 129 struct sctp_af *af; 130 131 if (skb->pkt_type!=PACKET_HOST) 132 goto discard_it; 133 134 SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); 135 136 if (skb_linearize(skb)) 137 goto discard_it; 138 139 sh = sctp_hdr(skb); 140 141 /* Pull up the IP and SCTP headers. */ 142 __skb_pull(skb, skb_transport_offset(skb)); 143 if (skb->len < sizeof(struct sctphdr)) 144 goto discard_it; 145 if (!skb_csum_unnecessary(skb) && sctp_rcv_checksum(skb) < 0) 146 goto discard_it; 147 148 skb_pull(skb, sizeof(struct sctphdr)); 149 150 /* Make sure we at least have chunk headers worth of data left. */ 151 if (skb->len < sizeof(struct sctp_chunkhdr)) 152 goto discard_it; 153 154 family = ipver2af(ip_hdr(skb)->version); 155 af = sctp_get_af_specific(family); 156 if (unlikely(!af)) 157 goto discard_it; 158 159 /* Initialize local addresses for lookups. */ 160 af->from_skb(&src, skb, 1); 161 af->from_skb(&dest, skb, 0); 162 163 /* If the packet is to or from a non-unicast address, 164 * silently discard the packet. 165 * 166 * This is not clearly defined in the RFC except in section 167 * 8.4 - OOTB handling. However, based on the book "Stream Control 168 * Transmission Protocol" 2.1, "It is important to note that the 169 * IP address of an SCTP transport address must be a routable 170 * unicast address. In other words, IP multicast addresses and 171 * IP broadcast addresses cannot be used in an SCTP transport 172 * address." 173 */ 174 if (!af->addr_valid(&src, NULL, skb) || 175 !af->addr_valid(&dest, NULL, skb)) 176 goto discard_it; 177 178 asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport); 179 180 if (!asoc) 181 ep = __sctp_rcv_lookup_endpoint(&dest); 182 183 /* Retrieve the common input handling substructure. */ 184 rcvr = asoc ? &asoc->base : &ep->base; 185 sk = rcvr->sk; 186 187 /* 188 * If a frame arrives on an interface and the receiving socket is 189 * bound to another interface, via SO_BINDTODEVICE, treat it as OOTB 190 */ 191 if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) 192 { 193 if (asoc) { 194 sctp_association_put(asoc); 195 asoc = NULL; 196 } else { 197 sctp_endpoint_put(ep); 198 ep = NULL; 199 } 200 sk = sctp_get_ctl_sock(); 201 ep = sctp_sk(sk)->ep; 202 sctp_endpoint_hold(ep); 203 rcvr = &ep->base; 204 } 205 206 /* 207 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 208 * An SCTP packet is called an "out of the blue" (OOTB) 209 * packet if it is correctly formed, i.e., passed the 210 * receiver's checksum check, but the receiver is not 211 * able to identify the association to which this 212 * packet belongs. 213 */ 214 if (!asoc) { 215 if (sctp_rcv_ootb(skb)) { 216 SCTP_INC_STATS_BH(SCTP_MIB_OUTOFBLUES); 217 goto discard_release; 218 } 219 } 220 221 if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family)) 222 goto discard_release; 223 nf_reset(skb); 224 225 if (sk_filter(sk, skb)) 226 goto discard_release; 227 228 /* Create an SCTP packet structure. */ 229 chunk = sctp_chunkify(skb, asoc, sk); 230 if (!chunk) 231 goto discard_release; 232 SCTP_INPUT_CB(skb)->chunk = chunk; 233 234 /* Remember what endpoint is to handle this packet. */ 235 chunk->rcvr = rcvr; 236 237 /* Remember the SCTP header. */ 238 chunk->sctp_hdr = sh; 239 240 /* Set the source and destination addresses of the incoming chunk. */ 241 sctp_init_addrs(chunk, &src, &dest); 242 243 /* Remember where we came from. */ 244 chunk->transport = transport; 245 246 /* Acquire access to the sock lock. Note: We are safe from other 247 * bottom halves on this lock, but a user may be in the lock too, 248 * so check if it is busy. 249 */ 250 sctp_bh_lock_sock(sk); 251 252 if (sock_owned_by_user(sk)) { 253 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_BACKLOG); 254 sctp_add_backlog(sk, skb); 255 } else { 256 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_SOFTIRQ); 257 sctp_inq_push(&chunk->rcvr->inqueue, chunk); 258 } 259 260 sctp_bh_unlock_sock(sk); 261 262 /* Release the asoc/ep ref we took in the lookup calls. */ 263 if (asoc) 264 sctp_association_put(asoc); 265 else 266 sctp_endpoint_put(ep); 267 268 return 0; 269 270 discard_it: 271 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_DISCARDS); 272 kfree_skb(skb); 273 return 0; 274 275 discard_release: 276 /* Release the asoc/ep ref we took in the lookup calls. */ 277 if (asoc) 278 sctp_association_put(asoc); 279 else 280 sctp_endpoint_put(ep); 281 282 goto discard_it; 283 } 284 285 /* Process the backlog queue of the socket. Every skb on 286 * the backlog holds a ref on an association or endpoint. 287 * We hold this ref throughout the state machine to make 288 * sure that the structure we need is still around. 289 */ 290 int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb) 291 { 292 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; 293 struct sctp_inq *inqueue = &chunk->rcvr->inqueue; 294 struct sctp_ep_common *rcvr = NULL; 295 int backloged = 0; 296 297 rcvr = chunk->rcvr; 298 299 /* If the rcvr is dead then the association or endpoint 300 * has been deleted and we can safely drop the chunk 301 * and refs that we are holding. 302 */ 303 if (rcvr->dead) { 304 sctp_chunk_free(chunk); 305 goto done; 306 } 307 308 if (unlikely(rcvr->sk != sk)) { 309 /* In this case, the association moved from one socket to 310 * another. We are currently sitting on the backlog of the 311 * old socket, so we need to move. 312 * However, since we are here in the process context we 313 * need to take make sure that the user doesn't own 314 * the new socket when we process the packet. 315 * If the new socket is user-owned, queue the chunk to the 316 * backlog of the new socket without dropping any refs. 317 * Otherwise, we can safely push the chunk on the inqueue. 318 */ 319 320 sk = rcvr->sk; 321 sctp_bh_lock_sock(sk); 322 323 if (sock_owned_by_user(sk)) { 324 sk_add_backlog(sk, skb); 325 backloged = 1; 326 } else 327 sctp_inq_push(inqueue, chunk); 328 329 sctp_bh_unlock_sock(sk); 330 331 /* If the chunk was backloged again, don't drop refs */ 332 if (backloged) 333 return 0; 334 } else { 335 sctp_inq_push(inqueue, chunk); 336 } 337 338 done: 339 /* Release the refs we took in sctp_add_backlog */ 340 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) 341 sctp_association_put(sctp_assoc(rcvr)); 342 else if (SCTP_EP_TYPE_SOCKET == rcvr->type) 343 sctp_endpoint_put(sctp_ep(rcvr)); 344 else 345 BUG(); 346 347 return 0; 348 } 349 350 static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb) 351 { 352 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; 353 struct sctp_ep_common *rcvr = chunk->rcvr; 354 355 /* Hold the assoc/ep while hanging on the backlog queue. 356 * This way, we know structures we need will not disappear from us 357 */ 358 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) 359 sctp_association_hold(sctp_assoc(rcvr)); 360 else if (SCTP_EP_TYPE_SOCKET == rcvr->type) 361 sctp_endpoint_hold(sctp_ep(rcvr)); 362 else 363 BUG(); 364 365 sk_add_backlog(sk, skb); 366 } 367 368 /* Handle icmp frag needed error. */ 369 void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc, 370 struct sctp_transport *t, __u32 pmtu) 371 { 372 if (!t || (t->pathmtu == pmtu)) 373 return; 374 375 if (sock_owned_by_user(sk)) { 376 asoc->pmtu_pending = 1; 377 t->pmtu_pending = 1; 378 return; 379 } 380 381 if (t->param_flags & SPP_PMTUD_ENABLE) { 382 /* Update transports view of the MTU */ 383 sctp_transport_update_pmtu(t, pmtu); 384 385 /* Update association pmtu. */ 386 sctp_assoc_sync_pmtu(asoc); 387 } 388 389 /* Retransmit with the new pmtu setting. 