1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 54 55 #include <linux/types.h> 56 #include <linux/kernel.h> 57 #include <linux/ip.h> 58 #include <linux/ipv6.h> 59 #include <linux/net.h> 60 #include <linux/inet.h> 61 #include <linux/scatterlist.h> 62 #include <linux/crypto.h> 63 #include <linux/slab.h> 64 #include <net/sock.h> 65 66 #include <linux/skbuff.h> 67 #include <linux/random.h> /* for get_random_bytes */ 68 #include <net/sctp/sctp.h> 69 #include <net/sctp/sm.h> 70 71 SCTP_STATIC 72 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 73 __u8 type, __u8 flags, int paylen); 74 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 75 const struct sctp_association *asoc, 76 const struct sctp_chunk *init_chunk, 77 int *cookie_len, 78 const __u8 *raw_addrs, int addrs_len); 79 static int sctp_process_param(struct sctp_association *asoc, 80 union sctp_params param, 81 const union sctp_addr *peer_addr, 82 gfp_t gfp); 83 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 84 const void *data); 85 86 /* What was the inbound interface for this chunk? */ 87 int sctp_chunk_iif(const struct sctp_chunk *chunk) 88 { 89 struct sctp_af *af; 90 int iif = 0; 91 92 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 93 if (af) 94 iif = af->skb_iif(chunk->skb); 95 96 return iif; 97 } 98 99 /* RFC 2960 3.3.2 Initiation (INIT) (1) 100 * 101 * Note 2: The ECN capable field is reserved for future use of 102 * Explicit Congestion Notification. 103 */ 104 static const struct sctp_paramhdr ecap_param = { 105 SCTP_PARAM_ECN_CAPABLE, 106 cpu_to_be16(sizeof(struct sctp_paramhdr)), 107 }; 108 static const struct sctp_paramhdr prsctp_param = { 109 SCTP_PARAM_FWD_TSN_SUPPORT, 110 cpu_to_be16(sizeof(struct sctp_paramhdr)), 111 }; 112 113 /* A helper to initialize an op error inside a 114 * provided chunk, as most cause codes will be embedded inside an 115 * abort chunk. 116 */ 117 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 118 size_t paylen) 119 { 120 sctp_errhdr_t err; 121 __u16 len; 122 123 /* Cause code constants are now defined in network order. */ 124 err.cause = cause_code; 125 len = sizeof(sctp_errhdr_t) + paylen; 126 err.length = htons(len); 127 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 } 129 130 /* A helper to initialize an op error inside a 131 * provided chunk, as most cause codes will be embedded inside an 132 * abort chunk. Differs from sctp_init_cause in that it won't oops 133 * if there isn't enough space in the op error chunk 134 */ 135 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 136 size_t paylen) 137 { 138 sctp_errhdr_t err; 139 __u16 len; 140 141 /* Cause code constants are now defined in network order. */ 142 err.cause = cause_code; 143 len = sizeof(sctp_errhdr_t) + paylen; 144 err.length = htons(len); 145 146 if (skb_tailroom(chunk->skb) < len) 147 return -ENOSPC; 148 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 149 sizeof(sctp_errhdr_t), 150 &err); 151 return 0; 152 } 153 /* 3.3.2 Initiation (INIT) (1) 154 * 155 * This chunk is used to initiate a SCTP association between two 156 * endpoints. The format of the INIT chunk is shown below: 157 * 158 * 0 1 2 3 159 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 160 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 * | Type = 1 | Chunk Flags | Chunk Length | 162 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 * | Initiate Tag | 164 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 * | Advertised Receiver Window Credit (a_rwnd) | 166 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 167 * | Number of Outbound Streams | Number of Inbound Streams | 168 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 * | Initial TSN | 170 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 171 * \ \ 172 * / Optional/Variable-Length Parameters / 173 * \ \ 174 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 * 176 * 177 * The INIT chunk contains the following parameters. Unless otherwise 178 * noted, each parameter MUST only be included once in the INIT chunk. 179 * 180 * Fixed Parameters Status 181 * ---------------------------------------------- 182 * Initiate Tag Mandatory 183 * Advertised Receiver Window Credit Mandatory 184 * Number of Outbound Streams Mandatory 185 * Number of Inbound Streams Mandatory 186 * Initial TSN Mandatory 187 * 188 * Variable Parameters Status Type Value 189 * ------------------------------------------------------------- 190 * IPv4 Address (Note 1) Optional 5 191 * IPv6 Address (Note 1) Optional 6 192 * Cookie Preservative Optional 9 193 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 194 * Host Name Address (Note 3) Optional 11 195 * Supported Address Types (Note 4) Optional 12 196 */ 197 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 198 const struct sctp_bind_addr *bp, 199 gfp_t gfp, int vparam_len) 200 { 201 struct net *net = sock_net(asoc->base.sk); 202 sctp_inithdr_t init; 203 union sctp_params addrs; 204 size_t chunksize; 205 struct sctp_chunk *retval = NULL; 206 int num_types, addrs_len = 0; 207 struct sctp_sock *sp; 208 sctp_supported_addrs_param_t sat; 209 __be16 types[2]; 210 sctp_adaptation_ind_param_t aiparam; 211 sctp_supported_ext_param_t ext_param; 212 int num_ext = 0; 213 __u8 extensions[3]; 214 sctp_paramhdr_t *auth_chunks = NULL, 215 *auth_hmacs = NULL; 216 217 /* RFC 2960 3.3.2 Initiation (INIT) (1) 218 * 219 * Note 1: The INIT chunks can contain multiple addresses that 220 * can be IPv4 and/or IPv6 in any combination. 221 */ 222 retval = NULL; 223 224 /* Convert the provided bind address list to raw format. */ 225 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 226 227 init.init_tag = htonl(asoc->c.my_vtag); 228 init.a_rwnd = htonl(asoc->rwnd); 229 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 230 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 231 init.initial_tsn = htonl(asoc->c.initial_tsn); 232 233 /* How many address types are needed? */ 234 sp = sctp_sk(asoc->base.sk); 235 num_types = sp->pf->supported_addrs(sp, types); 236 237 chunksize = sizeof(init) + addrs_len; 238 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 239 chunksize += sizeof(ecap_param); 240 241 if (net->sctp.prsctp_enable) 242 chunksize += sizeof(prsctp_param); 243 244 /* ADDIP: Section 4.2.7: 245 * An implementation supporting this extension [ADDIP] MUST list 246 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 247 * INIT-ACK parameters. 248 */ 249 if (net->sctp.addip_enable) { 250 extensions[num_ext] = SCTP_CID_ASCONF; 251 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 252 num_ext += 2; 253 } 254 255 if (sp->adaptation_ind) 256 chunksize += sizeof(aiparam); 257 258 chunksize += vparam_len; 259 260 /* Account for AUTH related parameters */ 261 if (net->sctp.auth_enable) { 262 /* Add random parameter length*/ 263 chunksize += sizeof(asoc->c.auth_random); 264 265 /* Add HMACS parameter length if any were defined */ 266 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 267 if (auth_hmacs->length) 268 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 269 else 270 auth_hmacs = NULL; 271 272 /* Add CHUNKS parameter length */ 273 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 274 if (auth_chunks->length) 275 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 276 else 277 auth_chunks = NULL; 278 279 extensions[num_ext] = SCTP_CID_AUTH; 280 num_ext += 1; 281 } 282 283 /* If we have any extensions to report, account for that */ 284 if (num_ext) 285 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 286 num_ext); 287 288 /* RFC 2960 3.3.2 Initiation (INIT) (1) 289 * 290 * Note 3: An INIT chunk MUST NOT contain more than one Host 291 * Name address parameter. Moreover, the sender of the INIT 292 * MUST NOT combine any other address types with the Host Name 293 * address in the INIT. The receiver of INIT MUST ignore any 294 * other address types if the Host Name address parameter is 295 * present in the received INIT chunk. 296 * 297 * PLEASE DO NOT FIXME [This version does not support Host Name.] 298 */ 299 300 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 301 if (!retval) 302 goto nodata; 303 304 retval->subh.init_hdr = 305 sctp_addto_chunk(retval, sizeof(init), &init); 306 retval->param_hdr.v = 307 sctp_addto_chunk(retval, addrs_len, addrs.v); 308 309 /* RFC 2960 3.3.2 Initiation (INIT) (1) 310 * 311 * Note 4: This parameter, when present, specifies all the 312 * address types the sending endpoint can support. The absence 313 * of this parameter indicates that the sending endpoint can 314 * support any address type. 315 */ 316 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 317 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 318 sctp_addto_chunk(retval, sizeof(sat), &sat); 319 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 320 321 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 322 323 /* Add the supported extensions parameter. Be nice and add this 324 * fist before addiding the parameters for the extensions themselves 325 */ 326 if (num_ext) { 327 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 328 ext_param.param_hdr.length = 329 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 330 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 331 &ext_param); 332 sctp_addto_param(retval, num_ext, extensions); 333 } 334 335 if (net->sctp.prsctp_enable) 336 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 337 338 if (sp->adaptation_ind) { 339 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 340 aiparam.param_hdr.length = htons(sizeof(aiparam)); 341 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 342 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 343 } 344 345 /* Add SCTP-AUTH chunks to the parameter list */ 346 if (net->sctp.auth_enable) { 347 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 348 asoc->c.auth_random); 349 if (auth_hmacs) 350 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 351 auth_hmacs); 352 if (auth_chunks) 353 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 354 auth_chunks); 355 } 356 nodata: 357 kfree(addrs.v); 358 return retval; 359 } 360 361 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 362 const struct sctp_chunk *chunk, 363 gfp_t gfp, int unkparam_len) 364 { 365 sctp_inithdr_t initack; 366 struct sctp_chunk *retval; 367 union sctp_params addrs; 368 struct sctp_sock *sp; 369 int addrs_len; 370 sctp_cookie_param_t *cookie; 371 int cookie_len; 372 size_t chunksize; 373 sctp_adaptation_ind_param_t aiparam; 374 sctp_supported_ext_param_t ext_param; 375 int num_ext = 0; 376 __u8 extensions[3]; 377 sctp_paramhdr_t *auth_chunks = NULL, 378 *auth_hmacs = NULL, 379 *auth_random = NULL; 380 381 retval = NULL; 382 383 /* Note: there may be no addresses to embed. */ 384 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 385 386 initack.init_tag = htonl(asoc->c.my_vtag); 387 initack.a_rwnd = htonl(asoc->rwnd); 388 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 389 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 390 initack.initial_tsn = htonl(asoc->c.initial_tsn); 391 392 /* FIXME: We really ought to build the cookie right 393 * into the packet instead of allocating more fresh memory. 394 */ 395 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 396 addrs.v, addrs_len); 397 if (!cookie) 398 goto nomem_cookie; 399 400 /* Calculate the total size of allocation, include the reserved 401 * space for reporting unknown parameters if it is specified. 402 */ 403 sp = sctp_sk(asoc->base.sk); 404 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 405 406 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 407 if (asoc->peer.ecn_capable) 408 chunksize += sizeof(ecap_param); 409 410 if (asoc->peer.prsctp_capable) 411 chunksize += sizeof(prsctp_param); 412 413 if (asoc->peer.asconf_capable) { 414 extensions[num_ext] = SCTP_CID_ASCONF; 415 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 416 num_ext += 2; 417 } 418 419 if (sp->adaptation_ind) 420 chunksize += sizeof(aiparam); 421 422 if (asoc->peer.auth_capable) { 423 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 424 chunksize += ntohs(auth_random->length); 425 426 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 427 if (auth_hmacs->length) 428 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 429 else 430 auth_hmacs = NULL; 431 432 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 433 if (auth_chunks->length) 434 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 435 else 436 auth_chunks = NULL; 437 438 extensions[num_ext] = SCTP_CID_AUTH; 439 num_ext += 1; 440 } 441 442 if (num_ext) 443 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 444 num_ext); 445 446 /* Now allocate and fill out the chunk. */ 447 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 448 if (!retval) 449 goto nomem_chunk; 450 451 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 452 * 453 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 454 * HEARTBEAT ACK, * etc.) to the same destination transport 455 * address from which it received the DATA or control chunk 456 * to which it is replying. 