1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern kmem_cache_t *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 gfp_t gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __u16 types[2]; 187 sctp_adaption_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaption_ind = htonl(sp->adaption_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 kfree(addrs.v); 258 return retval; 259 } 260 261 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 262 const struct sctp_chunk *chunk, 263 gfp_t gfp, int unkparam_len) 264 { 265 sctp_inithdr_t initack; 266 struct sctp_chunk *retval; 267 union sctp_params addrs; 268 int addrs_len; 269 sctp_cookie_param_t *cookie; 270 int cookie_len; 271 size_t chunksize; 272 sctp_adaption_ind_param_t aiparam; 273 274 retval = NULL; 275 276 /* Note: there may be no addresses to embed. */ 277 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 278 279 initack.init_tag = htonl(asoc->c.my_vtag); 280 initack.a_rwnd = htonl(asoc->rwnd); 281 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 282 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 283 initack.initial_tsn = htonl(asoc->c.initial_tsn); 284 285 /* FIXME: We really ought to build the cookie right 286 * into the packet instead of allocating more fresh memory. 287 */ 288 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 289 addrs.v, addrs_len); 290 if (!cookie) 291 goto nomem_cookie; 292 293 /* Calculate the total size of allocation, include the reserved 294 * space for reporting unknown parameters if it is specified. 295 */ 296 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 297 298 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 299 if (asoc->peer.ecn_capable) 300 chunksize += sizeof(ecap_param); 301 302 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 303 if (asoc->peer.prsctp_capable) 304 chunksize += sizeof(prsctp_param); 305 306 chunksize += sizeof(aiparam); 307 308 /* Now allocate and fill out the chunk. */ 309 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 310 if (!retval) 311 goto nomem_chunk; 312 313 /* Per the advice in RFC 2960 6.4, send this reply to 314 * the source of the INIT packet. 315 */ 316 retval->transport = chunk->transport; 317 retval->subh.init_hdr = 318 sctp_addto_chunk(retval, sizeof(initack), &initack); 319 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 320 sctp_addto_chunk(retval, cookie_len, cookie); 321 if (asoc->peer.ecn_capable) 322 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 323 if (asoc->peer.prsctp_capable) 324 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 325 326 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 327 aiparam.param_hdr.length = htons(sizeof(aiparam)); 328 aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind); 329 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 330 331 /* We need to remove the const qualifier at this point. */ 332 retval->asoc = (struct sctp_association *) asoc; 333 334 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 335 * 336 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 337 * HEARTBEAT ACK, * etc.) to the same destination transport 338 * address from which it received the DATA or control chunk 339 * to which it is replying. 340 * 341 * [INIT ACK back to where the INIT came from.] 342 */ 343 if (chunk) 344 retval->transport = chunk->transport; 345 346 nomem_chunk: 347 kfree(cookie); 348 nomem_cookie: 349 kfree(addrs.v); 350 return retval; 351 } 352 353 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 354 * 355 * This chunk is used only during the initialization of an association. 356 * It is sent by the initiator of an association to its peer to complete 357 * the initialization process. This chunk MUST precede any DATA chunk 358 * sent within the association, but MAY be bundled with one or more DATA 359 * chunks in the same packet. 360 * 361 * 0 1 2 3 362 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 363 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 * | Type = 10 |Chunk Flags | Length | 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * / Cookie / 367 * \ \ 368 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 * 370 * Chunk Flags: 8 bit 371 * 372 * Set to zero on transmit and ignored on receipt. 