1 /* SCTP kernel reference Implementation 2 * Copyright (c) 1999-2000 Cisco, Inc. 3 * Copyright (c) 1999-2001 Motorola, Inc. 4 * Copyright (c) 2001-2003 International Business Machines, Corp. 5 * Copyright (c) 2001 Intel Corp. 6 * Copyright (c) 2001 Nokia, Inc. 7 * Copyright (c) 2001 La Monte H.P. Yarroll 8 * 9 * This file is part of the SCTP kernel reference Implementation 10 * 11 * These functions handle all input from the IP layer into SCTP. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * Xingang Guo <xingang.guo@intel.com> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Hui Huang <hui.huang@nokia.com> 43 * Daisy Chang <daisyc@us.ibm.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Ardelle Fan <ardelle.fan@intel.com> 46 * 47 * Any bugs reported given to us we will try to fix... any fixes shared will 48 * be incorporated into the next SCTP release. 49 */ 50 51 #include <linux/types.h> 52 #include <linux/list.h> /* For struct list_head */ 53 #include <linux/socket.h> 54 #include <linux/ip.h> 55 #include <linux/time.h> /* For struct timeval */ 56 #include <net/ip.h> 57 #include <net/icmp.h> 58 #include <net/snmp.h> 59 #include <net/sock.h> 60 #include <net/xfrm.h> 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 /* Forward declarations for internal helpers. */ 65 static int sctp_rcv_ootb(struct sk_buff *); 66 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 67 const union sctp_addr *laddr, 68 const union sctp_addr *paddr, 69 struct sctp_transport **transportp); 70 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr); 71 static struct sctp_association *__sctp_lookup_association( 72 const union sctp_addr *local, 73 const union sctp_addr *peer, 74 struct sctp_transport **pt); 75 76 static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb); 77 78 79 /* Calculate the SCTP checksum of an SCTP packet. */ 80 static inline int sctp_rcv_checksum(struct sk_buff *skb) 81 { 82 struct sctphdr *sh; 83 __u32 cmp, val; 84 struct sk_buff *list = skb_shinfo(skb)->frag_list; 85 86 sh = (struct sctphdr *) skb->h.raw; 87 cmp = ntohl(sh->checksum); 88 89 val = sctp_start_cksum((__u8 *)sh, skb_headlen(skb)); 90 91 for (; list; list = list->next) 92 val = sctp_update_cksum((__u8 *)list->data, skb_headlen(list), 93 val); 94 95 val = sctp_end_cksum(val); 96 97 if (val != cmp) { 98 /* CRC failure, dump it. */ 99 SCTP_INC_STATS_BH(SCTP_MIB_CHECKSUMERRORS); 100 return -1; 101 } 102 return 0; 103 } 104 105 struct sctp_input_cb { 106 union { 107 struct inet_skb_parm h4; 108 #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) 109 struct inet6_skb_parm h6; 110 #endif 111 } header; 112 struct sctp_chunk *chunk; 113 }; 114 #define SCTP_INPUT_CB(__skb) ((struct sctp_input_cb *)&((__skb)->cb[0])) 115 116 /* 117 * This is the routine which IP calls when receiving an SCTP packet. 118 */ 119 int sctp_rcv(struct sk_buff *skb) 120 { 121 struct sock *sk; 122 struct sctp_association *asoc; 123 struct sctp_endpoint *ep = NULL; 124 struct sctp_ep_common *rcvr; 125 struct sctp_transport *transport = NULL; 126 struct sctp_chunk *chunk; 127 struct sctphdr *sh; 128 union sctp_addr src; 129 union sctp_addr dest; 130 int family; 131 struct sctp_af *af; 132 133 if (skb->pkt_type!