390 * Normally, if PMTU discovery is disabled, an ICMP Fragmentation 391 * Needed will never be sent, but if a message was sent before 392 * PMTU discovery was disabled that was larger than the PMTU, it 393 * would not be fragmented, so it must be re-transmitted fragmented. 394 */ 395 sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); 396 } 397 398 /* 399 * SCTP Implementer's Guide, 2.37 ICMP handling procedures 400 * 401 * ICMP8) If the ICMP code is a "Unrecognized next header type encountered" 402 * or a "Protocol Unreachable" treat this message as an abort 403 * with the T bit set. 404 * 405 * This function sends an event to the state machine, which will abort the 406 * association. 407 * 408 */ 409 void sctp_icmp_proto_unreachable(struct sock *sk, 410 struct sctp_association *asoc, 411 struct sctp_transport *t) 412 { 413 SCTP_DEBUG_PRINTK("%s\n", __func__); 414 415 sctp_do_sm(SCTP_EVENT_T_OTHER, 416 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH), 417 asoc->state, asoc->ep, asoc, t, 418 GFP_ATOMIC); 419 420 } 421 422 /* Common lookup code for icmp/icmpv6 error handler. */ 423 struct sock *sctp_err_lookup(int family, struct sk_buff *skb, 424 struct sctphdr *sctphdr, 425 struct sctp_association **app, 426 struct sctp_transport **tpp) 427 { 428 union sctp_addr saddr; 429 union sctp_addr daddr; 430 struct sctp_af *af; 431 struct sock *sk = NULL; 432 struct sctp_association *asoc; 433 struct sctp_transport *transport = NULL; 434 struct sctp_init_chunk *chunkhdr; 435 __u32 vtag = ntohl(sctphdr->vtag); 436 int len = skb->len - ((void *)sctphdr - (void *)skb->data); 437 438 *app = NULL; *tpp = NULL; 439 440 af = sctp_get_af_specific(family); 441 if (unlikely(!af)) { 442 return NULL; 443 } 444 445 /* Initialize local addresses for lookups. */ 446 af->from_skb(&saddr, skb, 1); 447 af->from_skb(&daddr, skb, 0); 448 449 /* Look for an association that matches the incoming ICMP error 450 * packet. 451 */ 452 asoc = __sctp_lookup_association(&saddr, &daddr, &transport); 453 if (!asoc) 454 return NULL; 455 456 sk = asoc->base.sk; 457 458 /* RFC 4960, Appendix C. ICMP Handling 459 * 460 * ICMP6) An implementation MUST validate that the Verification Tag 461 * contained in the ICMP message matches the Verification Tag of 462 * the peer. If the Verification Tag is not 0 and does NOT 463 * match, discard the ICMP message. If it is 0 and the ICMP 464 * message contains enough bytes to verify that the chunk type is 465 * an INIT chunk and that the Initiate Tag matches the tag of the 466 * peer, continue with ICMP7. If the ICMP message is too short 467 * or the chunk type or the Initiate Tag does not match, silently 468 * discard the packet. 469 */ 470 if (vtag == 0) { 471 chunkhdr = (struct sctp_init_chunk *)((void *)sctphdr 472 + sizeof(struct sctphdr)); 473 if (len < sizeof(struct sctphdr) + sizeof(sctp_chunkhdr_t) 474 + sizeof(__be32) || 475 chunkhdr->chunk_hdr.type != SCTP_CID_INIT || 476 ntohl(chunkhdr->init_hdr.init_tag) != asoc->c.my_vtag) { 477 goto out; 478 } 479 } else if (vtag != asoc->c.peer_vtag) { 480 goto out; 481 } 482 483 sctp_bh_lock_sock(sk); 484 485 /* If too many ICMPs get dropped on busy 486 * servers this needs to be solved differently. 