457 * 458 * [INIT ACK back to where the INIT came from.] 459 */ 460 retval->transport = chunk->transport; 461 462 retval->subh.init_hdr = 463 sctp_addto_chunk(retval, sizeof(initack), &initack); 464 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 465 sctp_addto_chunk(retval, cookie_len, cookie); 466 if (asoc->peer.ecn_capable) 467 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 468 if (num_ext) { 469 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 470 ext_param.param_hdr.length = 471 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 472 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 473 &ext_param); 474 sctp_addto_param(retval, num_ext, extensions); 475 } 476 if (asoc->peer.prsctp_capable) 477 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 478 479 if (sp->adaptation_ind) { 480 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 481 aiparam.param_hdr.length = htons(sizeof(aiparam)); 482 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 483 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 484 } 485 486 if (asoc->peer.auth_capable) { 487 sctp_addto_chunk(retval, ntohs(auth_random->length), 488 auth_random); 489 if (auth_hmacs) 490 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 491 auth_hmacs); 492 if (auth_chunks) 493 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 494 auth_chunks); 495 } 496 497 /* We need to remove the const qualifier at this point. */ 498 retval->asoc = (struct sctp_association *) asoc; 499 500 nomem_chunk: 501 kfree(cookie); 502 nomem_cookie: 503 kfree(addrs.v); 504 return retval; 505 } 506 507 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 508 * 509 * This chunk is used only during the initialization of an association. 510 * It is sent by the initiator of an association to its peer to complete 511 * the initialization process. This chunk MUST precede any DATA chunk 512 * sent within the association, but MAY be bundled with one or more DATA 513 * chunks in the same packet. 514 * 515 * 0 1 2 3 516 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 517 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 518 * | Type = 10 |Chunk Flags | Length | 519 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 520 * / Cookie / 521 * \ \ 522 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 523 * 524 * Chunk Flags: 8 bit 525 * 526 * Set to zero on transmit and ignored on receipt. 527 * 528 * Length: 16 bits (unsigned integer) 529 * 530 * Set to the size of the chunk in bytes, including the 4 bytes of 531 * the chunk header and the size of the Cookie. 532 * 533 * Cookie: variable size 534 * 535 * This field must contain the exact cookie received in the 536 * State Cookie parameter from the previous INIT ACK. 537 * 538 * An implementation SHOULD make the cookie as small as possible 539 * to insure interoperability. 540 */ 541 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 542 const struct sctp_chunk *chunk) 543 { 544 struct sctp_chunk *retval; 545 void *cookie; 546 int cookie_len; 547 548 cookie = asoc->peer.cookie; 549 cookie_len = asoc->peer.cookie_len; 550 551 /* Build a cookie echo chunk. */ 552 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 553 if (!retval) 554 goto nodata; 555 retval->subh.cookie_hdr = 556 sctp_addto_chunk(retval, cookie_len, cookie); 557 558 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 559 * 560 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 561 * HEARTBEAT ACK, * etc.) to the same destination transport 562 * address from which it * received the DATA or control chunk 563 * to which it is replying. 564 * 565 * [COOKIE ECHO back to where the INIT ACK came from.] 566 */ 567 if (chunk) 568 retval->transport = chunk->transport; 569 570 nodata: 571 return retval; 572 } 573 574 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 575 * 576 * This chunk is used only during the initialization of an 577 * association. It is used to acknowledge the receipt of a COOKIE 578 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 579 * within the association, but MAY be bundled with one or more DATA 580 * chunks or SACK chunk in the same SCTP packet. 581 * 582 * 0 1 2 3 583 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 584 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 585 * | Type = 11 |Chunk Flags | Length = 4 | 586 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 587 * 588 * Chunk Flags: 8 bits 589 * 590 * Set to zero on transmit and ignored on receipt. 591 */ 592 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 593 const struct sctp_chunk *chunk) 594 { 595 struct sctp_chunk *retval; 596 597 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 598 599 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 600 * 601 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 602 * HEARTBEAT ACK, * etc.) to the same destination transport 603 * address from which it * received the DATA or control chunk 604 * to which it is replying. 605 * 606 * [COOKIE ACK back to where the COOKIE ECHO came from.] 607 */ 608 if (retval && chunk) 609 retval->transport = chunk->transport; 610 611 return retval; 612 } 613 614 /* 615 * Appendix A: Explicit Congestion Notification: 616 * CWR: 617 * 618 * RFC 2481 details a specific bit for a sender to send in the header of 619 * its next outbound TCP segment to indicate to its peer that it has 620 * reduced its congestion window. This is termed the CWR bit. For 621 * SCTP the same indication is made by including the CWR chunk. 622 * This chunk contains one data element, i.e. the TSN number that 623 * was sent in the ECNE chunk. This element represents the lowest 624 * TSN number in the datagram that was originally marked with the 625 * CE bit. 626 * 627 * 0 1 2 3 628 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 629 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 630 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 631 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 632 * | Lowest TSN Number | 633 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 634 * 635 * Note: The CWR is considered a Control chunk. 636 */ 637 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 638 const __u32 lowest_tsn, 639 const struct sctp_chunk *chunk) 640 { 641 struct sctp_chunk *retval; 642 sctp_cwrhdr_t cwr; 643 644 cwr.lowest_tsn = htonl(lowest_tsn); 645 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 646 sizeof(sctp_cwrhdr_t)); 647 648 if (!retval) 649 goto nodata; 650 651 retval->subh.ecn_cwr_hdr = 652 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 653 654 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 655 * 656 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 657 * HEARTBEAT ACK, * etc.) to the same destination transport 658 * address from which it * received the DATA or control chunk 659 * to which it is replying. 660 * 661 * [Report a reduced congestion window back to where the ECNE 662 * came from.] 663 */ 664 if (chunk) 665 retval->transport = chunk->transport; 666 667 nodata: 668 return retval; 669 } 670 671 /* Make an ECNE chunk. This is a congestion experienced report. */ 672 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 673 const __u32 lowest_tsn) 674 { 675 struct sctp_chunk *retval; 676 sctp_ecnehdr_t ecne; 677 678 ecne.lowest_tsn = htonl(lowest_tsn); 679 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 680 sizeof(sctp_ecnehdr_t)); 681 if (!retval) 682 goto nodata; 683 retval->subh.ecne_hdr = 684 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 685 686 nodata: 687 return retval; 688 } 689 690 /* Make a DATA chunk for the given association from the provided 691 * parameters. However, do not populate the data payload. 692 */ 693 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 694 const struct sctp_sndrcvinfo *sinfo, 695 int data_len, __u8 flags, __u16 ssn) 696 { 697 struct sctp_chunk *retval; 698 struct sctp_datahdr dp; 699 int chunk_len; 700 701 /* We assign the TSN as LATE as possible, not here when 702 * creating the chunk. 703 */ 704 dp.tsn = 0; 705 dp.stream = htons(sinfo->sinfo_stream); 706 dp.ppid = sinfo->sinfo_ppid; 707 708 /* Set the flags for an unordered send. */ 709 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 710 flags |= SCTP_DATA_UNORDERED; 711 dp.ssn = 0; 712 } else 713 dp.ssn = htons(ssn); 714 715 chunk_len = sizeof(dp) + data_len; 716 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 717 if (!retval) 718 goto nodata; 719 720 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 721 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 722 723 nodata: 724 return retval; 725 } 726 727 /* Create a selective ackowledgement (SACK) for the given 728 * association. This reports on which TSN's we've seen to date, 729 * including duplicates and gaps. 730 */ 731 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 732 { 733 struct sctp_chunk *retval; 734 struct sctp_sackhdr sack; 735 int len; 736 __u32 ctsn; 737 __u16 num_gabs, num_dup_tsns; 738 struct sctp_association *aptr = (struct sctp_association *)asoc; 739 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 740 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 741 struct sctp_transport *trans; 742 743 memset(gabs, 0, sizeof(gabs)); 744 ctsn = sctp_tsnmap_get_ctsn(map); 745 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 746 747 /* How much room is needed in the chunk? */ 748 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 749 num_dup_tsns = sctp_tsnmap_num_dups(map); 750 751 /* Initialize the SACK header. */ 752 sack.cum_tsn_ack = htonl(ctsn); 753 sack.a_rwnd = htonl(asoc->a_rwnd); 754 sack.num_gap_ack_blocks = htons(num_gabs); 755 sack.num_dup_tsns = htons(num_dup_tsns); 756 757 len = sizeof(sack) 758 + sizeof(struct sctp_gap_ack_block) * num_gabs 759 + sizeof(__u32) * num_dup_tsns; 760 761 /* Create the chunk. */ 762 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 763 if (!retval) 764 goto nodata; 765 766 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 767 * 768 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 769 * HEARTBEAT ACK, etc.) to the same destination transport 770 * address from which it received the DATA or control chunk to 771 * which it is replying. This rule should also be followed if 772 * the endpoint is bundling DATA chunks together with the 773 * reply chunk. 774 * 775 * However, when acknowledging multiple DATA chunks received 776 * in packets from different source addresses in a single 777 * SACK, the SACK chunk may be transmitted to one of the 778 * destination transport addresses from which the DATA or 779 * control chunks being acknowledged were received. 780 * 781 * [BUG: We do not implement the following paragraph. 782 * Perhaps we should remember the last transport we used for a 783 * SACK and avoid that (if possible) if we have seen any 784 * duplicates. --piggy] 785 * 786 * When a receiver of a duplicate DATA chunk sends a SACK to a 787 * multi- homed endpoint it MAY be beneficial to vary the 788 * destination address and not use the source address of the 789 * DATA chunk. The reason being that receiving a duplicate 790 * from a multi-homed endpoint might indicate that the return 791 * path (as specified in the source address of the DATA chunk) 792 * for the SACK is broken. 793 * 794 * [Send to the address from which we last received a DATA chunk.] 795 */ 796 retval->transport = asoc->peer.last_data_from; 797 798 retval->subh.sack_hdr = 799 sctp_addto_chunk(retval, sizeof(sack), &sack); 800 801 /* Add the gap ack block information. */ 802 if (num_gabs) 803 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 804 gabs); 805 806 /* Add the duplicate TSN information. */ 807 if (num_dup_tsns) { 808 aptr->stats.idupchunks += num_dup_tsns; 809 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 810 sctp_tsnmap_get_dups(map)); 811 } 812 /* Once we have a sack generated, check to see what our sack 813 * generation is, if its 0, reset the transports to 0, and reset 814 * the association generation to 1 815 * 816 * The idea is that zero is never used as a valid generation for the 817 * association so no transport will match after a wrap event like this, 818 * Until the next sack 819 */ 820 if (++aptr->peer.sack_generation == 0) { 821 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 822 transports) 823 trans->sack_generation = 0; 824 aptr->peer.sack_generation = 1; 825 } 826 nodata: 827 return retval; 828 } 829 830 /* Make a SHUTDOWN chunk. */ 831 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 832 const struct sctp_chunk *chunk) 833 { 834 struct sctp_chunk *retval; 835 sctp_shutdownhdr_t shut; 836 __u32 ctsn; 837 838 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 839 shut.cum_tsn_ack = htonl(ctsn); 840 841 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 842 sizeof(sctp_shutdownhdr_t)); 843 if (!retval) 844 goto nodata; 845 846 retval->subh.shutdown_hdr = 847 sctp_addto_chunk(retval, sizeof(shut), &shut); 848 849 if (chunk) 850 retval->transport = chunk->transport; 851 nodata: 852 return retval; 853 } 854 855 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 856 const struct sctp_chunk *chunk) 857 { 858 struct sctp_chunk *retval; 859 860 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 861 862 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 863 * 864 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 865 * HEARTBEAT ACK, * etc.) to the same destination transport 866 * address from which it * received the DATA or control chunk 867 * to which it is replying. 