373 * 374 * Length: 16 bits (unsigned integer) 375 * 376 * Set to the size of the chunk in bytes, including the 4 bytes of 377 * the chunk header and the size of the Cookie. 378 * 379 * Cookie: variable size 380 * 381 * This field must contain the exact cookie received in the 382 * State Cookie parameter from the previous INIT ACK. 383 * 384 * An implementation SHOULD make the cookie as small as possible 385 * to insure interoperability. 386 */ 387 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 388 const struct sctp_chunk *chunk) 389 { 390 struct sctp_chunk *retval; 391 void *cookie; 392 int cookie_len; 393 394 cookie = asoc->peer.cookie; 395 cookie_len = asoc->peer.cookie_len; 396 397 /* Build a cookie echo chunk. */ 398 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 399 if (!retval) 400 goto nodata; 401 retval->subh.cookie_hdr = 402 sctp_addto_chunk(retval, cookie_len, cookie); 403 404 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 405 * 406 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 407 * HEARTBEAT ACK, * etc.) to the same destination transport 408 * address from which it * received the DATA or control chunk 409 * to which it is replying. 410 * 411 * [COOKIE ECHO back to where the INIT ACK came from.] 412 */ 413 if (chunk) 414 retval->transport = chunk->transport; 415 416 nodata: 417 return retval; 418 } 419 420 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 421 * 422 * This chunk is used only during the initialization of an 423 * association. It is used to acknowledge the receipt of a COOKIE 424 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 425 * within the association, but MAY be bundled with one or more DATA 426 * chunks or SACK chunk in the same SCTP packet. 427 * 428 * 0 1 2 3 429 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 430 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 431 * | Type = 11 |Chunk Flags | Length = 4 | 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * 434 * Chunk Flags: 8 bits 435 * 436 * Set to zero on transmit and ignored on receipt. 437 */ 438 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 439 const struct sctp_chunk *chunk) 440 { 441 struct sctp_chunk *retval; 442 443 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 444 445 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 446 * 447 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 448 * HEARTBEAT ACK, * etc.) to the same destination transport 449 * address from which it * received the DATA or control chunk 450 * to which it is replying. 451 * 452 * [COOKIE ACK back to where the COOKIE ECHO came from.] 453 */ 454 if (retval && chunk) 455 retval->transport = chunk->transport; 456 457 return retval; 458 } 459 460 /* 461 * Appendix A: Explicit Congestion Notification: 462 * CWR: 463 * 464 * RFC 2481 details a specific bit for a sender to send in the header of 465 * its next outbound TCP segment to indicate to its peer that it has 466 * reduced its congestion window. This is termed the CWR bit. For 467 * SCTP the same indication is made by including the CWR chunk. 468 * This chunk contains one data element, i.e. the TSN number that 469 * was sent in the ECNE chunk. This element represents the lowest 470 * TSN number in the datagram that was originally marked with the 471 * CE bit. 472 * 473 * 0 1 2 3 474 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 475 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 476 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Lowest TSN Number | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * 481 * Note: The CWR is considered a Control chunk. 