487 */ 488 if (sock_owned_by_user(sk)) 489 NET_INC_STATS_BH(&init_net, LINUX_MIB_LOCKDROPPEDICMPS); 490 491 *app = asoc; 492 *tpp = transport; 493 return sk; 494 495 out: 496 if (asoc) 497 sctp_association_put(asoc); 498 return NULL; 499 } 500 501 /* Common cleanup code for icmp/icmpv6 error handler. */ 502 void sctp_err_finish(struct sock *sk, struct sctp_association *asoc) 503 { 504 sctp_bh_unlock_sock(sk); 505 if (asoc) 506 sctp_association_put(asoc); 507 } 508 509 /* 510 * This routine is called by the ICMP module when it gets some 511 * sort of error condition. If err < 0 then the socket should 512 * be closed and the error returned to the user. If err > 0 513 * it's just the icmp type << 8 | icmp code. After adjustment 514 * header points to the first 8 bytes of the sctp header. We need 515 * to find the appropriate port. 516 * 517 * The locking strategy used here is very "optimistic". When 518 * someone else accesses the socket the ICMP is just dropped 519 * and for some paths there is no check at all. 520 * A more general error queue to queue errors for later handling 521 * is probably better. 522 * 523 */ 524 void sctp_v4_err(struct sk_buff *skb, __u32 info) 525 { 526 struct iphdr *iph = (struct iphdr *)skb->data; 527 const int ihlen = iph->ihl * 4; 528 const int type = icmp_hdr(skb)->type; 529 const int code = icmp_hdr(skb)->code; 530 struct sock *sk; 531 struct sctp_association *asoc = NULL; 532 struct sctp_transport *transport; 533 struct inet_sock *inet; 534 sk_buff_data_t saveip, savesctp; 535 int err; 536 537 if (skb->len < ihlen + 8) { 538 ICMP_INC_STATS_BH(&init_net, ICMP_MIB_INERRORS); 539 return; 540 } 541 542 /* Fix up skb to look at the embedded net header. */ 543 saveip = skb->network_header; 544 savesctp = skb->transport_header; 545 skb_reset_network_header(skb); 546 skb_set_transport_header(skb, ihlen); 547 sk = sctp_err_lookup(AF_INET, skb, sctp_hdr(skb), &asoc, &transport); 548 /* Put back, the original values. */ 549 skb->network_header = saveip; 550 skb->transport_header = savesctp; 551 if (!sk) { 552 ICMP_INC_STATS_BH(&init_net, ICMP_MIB_INERRORS); 553 return; 554 } 555 /* Warning: The sock lock is held. Remember to call 556 * sctp_err_finish! 557 */ 558 559 switch (type) { 560 case ICMP_PARAMETERPROB: 561 err = EPROTO; 562 break; 563 case ICMP_DEST_UNREACH: 564 if (code > NR_ICMP_UNREACH) 565 goto out_unlock; 566 567 /* PMTU discovery (RFC1191) */ 568 if (ICMP_FRAG_NEEDED == code) { 569 sctp_icmp_frag_needed(sk, asoc, transport, info); 570 goto out_unlock; 571 } 572 else { 573 if (ICMP_PROT_UNREACH == code) { 574 sctp_icmp_proto_unreachable(sk, asoc, 575 transport); 576 goto out_unlock; 577 } 578 } 579 err = icmp_err_convert[code].errno; 580 break; 581 case ICMP_TIME_EXCEEDED: 582 /* Ignore any time exceeded errors due to fragment reassembly 583 * timeouts. 584 */ 585 if (ICMP_EXC_FRAGTIME == code) 586 goto out_unlock; 587 588 err = EHOSTUNREACH; 589 break; 590 default: 591 goto out_unlock; 592 } 593 594 inet = inet_sk(sk); 595 if (!sock_owned_by_user(sk) && inet->recverr) { 596 sk->sk_err = err; 597 sk->sk_error_report(sk); 598 } else { /* Only an error on timeout */ 599 sk->sk_err_soft = err; 600 } 601 602 out_unlock: 603 sctp_err_finish(sk, asoc); 604 } 605 606 /* 607 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 608 * 609 * This function scans all the chunks in the OOTB packet to determine if 610 * the packet should be discarded right away. If a response might be needed 611 * for this packet, or, if further processing is possible, the packet will 612 * be queued to a proper inqueue for the next phase of handling. 613 * 614 * Output: 615 * Return 0 - If further processing is needed. 