868 * 869 * [ACK back to where the SHUTDOWN came from.] 870 */ 871 if (retval && chunk) 872 retval->transport = chunk->transport; 873 874 return retval; 875 } 876 877 struct sctp_chunk *sctp_make_shutdown_complete( 878 const struct sctp_association *asoc, 879 const struct sctp_chunk *chunk) 880 { 881 struct sctp_chunk *retval; 882 __u8 flags = 0; 883 884 /* Set the T-bit if we have no association (vtag will be 885 * reflected) 886 */ 887 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 888 889 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 890 891 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 892 * 893 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 894 * HEARTBEAT ACK, * etc.) to the same destination transport 895 * address from which it * received the DATA or control chunk 896 * to which it is replying. 897 * 898 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 899 * came from.] 900 */ 901 if (retval && chunk) 902 retval->transport = chunk->transport; 903 904 return retval; 905 } 906 907 /* Create an ABORT. Note that we set the T bit if we have no 908 * association, except when responding to an INIT (sctpimpguide 2.41). 909 */ 910 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 911 const struct sctp_chunk *chunk, 912 const size_t hint) 913 { 914 struct sctp_chunk *retval; 915 __u8 flags = 0; 916 917 /* Set the T-bit if we have no association and 'chunk' is not 918 * an INIT (vtag will be reflected). 919 */ 920 if (!asoc) { 921 if (chunk && chunk->chunk_hdr && 922 chunk->chunk_hdr->type == SCTP_CID_INIT) 923 flags = 0; 924 else 925 flags = SCTP_CHUNK_FLAG_T; 926 } 927 928 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 929 930 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 931 * 932 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 933 * HEARTBEAT ACK, * etc.) to the same destination transport 934 * address from which it * received the DATA or control chunk 935 * to which it is replying. 936 * 937 * [ABORT back to where the offender came from.] 938 */ 939 if (retval && chunk) 940 retval->transport = chunk->transport; 941 942 return retval; 943 } 944 945 /* Helper to create ABORT with a NO_USER_DATA error. */ 946 struct sctp_chunk *sctp_make_abort_no_data( 947 const struct sctp_association *asoc, 948 const struct sctp_chunk *chunk, __u32 tsn) 949 { 950 struct sctp_chunk *retval; 951 __be32 payload; 952 953 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 954 + sizeof(tsn)); 955 956 if (!retval) 957 goto no_mem; 958 959 /* Put the tsn back into network byte order. */ 960 payload = htonl(tsn); 961 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 962 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 963 964 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 965 * 966 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 967 * HEARTBEAT ACK, * etc.) to the same destination transport 968 * address from which it * received the DATA or control chunk 969 * to which it is replying. 970 * 971 * [ABORT back to where the offender came from.] 972 */ 973 if (chunk) 974 retval->transport = chunk->transport; 975 976 no_mem: 977 return retval; 978 } 979 980 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 981 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 982 const struct msghdr *msg, 983 size_t paylen) 984 { 985 struct sctp_chunk *retval; 986 void *payload = NULL; 987 int err; 988 989 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 990 if (!retval) 991 goto err_chunk; 992 993 if (paylen) { 994 /* Put the msg_iov together into payload. */ 995 payload = kmalloc(paylen, GFP_KERNEL); 996 if (!payload) 997 goto err_payload; 998 999 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 1000 if (err < 0) 1001 goto err_copy; 1002 } 1003 1004 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1005 sctp_addto_chunk(retval, paylen, payload); 1006 1007 if (paylen) 1008 kfree(payload); 1009 1010 return retval; 1011 1012 err_copy: 1013 kfree(payload); 1014 err_payload: 1015 sctp_chunk_free(retval); 1016 retval = NULL; 1017 err_chunk: 1018 return retval; 1019 } 1020 1021 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1022 * enough. 1023 */ 1024 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1025 const void *data) 1026 { 1027 void *target; 1028 int chunklen = ntohs(chunk->chunk_hdr->length); 1029 1030 target = skb_put(chunk->skb, len); 1031 1032 if (data) 1033 memcpy(target, data, len); 1034 else 1035 memset(target, 0, len); 1036 1037 /* Adjust the chunk length field. */ 1038 chunk->chunk_hdr->length = htons(chunklen + len); 1039 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1040 1041 return target; 1042 } 1043 1044 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1045 struct sctp_chunk *sctp_make_abort_violation( 1046 const struct sctp_association *asoc, 1047 const struct sctp_chunk *chunk, 1048 const __u8 *payload, 1049 const size_t paylen) 1050 { 1051 struct sctp_chunk *retval; 1052 struct sctp_paramhdr phdr; 1053 1054 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1055 + sizeof(sctp_paramhdr_t)); 1056 if (!retval) 1057 goto end; 1058 1059 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1060 + sizeof(sctp_paramhdr_t)); 1061 1062 phdr.type = htons(chunk->chunk_hdr->type); 1063 phdr.length = chunk->chunk_hdr->length; 1064 sctp_addto_chunk(retval, paylen, payload); 1065 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1066 1067 end: 1068 return retval; 1069 } 1070 1071 struct sctp_chunk *sctp_make_violation_paramlen( 1072 const struct sctp_association *asoc, 1073 const struct sctp_chunk *chunk, 1074 struct sctp_paramhdr *param) 1075 { 1076 struct sctp_chunk *retval; 1077 static const char error[] = "The following parameter had invalid length:"; 1078 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1079 sizeof(sctp_paramhdr_t); 1080 1081 retval = sctp_make_abort(asoc, chunk, payload_len); 1082 if (!retval) 1083 goto nodata; 1084 1085 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1086 sizeof(error) + sizeof(sctp_paramhdr_t)); 1087 sctp_addto_chunk(retval, sizeof(error), error); 1088 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1089 1090 nodata: 1091 return retval; 1092 } 1093 1094 struct sctp_chunk *sctp_make_violation_max_retrans( 1095 const struct sctp_association *asoc, 1096 const struct sctp_chunk *chunk) 1097 { 1098 struct sctp_chunk *retval; 1099 static const char error[] = "Association exceeded its max_retans count"; 1100 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1101 1102 retval = sctp_make_abort(asoc, chunk, payload_len); 1103 if (!retval) 1104 goto nodata; 1105 1106 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1107 sctp_addto_chunk(retval, sizeof(error), error); 1108 1109 nodata: 1110 return retval; 1111 } 1112 1113 /* Make a HEARTBEAT chunk. */ 1114 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1115 const struct sctp_transport *transport) 1116 { 1117 struct sctp_chunk *retval; 1118 sctp_sender_hb_info_t hbinfo; 1119 1120 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo)); 1121 1122 if (!retval) 1123 goto nodata; 1124 1125 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1126 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1127 hbinfo.daddr = transport->ipaddr; 1128 hbinfo.sent_at = jiffies; 1129 hbinfo.hb_nonce = transport->hb_nonce; 1130 1131 /* Cast away the 'const', as this is just telling the chunk 1132 * what transport it belongs to. 1133 */ 1134 retval->transport = (struct sctp_transport *) transport; 1135 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1136 &hbinfo); 1137 1138 nodata: 1139 return retval; 1140 } 1141 1142 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1143 const struct sctp_chunk *chunk, 1144 const void *payload, const size_t paylen) 1145 { 1146 struct sctp_chunk *retval; 1147 1148 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1149 if (!retval) 1150 goto nodata; 1151 1152 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1153 1154 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1155 * 1156 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1157 * HEARTBEAT ACK, * etc.) to the same destination transport 1158 * address from which it * received the DATA or control chunk 1159 * to which it is replying. 1160 * 1161 * [HBACK back to where the HEARTBEAT came from.] 1162 */ 1163 if (chunk) 1164 retval->transport = chunk->transport; 1165 1166 nodata: 1167 return retval; 1168 } 1169 1170 /* Create an Operation Error chunk with the specified space reserved. 1171 * This routine can be used for containing multiple causes in the chunk. 1172 */ 1173 static struct sctp_chunk *sctp_make_op_error_space( 1174 const struct sctp_association *asoc, 1175 const struct sctp_chunk *chunk, 1176 size_t size) 1177 { 1178 struct sctp_chunk *retval; 1179 1180 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1181 sizeof(sctp_errhdr_t) + size); 1182 if (!retval) 1183 goto nodata; 1184 1185 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1186 * 1187 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1188 * HEARTBEAT ACK, etc.) to the same destination transport 1189 * address from which it received the DATA or control chunk 1190 * to which it is replying. 1191 * 1192 */ 1193 if (chunk) 1194 retval->transport = chunk->transport; 1195 1196 nodata: 1197 return retval; 1198 } 1199 1200 /* Create an Operation Error chunk of a fixed size, 1201 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1202 * This is a helper function to allocate an error chunk for 1203 * for those invalid parameter codes in which we may not want 1204 * to report all the errors, if the incomming chunk is large 1205 */ 1206 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1207 const struct sctp_association *asoc, 1208 const struct sctp_chunk *chunk) 1209 { 1210 size_t size = asoc ? asoc->pathmtu : 0; 1211 1212 if (!size) 1213 size = SCTP_DEFAULT_MAXSEGMENT; 1214 1215 return sctp_make_op_error_space(asoc, chunk, size); 1216 } 1217 1218 /* Create an Operation Error chunk. */ 1219 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1220 const struct sctp_chunk *chunk, 1221 __be16 cause_code, const void *payload, 1222 size_t paylen, size_t reserve_tail) 1223 { 1224 struct sctp_chunk *retval; 1225 1226 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1227 if (!retval) 1228 goto nodata; 1229 1230 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1231 sctp_addto_chunk(retval, paylen, payload); 1232 if (reserve_tail) 1233 sctp_addto_param(retval, reserve_tail, NULL); 1234 1235 nodata: 1236 return retval; 1237 } 1238 1239 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1240 { 1241 struct sctp_chunk *retval; 1242 struct sctp_hmac *hmac_desc; 1243 struct sctp_authhdr auth_hdr; 1244 __u8 *hmac; 1245 1246 /* Get the first hmac that the peer told us to use */ 1247 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1248 if (unlikely(!hmac_desc)) 1249 return NULL; 1250 1251 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1252 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1253 if (!retval) 1254 return NULL; 1255 1256 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1257 auth_hdr.shkey_id = htons(asoc->active_key_id); 1258 1259 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1260 &auth_hdr); 1261 1262 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1263 memset(hmac, 0, hmac_desc->hmac_len); 1264 1265 /* Adjust the chunk header to include the empty MAC */ 1266 retval->chunk_hdr->length = 1267 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1268 retval->chunk_end = skb_tail_pointer(retval->skb); 1269 1270 return retval; 1271 } 1272 1273 1274 /******************************************************************** 1275 * 2nd Level Abstractions 1276 ********************************************************************/ 1277 1278 /* Turn an skb into a chunk. 1279 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1280 */ 1281 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1282 const struct sctp_association *asoc, 1283 struct sock *sk) 1284 { 1285 struct sctp_chunk *retval; 1286 1287 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1288 1289 if (!retval) 1290 goto nodata; 1291 1292 if (!sk) { 1293 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1294 } 1295 1296 INIT_LIST_HEAD(&retval->list); 1297 retval->skb = skb; 1298 retval->asoc = (struct sctp_association *)asoc; 1299 retval->has_tsn = 0; 1300 retval->has_ssn = 0; 1301 retval->rtt_in_progress = 0; 1302 retval->sent_at = 0; 1303 retval->singleton = 1; 1304 retval->end_of_packet = 0; 1305 retval->ecn_ce_done = 0; 1306 retval->pdiscard = 0; 1307 1308 /* sctpimpguide-05.txt Section 2.8.2 1309 * M1) Each time a new DATA chunk is transmitted 1310 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1311 * 'TSN.Missing.Report' count will be used to determine missing chunks 1312 * and when to fast retransmit. 1313 */ 1314 retval->tsn_missing_report = 0; 1315 retval->tsn_gap_acked = 0; 1316 retval->fast_retransmit = SCTP_CAN_FRTX; 1317 1318 /* If this is a fragmented message, track all fragments 1319 * of the message (for SEND_FAILED). 