482 */ 483 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 484 const __u32 lowest_tsn, 485 const struct sctp_chunk *chunk) 486 { 487 struct sctp_chunk *retval; 488 sctp_cwrhdr_t cwr; 489 490 cwr.lowest_tsn = htonl(lowest_tsn); 491 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 492 sizeof(sctp_cwrhdr_t)); 493 494 if (!retval) 495 goto nodata; 496 497 retval->subh.ecn_cwr_hdr = 498 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 499 500 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 501 * 502 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 503 * HEARTBEAT ACK, * etc.) to the same destination transport 504 * address from which it * received the DATA or control chunk 505 * to which it is replying. 506 * 507 * [Report a reduced congestion window back to where the ECNE 508 * came from.] 509 */ 510 if (chunk) 511 retval->transport = chunk->transport; 512 513 nodata: 514 return retval; 515 } 516 517 /* Make an ECNE chunk. This is a congestion experienced report. */ 518 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 519 const __u32 lowest_tsn) 520 { 521 struct sctp_chunk *retval; 522 sctp_ecnehdr_t ecne; 523 524 ecne.lowest_tsn = htonl(lowest_tsn); 525 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 526 sizeof(sctp_ecnehdr_t)); 527 if (!retval) 528 goto nodata; 529 retval->subh.ecne_hdr = 530 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 531 532 nodata: 533 return retval; 534 } 535 536 /* Make a DATA chunk for the given association from the provided 537 * parameters. However, do not populate the data payload. 538 */ 539 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 540 const struct sctp_sndrcvinfo *sinfo, 541 int data_len, __u8 flags, __u16 ssn) 542 { 543 struct sctp_chunk *retval; 544 struct sctp_datahdr dp; 545 int chunk_len; 546 547 /* We assign the TSN as LATE as possible, not here when 548 * creating the chunk. 549 */ 550 dp.tsn = 0; 551 dp.stream = htons(sinfo->sinfo_stream); 552 dp.ppid = sinfo->sinfo_ppid; 553 554 /* Set the flags for an unordered send. */ 555 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 556 flags |= SCTP_DATA_UNORDERED; 557 dp.ssn = 0; 558 } else 559 dp.ssn = htons(ssn); 560 561 chunk_len = sizeof(dp) + data_len; 562 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 563 if (!retval) 564 goto nodata; 565 566 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 567 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 568 569 nodata: 570 return retval; 571 } 572 573 /* Create a selective ackowledgement (SACK) for the given 574 * association. This reports on which TSN's we've seen to date, 575 * including duplicates and gaps. 576 */ 577 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 578 { 579 struct sctp_chunk *retval; 580 struct sctp_sackhdr sack; 581 int len; 582 __u32 ctsn; 583 __u16 num_gabs, num_dup_tsns; 584 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 585 586 ctsn = sctp_tsnmap_get_ctsn(map); 587 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 588 589 /* How much room is needed in the chunk? */ 590 num_gabs = sctp_tsnmap_num_gabs(map); 591 num_dup_tsns = sctp_tsnmap_num_dups(map); 592 593 /* Initialize the SACK header. */ 594 sack.cum_tsn_ack = htonl(ctsn); 595 sack.a_rwnd = htonl(asoc->a_rwnd); 596 sack.num_gap_ack_blocks = htons(num_gabs); 597 sack.num_dup_tsns = htons(num_dup_tsns); 598 599 len = sizeof(sack) 600 + sizeof(struct sctp_gap_ack_block) * num_gabs 601 + sizeof(__u32) * num_dup_tsns; 602 603 /* Create the chunk. */ 604 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 605 if (!retval) 606 goto nodata; 607 608 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 609 * 610 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 611 * HEARTBEAT ACK, etc.) to the same destination transport 612 * address from which it received the DATA or control chunk to 613 * which it is replying. This rule should also be followed if 614 * the endpoint is bundling DATA chunks together with the 615 * reply chunk. 616 * 617 * However, when acknowledging multiple DATA chunks received 618 * in packets from different source addresses in a single 619 * SACK, the SACK chunk may be transmitted to one of the 620 * destination transport addresses from which the DATA or 621 * control chunks being acknowledged were received. 622 * 623 * [BUG: We do not implement the following paragraph. 