=PACKET_HOST) 134 goto discard_it; 135 136 SCTP_INC_STATS_BH(SCTP_MIB_INSCTPPACKS); 137 138 if (skb_linearize(skb)) 139 goto discard_it; 140 141 sh = (struct sctphdr *) skb->h.raw; 142 143 /* Pull up the IP and SCTP headers. */ 144 __skb_pull(skb, skb->h.raw - skb->data); 145 if (skb->len < sizeof(struct sctphdr)) 146 goto discard_it; 147 if ((skb->ip_summed != CHECKSUM_UNNECESSARY) && 148 (sctp_rcv_checksum(skb) < 0)) 149 goto discard_it; 150 151 skb_pull(skb, sizeof(struct sctphdr)); 152 153 /* Make sure we at least have chunk headers worth of data left. */ 154 if (skb->len < sizeof(struct sctp_chunkhdr)) 155 goto discard_it; 156 157 family = ipver2af(skb->nh.iph->version); 158 af = sctp_get_af_specific(family); 159 if (unlikely(!af)) 160 goto discard_it; 161 162 /* Initialize local addresses for lookups. */ 163 af->from_skb(&src, skb, 1); 164 af->from_skb(&dest, skb, 0); 165 166 /* If the packet is to or from a non-unicast address, 167 * silently discard the packet. 168 * 169 * This is not clearly defined in the RFC except in section 170 * 8.4 - OOTB handling. However, based on the book "Stream Control 171 * Transmission Protocol" 2.1, "It is important to note that the 172 * IP address of an SCTP transport address must be a routable 173 * unicast address. In other words, IP multicast addresses and 174 * IP broadcast addresses cannot be used in an SCTP transport 175 * address." 176 */ 177 if (!af->addr_valid(&src, NULL, skb) || 178 !af->addr_valid(&dest, NULL, skb)) 179 goto discard_it; 180 181 asoc = __sctp_rcv_lookup(skb, &src, &dest, &transport); 182 183 if (!asoc) 184 ep = __sctp_rcv_lookup_endpoint(&dest); 185 186 /* Retrieve the common input handling substructure. */ 187 rcvr = asoc ? &asoc->base : &ep->base; 188 sk = rcvr->sk; 189 190 /* 191 * If a frame arrives on an interface and the receiving socket is 192 * bound to another interface, via SO_BINDTODEVICE, treat it as OOTB 193 */ 194 if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb))) 195 { 196 if (asoc) { 197 sctp_association_put(asoc); 198 asoc = NULL; 199 } else { 200 sctp_endpoint_put(ep); 201 ep = NULL; 202 } 203 sk = sctp_get_ctl_sock(); 204 ep = sctp_sk(sk)->ep; 205 sctp_endpoint_hold(ep); 206 rcvr = &ep->base; 207 } 208 209 /* 210 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 211 * An SCTP packet is called an "out of the blue" (OOTB) 212 * packet if it is correctly formed, i.e., passed the 213 * receiver's checksum check, but the receiver is not 214 * able to identify the association to which this 215 * packet belongs. 216 */ 217 if (!asoc) { 218 if (sctp_rcv_ootb(skb)) { 219 SCTP_INC_STATS_BH(SCTP_MIB_OUTOFBLUES); 220 goto discard_release; 221 } 222 } 223 224 if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family)) 225 goto discard_release; 226 nf_reset(skb); 227 228 if (sk_filter(sk, skb)) 229 goto discard_release; 230 231 /* Create an SCTP packet structure. */ 232 chunk = sctp_chunkify(skb, asoc, sk); 233 if (!chunk) 234 goto discard_release; 235 SCTP_INPUT_CB(skb)->chunk = chunk; 236 237 /* Remember what endpoint is to handle this packet. */ 238 chunk->rcvr = rcvr; 239 240 /* Remember the SCTP header. */ 241 chunk->sctp_hdr = sh; 242 243 /* Set the source and destination addresses of the incoming chunk. */ 244 sctp_init_addrs(chunk, &src, &dest); 245 246 /* Remember where we came from. */ 247 chunk->transport = transport; 248 249 /* Acquire access to the sock lock. Note: We are safe from other 250 * bottom halves on this lock, but a user may be in the lock too, 251 * so check if it is busy. 252 */ 253 sctp_bh_lock_sock(sk); 254 255 if (sock_owned_by_user(sk)) { 256 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_BACKLOG); 