1320 */ 1321 retval->msg = NULL; 1322 1323 /* Polish the bead hole. */ 1324 INIT_LIST_HEAD(&retval->transmitted_list); 1325 INIT_LIST_HEAD(&retval->frag_list); 1326 SCTP_DBG_OBJCNT_INC(chunk); 1327 atomic_set(&retval->refcnt, 1); 1328 1329 nodata: 1330 return retval; 1331 } 1332 1333 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1334 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1335 union sctp_addr *dest) 1336 { 1337 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1338 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1339 } 1340 1341 /* Extract the source address from a chunk. */ 1342 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1343 { 1344 /* If we have a known transport, use that. */ 1345 if (chunk->transport) { 1346 return &chunk->transport->ipaddr; 1347 } else { 1348 /* Otherwise, extract it from the IP header. */ 1349 return &chunk->source; 1350 } 1351 } 1352 1353 /* Create a new chunk, setting the type and flags headers from the 1354 * arguments, reserving enough space for a 'paylen' byte payload. 1355 */ 1356 SCTP_STATIC 1357 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1358 __u8 type, __u8 flags, int paylen) 1359 { 1360 struct sctp_chunk *retval; 1361 sctp_chunkhdr_t *chunk_hdr; 1362 struct sk_buff *skb; 1363 struct sock *sk; 1364 1365 /* No need to allocate LL here, as this is only a chunk. */ 1366 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1367 GFP_ATOMIC); 1368 if (!skb) 1369 goto nodata; 1370 1371 /* Make room for the chunk header. */ 1372 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1373 chunk_hdr->type = type; 1374 chunk_hdr->flags = flags; 1375 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1376 1377 sk = asoc ? asoc->base.sk : NULL; 1378 retval = sctp_chunkify(skb, asoc, sk); 1379 if (!retval) { 1380 kfree_skb(skb); 1381 goto nodata; 1382 } 1383 1384 retval->chunk_hdr = chunk_hdr; 1385 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1386 1387 /* Determine if the chunk needs to be authenticated */ 1388 if (sctp_auth_send_cid(type, asoc)) 1389 retval->auth = 1; 1390 1391 /* Set the skb to the belonging sock for accounting. */ 1392 skb->sk = sk; 1393 1394 return retval; 1395 nodata: 1396 return NULL; 1397 } 1398 1399 1400 /* Release the memory occupied by a chunk. */ 1401 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1402 { 1403 BUG_ON(!list_empty(&chunk->list)); 1404 list_del_init(&chunk->transmitted_list); 1405 1406 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1407 dev_kfree_skb(chunk->skb); 1408 1409 SCTP_DBG_OBJCNT_DEC(chunk); 1410 kmem_cache_free(sctp_chunk_cachep, chunk); 1411 } 1412 1413 /* Possibly, free the chunk. */ 1414 void sctp_chunk_free(struct sctp_chunk *chunk) 1415 { 1416 /* Release our reference on the message tracker. */ 1417 if (chunk->msg) 1418 sctp_datamsg_put(chunk->msg); 1419 1420 sctp_chunk_put(chunk); 1421 } 1422 1423 /* Grab a reference to the chunk. */ 1424 void sctp_chunk_hold(struct sctp_chunk *ch) 1425 { 1426 atomic_inc(&ch->refcnt); 1427 } 1428 1429 /* Release a reference to the chunk. */ 1430 void sctp_chunk_put(struct sctp_chunk *ch) 1431 { 1432 if (atomic_dec_and_test(&ch->refcnt)) 1433 sctp_chunk_destroy(ch); 1434 } 1435 1436 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1437 * enough. 1438 */ 1439 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1440 { 1441 void *target; 1442 void *padding; 1443 int chunklen = ntohs(chunk->chunk_hdr->length); 1444 int padlen = WORD_ROUND(chunklen) - chunklen; 1445 1446 padding = skb_put(chunk->skb, padlen); 1447 target = skb_put(chunk->skb, len); 1448 1449 memset(padding, 0, padlen); 1450 memcpy(target, data, len); 1451 1452 /* Adjust the chunk length field. */ 1453 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1454 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1455 1456 return target; 1457 } 1458 1459 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1460 * space in the chunk 1461 */ 1462 void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1463 int len, const void *data) 1464 { 1465 if (skb_tailroom(chunk->skb) >= len) 1466 return sctp_addto_chunk(chunk, len, data); 1467 else 1468 return NULL; 1469 } 1470 1471 /* Append bytes from user space to the end of a chunk. Will panic if 1472 * chunk is not big enough. 1473 * Returns a kernel err value. 1474 */ 1475 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1476 struct iovec *data) 1477 { 1478 __u8 *target; 1479 int err = 0; 1480 1481 /* Make room in chunk for data. */ 1482 target = skb_put(chunk->skb, len); 1483 1484 /* Copy data (whole iovec) into chunk */ 1485 if ((err = memcpy_fromiovecend(target, data, off, len))) 1486 goto out; 1487 1488 /* Adjust the chunk length field. */ 1489 chunk->chunk_hdr->length = 1490 htons(ntohs(chunk->chunk_hdr->length) + len); 1491 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1492 1493 out: 1494 return err; 1495 } 1496 1497 /* Helper function to assign a TSN if needed. This assumes that both 1498 * the data_hdr and association have already been assigned. 1499 */ 1500 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1501 { 1502 struct sctp_datamsg *msg; 1503 struct sctp_chunk *lchunk; 1504 struct sctp_stream *stream; 1505 __u16 ssn; 1506 __u16 sid; 1507 1508 if (chunk->has_ssn) 1509 return; 1510 1511 /* All fragments will be on the same stream */ 1512 sid = ntohs(chunk->subh.data_hdr->stream); 1513 stream = &chunk->asoc->ssnmap->out; 1514 1515 /* Now assign the sequence number to the entire message. 1516 * All fragments must have the same stream sequence number. 1517 */ 1518 msg = chunk->msg; 1519 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1520 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1521 ssn = 0; 1522 } else { 1523 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1524 ssn = sctp_ssn_next(stream, sid); 1525 else 1526 ssn = sctp_ssn_peek(stream, sid); 1527 } 1528 1529 lchunk->subh.data_hdr->ssn = htons(ssn); 1530 lchunk->has_ssn = 1; 1531 } 1532 } 1533 1534 /* Helper function to assign a TSN if needed. This assumes that both 1535 * the data_hdr and association have already been assigned. 1536 */ 1537 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1538 { 1539 if (!chunk->has_tsn) { 1540 /* This is the last possible instant to 1541 * assign a TSN. 1542 */ 1543 chunk->subh.data_hdr->tsn = 1544 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1545 chunk->has_tsn = 1; 1546 } 1547 } 1548 1549 /* Create a CLOSED association to use with an incoming packet. */ 1550 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1551 struct sctp_chunk *chunk, 1552 gfp_t gfp) 1553 { 1554 struct sctp_association *asoc; 1555 struct sk_buff *skb; 1556 sctp_scope_t scope; 1557 struct sctp_af *af; 1558 1559 /* Create the bare association. */ 1560 scope = sctp_scope(sctp_source(chunk)); 1561 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1562 if (!asoc) 1563 goto nodata; 1564 asoc->temp = 1; 1565 skb = chunk->skb; 1566 /* Create an entry for the source address of the packet. */ 1567 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1568 if (unlikely(!af)) 1569 goto fail; 1570 af->from_skb(&asoc->c.peer_addr, skb, 1); 1571 nodata: 1572 return asoc; 1573 1574 fail: 1575 sctp_association_free(asoc); 1576 return NULL; 1577 } 1578 1579 /* Build a cookie representing asoc. 1580 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1581 */ 1582 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1583 const struct sctp_association *asoc, 1584 const struct sctp_chunk *init_chunk, 1585 int *cookie_len, 1586 const __u8 *raw_addrs, int addrs_len) 1587 { 1588 sctp_cookie_param_t *retval; 1589 struct sctp_signed_cookie *cookie; 1590 struct scatterlist sg; 1591 int headersize, bodysize; 1592 unsigned int keylen; 1593 char *key; 1594 1595 /* Header size is static data prior to the actual cookie, including 1596 * any padding. 1597 */ 1598 headersize = sizeof(sctp_paramhdr_t) + 1599 (sizeof(struct sctp_signed_cookie) - 1600 sizeof(struct sctp_cookie)); 1601 bodysize = sizeof(struct sctp_cookie) 1602 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1603 1604 /* Pad out the cookie to a multiple to make the signature 1605 * functions simpler to write. 1606 */ 1607 if (bodysize % SCTP_COOKIE_MULTIPLE) 1608 bodysize += SCTP_COOKIE_MULTIPLE 1609 - (bodysize % SCTP_COOKIE_MULTIPLE); 1610 *cookie_len = headersize + bodysize; 1611 1612 /* Clear this memory since we are sending this data structure 1613 * out on the network. 1614 */ 1615 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1616 if (!retval) 1617 goto nodata; 1618 1619 cookie = (struct sctp_signed_cookie *) retval->body; 1620 1621 /* Set up the parameter header. */ 1622 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1623 retval->p.length = htons(*cookie_len); 1624 1625 /* Copy the cookie part of the association itself. */ 1626 cookie->c = asoc->c; 1627 /* Save the raw address list length in the cookie. */ 1628 cookie->c.raw_addr_list_len = addrs_len; 1629 1630 /* Remember PR-SCTP capability. */ 1631 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1632 1633 /* Save adaptation indication in the cookie. */ 1634 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1635 1636 /* Set an expiration time for the cookie. */ 1637 do_gettimeofday(&cookie->c.expiration); 1638 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1639 1640 /* Copy the peer's init packet. */ 1641 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1642 ntohs(init_chunk->chunk_hdr->length)); 1643 1644 /* Copy the raw local address list of the association. */ 1645 memcpy((__u8 *)&cookie->c.peer_init[0] + 1646 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1647 1648 if (sctp_sk(ep->base.sk)->hmac) { 1649 struct hash_desc desc; 1650 1651 /* Sign the message. */ 1652 sg_init_one(&sg, &cookie->c, bodysize); 1653 keylen = SCTP_SECRET_SIZE; 1654 key = (char *)ep->secret_key[ep->current_key]; 1655 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1656 desc.flags = 0; 1657 1658 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1659 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1660 goto free_cookie; 1661 } 1662 1663 return retval; 1664 1665 free_cookie: 1666 kfree(retval); 1667 nodata: 1668 *cookie_len = 0; 1669 return NULL; 1670 } 1671 1672 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1673 struct sctp_association *sctp_unpack_cookie( 1674 const struct sctp_endpoint *ep, 1675 const struct sctp_association *asoc, 1676 struct sctp_chunk *chunk, gfp_t gfp, 1677 int *error, struct sctp_chunk **errp) 1678 { 1679 struct sctp_association *retval = NULL; 1680 struct sctp_signed_cookie *cookie; 1681 struct sctp_cookie *bear_cookie; 1682 int headersize, bodysize, fixed_size; 1683 __u8 *digest = ep->digest; 1684 struct scatterlist sg; 1685 unsigned int keylen, len; 1686 char *key; 1687 sctp_scope_t scope; 1688 struct sk_buff *skb = chunk->skb; 1689 struct timeval tv; 1690 struct hash_desc desc; 1691 1692 /* Header size is static data prior to the actual cookie, including 1693 * any padding. 1694 */ 1695 headersize = sizeof(sctp_chunkhdr_t) + 1696 (sizeof(struct sctp_signed_cookie) - 1697 sizeof(struct sctp_cookie)); 1698 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1699 fixed_size = headersize + sizeof(struct sctp_cookie); 1700 1701 /* Verify that the chunk looks like it even has a cookie. 1702 * There must be enough room for our cookie and our peer's 1703 * INIT chunk. 1704 */ 1705 len = ntohs(chunk->chunk_hdr->length); 1706 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1707 goto malformed; 1708 1709 /* Verify that the cookie has been padded out. */ 1710 if (bodysize % SCTP_COOKIE_MULTIPLE) 1711 goto malformed; 1712 1713 /* Process the cookie. */ 1714 cookie = chunk->subh.cookie_hdr; 1715 bear_cookie = &cookie->c; 1716 1717 if (!sctp_sk(ep->base.sk)->hmac) 1718 goto no_hmac; 1719 1720 /* Check the signature. */ 1721 keylen = SCTP_SECRET_SIZE; 1722 sg_init_one(&sg, bear_cookie, bodysize); 1723 key = (char *)ep->secret_key[ep->current_key]; 1724 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1725 desc.flags = 0; 1726 1727 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1728 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1729 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1730 *error = -SCTP_IERROR_NOMEM; 1731 goto fail; 1732 } 1733 1734 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1735 /* Try the previous key. */ 1736 key = (char *)ep->secret_key[ep->last_key]; 1737 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1738 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1739 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1740 *error = -SCTP_IERROR_NOMEM; 1741 goto fail; 1742 } 1743 1744 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1745 /* Yikes! Still bad signature! */ 1746 *error = -SCTP_IERROR_BAD_SIG; 1747 goto fail; 1748 } 1749 } 1750 1751 no_hmac: 1752 /* IG Section 2.35.2: 1753 * 3) Compare the port numbers and the verification tag contained 1754 * within the COOKIE ECHO chunk to the actual port numbers and the 1755 * verification tag within the SCTP common header of the received 1756 * packet. If these values do not match the packet MUST be silently 1757 * discarded, 1758 */ 1759 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1760 *error = -SCTP_IERROR_BAD_TAG; 1761 goto fail; 1762 } 1763 1764 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1765 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1766 *error = -SCTP_IERROR_BAD_PORTS; 1767 goto fail; 1768 } 1769 1770 /* Check to see if the cookie is stale. If there is already 1771 * an association, there is no need to check cookie's expiration 1772 * for init collision case of lost COOKIE ACK. 1773 * If skb has been timestamped, then use the stamp, otherwise 1774 * use current time. This introduces a small possibility that 1775 * that a cookie may be considered expired, but his would only slow 1776 * down the new association establishment instead of every packet. 