624 * Perhaps we should remember the last transport we used for a 625 * SACK and avoid that (if possible) if we have seen any 626 * duplicates. --piggy] 627 * 628 * When a receiver of a duplicate DATA chunk sends a SACK to a 629 * multi- homed endpoint it MAY be beneficial to vary the 630 * destination address and not use the source address of the 631 * DATA chunk. The reason being that receiving a duplicate 632 * from a multi-homed endpoint might indicate that the return 633 * path (as specified in the source address of the DATA chunk) 634 * for the SACK is broken. 635 * 636 * [Send to the address from which we last received a DATA chunk.] 637 */ 638 retval->transport = asoc->peer.last_data_from; 639 640 retval->subh.sack_hdr = 641 sctp_addto_chunk(retval, sizeof(sack), &sack); 642 643 /* Add the gap ack block information. */ 644 if (num_gabs) 645 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 646 sctp_tsnmap_get_gabs(map)); 647 648 /* Add the duplicate TSN information. */ 649 if (num_dup_tsns) 650 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 651 sctp_tsnmap_get_dups(map)); 652 653 nodata: 654 return retval; 655 } 656 657 /* Make a SHUTDOWN chunk. */ 658 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 659 const struct sctp_chunk *chunk) 660 { 661 struct sctp_chunk *retval; 662 sctp_shutdownhdr_t shut; 663 __u32 ctsn; 664 665 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 666 shut.cum_tsn_ack = htonl(ctsn); 667 668 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 669 sizeof(sctp_shutdownhdr_t)); 670 if (!retval) 671 goto nodata; 672 673 retval->subh.shutdown_hdr = 674 sctp_addto_chunk(retval, sizeof(shut), &shut); 675 676 if (chunk) 677 retval->transport = chunk->transport; 678 nodata: 679 return retval; 680 } 681 682 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 683 const struct sctp_chunk *chunk) 684 { 685 struct sctp_chunk *retval; 686 687 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 688 689 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 690 * 691 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 692 * HEARTBEAT ACK, * etc.) to the same destination transport 693 * address from which it * received the DATA or control chunk 694 * to which it is replying. 695 * 696 * [ACK back to where the SHUTDOWN came from.] 697 */ 698 if (retval && chunk) 699 retval->transport = chunk->transport; 700 701 return retval; 702 } 703 704 struct sctp_chunk *sctp_make_shutdown_complete( 705 const struct sctp_association *asoc, 706 const struct sctp_chunk *chunk) 707 { 708 struct sctp_chunk *retval; 709 __u8 flags = 0; 710 711 /* Set the T-bit if we have no association (vtag will be 712 * reflected) 713 */ 714 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 715 716 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 717 718 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 719 * 720 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 721 * HEARTBEAT ACK, * etc.) to the same destination transport 722 * address from which it * received the DATA or control chunk 723 * to which it is replying. 724 * 725 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 726 * came from.] 727 */ 728 if (retval && chunk) 729 retval->transport = chunk->transport; 730 731 return retval; 732 } 733 734 /* Create an ABORT. Note that we set the T bit if we have no 735 * association, except when responding to an INIT (sctpimpguide 2.41). 736 */ 737 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 738 const struct sctp_chunk *chunk, 739 const size_t hint) 740 { 741 struct sctp_chunk *retval; 742 __u8 flags = 0; 743 744 /* Set the T-bit if we have no association and 'chunk' is not 745 * an INIT (vtag will be reflected). 746 */ 747 if (!asoc) { 748 if (chunk && chunk->chunk_hdr && 749 chunk->chunk_hdr->type == SCTP_CID_INIT) 750 flags = 0; 751 else 752 flags = SCTP_CHUNK_FLAG_T; 753 } 754 755 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 756 757 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 758 * 759 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 760 * HEARTBEAT ACK, * etc.) to the same destination transport 761 * address from which it * received the DATA or control chunk 762 * to which it is replying. 