616 * Return 1 - If the packet can be discarded right away. 617 */ 618 static int sctp_rcv_ootb(struct sk_buff *skb) 619 { 620 sctp_chunkhdr_t *ch; 621 __u8 *ch_end; 622 sctp_errhdr_t *err; 623 624 ch = (sctp_chunkhdr_t *) skb->data; 625 626 /* Scan through all the chunks in the packet. */ 627 do { 628 /* Break out if chunk length is less then minimal. */ 629 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) 630 break; 631 632 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); 633 if (ch_end > skb_tail_pointer(skb)) 634 break; 635 636 /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the 637 * receiver MUST silently discard the OOTB packet and take no 638 * further action. 639 */ 640 if (SCTP_CID_ABORT == ch->type) 641 goto discard; 642 643 /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE 644 * chunk, the receiver should silently discard the packet 645 * and take no further action. 646 */ 647 if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type) 648 goto discard; 649 650 /* RFC 4460, 2.11.2 651 * This will discard packets with INIT chunk bundled as 652 * subsequent chunks in the packet. When INIT is first, 653 * the normal INIT processing will discard the chunk. 654 */ 655 if (SCTP_CID_INIT == ch->type && (void *)ch != skb->data) 656 goto discard; 657 658 /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR 659 * or a COOKIE ACK the SCTP Packet should be silently 660 * discarded. 661 */ 662 if (SCTP_CID_COOKIE_ACK == ch->type) 663 goto discard; 664 665 if (SCTP_CID_ERROR == ch->type) { 666 sctp_walk_errors(err, ch) { 667 if (SCTP_ERROR_STALE_COOKIE == err->cause) 668 goto discard; 669 } 670 } 671 672 ch = (sctp_chunkhdr_t *) ch_end; 673 } while (ch_end < skb_tail_pointer(skb)); 674 675 return 0; 676 677 discard: 678 return 1; 679 } 680 681 /* Insert endpoint into the hash table. */ 682 static void __sctp_hash_endpoint(struct sctp_endpoint *ep) 683 { 684 struct sctp_ep_common *epb; 685 struct sctp_hashbucket *head; 686 687 epb = &ep->base; 688 689 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 690 head = &sctp_ep_hashtable[epb->hashent]; 691 692 sctp_write_lock(&head->lock); 693 hlist_add_head(&epb->node, &head->chain); 694 sctp_write_unlock(&head->lock); 695 } 696 697 /* Add an endpoint to the hash. Local BH-safe. */ 698 void sctp_hash_endpoint(struct sctp_endpoint *ep) 699 { 700 sctp_local_bh_disable(); 701 __sctp_hash_endpoint(ep); 702 sctp_local_bh_enable(); 703 } 704 705 /* Remove endpoint from the hash table. */ 706 static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) 707 { 708 struct sctp_hashbucket *head; 709 struct sctp_ep_common *epb; 710 711 epb = &ep->base; 712 713 if (hlist_unhashed(&epb->node)) 714 return; 715 716 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 717 718 head = &sctp_ep_hashtable[epb->hashent]; 719 720 sctp_write_lock(&head->lock); 721 __hlist_del(&epb->node); 722 sctp_write_unlock(&head->lock); 723 } 724 725 /* Remove endpoint from the hash. Local BH-safe. */ 726 void sctp_unhash_endpoint(struct sctp_endpoint *ep) 727 { 728 sctp_local_bh_disable(); 729 __sctp_unhash_endpoint(ep); 730 sctp_local_bh_enable(); 731 } 732 733 /* Look up an endpoint. */ 734 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr) 735 { 736 struct sctp_hashbucket *head; 737 struct sctp_ep_common *epb; 738 struct sctp_endpoint *ep; 739 struct hlist_node *node; 740 int hash; 741 742 hash = sctp_ep_hashfn(ntohs(laddr->v4.sin_port)); 743 head = &sctp_ep_hashtable[hash]; 744 read_lock(&head->lock); 745 sctp_for_each_hentry(epb, node, &head->chain) { 746 ep = sctp_ep(epb); 747 if (sctp_endpoint_is_match(ep, laddr)) 748 goto hit; 749 } 750 751 ep = sctp_sk((sctp_get_ctl_sock()))->ep; 752 753 hit: 754 