1777 */ 1778 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1779 skb_get_timestamp(skb, &tv); 1780 else 1781 do_gettimeofday(&tv); 1782 1783 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1784 /* 1785 * Section 3.3.10.3 Stale Cookie Error (3) 1786 * 1787 * Cause of error 1788 * --------------- 1789 * Stale Cookie Error: Indicates the receipt of a valid State 1790 * Cookie that has expired. 1791 */ 1792 len = ntohs(chunk->chunk_hdr->length); 1793 *errp = sctp_make_op_error_space(asoc, chunk, len); 1794 if (*errp) { 1795 suseconds_t usecs = (tv.tv_sec - 1796 bear_cookie->expiration.tv_sec) * 1000000L + 1797 tv.tv_usec - bear_cookie->expiration.tv_usec; 1798 __be32 n = htonl(usecs); 1799 1800 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1801 sizeof(n)); 1802 sctp_addto_chunk(*errp, sizeof(n), &n); 1803 *error = -SCTP_IERROR_STALE_COOKIE; 1804 } else 1805 *error = -SCTP_IERROR_NOMEM; 1806 1807 goto fail; 1808 } 1809 1810 /* Make a new base association. */ 1811 scope = sctp_scope(sctp_source(chunk)); 1812 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1813 if (!retval) { 1814 *error = -SCTP_IERROR_NOMEM; 1815 goto fail; 1816 } 1817 1818 /* Set up our peer's port number. */ 1819 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1820 1821 /* Populate the association from the cookie. */ 1822 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1823 1824 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1825 GFP_ATOMIC) < 0) { 1826 *error = -SCTP_IERROR_NOMEM; 1827 goto fail; 1828 } 1829 1830 /* Also, add the destination address. */ 1831 if (list_empty(&retval->base.bind_addr.address_list)) { 1832 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1833 SCTP_ADDR_SRC, GFP_ATOMIC); 1834 } 1835 1836 retval->next_tsn = retval->c.initial_tsn; 1837 retval->ctsn_ack_point = retval->next_tsn - 1; 1838 retval->addip_serial = retval->c.initial_tsn; 1839 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1840 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1841 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1842 1843 /* The INIT stuff will be done by the side effects. */ 1844 return retval; 1845 1846 fail: 1847 if (retval) 1848 sctp_association_free(retval); 1849 1850 return NULL; 1851 1852 malformed: 1853 /* Yikes! The packet is either corrupt or deliberately 1854 * malformed. 1855 */ 1856 *error = -SCTP_IERROR_MALFORMED; 1857 goto fail; 1858 } 1859 1860 /******************************************************************** 1861 * 3rd Level Abstractions 1862 ********************************************************************/ 1863 1864 struct __sctp_missing { 1865 __be32 num_missing; 1866 __be16 type; 1867 } __packed; 1868 1869 /* 1870 * Report a missing mandatory parameter. 1871 */ 1872 static int sctp_process_missing_param(const struct sctp_association *asoc, 1873 sctp_param_t paramtype, 1874 struct sctp_chunk *chunk, 1875 struct sctp_chunk **errp) 1876 { 1877 struct __sctp_missing report; 1878 __u16 len; 1879 1880 len = WORD_ROUND(sizeof(report)); 1881 1882 /* Make an ERROR chunk, preparing enough room for 1883 * returning multiple unknown parameters. 1884 */ 1885 if (!*errp) 1886 *errp = sctp_make_op_error_space(asoc, chunk, len); 1887 1888 if (*errp) { 1889 report.num_missing = htonl(1); 1890 report.type = paramtype; 1891 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1892 sizeof(report)); 1893 sctp_addto_chunk(*errp, sizeof(report), &report); 1894 } 1895 1896 /* Stop processing this chunk. */ 1897 return 0; 1898 } 1899 1900 /* Report an Invalid Mandatory Parameter. */ 1901 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1902 struct sctp_chunk *chunk, 1903 struct sctp_chunk **errp) 1904 { 1905 /* Invalid Mandatory Parameter Error has no payload. */ 1906 1907 if (!*errp) 1908 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1909 1910 if (*errp) 1911 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1912 1913 /* Stop processing this chunk. */ 1914 return 0; 1915 } 1916 1917 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1918 struct sctp_paramhdr *param, 1919 const struct sctp_chunk *chunk, 1920 struct sctp_chunk **errp) 1921 { 1922 /* This is a fatal error. Any accumulated non-fatal errors are 1923 * not reported. 1924 */ 1925 if (*errp) 1926 sctp_chunk_free(*errp); 1927 1928 /* Create an error chunk and fill it in with our payload. */ 1929 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1930 1931 return 0; 1932 } 1933 1934 1935 /* Do not attempt to handle the HOST_NAME parm. However, do 1936 * send back an indicator to the peer. 1937 */ 1938 static int sctp_process_hn_param(const struct sctp_association *asoc, 1939 union sctp_params param, 1940 struct sctp_chunk *chunk, 1941 struct sctp_chunk **errp) 1942 { 1943 __u16 len = ntohs(param.p->length); 1944 1945 /* Processing of the HOST_NAME parameter will generate an 1946 * ABORT. If we've accumulated any non-fatal errors, they 1947 * would be unrecognized parameters and we should not include 1948 * them in the ABORT. 1949 */ 1950 if (*errp) 1951 sctp_chunk_free(*errp); 1952 1953 *errp = sctp_make_op_error_space(asoc, chunk, len); 1954 1955 if (*errp) { 1956 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1957 sctp_addto_chunk(*errp, len, param.v); 1958 } 1959 1960 /* Stop processing this chunk. */ 1961 return 0; 1962 } 1963 1964 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1965 { 1966 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1967 int have_auth = 0; 1968 int have_asconf = 0; 1969 int i; 1970 1971 for (i = 0; i < num_ext; i++) { 1972 switch (param.ext->chunks[i]) { 1973 case SCTP_CID_AUTH: 1974 have_auth = 1; 1975 break; 1976 case SCTP_CID_ASCONF: 1977 case SCTP_CID_ASCONF_ACK: 1978 have_asconf = 1; 1979 break; 1980 } 1981 } 1982 1983 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1984 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1985 * only if ADD-IP is turned on and we are not backward-compatible 1986 * mode. 1987 */ 1988 if (net->sctp.addip_noauth) 1989 return 1; 1990 1991 if (net->sctp.addip_enable && !have_auth && have_asconf) 1992 return 0; 1993 1994 return 1; 1995 } 1996 1997 static void sctp_process_ext_param(struct sctp_association *asoc, 1998 union sctp_params param) 1999 { 2000 struct net *net = sock_net(asoc->base.sk); 2001 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2002 int i; 2003 2004 for (i = 0; i < num_ext; i++) { 2005 switch (param.ext->chunks[i]) { 2006 case SCTP_CID_FWD_TSN: 2007 if (net->sctp.prsctp_enable && 2008 !asoc->peer.prsctp_capable) 2009 asoc->peer.prsctp_capable = 1; 2010 break; 2011 case SCTP_CID_AUTH: 2012 /* if the peer reports AUTH, assume that he 2013 * supports AUTH. 2014 */ 2015 if (net->sctp.auth_enable) 2016 asoc->peer.auth_capable = 1; 2017 break; 2018 case SCTP_CID_ASCONF: 2019 case SCTP_CID_ASCONF_ACK: 2020 if (net->sctp.addip_enable) 2021 asoc->peer.asconf_capable = 1; 2022 break; 2023 default: 2024 break; 2025 } 2026 } 2027 } 2028 2029 /* RFC 3.2.1 & the Implementers Guide 2.2. 2030 * 2031 * The Parameter Types are encoded such that the 2032 * highest-order two bits specify the action that must be 2033 * taken if the processing endpoint does not recognize the 2034 * Parameter Type. 2035 * 2036 * 00 - Stop processing this parameter; do not process any further 2037 * parameters within this chunk 2038 * 2039 * 01 - Stop processing this parameter, do not process any further 2040 * parameters within this chunk, and report the unrecognized 2041 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2042 * 2043 * 10 - Skip this parameter and continue processing. 2044 * 2045 * 11 - Skip this parameter and continue processing but 2046 * report the unrecognized parameter in an 2047 * 'Unrecognized Parameter' ERROR chunk. 2048 * 2049 * Return value: 2050 * SCTP_IERROR_NO_ERROR - continue with the chunk 2051 * SCTP_IERROR_ERROR - stop and report an error. 2052 * SCTP_IERROR_NOMEME - out of memory. 2053 */ 2054 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2055 union sctp_params param, 2056 struct sctp_chunk *chunk, 2057 struct sctp_chunk **errp) 2058 { 2059 int retval = SCTP_IERROR_NO_ERROR; 2060 2061 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2062 case SCTP_PARAM_ACTION_DISCARD: 2063 retval = SCTP_IERROR_ERROR; 2064 break; 2065 case SCTP_PARAM_ACTION_SKIP: 2066 break; 2067 case SCTP_PARAM_ACTION_DISCARD_ERR: 2068 retval = SCTP_IERROR_ERROR; 2069 /* Fall through */ 2070 case SCTP_PARAM_ACTION_SKIP_ERR: 2071 /* Make an ERROR chunk, preparing enough room for 2072 * returning multiple unknown parameters. 2073 */ 2074 if (NULL == *errp) 2075 *errp = sctp_make_op_error_fixed(asoc, chunk); 2076 2077 if (*errp) { 2078 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2079 WORD_ROUND(ntohs(param.p->length)))) 2080 sctp_addto_chunk_fixed(*errp, 2081 WORD_ROUND(ntohs(param.p->length)), 2082 param.v); 2083 } else { 2084 /* If there is no memory for generating the ERROR 2085 * report as specified, an ABORT will be triggered 2086 * to the peer and the association won't be 2087 * established. 2088 */ 2089 retval = SCTP_IERROR_NOMEM; 2090 } 2091 break; 2092 default: 2093 break; 2094 } 2095 2096 return retval; 2097 } 2098 2099 /* Verify variable length parameters 2100 * Return values: 2101 * SCTP_IERROR_ABORT - trigger an ABORT 2102 * SCTP_IERROR_NOMEM - out of memory (abort) 2103 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2104 * SCTP_IERROR_NO_ERROR - continue with the chunk 2105 */ 2106 static sctp_ierror_t sctp_verify_param(struct net *net, 2107 const struct sctp_association *asoc, 2108 union sctp_params param, 2109 sctp_cid_t cid, 2110 struct sctp_chunk *chunk, 2111 struct sctp_chunk **err_chunk) 2112 { 2113 struct sctp_hmac_algo_param *hmacs; 2114 int retval = SCTP_IERROR_NO_ERROR; 2115 __u16 n_elt, id = 0; 2116 int i; 2117 2118 /* FIXME - This routine is not looking at each parameter per the 2119 * chunk type, i.e., unrecognized parameters should be further 2120 * identified based on the chunk id. 2121 */ 2122 2123 switch (param.p->type) { 2124 case SCTP_PARAM_IPV4_ADDRESS: 2125 case SCTP_PARAM_IPV6_ADDRESS: 2126 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2127 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2128 case SCTP_PARAM_STATE_COOKIE: 2129 case SCTP_PARAM_HEARTBEAT_INFO: 2130 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2131 case SCTP_PARAM_ECN_CAPABLE: 2132 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2133 break; 2134 2135 case SCTP_PARAM_SUPPORTED_EXT: 2136 if (!sctp_verify_ext_param(net, param)) 2137 return SCTP_IERROR_ABORT; 2138 break; 2139 2140 case SCTP_PARAM_SET_PRIMARY: 2141 if (net->sctp.addip_enable) 2142 break; 2143 goto fallthrough; 2144 2145 case SCTP_PARAM_HOST_NAME_ADDRESS: 2146 /* Tell the peer, we won't support this param. */ 2147 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2148 retval = SCTP_IERROR_ABORT; 2149 break; 2150 2151 case SCTP_PARAM_FWD_TSN_SUPPORT: 2152 if (net->sctp.prsctp_enable) 2153 break; 2154 goto fallthrough; 2155 2156 case SCTP_PARAM_RANDOM: 2157 if (!net->sctp.auth_enable) 2158 goto fallthrough; 2159 2160 /* SCTP-AUTH: Secion 6.1 2161 * If the random number is not 32 byte long the association 2162 * MUST be aborted. The ABORT chunk SHOULD contain the error 2163 * cause 'Protocol Violation'. 2164 */ 2165 if (SCTP_AUTH_RANDOM_LENGTH != 2166 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2167 sctp_process_inv_paramlength(asoc, param.p, 2168 chunk, err_chunk); 2169 retval = SCTP_IERROR_ABORT; 2170 } 2171 break; 2172 2173 case SCTP_PARAM_CHUNKS: 2174 if (!net->sctp.auth_enable) 2175 goto fallthrough; 2176 2177 /* SCTP-AUTH: Section 3.2 2178 * The CHUNKS parameter MUST be included once in the INIT or 2179 * INIT-ACK chunk if the sender wants to receive authenticated 2180 * chunks. Its maximum length is 260 bytes. 2181 */ 2182 if (260 < ntohs(param.p->length)) { 2183 sctp_process_inv_paramlength(asoc, param.p, 2184 chunk, err_chunk); 2185 retval = SCTP_IERROR_ABORT; 2186 } 2187 break; 2188 2189 case SCTP_PARAM_HMAC_ALGO: 2190 if (!net->sctp.auth_enable) 2191 goto fallthrough; 2192 2193 hmacs = (struct sctp_hmac_algo_param *)param.p; 2194 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2195 2196 /* SCTP-AUTH: Section 6.1 2197 * The HMAC algorithm based on SHA-1 MUST be supported and 2198 * included in the HMAC-ALGO parameter. 