763 * 764 * [ABORT back to where the offender came from.] 765 */ 766 if (retval && chunk) 767 retval->transport = chunk->transport; 768 769 return retval; 770 } 771 772 /* Helper to create ABORT with a NO_USER_DATA error. */ 773 struct sctp_chunk *sctp_make_abort_no_data( 774 const struct sctp_association *asoc, 775 const struct sctp_chunk *chunk, __u32 tsn) 776 { 777 struct sctp_chunk *retval; 778 __u32 payload; 779 780 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 781 + sizeof(tsn)); 782 783 if (!retval) 784 goto no_mem; 785 786 /* Put the tsn back into network byte order. */ 787 payload = htonl(tsn); 788 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 789 sizeof(payload)); 790 791 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 792 * 793 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 794 * HEARTBEAT ACK, * etc.) to the same destination transport 795 * address from which it * received the DATA or control chunk 796 * to which it is replying. 797 * 798 * [ABORT back to where the offender came from.] 799 */ 800 if (chunk) 801 retval->transport = chunk->transport; 802 803 no_mem: 804 return retval; 805 } 806 807 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 808 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 809 const struct msghdr *msg, 810 size_t paylen) 811 { 812 struct sctp_chunk *retval; 813 void *payload = NULL; 814 int err; 815 816 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 817 if (!retval) 818 goto err_chunk; 819 820 if (paylen) { 821 /* Put the msg_iov together into payload. */ 822 payload = kmalloc(paylen, GFP_KERNEL); 823 if (!payload) 824 goto err_payload; 825 826 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 827 if (err < 0) 828 goto err_copy; 829 } 830 831 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 832 833 if (paylen) 834 kfree(payload); 835 836 return retval; 837 838 err_copy: 839 kfree(payload); 840 err_payload: 841 sctp_chunk_free(retval); 842 retval = NULL; 843 err_chunk: 844 return retval; 845 } 846 847 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 848 struct sctp_chunk *sctp_make_abort_violation( 849 const struct sctp_association *asoc, 850 const struct sctp_chunk *chunk, 851 const __u8 *payload, 852 const size_t paylen) 853 { 854 struct sctp_chunk *retval; 855 struct sctp_paramhdr phdr; 856 857 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 858 + sizeof(sctp_chunkhdr_t)); 859 if (!retval) 860 goto end; 861 862 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 863 864 phdr.type = htons(chunk->chunk_hdr->type); 865 phdr.length = chunk->chunk_hdr->length; 866 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 867 868 end: 869 return retval; 870 } 871 872 /* Make a HEARTBEAT chunk. */ 873 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 874 const struct sctp_transport *transport, 875 const void *payload, const size_t paylen) 876 { 877 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 878 0, paylen); 879 880 if (!retval) 881 goto nodata; 882 883 /* Cast away the 'const', as this is just telling the chunk 884 * what transport it belongs to. 885 */ 886 retval->transport = (struct sctp_transport *) transport; 887 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 888 889 nodata: 890 return retval; 891 } 892 893 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 894 const struct sctp_chunk *chunk, 895 const void *payload, const size_t paylen) 896 { 897 struct sctp_chunk *retval; 898 899 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 900 if (!retval) 901 goto nodata; 902 903 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 904 905 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 906 * 907 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 908 * HEARTBEAT ACK, * etc.) to the same destination transport 909 * address from which it * received the DATA or control chunk 910 * to which it is replying. 911 * 912 * [HBACK back to where the HEARTBEAT came from.] 913 */ 914 if (chunk) 915 retval->transport = chunk->transport; 916 917 nodata: 918 return retval; 919 } 920 921 /* Create an Operation Error chunk with the specified space reserved. 