sctp_endpoint_hold(ep); 755 read_unlock(&head->lock); 756 return ep; 757 } 758 759 /* Insert association into the hash table. */ 760 static void __sctp_hash_established(struct sctp_association *asoc) 761 { 762 struct sctp_ep_common *epb; 763 struct sctp_hashbucket *head; 764 765 epb = &asoc->base; 766 767 /* Calculate which chain this entry will belong to. */ 768 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, asoc->peer.port); 769 770 head = &sctp_assoc_hashtable[epb->hashent]; 771 772 sctp_write_lock(&head->lock); 773 hlist_add_head(&epb->node, &head->chain); 774 sctp_write_unlock(&head->lock); 775 } 776 777 /* Add an association to the hash. Local BH-safe. */ 778 void sctp_hash_established(struct sctp_association *asoc) 779 { 780 if (asoc->temp) 781 return; 782 783 sctp_local_bh_disable(); 784 __sctp_hash_established(asoc); 785 sctp_local_bh_enable(); 786 } 787 788 /* Remove association from the hash table. */ 789 static void __sctp_unhash_established(struct sctp_association *asoc) 790 { 791 struct sctp_hashbucket *head; 792 struct sctp_ep_common *epb; 793 794 epb = &asoc->base; 795 796 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, 797 asoc->peer.port); 798 799 head = &sctp_assoc_hashtable[epb->hashent]; 800 801 sctp_write_lock(&head->lock); 802 __hlist_del(&epb->node); 803 sctp_write_unlock(&head->lock); 804 } 805 806 /* Remove association from the hash table. Local BH-safe. */ 807 void sctp_unhash_established(struct sctp_association *asoc) 808 { 809 if (asoc->temp) 810 return; 811 812 sctp_local_bh_disable(); 813 __sctp_unhash_established(asoc); 814 sctp_local_bh_enable(); 815 } 816 817 /* Look up an association. */ 818 static struct sctp_association *__sctp_lookup_association( 819 const union sctp_addr *local, 820 const union sctp_addr *peer, 821 struct sctp_transport **pt) 822 { 823 struct sctp_hashbucket *head; 824 struct sctp_ep_common *epb; 825 struct sctp_association *asoc; 826 struct sctp_transport *transport; 827 struct hlist_node *node; 828 int hash; 829 830 /* Optimize here for direct hit, only listening connections can 831 * have wildcards anyways. 832 */ 833 hash = sctp_assoc_hashfn(ntohs(local->v4.sin_port), ntohs(peer->v4.sin_port)); 834 head = &sctp_assoc_hashtable[hash]; 835 read_lock(&head->lock); 836 sctp_for_each_hentry(epb, node, &head->chain) { 837 asoc = sctp_assoc(epb); 838 transport = sctp_assoc_is_match(asoc, local, peer); 839 if (transport) 840 goto hit; 841 } 842 843 read_unlock(&head->lock); 844 845 return NULL; 846 847 hit: 848 *pt = transport; 849 sctp_association_hold(asoc); 850 read_unlock(&head->lock); 851 return asoc; 852 } 853 854 /* Look up an association. BH-safe. */ 855 SCTP_STATIC 856 struct sctp_association *sctp_lookup_association(const union sctp_addr *laddr, 857 const union sctp_addr *paddr, 858 struct sctp_transport **transportp) 859 { 860 struct sctp_association *asoc; 861 862 sctp_local_bh_disable(); 863 asoc = __sctp_lookup_association(laddr, paddr, transportp); 864 sctp_local_bh_enable(); 865 866 return asoc; 867 } 868 869 /* Is there an association matching the given local and peer addresses? */ 870 int sctp_has_association(const union sctp_addr *laddr, 871 const union sctp_addr *paddr) 872 { 873 struct sctp_association *asoc; 874 struct sctp_transport *transport; 875 876 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { 877 sctp_association_put(asoc); 878 return 1; 879 } 880 881 return 0; 882 } 883 884 /* 885 * SCTP Implementors Guide, 2.18 Handling of address 886 * parameters within the INIT or INIT-ACK. 887 * 888 * D) When searching for a matching TCB upon reception of an INIT 889 * or INIT-ACK chunk the receiver SHOULD use not only the 890 * source address of the packet (containing the INIT or 891 * INIT-ACK) but the receiver SHOULD also use all valid 892 * address parameters contained within the chunk. 