257 sctp_add_backlog(sk, skb); 258 } else { 259 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_SOFTIRQ); 260 sctp_inq_push(&chunk->rcvr->inqueue, chunk); 261 } 262 263 sctp_bh_unlock_sock(sk); 264 265 /* Release the asoc/ep ref we took in the lookup calls. */ 266 if (asoc) 267 sctp_association_put(asoc); 268 else 269 sctp_endpoint_put(ep); 270 271 return 0; 272 273 discard_it: 274 SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_DISCARDS); 275 kfree_skb(skb); 276 return 0; 277 278 discard_release: 279 /* Release the asoc/ep ref we took in the lookup calls. */ 280 if (asoc) 281 sctp_association_put(asoc); 282 else 283 sctp_endpoint_put(ep); 284 285 goto discard_it; 286 } 287 288 /* Process the backlog queue of the socket. Every skb on 289 * the backlog holds a ref on an association or endpoint. 290 * We hold this ref throughout the state machine to make 291 * sure that the structure we need is still around. 292 */ 293 int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb) 294 { 295 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; 296 struct sctp_inq *inqueue = &chunk->rcvr->inqueue; 297 struct sctp_ep_common *rcvr = NULL; 298 int backloged = 0; 299 300 rcvr = chunk->rcvr; 301 302 /* If the rcvr is dead then the association or endpoint 303 * has been deleted and we can safely drop the chunk 304 * and refs that we are holding. 305 */ 306 if (rcvr->dead) { 307 sctp_chunk_free(chunk); 308 goto done; 309 } 310 311 if (unlikely(rcvr->sk != sk)) { 312 /* In this case, the association moved from one socket to 313 * another. We are currently sitting on the backlog of the 314 * old socket, so we need to move. 315 * However, since we are here in the process context we 316 * need to take make sure that the user doesn't own 317 * the new socket when we process the packet. 318 * If the new socket is user-owned, queue the chunk to the 319 * backlog of the new socket without dropping any refs. 320 * Otherwise, we can safely push the chunk on the inqueue. 321 */ 322 323 sk = rcvr->sk; 324 sctp_bh_lock_sock(sk); 325 326 if (sock_owned_by_user(sk)) { 327 sk_add_backlog(sk, skb); 328 backloged = 1; 329 } else 330 sctp_inq_push(inqueue, chunk); 331 332 sctp_bh_unlock_sock(sk); 333 334 /* If the chunk was backloged again, don't drop refs */ 335 if (backloged) 336 return 0; 337 } else { 338 sctp_inq_push(inqueue, chunk); 339 } 340 341 done: 342 /* Release the refs we took in sctp_add_backlog */ 343 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) 344 sctp_association_put(sctp_assoc(rcvr)); 345 else if (SCTP_EP_TYPE_SOCKET == rcvr->type) 346 sctp_endpoint_put(sctp_ep(rcvr)); 347 else 348 BUG(); 349 350 return 0; 351 } 352 353 static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb) 354 { 355 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk; 356 struct sctp_ep_common *rcvr = chunk->rcvr; 357 358 /* Hold the assoc/ep while hanging on the backlog queue. 359 * This way, we know structures we need will not disappear from us 360 */ 361 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type) 362 sctp_association_hold(sctp_assoc(rcvr)); 363 else if (SCTP_EP_TYPE_SOCKET == rcvr->type) 364 sctp_endpoint_hold(sctp_ep(rcvr)); 365 else 366 BUG(); 367 368 sk_add_backlog(sk, skb); 369 } 370 371 /* Handle icmp frag needed error. */ 372 void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc, 373 struct sctp_transport *t, __u32 pmtu) 374 { 375 if (sock_owned_by_user(sk) || !t || (t->pathmtu == pmtu)) 376 return; 377 378 if (t->param_flags & SPP_PMTUD_ENABLE) { 379 if (unlikely(pmtu < SCTP_DEFAULT_MINSEGMENT)) { 380 printk(KERN_WARNING "%s: Reported pmtu %d too low, " 381 "using default minimum of %d\n", 382 __FUNCTION__, pmtu, 383 SCTP_DEFAULT_MINSEGMENT); 384 /* Use default minimum segment size and disable 385 * pmtu discovery on this transport. 