922 * This routine can be used for containing multiple causes in the chunk. 923 */ 924 static struct sctp_chunk *sctp_make_op_error_space( 925 const struct sctp_association *asoc, 926 const struct sctp_chunk *chunk, 927 size_t size) 928 { 929 struct sctp_chunk *retval; 930 931 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 932 sizeof(sctp_errhdr_t) + size); 933 if (!retval) 934 goto nodata; 935 936 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 937 * 938 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 939 * HEARTBEAT ACK, etc.) to the same destination transport 940 * address from which it received the DATA or control chunk 941 * to which it is replying. 942 * 943 */ 944 if (chunk) 945 retval->transport = chunk->transport; 946 947 nodata: 948 return retval; 949 } 950 951 /* Create an Operation Error chunk. */ 952 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 953 const struct sctp_chunk *chunk, 954 __u16 cause_code, const void *payload, 955 size_t paylen) 956 { 957 struct sctp_chunk *retval; 958 959 retval = sctp_make_op_error_space(asoc, chunk, paylen); 960 if (!retval) 961 goto nodata; 962 963 sctp_init_cause(retval, cause_code, payload, paylen); 964 965 nodata: 966 return retval; 967 } 968 969 /******************************************************************** 970 * 2nd Level Abstractions 971 ********************************************************************/ 972 973 /* Turn an skb into a chunk. 974 * FIXME: Eventually move the structure directly inside the skb->cb[]. 975 */ 976 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 977 const struct sctp_association *asoc, 978 struct sock *sk) 979 { 980 struct sctp_chunk *retval; 981 982 retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC); 983 984 if (!retval) 985 goto nodata; 986 memset(retval, 0, sizeof(struct sctp_chunk)); 987 988 if (!sk) { 989 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 990 } 991 992 INIT_LIST_HEAD(&retval->list); 993 retval->skb = skb; 994 retval->asoc = (struct sctp_association *)asoc; 995 retval->resent = 0; 996 retval->has_tsn = 0; 997 retval->has_ssn = 0; 998 retval->rtt_in_progress = 0; 999 retval->sent_at = 0; 1000 retval->singleton = 1; 1001 retval->end_of_packet = 0; 1002 retval->ecn_ce_done = 0; 1003 retval->pdiscard = 0; 1004 1005 /* sctpimpguide-05.txt Section 2.8.2 1006 * M1) Each time a new DATA chunk is transmitted 1007 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1008 * 'TSN.Missing.Report' count will be used to determine missing chunks 1009 * and when to fast retransmit. 1010 */ 1011 retval->tsn_missing_report = 0; 1012 retval->tsn_gap_acked = 0; 1013 retval->fast_retransmit = 0; 1014 1015 /* If this is a fragmented message, track all fragments 1016 * of the message (for SEND_FAILED). 1017 */ 1018 retval->msg = NULL; 1019 1020 /* Polish the bead hole. */ 1021 INIT_LIST_HEAD(&retval->transmitted_list); 1022 INIT_LIST_HEAD(&retval->frag_list); 1023 SCTP_DBG_OBJCNT_INC(chunk); 1024 atomic_set(&retval->refcnt, 1); 1025 1026 nodata: 1027 return retval; 1028 } 1029 1030 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1031 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1032 union sctp_addr *dest) 1033 { 1034 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1035 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1036 } 1037 1038 /* Extract the source address from a chunk. */ 1039 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1040 { 1041 /* If we have a known transport, use that. */ 1042 if (chunk->transport) { 1043 return &chunk->transport->ipaddr; 1044 } else { 1045 /* Otherwise, extract it from the IP header. */ 1046 return &chunk->source; 1047 } 1048 } 1049 1050 /* Create a new chunk, setting the type and flags headers from the 1051 * arguments, reserving enough space for a 'paylen' byte payload. 