893 * 894 * 2.18.3 Solution description 895 * 896 * This new text clearly specifies to an implementor the need 897 * to look within the INIT or INIT-ACK. Any implementation that 898 * does not do this, may not be able to establish associations 899 * in certain circumstances. 900 * 901 */ 902 static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb, 903 const union sctp_addr *laddr, struct sctp_transport **transportp) 904 { 905 struct sctp_association *asoc; 906 union sctp_addr addr; 907 union sctp_addr *paddr = &addr; 908 struct sctphdr *sh = sctp_hdr(skb); 909 sctp_chunkhdr_t *ch; 910 union sctp_params params; 911 sctp_init_chunk_t *init; 912 struct sctp_transport *transport; 913 struct sctp_af *af; 914 915 ch = (sctp_chunkhdr_t *) skb->data; 916 917 /* 918 * This code will NOT touch anything inside the chunk--it is 919 * strictly READ-ONLY. 920 * 921 * RFC 2960 3 SCTP packet Format 922 * 923 * Multiple chunks can be bundled into one SCTP packet up to 924 * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN 925 * COMPLETE chunks. These chunks MUST NOT be bundled with any 926 * other chunk in a packet. See Section 6.10 for more details 927 * on chunk bundling. 928 */ 929 930 /* Find the start of the TLVs and the end of the chunk. This is 931 * the region we search for address parameters. 932 */ 933 init = (sctp_init_chunk_t *)skb->data; 934 935 /* Walk the parameters looking for embedded addresses. */ 936 sctp_walk_params(params, init, init_hdr.params) { 937 938 /* Note: Ignoring hostname addresses. */ 939 af = sctp_get_af_specific(param_type2af(params.p->type)); 940 if (!af) 941 continue; 942 943 af->from_addr_param(paddr, params.addr, sh->source, 0); 944 945 asoc = __sctp_lookup_association(laddr, paddr, &transport); 946 if (asoc) 947 return asoc; 948 } 949 950 return NULL; 951 } 952 953 /* ADD-IP, Section 5.2 954 * When an endpoint receives an ASCONF Chunk from the remote peer 955 * special procedures may be needed to identify the association the 956 * ASCONF Chunk is associated with. To properly find the association 957 * the following procedures SHOULD be followed: 958 * 959 * D2) If the association is not found, use the address found in the 960 * Address Parameter TLV combined with the port number found in the 961 * SCTP common header. If found proceed to rule D4. 962 * 963 * D2-ext) If more than one ASCONF Chunks are packed together, use the 964 * address found in the ASCONF Address Parameter TLV of each of the 965 * subsequent ASCONF Chunks. If found, proceed to rule D4. 966 */ 967 static struct sctp_association *__sctp_rcv_asconf_lookup( 968 sctp_chunkhdr_t *ch, 969 const union sctp_addr *laddr, 970 __be16 peer_port, 971 struct sctp_transport **transportp) 972 { 973 sctp_addip_chunk_t *asconf = (struct sctp_addip_chunk *)ch; 974 struct sctp_af *af; 975 union sctp_addr_param *param; 976 union sctp_addr paddr; 977 978 /* Skip over the ADDIP header and find the Address parameter */ 979 param = (union sctp_addr_param *)(asconf + 1); 980 981 af = sctp_get_af_specific(param_type2af(param->v4.param_hdr.type)); 982 if (unlikely(!af)) 983 return NULL; 984 985 af->from_addr_param(&paddr, param, peer_port, 0); 986 987 return __sctp_lookup_association(laddr, &paddr, transportp); 988 } 989 990 991 /* SCTP-AUTH, Section 6.3: 992 * If the receiver does not find a STCB for a packet containing an AUTH 993 * chunk as the first chunk and not a COOKIE-ECHO chunk as the second 994 * chunk, it MUST use the chunks after the AUTH chunk to look up an existing 995 * association. 