386 */ 387 t->pathmtu = SCTP_DEFAULT_MINSEGMENT; 388 t->param_flags = (t->param_flags & ~SPP_PMTUD) | 389 SPP_PMTUD_DISABLE; 390 } else { 391 t->pathmtu = pmtu; 392 } 393 394 /* Update association pmtu. */ 395 sctp_assoc_sync_pmtu(asoc); 396 } 397 398 /* Retransmit with the new pmtu setting. 399 * Normally, if PMTU discovery is disabled, an ICMP Fragmentation 400 * Needed will never be sent, but if a message was sent before 401 * PMTU discovery was disabled that was larger than the PMTU, it 402 * would not be fragmented, so it must be re-transmitted fragmented. 403 */ 404 sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD); 405 } 406 407 /* 408 * SCTP Implementer's Guide, 2.37 ICMP handling procedures 409 * 410 * ICMP8) If the ICMP code is a "Unrecognized next header type encountered" 411 * or a "Protocol Unreachable" treat this message as an abort 412 * with the T bit set. 413 * 414 * This function sends an event to the state machine, which will abort the 415 * association. 416 * 417 */ 418 void sctp_icmp_proto_unreachable(struct sock *sk, 419 struct sctp_association *asoc, 420 struct sctp_transport *t) 421 { 422 SCTP_DEBUG_PRINTK("%s\n", __FUNCTION__); 423 424 sctp_do_sm(SCTP_EVENT_T_OTHER, 425 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH), 426 asoc->state, asoc->ep, asoc, t, 427 GFP_ATOMIC); 428 429 } 430 431 /* Common lookup code for icmp/icmpv6 error handler. */ 432 struct sock *sctp_err_lookup(int family, struct sk_buff *skb, 433 struct sctphdr *sctphdr, 434 struct sctp_association **app, 435 struct sctp_transport **tpp) 436 { 437 union sctp_addr saddr; 438 union sctp_addr daddr; 439 struct sctp_af *af; 440 struct sock *sk = NULL; 441 struct sctp_association *asoc; 442 struct sctp_transport *transport = NULL; 443 444 *app = NULL; *tpp = NULL; 445 446 af = sctp_get_af_specific(family); 447 if (unlikely(!af)) { 448 return NULL; 449 } 450 451 /* Initialize local addresses for lookups. */ 452 af->from_skb(&saddr, skb, 1); 453 af->from_skb(&daddr, skb, 0); 454 455 /* Look for an association that matches the incoming ICMP error 456 * packet. 457 */ 458 asoc = __sctp_lookup_association(&saddr, &daddr, &transport); 459 if (!asoc) 460 return NULL; 461 462 sk = asoc->base.sk; 463 464 if (ntohl(sctphdr->vtag) != asoc->c.peer_vtag) { 465 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 466 goto out; 467 } 468 469 sctp_bh_lock_sock(sk); 470 471 /* If too many ICMPs get dropped on busy 472 * servers this needs to be solved differently. 473 */ 474 if (sock_owned_by_user(sk)) 475 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 476 477 *app = asoc; 478 *tpp = transport; 479 return sk; 480 481 out: 482 if (asoc) 483 sctp_association_put(asoc); 484 return NULL; 485 } 486 487 /* Common cleanup code for icmp/icmpv6 error handler. */ 488 void sctp_err_finish(struct sock *sk, struct sctp_association *asoc) 489 { 490 sctp_bh_unlock_sock(sk); 491 if (asoc) 492 sctp_association_put(asoc); 493 } 494 495 /* 496 * This routine is called by the ICMP module when it gets some 497 * sort of error condition. If err < 0 then the socket should 498 * be closed and the error returned to the user. If err > 0 499 * it's just the icmp type << 8 | icmp code. After adjustment 500 * header points to the first 8 bytes of the sctp header. We need 501 * to find the appropriate port. 502 * 503 * The locking strategy used here is very "optimistic". When 504 * someone else accesses the socket the ICMP is just dropped 505 * and for some paths there is no check at all. 506 * A more general error queue to queue errors for later handling 507 * is probably better. 508 * 509 */ 510 void sctp_v4_err(struct sk_buff *skb, __u32 info) 511 { 512 struct iphdr *iph = (struct iphdr *)skb->data; 513 struct sctphdr *sh = (struct sctphdr *)(skb->data + (iph->ihl <<2)); 514 int type = skb->h.icmph->type; 515 int code = skb->h.icmph->code; 516 struct sock *sk; 517 struct sctp_association *asoc = NULL; 518 struct sctp_transport *transport; 519 struct inet_sock *inet; 520 char *saveip, *savesctp; 521 int err; 522 523 if (skb->len < ((iph->ihl << 2) + 8)) { 524 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 525 return; 526 } 527 528 /* Fix up skb to look at the embedded net header. */ 529 saveip = skb->nh.raw; 530 savesctp = skb->h.raw; 531 skb->nh.iph = iph; 532 skb->h.raw = (char *)sh; 533 sk = sctp_err_lookup(AF_INET, skb, sh, &asoc, &transport); 534 /* Put back, the original pointers. */ 535 skb->nh.raw = saveip; 536 skb->h.raw = savesctp; 537 if (!sk) { 538 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 539 return; 540 } 541 /* Warning: The sock lock is held. Remember to call 542 * sctp_err_finish! 543 */ 544 545 switch (type) { 546 case ICMP_PARAMETERPROB: 547 err = EPROTO; 548 break; 549 case ICMP_DEST_UNREACH: 550 if (code > NR_ICMP_UNREACH) 551 goto out_unlock; 552 553 /* PMTU discovery (RFC1191) */ 554 if (ICMP_FRAG_NEEDED == code) { 555 sctp_icmp_frag_needed(sk, asoc, transport, info); 556 goto out_unlock; 557 } 558 else { 559 if (ICMP_PROT_UNREACH == code) { 560 sctp_icmp_proto_unreachable(sk, asoc, 561 transport); 562 goto out_unlock; 563 } 564 } 565 err = icmp_err_convert[code].errno; 566 break; 567 case ICMP_TIME_EXCEEDED: 568 /* Ignore any time exceeded errors due to fragment reassembly 569 * timeouts. 570 */ 571 if (ICMP_EXC_FRAGTIME == code) 572 goto out_unlock; 573 574 err = EHOSTUNREACH; 575 break; 576 default: 577 goto out_unlock; 578 } 579 580 inet = inet_sk(sk); 581 if (!sock_owned_by_user(sk) && inet->recverr) { 582 sk->sk_err = err; 583 sk->sk_error_report(sk); 584 } else { /* Only an error on timeout */ 585 sk->sk_err_soft = err; 586 } 587 588 out_unlock: 589 sctp_err_finish(sk, asoc); 590 } 591 592 /* 593 * RFC 2960, 8.4 - Handle "Out of the blue" Packets. 594 * 595 * This function scans all the chunks in the OOTB packet to determine if 596 * the packet should be discarded right away. If a response might be needed 597 * for this packet, or, if further processing is possible, the packet will 598 * be queued to a proper inqueue for the next phase of handling. 599 * 600 * Output: 601 * Return 0 - If further processing is needed. 