1052 */ 1053 SCTP_STATIC 1054 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1055 __u8 type, __u8 flags, int paylen) 1056 { 1057 struct sctp_chunk *retval; 1058 sctp_chunkhdr_t *chunk_hdr; 1059 struct sk_buff *skb; 1060 struct sock *sk; 1061 1062 /* No need to allocate LL here, as this is only a chunk. */ 1063 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1064 GFP_ATOMIC); 1065 if (!skb) 1066 goto nodata; 1067 1068 /* Make room for the chunk header. */ 1069 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1070 chunk_hdr->type = type; 1071 chunk_hdr->flags = flags; 1072 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1073 1074 sk = asoc ? asoc->base.sk : NULL; 1075 retval = sctp_chunkify(skb, asoc, sk); 1076 if (!retval) { 1077 kfree_skb(skb); 1078 goto nodata; 1079 } 1080 1081 retval->chunk_hdr = chunk_hdr; 1082 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1083 1084 /* Set the skb to the belonging sock for accounting. */ 1085 skb->sk = sk; 1086 1087 return retval; 1088 nodata: 1089 return NULL; 1090 } 1091 1092 1093 /* Release the memory occupied by a chunk. */ 1094 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1095 { 1096 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1097 dev_kfree_skb(chunk->skb); 1098 1099 SCTP_DBG_OBJCNT_DEC(chunk); 1100 kmem_cache_free(sctp_chunk_cachep, chunk); 1101 } 1102 1103 /* Possibly, free the chunk. */ 1104 void sctp_chunk_free(struct sctp_chunk *chunk) 1105 { 1106 BUG_ON(!list_empty(&chunk->list)); 1107 list_del_init(&chunk->transmitted_list); 1108 1109 /* Release our reference on the message tracker. */ 1110 if (chunk->msg) 1111 sctp_datamsg_put(chunk->msg); 1112 1113 sctp_chunk_put(chunk); 1114 } 1115 1116 /* Grab a reference to the chunk. */ 1117 void sctp_chunk_hold(struct sctp_chunk *ch) 1118 { 1119 atomic_inc(&ch->refcnt); 1120 } 1121 1122 /* Release a reference to the chunk. */ 1123 void sctp_chunk_put(struct sctp_chunk *ch) 1124 { 1125 if (atomic_dec_and_test(&ch->refcnt)) 1126 sctp_chunk_destroy(ch); 1127 } 1128 1129 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1130 * enough. 1131 */ 1132 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1133 { 1134 void *target; 1135 void *padding; 1136 int chunklen = ntohs(chunk->chunk_hdr->length); 1137 int padlen = chunklen % 4; 1138 1139 padding = skb_put(chunk->skb, padlen); 1140 target = skb_put(chunk->skb, len); 1141 1142 memset(padding, 0, padlen); 1143 memcpy(target, data, len); 1144 1145 /* Adjust the chunk length field. */ 1146 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1147 chunk->chunk_end = chunk->skb->tail; 1148 1149 return target; 1150 } 1151 1152 /* Append bytes from user space to the end of a chunk. Will panic if 1153 * chunk is not big enough. 1154 * Returns a kernel err value. 1155 */ 1156 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1157 struct iovec *data) 1158 { 1159 __u8 *target; 1160 int err = 0; 1161 1162 /* Make room in chunk for data. */ 1163 target = skb_put(chunk->skb, len); 1164 1165 /* Copy data (whole iovec) into chunk */ 1166 if ((err = memcpy_fromiovecend(target, data, off, len))) 1167 goto out; 1168 1169 /* Adjust the chunk length field. */ 1170 chunk->chunk_hdr->length = 1171 htons(ntohs(chunk->chunk_hdr->length) + len); 1172 chunk->chunk_end = chunk->skb->tail; 1173 1174 out: 1175 return err; 1176 } 1177 1178 /* Helper function to assign a TSN if needed. This assumes that both 1179 * the data_hdr and association have already been assigned. 1180 */ 1181 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1182 { 1183 __u16 ssn; 1184 __u16 sid; 1185 1186 if (chunk->has_ssn) 1187 return; 1188 1189 /* This is the last possible instant to assign a SSN. */ 1190 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1191 ssn = 0; 1192 } else { 1193 sid = htons(chunk->subh.data_hdr->stream); 1194 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1195 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1196 else 1197 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1198 ssn = htons(ssn); 1199 } 1200 1201 chunk->subh.data_hdr->ssn = ssn; 1202 chunk->has_ssn = 1; 1203 } 1204 1205 /* Helper function to assign a TSN if needed. This assumes that both 1206 * the data_hdr and association have already been assigned. 