996 * 997 * This means that any chunks that can help us identify the association need 998 * to be looked at to find this assocation. 999 */ 1000 static struct sctp_association *__sctp_rcv_walk_lookup(struct sk_buff *skb, 1001 const union sctp_addr *laddr, 1002 struct sctp_transport **transportp) 1003 { 1004 struct sctp_association *asoc = NULL; 1005 sctp_chunkhdr_t *ch; 1006 int have_auth = 0; 1007 unsigned int chunk_num = 1; 1008 __u8 *ch_end; 1009 1010 /* Walk through the chunks looking for AUTH or ASCONF chunks 1011 * to help us find the association. 1012 */ 1013 ch = (sctp_chunkhdr_t *) skb->data; 1014 do { 1015 /* Break out if chunk length is less then minimal. */ 1016 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) 1017 break; 1018 1019 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); 1020 if (ch_end > skb_tail_pointer(skb)) 1021 break; 1022 1023 switch(ch->type) { 1024 case SCTP_CID_AUTH: 1025 have_auth = chunk_num; 1026 break; 1027 1028 case SCTP_CID_COOKIE_ECHO: 1029 /* If a packet arrives containing an AUTH chunk as 1030 * a first chunk, a COOKIE-ECHO chunk as the second 1031 * chunk, and possibly more chunks after them, and 1032 * the receiver does not have an STCB for that 1033 * packet, then authentication is based on 1034 * the contents of the COOKIE- ECHO chunk. 1035 */ 1036 if (have_auth == 1 && chunk_num == 2) 1037 return NULL; 1038 break; 1039 1040 case SCTP_CID_ASCONF: 1041 if (have_auth || sctp_addip_noauth) 1042 asoc = __sctp_rcv_asconf_lookup(ch, laddr, 1043 sctp_hdr(skb)->source, 1044 transportp); 1045 default: 1046 break; 1047 } 1048 1049 if (asoc) 1050 break; 1051 1052 ch = (sctp_chunkhdr_t *) ch_end; 1053 chunk_num++; 1054 } while (ch_end < skb_tail_pointer(skb)); 1055 1056 return asoc; 1057 } 1058 1059 /* 1060 * There are circumstances when we need to look inside the SCTP packet 1061 * for information to help us find the association. Examples 1062 * include looking inside of INIT/INIT-ACK chunks or after the AUTH 1063 * chunks. 1064 */ 1065 static struct sctp_association *__sctp_rcv_lookup_harder(struct sk_buff *skb, 1066 const union sctp_addr *laddr, 1067 struct sctp_transport **transportp) 1068 { 1069 sctp_chunkhdr_t *ch; 1070 1071 ch = (sctp_chunkhdr_t *) skb->data; 1072 1073 /* The code below will attempt to walk the chunk and extract 1074 * parameter information. Before we do that, we need to verify 1075 * that the chunk length doesn't cause overflow. Otherwise, we'll 1076 * walk off the end. 1077 */ 1078 if (WORD_ROUND(ntohs(ch->length)) > skb->len) 1079 return NULL; 1080 1081 /* If this is INIT/INIT-ACK look inside the chunk too. */ 1082 switch (ch->type) { 1083 case SCTP_CID_INIT: 1084 case SCTP_CID_INIT_ACK: 1085 return __sctp_rcv_init_lookup(skb, laddr, transportp); 1086 break; 1087 1088 default: 1089 return __sctp_rcv_walk_lookup(skb, laddr, transportp); 1090 break; 1091 } 1092 1093 1094 return NULL; 1095 } 1096 1097 /* Lookup an association for an inbound skb. */ 1098 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 1099 const union sctp_addr *paddr, 1100 const union sctp_addr *laddr, 1101 struct sctp_transport **transportp) 1102 { 1103 struct sctp_association *asoc; 1104 1105 asoc = __sctp_lookup_association(laddr, paddr, transportp); 1106 1107 /* Further lookup for INIT/INIT-ACK packets. 1108 * SCTP Implementors Guide, 2.18 Handling of address 1109 * parameters within the INIT or INIT-ACK. 1110 */ 1111 if (!asoc) 1112 asoc = __sctp_rcv_lookup_harder(skb, laddr, transportp); 1113 1114 return asoc; 1115 } 1116