602 * Return 1 - If the packet can be discarded right away. 603 */ 604 int sctp_rcv_ootb(struct sk_buff *skb) 605 { 606 sctp_chunkhdr_t *ch; 607 __u8 *ch_end; 608 sctp_errhdr_t *err; 609 610 ch = (sctp_chunkhdr_t *) skb->data; 611 612 /* Scan through all the chunks in the packet. */ 613 do { 614 /* Break out if chunk length is less then minimal. */ 615 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t)) 616 break; 617 618 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length)); 619 if (ch_end > skb->tail) 620 break; 621 622 /* RFC 8.4, 2) If the OOTB packet contains an ABORT chunk, the 623 * receiver MUST silently discard the OOTB packet and take no 624 * further action. 625 */ 626 if (SCTP_CID_ABORT == ch->type) 627 goto discard; 628 629 /* RFC 8.4, 6) If the packet contains a SHUTDOWN COMPLETE 630 * chunk, the receiver should silently discard the packet 631 * and take no further action. 632 */ 633 if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type) 634 goto discard; 635 636 /* RFC 8.4, 7) If the packet contains a "Stale cookie" ERROR 637 * or a COOKIE ACK the SCTP Packet should be silently 638 * discarded. 639 */ 640 if (SCTP_CID_COOKIE_ACK == ch->type) 641 goto discard; 642 643 if (SCTP_CID_ERROR == ch->type) { 644 sctp_walk_errors(err, ch) { 645 if (SCTP_ERROR_STALE_COOKIE == err->cause) 646 goto discard; 647 } 648 } 649 650 ch = (sctp_chunkhdr_t *) ch_end; 651 } while (ch_end < skb->tail); 652 653 return 0; 654 655 discard: 656 return 1; 657 } 658 659 /* Insert endpoint into the hash table. */ 660 static void __sctp_hash_endpoint(struct sctp_endpoint *ep) 661 { 662 struct sctp_ep_common **epp; 663 struct sctp_ep_common *epb; 664 struct sctp_hashbucket *head; 665 666 epb = &ep->base; 667 668 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 669 head = &sctp_ep_hashtable[epb->hashent]; 670 671 sctp_write_lock(&head->lock); 672 epp = &head->chain; 673 epb->next = *epp; 674 if (epb->next) 675 (*epp)->pprev = &epb->next; 676 *epp = epb; 677 epb->pprev = epp; 678 sctp_write_unlock(&head->lock); 679 } 680 681 /* Add an endpoint to the hash. Local BH-safe. */ 682 void sctp_hash_endpoint(struct sctp_endpoint *ep) 683 { 684 sctp_local_bh_disable(); 685 __sctp_hash_endpoint(ep); 686 sctp_local_bh_enable(); 687 } 688 689 /* Remove endpoint from the hash table. */ 690 static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) 691 { 692 struct sctp_hashbucket *head; 693 struct sctp_ep_common *epb; 694 695 epb = &ep->base; 696 697 epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); 698 699 head = &sctp_ep_hashtable[epb->hashent]; 700 701 sctp_write_lock(&head->lock); 702 703 if (epb->pprev) { 704 if (epb->next) 705 epb->next->pprev = epb->pprev; 706 *epb->pprev = epb->next; 707 epb->pprev = NULL; 708 } 709 710 sctp_write_unlock(&head->lock); 711 } 712 713 /* Remove endpoint from the hash. Local BH-safe. */ 714 void sctp_unhash_endpoint(struct sctp_endpoint *ep) 715 { 716 sctp_local_bh_disable(); 717 __sctp_unhash_endpoint(ep); 718 sctp_local_bh_enable(); 719 } 720 721 /* Look up an endpoint. */ 722 static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(const union sctp_addr *laddr) 723 { 724 struct sctp_hashbucket *head; 725 struct sctp_ep_common *epb; 726 struct sctp_endpoint *ep; 727 int hash; 728 729 hash = sctp_ep_hashfn(ntohs(laddr->v4.sin_port)); 730 head = &sctp_ep_hashtable[hash]; 731 read_lock(&head->lock); 732 for (epb = head->chain; epb; epb = epb->next) { 733 ep = sctp_ep(epb); 734 if (sctp_endpoint_is_match(ep, laddr)) 735 goto hit; 736 } 737 738 ep = sctp_sk((sctp_get_ctl_sock()))->ep; 739 epb = &ep->base; 740 741 hit: 742 sctp_endpoint_hold(ep); 743 read_unlock(&head->lock); 744 return ep; 745 } 746 747 /* Insert association into the hash table. */ 748 static void __sctp_hash_established(struct sctp_association *asoc) 749 { 750 struct sctp_ep_common **epp; 751 struct sctp_ep_common *epb; 752 struct sctp_hashbucket *head; 753 754 epb = &asoc->base; 755 756 /* Calculate which chain this entry will belong to. */ 757 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, asoc->peer.port); 758 759 head = &sctp_assoc_hashtable[epb->hashent]; 760 761 sctp_write_lock(&head->lock); 762 epp = &head->chain; 763 epb->next = *epp; 764 if (epb->next) 765 (*epp)->pprev = &epb->next; 766 *epp = epb; 767 epb->pprev = epp; 768 sctp_write_unlock(&head->lock); 769 } 770 771 /* Add an association to the hash. Local BH-safe. */ 772 void sctp_hash_established(struct sctp_association *asoc) 773 { 774 if (asoc->temp) 775 return; 776 777 sctp_local_bh_disable(); 778 __sctp_hash_established(asoc); 779 sctp_local_bh_enable(); 780 } 781 782 /* Remove association from the hash table. */ 783 static void __sctp_unhash_established(struct sctp_association *asoc) 784 { 785 struct sctp_hashbucket *head; 786 struct sctp_ep_common *epb; 787 788 epb = &asoc->base; 789 790 epb->hashent = sctp_assoc_hashfn(epb->bind_addr.port, 791 asoc->peer.port); 792 793 head = &sctp_assoc_hashtable[epb->hashent]; 794 795 sctp_write_lock(&head->lock); 796 797 if (epb->pprev) { 798 if (epb->next) 799 epb->next->pprev = epb->pprev; 800 *epb->pprev = epb->next; 801 epb->pprev = NULL; 802 } 803 804 sctp_write_unlock(&head->lock); 805 } 806 807 /* Remove association from the hash table. Local BH-safe. */ 808 void sctp_unhash_established(struct sctp_association *asoc) 809 { 810 if (asoc->temp) 811 return; 812 813 sctp_local_bh_disable(); 814 __sctp_unhash_established(asoc); 815 sctp_local_bh_enable(); 816 } 817 818 /* Look up an association. */ 819 static struct sctp_association *__sctp_lookup_association( 820 const union sctp_addr *local, 821 const union sctp_addr *peer, 822 struct sctp_transport **pt) 823 { 824 struct sctp_hashbucket *head; 825 struct sctp_ep_common *epb; 826 struct sctp_association *asoc; 827 struct sctp_transport *transport; 828 int hash; 829 830 /* Optimize here for direct hit, only listening connections can 831 * have wildcards anyways. 832 */ 833 hash = sctp_assoc_hashfn(ntohs(local->v4.sin_port), ntohs(peer->v4.sin_port)); 834 head = &sctp_assoc_hashtable[hash]; 835 read_lock(&head->lock); 836 for (epb = head->chain; epb; epb = epb->next) { 837 asoc = sctp_assoc(epb); 838 transport = sctp_assoc_is_match(asoc, local, peer); 839 if (transport) 840 goto hit; 841 } 842 843 read_unlock(&head->lock); 844 845 return NULL; 846 847 hit: 848 *pt = transport; 849 sctp_association_hold(asoc); 850 read_unlock(&head->lock); 851 return asoc; 852 } 853 854 /* Look up an association. BH-safe. */ 855 SCTP_STATIC 856 struct sctp_association *sctp_lookup_association(const union sctp_addr *laddr, 857 const union sctp_addr *paddr, 858 struct sctp_transport **transportp) 859 { 860 struct sctp_association *asoc; 861 862 sctp_local_bh_disable(); 863 asoc = __sctp_lookup_association(laddr, paddr, transportp); 864 sctp_local_bh_enable(); 865 866 return asoc; 867 } 868 869 /* Is there an association matching the given local and peer addresses? */ 870 int sctp_has_association(const union sctp_addr *laddr, 871 const union sctp_addr *paddr) 872 { 873 struct sctp_association *asoc; 874 struct sctp_transport *transport; 875 876 if ((asoc = sctp_lookup_association(laddr, paddr, &transport))) { 877 sctp_association_put(asoc); 878 return 1; 879 } 880 881 return 0; 882 } 883 884 /* 885 * SCTP Implementors Guide, 2.18 Handling of address 886 * parameters within the INIT or INIT-ACK. 887 * 888 * D) When searching for a matching TCB upon reception of an INIT 889 * or INIT-ACK chunk the receiver SHOULD use not only the 890 * source address of the packet (containing the INIT or 891 * INIT-ACK) but the receiver SHOULD also use all valid 892 * address parameters contained within the chunk. 