2199 */ 2200 for (i = 0; i < n_elt; i++) { 2201 id = ntohs(hmacs->hmac_ids[i]); 2202 2203 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2204 break; 2205 } 2206 2207 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2208 sctp_process_inv_paramlength(asoc, param.p, chunk, 2209 err_chunk); 2210 retval = SCTP_IERROR_ABORT; 2211 } 2212 break; 2213 fallthrough: 2214 default: 2215 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2216 ntohs(param.p->type), cid); 2217 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2218 break; 2219 } 2220 return retval; 2221 } 2222 2223 /* Verify the INIT packet before we process it. */ 2224 int sctp_verify_init(struct net *net, const struct sctp_association *asoc, 2225 sctp_cid_t cid, 2226 sctp_init_chunk_t *peer_init, 2227 struct sctp_chunk *chunk, 2228 struct sctp_chunk **errp) 2229 { 2230 union sctp_params param; 2231 int has_cookie = 0; 2232 int result; 2233 2234 /* Verify stream values are non-zero. */ 2235 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2236 (0 == peer_init->init_hdr.num_inbound_streams) || 2237 (0 == peer_init->init_hdr.init_tag) || 2238 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2239 2240 return sctp_process_inv_mandatory(asoc, chunk, errp); 2241 } 2242 2243 /* Check for missing mandatory parameters. */ 2244 sctp_walk_params(param, peer_init, init_hdr.params) { 2245 2246 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2247 has_cookie = 1; 2248 2249 } /* for (loop through all parameters) */ 2250 2251 /* There is a possibility that a parameter length was bad and 2252 * in that case we would have stoped walking the parameters. 2253 * The current param.p would point at the bad one. 2254 * Current consensus on the mailing list is to generate a PROTOCOL 2255 * VIOLATION error. We build the ERROR chunk here and let the normal 2256 * error handling code build and send the packet. 2257 */ 2258 if (param.v != (void*)chunk->chunk_end) 2259 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2260 2261 /* The only missing mandatory param possible today is 2262 * the state cookie for an INIT-ACK chunk. 2263 */ 2264 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2265 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2266 chunk, errp); 2267 2268 /* Verify all the variable length parameters */ 2269 sctp_walk_params(param, peer_init, init_hdr.params) { 2270 2271 result = sctp_verify_param(net, asoc, param, cid, chunk, errp); 2272 switch (result) { 2273 case SCTP_IERROR_ABORT: 2274 case SCTP_IERROR_NOMEM: 2275 return 0; 2276 case SCTP_IERROR_ERROR: 2277 return 1; 2278 case SCTP_IERROR_NO_ERROR: 2279 default: 2280 break; 2281 } 2282 2283 } /* for (loop through all parameters) */ 2284 2285 return 1; 2286 } 2287 2288 /* Unpack the parameters in an INIT packet into an association. 2289 * Returns 0 on failure, else success. 2290 * FIXME: This is an association method. 2291 */ 2292 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2293 const union sctp_addr *peer_addr, 2294 sctp_init_chunk_t *peer_init, gfp_t gfp) 2295 { 2296 struct net *net = sock_net(asoc->base.sk); 2297 union sctp_params param; 2298 struct sctp_transport *transport; 2299 struct list_head *pos, *temp; 2300 struct sctp_af *af; 2301 union sctp_addr addr; 2302 char *cookie; 2303 int src_match = 0; 2304 2305 /* We must include the address that the INIT packet came from. 2306 * This is the only address that matters for an INIT packet. 2307 * When processing a COOKIE ECHO, we retrieve the from address 2308 * of the INIT from the cookie. 2309 */ 2310 2311 /* This implementation defaults to making the first transport 2312 * added as the primary transport. The source address seems to 2313 * be a a better choice than any of the embedded addresses. 2314 */ 2315 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2316 goto nomem; 2317 2318 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2319 src_match = 1; 2320 2321 /* Process the initialization parameters. */ 2322 sctp_walk_params(param, peer_init, init_hdr.params) { 2323 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2324 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2325 af = sctp_get_af_specific(param_type2af(param.p->type)); 2326 af->from_addr_param(&addr, param.addr, 2327 chunk->sctp_hdr->source, 0); 2328 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2329 src_match = 1; 2330 } 2331 2332 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2333 goto clean_up; 2334 } 2335 2336 /* source address of chunk may not match any valid address */ 2337 if (!src_match) 2338 goto clean_up; 2339 2340 /* AUTH: After processing the parameters, make sure that we 2341 * have all the required info to potentially do authentications. 2342 */ 2343 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2344 !asoc->peer.peer_hmacs)) 2345 asoc->peer.auth_capable = 0; 2346 2347 /* In a non-backward compatible mode, if the peer claims 2348 * support for ADD-IP but not AUTH, the ADD-IP spec states 2349 * that we MUST ABORT the association. Section 6. The section 2350 * also give us an option to silently ignore the packet, which 2351 * is what we'll do here. 2352 */ 2353 if (!net->sctp.addip_noauth && 2354 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2355 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2356 SCTP_PARAM_DEL_IP | 2357 SCTP_PARAM_SET_PRIMARY); 2358 asoc->peer.asconf_capable = 0; 2359 goto clean_up; 2360 } 2361 2362 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2363 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2364 transport = list_entry(pos, struct sctp_transport, transports); 2365 if (transport->state == SCTP_UNKNOWN) { 2366 sctp_assoc_rm_peer(asoc, transport); 2367 } 2368 } 2369 2370 /* The fixed INIT headers are always in network byte 2371 * order. 2372 */ 2373 asoc->peer.i.init_tag = 2374 ntohl(peer_init->init_hdr.init_tag); 2375 asoc->peer.i.a_rwnd = 2376 ntohl(peer_init->init_hdr.a_rwnd); 2377 asoc->peer.i.num_outbound_streams = 2378 ntohs(peer_init->init_hdr.num_outbound_streams); 2379 asoc->peer.i.num_inbound_streams = 2380 ntohs(peer_init->init_hdr.num_inbound_streams); 2381 asoc->peer.i.initial_tsn = 2382 ntohl(peer_init->init_hdr.initial_tsn); 2383 2384 /* Apply the upper bounds for output streams based on peer's 2385 * number of inbound streams. 2386 */ 2387 if (asoc->c.sinit_num_ostreams > 2388 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2389 asoc->c.sinit_num_ostreams = 2390 ntohs(peer_init->init_hdr.num_inbound_streams); 2391 } 2392 2393 if (asoc->c.sinit_max_instreams > 2394 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2395 asoc->c.sinit_max_instreams = 2396 ntohs(peer_init->init_hdr.num_outbound_streams); 2397 } 2398 2399 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2400 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2401 2402 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2403 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2404 2405 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2406 cookie = asoc->peer.cookie; 2407 if (cookie) { 2408 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2409 if (!asoc->peer.cookie) 2410 goto clean_up; 2411 } 2412 2413 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2414 * high (for example, implementations MAY use the size of the receiver 2415 * advertised window). 2416 */ 2417 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2418 transports) { 2419 transport->ssthresh = asoc->peer.i.a_rwnd; 2420 } 2421 2422 /* Set up the TSN tracking pieces. */ 2423 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2424 asoc->peer.i.initial_tsn, gfp)) 2425 goto clean_up; 2426 2427 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2428 * 2429 * The stream sequence number in all the streams shall start 2430 * from 0 when the association is established. Also, when the 2431 * stream sequence number reaches the value 65535 the next 2432 * stream sequence number shall be set to 0. 2433 */ 2434 2435 /* Allocate storage for the negotiated streams if it is not a temporary 2436 * association. 2437 */ 2438 if (!asoc->temp) { 2439 int error; 2440 2441 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2442 asoc->c.sinit_num_ostreams, gfp); 2443 if (!asoc->ssnmap) 2444 goto clean_up; 2445 2446 error = sctp_assoc_set_id(asoc, gfp); 2447 if (error) 2448 goto clean_up; 2449 } 2450 2451 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2452 * 2453 * When an endpoint has an ASCONF signaled change to be sent to the 2454 * remote endpoint it should do the following: 2455 * ... 2456 * A2) A serial number should be assigned to the Chunk. The serial 2457 * number should be a monotonically increasing number. All serial 2458 * numbers are defined to be initialized at the start of the 2459 * association to the same value as the Initial TSN. 2460 */ 2461 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2462 return 1; 2463 2464 clean_up: 2465 /* Release the transport structures. */ 2466 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2467 transport = list_entry(pos, struct sctp_transport, transports); 2468 if (transport->state != SCTP_ACTIVE) 2469 sctp_assoc_rm_peer(asoc, transport); 2470 } 2471 2472 nomem: 2473 return 0; 2474 } 2475 2476 2477 /* Update asoc with the option described in param. 2478 * 2479 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2480 * 2481 * asoc is the association to update. 2482 * param is the variable length parameter to use for update. 2483 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2484 * If the current packet is an INIT we want to minimize the amount of 2485 * work we do. In particular, we should not build transport 2486 * structures for the addresses. 2487 */ 2488 static int sctp_process_param(struct sctp_association *asoc, 2489 union sctp_params param, 2490 const union sctp_addr *peer_addr, 2491 gfp_t gfp) 2492 { 2493 struct net *net = sock_net(asoc->base.sk); 2494 union sctp_addr addr; 2495 int i; 2496 __u16 sat; 2497 int retval = 1; 2498 sctp_scope_t scope; 2499 time_t stale; 2500 struct sctp_af *af; 2501 union sctp_addr_param *addr_param; 2502 struct sctp_transport *t; 2503 2504 /* We maintain all INIT parameters in network byte order all the 2505 * time. This allows us to not worry about whether the parameters 2506 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2507 */ 2508 switch (param.p->type) { 2509 case SCTP_PARAM_IPV6_ADDRESS: 2510 if (PF_INET6 != asoc->base.sk->sk_family) 2511 break; 2512 goto do_addr_param; 2513 2514 case SCTP_PARAM_IPV4_ADDRESS: 2515 /* v4 addresses are not allowed on v6-only socket */ 2516 if (ipv6_only_sock(asoc->base.sk)) 2517 break; 2518 do_addr_param: 2519 af = sctp_get_af_specific(param_type2af(param.p->type)); 2520 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2521 scope = sctp_scope(peer_addr); 2522 if (sctp_in_scope(net, &addr, scope)) 2523 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2524 return 0; 2525 break; 2526 2527 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2528 if (!net->sctp.cookie_preserve_enable) 2529 break; 2530 2531 stale = ntohl(param.life->lifespan_increment); 2532 2533 /* Suggested Cookie Life span increment's unit is msec, 2534 * (1/1000sec). 2535 */ 2536 asoc->cookie_life.tv_sec += stale / 1000; 2537 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2538 break; 2539 2540 case SCTP_PARAM_HOST_NAME_ADDRESS: 2541 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2542 break; 2543 2544 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2545 /* Turn off the default values first so we'll know which 2546 * ones are really set by the peer. 2547 */ 2548 asoc->peer.ipv4_address = 0; 2549 asoc->peer.ipv6_address = 0; 2550 2551 /* Assume that peer supports the address family 2552 * by which it sends a packet. 2553 */ 2554 if (peer_addr->sa.sa_family == AF_INET6) 2555 asoc->peer.ipv6_address = 1; 2556 else if (peer_addr->sa.sa_family == AF_INET) 2557 asoc->peer.ipv4_address = 1; 2558 2559 /* Cycle through address types; avoid divide by 0. */ 2560 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2561 if (sat) 2562 sat /= sizeof(__u16); 2563 2564 for (i = 0; i < sat; ++i) { 2565 switch (param.sat->types[i]) { 2566 case SCTP_PARAM_IPV4_ADDRESS: 2567 asoc->peer.ipv4_address = 1; 2568 break; 2569 2570 case SCTP_PARAM_IPV6_ADDRESS: 2571 if (PF_INET6 == asoc->base.sk->sk_family) 2572 asoc->peer.ipv6_address = 1; 2573 break; 2574 2575 case SCTP_PARAM_HOST_NAME_ADDRESS: 2576 asoc->peer.hostname_address = 1; 2577 break; 2578 2579 default: /* Just ignore anything else. */ 2580 break; 2581 } 2582 } 2583 break; 2584 2585 case SCTP_PARAM_STATE_COOKIE: 2586 asoc->peer.cookie_len = 2587 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2588 asoc->peer.cookie = param.cookie->body; 2589 break; 2590 2591 case SCTP_PARAM_HEARTBEAT_INFO: 2592 /* Would be odd to receive, but it causes no problems. */ 2593 break; 2594 2595 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2596 /* Rejected during verify stage. */ 2597 break; 2598 2599 case SCTP_PARAM_ECN_CAPABLE: 2600 asoc->peer.ecn_capable = 1; 2601 break; 2602 2603 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2604 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2605 break; 2606 2607 case SCTP_PARAM_SET_PRIMARY: 2608 if (!net->sctp.addip_enable) 2609 goto fall_through; 2610 2611 addr_param = param.v + sizeof(sctp_addip_param_t); 2612 2613 af = sctp_get_af_specific(param_type2af(param.p->type)); 2614 af->from_addr_param(&addr, addr_param, 2615 htons(asoc->peer.port), 0); 2616 2617 /* if the address is invalid, we can't process it. 2618 * XXX: see spec for what to do. 2619 */ 2620 if (!af->addr_valid(&addr, NULL, NULL)) 2621 break; 2622 2623 t = sctp_assoc_lookup_paddr(asoc, &addr); 2624 if (!t) 2625 break; 2626 2627 sctp_assoc_set_primary(asoc, t); 2628 break; 2629 2630 case SCTP_PARAM_SUPPORTED_EXT: 2631 sctp_process_ext_param(asoc, param); 2632 break; 2633 2634 case SCTP_PARAM_FWD_TSN_SUPPORT: 2635 if (net->sctp.prsctp_enable) { 2636 asoc->peer.prsctp_capable = 1; 2637 break; 2638 } 2639 /* Fall Through */ 2640 goto fall_through; 2641 2642 case SCTP_PARAM_RANDOM: 2643 if (!net->sctp.auth_enable) 2644 goto fall_through; 2645 2646 /* Save peer's random parameter */ 2647 asoc->peer.peer_random = kmemdup(param.p, 2648 ntohs(param.p->length), gfp); 2649 if (!asoc->peer.peer_random) { 2650 retval = 0; 2651 break; 2652 } 2653 break; 2654 2655 case SCTP_PARAM_HMAC_ALGO: 2656 if (!net->sctp.auth_enable) 2657 goto fall_through; 2658 2659 /* Save peer's HMAC list */ 2660 asoc->peer.peer_hmacs = kmemdup(param.p, 2661 ntohs(param.p->length), gfp); 2662 if (!asoc->peer.peer_hmacs) { 2663 retval = 0; 2664 break; 2665 } 2666 2667 /* Set the default HMAC the peer requested*/ 2668 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2669 break; 2670 2671 case SCTP_PARAM_CHUNKS: 2672 if (!net->sctp.auth_enable) 2673 goto fall_through; 2674 2675 asoc->peer.peer_chunks = kmemdup(param.p, 2676 ntohs(param.p->length), gfp); 2677 if (!asoc->peer.peer_chunks) 2678 retval = 0; 2679 break; 2680 fall_through: 2681 default: 2682 /* Any unrecognized parameters should have been caught 2683 * and handled by sctp_verify_param() which should be 2684 * called prior to this routine. Simply log the error 2685 * here. 2686 */ 2687 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2688 ntohs(param.p->type), asoc); 2689 break; 2690 } 2691 2692 return retval; 2693 } 2694 2695 /* Select a new verification tag. */ 2696 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2697 { 2698 /* I believe that this random number generator complies with RFC1750. 2699 * A tag of 0 is reserved for special cases (e.g. INIT). 2700 */ 2701 __u32 x; 2702 2703 do { 2704 get_random_bytes(&x, sizeof(__u32)); 2705 } while (x == 0); 2706 2707 return x; 2708 } 2709 2710 /* Select an initial TSN to send during startup. */ 2711 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2712 { 2713 __u32 retval; 2714 2715 get_random_bytes(&retval, sizeof(__u32)); 2716 return retval; 2717 } 2718 2719 /* 2720 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2721 * 0 1 2 3 2722 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2723 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2724 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2725 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2726 * | Serial Number | 2727 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2728 * | Address Parameter | 2729 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2730 * | ASCONF Parameter #1 | 2731 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2732 * \ \ 2733 * / .... / 2734 * \ \ 2735 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2736 * | ASCONF Parameter #N | 2737 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2738 * 2739 * Address Parameter and other parameter will not be wrapped in this function 2740 */ 2741 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2742 union sctp_addr *addr, 2743 int vparam_len) 2744 { 2745 sctp_addiphdr_t asconf; 2746 struct sctp_chunk *retval; 2747 int length = sizeof(asconf) + vparam_len; 2748 union sctp_addr_param addrparam; 2749 int addrlen; 2750 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2751 2752 addrlen = af->to_addr_param(addr, &addrparam); 2753 if (!addrlen) 2754 return NULL; 2755 length += addrlen; 2756 2757 /* Create the chunk. */ 2758 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2759 if (!retval) 2760 return NULL; 2761 2762 asconf.serial = htonl(asoc->addip_serial++); 2763 2764 retval->subh.addip_hdr = 2765 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2766 retval->param_hdr.v = 2767 sctp_addto_chunk(retval, addrlen, &addrparam); 2768 2769 return retval; 2770 } 2771 2772 /* ADDIP 2773 * 3.2.1 Add IP Address 2774 * 0 1 2 3 2775 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2776 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2777 * | Type = 0xC001 | Length = Variable | 2778 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2779 * | ASCONF-Request Correlation ID | 2780 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2781 * | Address Parameter | 2782 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2783 * 2784 * 3.2.2 Delete IP Address 2785 * 0 1 2 3 2786 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2787 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2788 * | Type = 0xC002 | Length = Variable | 2789 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2790 * | ASCONF-Request Correlation ID | 2791 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2792 * | Address Parameter | 2793 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2794 * 2795 */ 2796 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2797 union sctp_addr *laddr, 2798 struct sockaddr *addrs, 2799 int addrcnt, 2800 __be16 flags) 2801 { 2802 sctp_addip_param_t param; 2803 struct sctp_chunk *retval; 2804 union sctp_addr_param addr_param; 2805 union sctp_addr *addr; 2806 void *addr_buf; 2807 struct sctp_af *af; 2808 int paramlen = sizeof(param); 2809 int addr_param_len = 0; 2810 int totallen = 0; 2811 int i; 2812 int del_pickup = 0; 2813 2814 /* Get total length of all the address parameters. */ 2815 addr_buf = addrs; 2816 for (i = 0; i < addrcnt; i++) { 2817 addr = addr_buf; 2818 af = sctp_get_af_specific(addr->v4.sin_family); 2819 addr_param_len = af->to_addr_param(addr, &addr_param); 2820 2821 totallen += paramlen; 2822 totallen += addr_param_len; 2823 2824 addr_buf += af->sockaddr_len; 2825 if (asoc->asconf_addr_del_pending && !del_pickup) { 2826 /* reuse the parameter length from the same scope one */ 2827 totallen += paramlen; 2828 totallen += addr_param_len; 2829 del_pickup = 1; 2830 SCTP_DEBUG_PRINTK("mkasconf_update_ip: picked same-scope del_pending addr, totallen for all addresses is %d\n", totallen); 2831 } 2832 } 2833 2834 /* Create an asconf chunk with the required length. */ 2835 retval = sctp_make_asconf(asoc, laddr, totallen); 2836 if (!retval) 2837 return NULL; 2838 2839 /* Add the address parameters to the asconf chunk. */ 2840 addr_buf = addrs; 2841 for (i = 0; i < addrcnt; i++) { 2842 addr = addr_buf; 2843 af = sctp_get_af_specific(addr->v4.sin_family); 2844 addr_param_len = af->to_addr_param(addr, &addr_param); 2845 param.param_hdr.type = flags; 2846 param.param_hdr.length = htons(paramlen + addr_param_len); 2847 param.crr_id = i; 2848 2849 sctp_addto_chunk(retval, paramlen, ¶m); 2850 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2851 2852 addr_buf += af->sockaddr_len; 2853 } 2854 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2855 addr = asoc->asconf_addr_del_pending; 2856 af = sctp_get_af_specific(addr->v4.sin_family); 2857 addr_param_len = af->to_addr_param(addr, &addr_param); 2858 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2859 param.param_hdr.length = htons(paramlen + addr_param_len); 2860 param.crr_id = i; 2861 2862 sctp_addto_chunk(retval, paramlen, ¶m); 2863 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2864 } 2865 return retval; 2866 } 2867 2868 /* ADDIP 2869 * 3.2.4 Set Primary IP Address 2870 * 0 1 2 3 2871 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2872 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2873 * | Type =0xC004 | Length = Variable | 2874 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2875 * | ASCONF-Request Correlation ID | 2876 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2877 * | Address Parameter | 2878 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2879 * 2880 * Create an ASCONF chunk with Set Primary IP address parameter. 2881 */ 2882 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2883 union sctp_addr *addr) 2884 { 2885 sctp_addip_param_t param; 2886 struct sctp_chunk *retval; 2887 int len = sizeof(param); 2888 union sctp_addr_param addrparam; 2889 int addrlen; 2890 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2891 2892 addrlen = af->to_addr_param(addr, &addrparam); 2893 if (!addrlen) 2894 return NULL; 2895 len += addrlen; 2896 2897 /* Create the chunk and make asconf header. */ 2898 retval = sctp_make_asconf(asoc, addr, len); 2899 if (!retval) 2900 return NULL; 2901 2902 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2903 param.param_hdr.length = htons(len); 2904 param.crr_id = 0; 2905 2906 sctp_addto_chunk(retval, sizeof(param), ¶m); 2907 sctp_addto_chunk(retval, addrlen, &addrparam); 2908 2909 return retval; 2910 } 2911 2912 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2913 * 0 1 2 3 2914 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2915 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2916 * | Type = 0x80 | Chunk Flags | Chunk Length | 2917 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2918 * | Serial Number | 2919 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2920 * | ASCONF Parameter Response#1 | 2921 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2922 * \ \ 2923 * / .... / 2924 * \ \ 2925 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2926 * | ASCONF Parameter Response#N | 2927 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2928 * 2929 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2930 */ 2931 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2932 __u32 serial, int vparam_len) 2933 { 2934 sctp_addiphdr_t asconf; 2935 struct sctp_chunk *retval; 2936 int length = sizeof(asconf) + vparam_len; 2937 2938 /* Create the chunk. */ 2939 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2940 if (!retval) 2941 return NULL; 2942 2943 asconf.serial = htonl(serial); 2944 2945 retval->subh.addip_hdr = 2946 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2947 2948 return retval; 2949 } 2950 2951 /* Add response parameters to an ASCONF_ACK chunk. */ 2952 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2953 __be16 err_code, sctp_addip_param_t *asconf_param) 2954 { 2955 sctp_addip_param_t ack_param; 2956 sctp_errhdr_t err_param; 2957 int asconf_param_len = 0; 2958 int err_param_len = 0; 2959 __be16 response_type; 2960 2961 if (SCTP_ERROR_NO_ERROR == err_code) { 2962 response_type = SCTP_PARAM_SUCCESS_REPORT; 2963 } else { 2964 response_type = SCTP_PARAM_ERR_CAUSE; 2965 err_param_len = sizeof(err_param); 2966 if (asconf_param) 2967 asconf_param_len = 2968 ntohs(asconf_param->param_hdr.length); 2969 } 2970 2971 /* Add Success Indication or Error Cause Indication parameter. */ 2972 ack_param.param_hdr.type = response_type; 2973 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2974 err_param_len + 2975 asconf_param_len); 2976 ack_param.crr_id = crr_id; 2977 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2978 2979 if (SCTP_ERROR_NO_ERROR == err_code) 2980 return; 2981 2982 /* Add Error Cause parameter. */ 2983 err_param.cause = err_code; 2984 err_param.length = htons(err_param_len + asconf_param_len); 2985 sctp_addto_chunk(chunk, err_param_len, &err_param); 2986 2987 /* Add the failed TLV copied from ASCONF chunk. */ 2988 if (asconf_param) 2989 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2990 } 2991 2992 /* Process a asconf parameter. */ 2993 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2994 struct sctp_chunk *asconf, 2995 sctp_addip_param_t *asconf_param) 2996 { 2997 struct sctp_transport *peer; 2998 struct sctp_af *af; 2999 union sctp_addr addr; 3000 union sctp_addr_param *addr_param; 3001 3002 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3003 3004 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3005 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3006 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3007 return SCTP_ERROR_UNKNOWN_PARAM; 3008 3009 switch (addr_param->p.type) { 3010 case SCTP_PARAM_IPV6_ADDRESS: 3011 if (!asoc->peer.ipv6_address) 3012 return SCTP_ERROR_DNS_FAILED; 3013 break; 3014 case SCTP_PARAM_IPV4_ADDRESS: 3015 if (!asoc->peer.ipv4_address) 3016 return SCTP_ERROR_DNS_FAILED; 3017 break; 3018 default: 3019 return SCTP_ERROR_DNS_FAILED; 3020 } 3021 3022 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3023 if (unlikely(!af)) 3024 return SCTP_ERROR_DNS_FAILED; 3025 3026 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3027 3028 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3029 * or multicast address. 3030 * (note: wildcard is permitted and requires special handling so 3031 * make sure we check for that) 3032 */ 3033 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3034 return SCTP_ERROR_DNS_FAILED; 3035 3036 switch (asconf_param->param_hdr.type) { 3037 case SCTP_PARAM_ADD_IP: 3038 /* Section 4.2.1: 3039 * If the address 0.0.0.0 or ::0 is provided, the source 3040 * address of the packet MUST be added. 3041 */ 3042 if (af->is_any(&addr)) 3043 memcpy(&addr, &asconf->source, sizeof(addr)); 3044 3045 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3046 * request and does not have the local resources to add this 3047 * new address to the association, it MUST return an Error 3048 * Cause TLV set to the new error code 'Operation Refused 3049 * Due to Resource Shortage'. 