893 * 894 * 2.18.3 Solution description 895 * 896 * This new text clearly specifies to an implementor the need 897 * to look within the INIT or INIT-ACK. Any implementation that 898 * does not do this, may not be able to establish associations 899 * in certain circumstances. 900 * 901 */ 902 static struct sctp_association *__sctp_rcv_init_lookup(struct sk_buff *skb, 903 const union sctp_addr *laddr, struct sctp_transport **transportp) 904 { 905 struct sctp_association *asoc; 906 union sctp_addr addr; 907 union sctp_addr *paddr = &addr; 908 struct sctphdr *sh = (struct sctphdr *) skb->h.raw; 909 sctp_chunkhdr_t *ch; 910 union sctp_params params; 911 sctp_init_chunk_t *init; 912 struct sctp_transport *transport; 913 struct sctp_af *af; 914 915 ch = (sctp_chunkhdr_t *) skb->data; 916 917 /* If this is INIT/INIT-ACK look inside the chunk too. */ 918 switch (ch->type) { 919 case SCTP_CID_INIT: 920 case SCTP_CID_INIT_ACK: 921 break; 922 default: 923 return NULL; 924 } 925 926 /* The code below will attempt to walk the chunk and extract 927 * parameter information. Before we do that, we need to verify 928 * that the chunk length doesn't cause overflow. Otherwise, we'll 929 * walk off the end. 930 */ 931 if (WORD_ROUND(ntohs(ch->length)) > skb->len) 932 return NULL; 933 934 /* 935 * This code will NOT touch anything inside the chunk--it is 936 * strictly READ-ONLY. 937 * 938 * RFC 2960 3 SCTP packet Format 939 * 940 * Multiple chunks can be bundled into one SCTP packet up to 941 * the MTU size, except for the INIT, INIT ACK, and SHUTDOWN 942 * COMPLETE chunks. These chunks MUST NOT be bundled with any 943 * other chunk in a packet. See Section 6.10 for more details 944 * on chunk bundling. 945 */ 946 947 /* Find the start of the TLVs and the end of the chunk. This is 948 * the region we search for address parameters. 949 */ 950 init = (sctp_init_chunk_t *)skb->data; 951 952 /* Walk the parameters looking for embedded addresses. */ 953 sctp_walk_params(params, init, init_hdr.params) { 954 955 /* Note: Ignoring hostname addresses. */ 956 af = sctp_get_af_specific(param_type2af(params.p->type)); 957 if (!af) 958 continue; 959 960 af->from_addr_param(paddr, params.addr, sh->source, 0); 961 962 asoc = __sctp_lookup_association(laddr, paddr, &transport); 963 if (asoc) 964 return asoc; 965 } 966 967 return NULL; 968 } 969 970 /* Lookup an association for an inbound skb. */ 971 static struct sctp_association *__sctp_rcv_lookup(struct sk_buff *skb, 972 const union sctp_addr *paddr, 973 const union sctp_addr *laddr, 974 struct sctp_transport **transportp) 975 { 976 struct sctp_association *asoc; 977 978 asoc = __sctp_lookup_association(laddr, paddr, transportp); 979 980 /* Further lookup for INIT/INIT-ACK packets. 981 * SCTP Implementors Guide, 2.18 Handling of address 982 * parameters within the INIT or INIT-ACK. 983 */ 984 if (!asoc) 985 asoc = __sctp_rcv_init_lookup(skb, laddr, transportp); 986 987 return asoc; 988 } 989