3050 */ 3051 3052 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3053 if (!peer) 3054 return SCTP_ERROR_RSRC_LOW; 3055 3056 /* Start the heartbeat timer. */ 3057 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3058 sctp_transport_hold(peer); 3059 asoc->new_transport = peer; 3060 break; 3061 case SCTP_PARAM_DEL_IP: 3062 /* ADDIP 4.3 D7) If a request is received to delete the 3063 * last remaining IP address of a peer endpoint, the receiver 3064 * MUST send an Error Cause TLV with the error cause set to the 3065 * new error code 'Request to Delete Last Remaining IP Address'. 3066 */ 3067 if (asoc->peer.transport_count == 1) 3068 return SCTP_ERROR_DEL_LAST_IP; 3069 3070 /* ADDIP 4.3 D8) If a request is received to delete an IP 3071 * address which is also the source address of the IP packet 3072 * which contained the ASCONF chunk, the receiver MUST reject 3073 * this request. To reject the request the receiver MUST send 3074 * an Error Cause TLV set to the new error code 'Request to 3075 * Delete Source IP Address' 3076 */ 3077 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3078 return SCTP_ERROR_DEL_SRC_IP; 3079 3080 /* Section 4.2.2 3081 * If the address 0.0.0.0 or ::0 is provided, all 3082 * addresses of the peer except the source address of the 3083 * packet MUST be deleted. 3084 */ 3085 if (af->is_any(&addr)) { 3086 sctp_assoc_set_primary(asoc, asconf->transport); 3087 sctp_assoc_del_nonprimary_peers(asoc, 3088 asconf->transport); 3089 } else 3090 sctp_assoc_del_peer(asoc, &addr); 3091 break; 3092 case SCTP_PARAM_SET_PRIMARY: 3093 /* ADDIP Section 4.2.4 3094 * If the address 0.0.0.0 or ::0 is provided, the receiver 3095 * MAY mark the source address of the packet as its 3096 * primary. 3097 */ 3098 if (af->is_any(&addr)) 3099 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3100 3101 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3102 if (!peer) 3103 return SCTP_ERROR_DNS_FAILED; 3104 3105 sctp_assoc_set_primary(asoc, peer); 3106 break; 3107 } 3108 3109 return SCTP_ERROR_NO_ERROR; 3110 } 3111 3112 /* Verify the ASCONF packet before we process it. */ 3113 int sctp_verify_asconf(const struct sctp_association *asoc, 3114 struct sctp_paramhdr *param_hdr, void *chunk_end, 3115 struct sctp_paramhdr **errp) { 3116 sctp_addip_param_t *asconf_param; 3117 union sctp_params param; 3118 int length, plen; 3119 3120 param.v = (sctp_paramhdr_t *) param_hdr; 3121 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3122 length = ntohs(param.p->length); 3123 *errp = param.p; 3124 3125 if (param.v > chunk_end - length || 3126 length < sizeof(sctp_paramhdr_t)) 3127 return 0; 3128 3129 switch (param.p->type) { 3130 case SCTP_PARAM_ADD_IP: 3131 case SCTP_PARAM_DEL_IP: 3132 case SCTP_PARAM_SET_PRIMARY: 3133 asconf_param = (sctp_addip_param_t *)param.v; 3134 plen = ntohs(asconf_param->param_hdr.length); 3135 if (plen < sizeof(sctp_addip_param_t) + 3136 sizeof(sctp_paramhdr_t)) 3137 return 0; 3138 break; 3139 case SCTP_PARAM_SUCCESS_REPORT: 3140 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3141 if (length != sizeof(sctp_addip_param_t)) 3142 return 0; 3143 3144 break; 3145 default: 3146 break; 3147 } 3148 3149 param.v += WORD_ROUND(length); 3150 } 3151 3152 if (param.v != chunk_end) 3153 return 0; 3154 3155 return 1; 3156 } 3157 3158 /* Process an incoming ASCONF chunk with the next expected serial no. and 3159 * return an ASCONF_ACK chunk to be sent in response. 3160 */ 3161 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3162 struct sctp_chunk *asconf) 3163 { 3164 sctp_addiphdr_t *hdr; 3165 union sctp_addr_param *addr_param; 3166 sctp_addip_param_t *asconf_param; 3167 struct sctp_chunk *asconf_ack; 3168 3169 __be16 err_code; 3170 int length = 0; 3171 int chunk_len; 3172 __u32 serial; 3173 int all_param_pass = 1; 3174 3175 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3176 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3177 serial = ntohl(hdr->serial); 3178 3179 /* Skip the addiphdr and store a pointer to address parameter. */ 3180 length = sizeof(sctp_addiphdr_t); 3181 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3182 chunk_len -= length; 3183 3184 /* Skip the address parameter and store a pointer to the first 3185 * asconf parameter. 3186 */ 3187 length = ntohs(addr_param->p.length); 3188 asconf_param = (void *)addr_param + length; 3189 chunk_len -= length; 3190 3191 /* create an ASCONF_ACK chunk. 3192 * Based on the definitions of parameters, we know that the size of 3193 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3194 * parameters. 3195 */ 3196 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3197 if (!asconf_ack) 3198 goto done; 3199 3200 /* Process the TLVs contained within the ASCONF chunk. */ 3201 while (chunk_len > 0) { 3202 err_code = sctp_process_asconf_param(asoc, asconf, 3203 asconf_param); 3204 /* ADDIP 4.1 A7) 3205 * If an error response is received for a TLV parameter, 3206 * all TLVs with no response before the failed TLV are 3207 * considered successful if not reported. All TLVs after 3208 * the failed response are considered unsuccessful unless 3209 * a specific success indication is present for the parameter. 3210 */ 3211 if (SCTP_ERROR_NO_ERROR != err_code) 3212 all_param_pass = 0; 3213 3214 if (!all_param_pass) 3215 sctp_add_asconf_response(asconf_ack, 3216 asconf_param->crr_id, err_code, 3217 asconf_param); 3218 3219 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3220 * an IP address sends an 'Out of Resource' in its response, it 3221 * MUST also fail any subsequent add or delete requests bundled 3222 * in the ASCONF. 3223 */ 3224 if (SCTP_ERROR_RSRC_LOW == err_code) 3225 goto done; 3226 3227 /* Move to the next ASCONF param. */ 3228 length = ntohs(asconf_param->param_hdr.length); 3229 asconf_param = (void *)asconf_param + length; 3230 chunk_len -= length; 3231 } 3232 3233 done: 3234 asoc->peer.addip_serial++; 3235 3236 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3237 * after freeing the reference to old asconf ack if any. 3238 */ 3239 if (asconf_ack) { 3240 sctp_chunk_hold(asconf_ack); 3241 list_add_tail(&asconf_ack->transmitted_list, 3242 &asoc->asconf_ack_list); 3243 } 3244 3245 return asconf_ack; 3246 } 3247 3248 /* Process a asconf parameter that is successfully acked. */ 3249 static void sctp_asconf_param_success(struct sctp_association *asoc, 3250 sctp_addip_param_t *asconf_param) 3251 { 3252 struct sctp_af *af; 3253 union sctp_addr addr; 3254 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3255 union sctp_addr_param *addr_param; 3256 struct sctp_transport *transport; 3257 struct sctp_sockaddr_entry *saddr; 3258 3259 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3260 3261 /* We have checked the packet before, so we do not check again. */ 3262 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3263 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3264 3265 switch (asconf_param->param_hdr.type) { 3266 case SCTP_PARAM_ADD_IP: 3267 /* This is always done in BH context with a socket lock 3268 * held, so the list can not change. 3269 */ 3270 local_bh_disable(); 3271 list_for_each_entry(saddr, &bp->address_list, list) { 3272 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3273 saddr->state = SCTP_ADDR_SRC; 3274 } 3275 local_bh_enable(); 3276 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3277 transports) { 3278 dst_release(transport->dst); 3279 transport->dst = NULL; 3280 } 3281 break; 3282 case SCTP_PARAM_DEL_IP: 3283 local_bh_disable(); 3284 sctp_del_bind_addr(bp, &addr); 3285 if (asoc->asconf_addr_del_pending != NULL && 3286 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3287 kfree(asoc->asconf_addr_del_pending); 3288 asoc->asconf_addr_del_pending = NULL; 3289 } 3290 local_bh_enable(); 3291 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3292 transports) { 3293 dst_release(transport->dst); 3294 transport->dst = NULL; 3295 } 3296 break; 3297 default: 3298 break; 3299 } 3300 } 3301 3302 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3303 * for the given asconf parameter. If there is no response for this parameter, 3304 * return the error code based on the third argument 'no_err'. 3305 * ADDIP 4.1 3306 * A7) If an error response is received for a TLV parameter, all TLVs with no 3307 * response before the failed TLV are considered successful if not reported. 3308 * All TLVs after the failed response are considered unsuccessful unless a 3309 * specific success indication is present for the parameter. 3310 */ 3311 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3312 sctp_addip_param_t *asconf_param, 3313 int no_err) 3314 { 3315 sctp_addip_param_t *asconf_ack_param; 3316 sctp_errhdr_t *err_param; 3317 int length; 3318 int asconf_ack_len; 3319 __be16 err_code; 3320 3321 if (no_err) 3322 err_code = SCTP_ERROR_NO_ERROR; 3323 else 3324 err_code = SCTP_ERROR_REQ_REFUSED; 3325 3326 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3327 sizeof(sctp_chunkhdr_t); 3328 3329 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3330 * the first asconf_ack parameter. 3331 */ 3332 length = sizeof(sctp_addiphdr_t); 3333 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3334 length); 3335 asconf_ack_len -= length; 3336 3337 while (asconf_ack_len > 0) { 3338 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3339 switch(asconf_ack_param->param_hdr.type) { 3340 case SCTP_PARAM_SUCCESS_REPORT: 3341 return SCTP_ERROR_NO_ERROR; 3342 case SCTP_PARAM_ERR_CAUSE: 3343 length = sizeof(sctp_addip_param_t); 3344 err_param = (void *)asconf_ack_param + length; 3345 asconf_ack_len -= length; 3346 if (asconf_ack_len > 0) 3347 return err_param->cause; 3348 else 3349 return SCTP_ERROR_INV_PARAM; 3350 break; 3351 default: 3352 return SCTP_ERROR_INV_PARAM; 3353 } 3354 } 3355 3356 length = ntohs(asconf_ack_param->param_hdr.length); 3357 asconf_ack_param = (void *)asconf_ack_param + length; 3358 asconf_ack_len -= length; 3359 } 3360 3361 return err_code; 3362 } 3363 3364 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3365 int sctp_process_asconf_ack(struct sctp_association *asoc, 3366 struct sctp_chunk *asconf_ack) 3367 { 3368 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3369 union sctp_addr_param *addr_param; 3370 sctp_addip_param_t *asconf_param; 3371 int length = 0; 3372 int asconf_len = asconf->skb->len; 3373 int all_param_pass = 0; 3374 int no_err = 1; 3375 int retval = 0; 3376 __be16 err_code = SCTP_ERROR_NO_ERROR; 3377 3378 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3379 * a pointer to address parameter. 3380 */ 3381 length = sizeof(sctp_addip_chunk_t); 3382 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3383 asconf_len -= length; 3384 3385 /* Skip the address parameter in the last asconf sent and store a 3386 * pointer to the first asconf parameter. 3387 */ 3388 length = ntohs(addr_param->p.length); 3389 asconf_param = (void *)addr_param + length; 3390 asconf_len -= length; 3391 3392 /* ADDIP 4.1 3393 * A8) If there is no response(s) to specific TLV parameter(s), and no 3394 * failures are indicated, then all request(s) are considered 3395 * successful. 3396 */ 3397 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3398 all_param_pass = 1; 3399 3400 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3401 while (asconf_len > 0) { 3402 if (all_param_pass) 3403 err_code = SCTP_ERROR_NO_ERROR; 3404 else { 3405 err_code = sctp_get_asconf_response(asconf_ack, 3406 asconf_param, 3407 no_err); 3408 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3409 no_err = 0; 3410 } 3411 3412 switch (err_code) { 3413 case SCTP_ERROR_NO_ERROR: 3414 sctp_asconf_param_success(asoc, asconf_param); 3415 break; 3416 3417 case SCTP_ERROR_RSRC_LOW: 3418 retval = 1; 3419 break; 3420 3421 case SCTP_ERROR_UNKNOWN_PARAM: 3422 /* Disable sending this type of asconf parameter in 3423 * future. 3424 */ 3425 asoc->peer.addip_disabled_mask |= 3426 asconf_param->param_hdr.type; 3427 break; 3428 3429 case SCTP_ERROR_REQ_REFUSED: 3430 case SCTP_ERROR_DEL_LAST_IP: 3431 case SCTP_ERROR_DEL_SRC_IP: 3432 default: 3433 break; 3434 } 3435 3436 /* Skip the processed asconf parameter and move to the next 3437 * one. 3438 */ 3439 length = ntohs(asconf_param->param_hdr.length); 3440 asconf_param = (void *)asconf_param + length; 3441 asconf_len -= length; 3442 } 3443 3444 if (no_err && asoc->src_out_of_asoc_ok) { 3445 asoc->src_out_of_asoc_ok = 0; 3446 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3447 } 3448 3449 /* Free the cached last sent asconf chunk. */ 3450 list_del_init(&asconf->transmitted_list); 3451 sctp_chunk_free(asconf); 3452 asoc->addip_last_asconf = NULL; 3453 3454 return retval; 3455 } 3456 3457 /* Make a FWD TSN chunk. */ 3458 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3459 __u32 new_cum_tsn, size_t nstreams, 3460 struct sctp_fwdtsn_skip *skiplist) 3461 { 3462 struct sctp_chunk *retval = NULL; 3463 struct sctp_fwdtsn_hdr ftsn_hdr; 3464 struct sctp_fwdtsn_skip skip; 3465 size_t hint; 3466 int i; 3467 3468 hint = (nstreams + 1) * sizeof(__u32); 3469 3470 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3471 3472 if (!retval) 3473 return NULL; 3474 3475 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3476 retval->subh.fwdtsn_hdr = 3477 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3478 3479 for (i = 0; i < nstreams; i++) { 3480 skip.stream = skiplist[i].stream; 3481 skip.ssn = skiplist[i].ssn; 3482 sctp_addto_chunk(retval, sizeof(skip), &skip); 3483 } 3484 3485 return retval; 3486 } 3487