1207 */ 1208 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1209 { 1210 if (!chunk->has_tsn) { 1211 /* This is the last possible instant to 1212 * assign a TSN. 1213 */ 1214 chunk->subh.data_hdr->tsn = 1215 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1216 chunk->has_tsn = 1; 1217 } 1218 } 1219 1220 /* Create a CLOSED association to use with an incoming packet. */ 1221 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1222 struct sctp_chunk *chunk, 1223 gfp_t gfp) 1224 { 1225 struct sctp_association *asoc; 1226 struct sk_buff *skb; 1227 sctp_scope_t scope; 1228 struct sctp_af *af; 1229 1230 /* Create the bare association. */ 1231 scope = sctp_scope(sctp_source(chunk)); 1232 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1233 if (!asoc) 1234 goto nodata; 1235 asoc->temp = 1; 1236 skb = chunk->skb; 1237 /* Create an entry for the source address of the packet. */ 1238 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1239 if (unlikely(!af)) 1240 goto fail; 1241 af->from_skb(&asoc->c.peer_addr, skb, 1); 1242 nodata: 1243 return asoc; 1244 1245 fail: 1246 sctp_association_free(asoc); 1247 return NULL; 1248 } 1249 1250 /* Build a cookie representing asoc. 1251 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1252 */ 1253 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1254 const struct sctp_association *asoc, 1255 const struct sctp_chunk *init_chunk, 1256 int *cookie_len, 1257 const __u8 *raw_addrs, int addrs_len) 1258 { 1259 sctp_cookie_param_t *retval; 1260 struct sctp_signed_cookie *cookie; 1261 struct scatterlist sg; 1262 int headersize, bodysize; 1263 unsigned int keylen; 1264 char *key; 1265 1266 /* Header size is static data prior to the actual cookie, including 1267 * any padding. 1268 */ 1269 headersize = sizeof(sctp_paramhdr_t) + 1270 (sizeof(struct sctp_signed_cookie) - 1271 sizeof(struct sctp_cookie)); 1272 bodysize = sizeof(struct sctp_cookie) 1273 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1274 1275 /* Pad out the cookie to a multiple to make the signature 1276 * functions simpler to write. 1277 */ 1278 if (bodysize % SCTP_COOKIE_MULTIPLE) 1279 bodysize += SCTP_COOKIE_MULTIPLE 1280 - (bodysize % SCTP_COOKIE_MULTIPLE); 1281 *cookie_len = headersize + bodysize; 1282 1283 retval = kmalloc(*cookie_len, GFP_ATOMIC); 1284 1285 if (!retval) 1286 goto nodata; 1287 1288 /* Clear this memory since we are sending this data structure 1289 * out on the network. 1290 */ 1291 memset(retval, 0x00, *cookie_len); 1292 cookie = (struct sctp_signed_cookie *) retval->body; 1293 1294 /* Set up the parameter header. */ 1295 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1296 retval->p.length = htons(*cookie_len); 1297 1298 /* Copy the cookie part of the association itself. */ 1299 cookie->c = asoc->c; 1300 /* Save the raw address list length in the cookie. */ 1301 cookie->c.raw_addr_list_len = addrs_len; 1302 1303 /* Remember PR-SCTP capability. */ 1304 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1305 1306 /* Save adaption indication in the cookie. */ 1307 cookie->c.adaption_ind = asoc->peer.adaption_ind; 1308 1309 /* Set an expiration time for the cookie. */ 1310 do_gettimeofday(&cookie->c.expiration); 1311 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1312 1313 /* Copy the peer's init packet. */ 1314 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1315 ntohs(init_chunk->chunk_hdr->length)); 1316 1317 /* Copy the raw local address list of the association. */ 1318 memcpy((__u8 *)&cookie->c.peer_init[0] + 1319 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1320 1321 if (sctp_sk(ep->base.sk)->hmac) { 1322 struct hash_desc desc; 1323 1324 /* Sign the message. */ 1325 sg.page = virt_to_page(&cookie->c); 1326 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1327 sg.length = bodysize; 1328 keylen = SCTP_SECRET_SIZE; 1329 key = (char *)ep->secret_key[ep->current_key]; 1330 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1331 desc.flags = 0; 1332 1333 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1334 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1335 goto free_cookie; 1336 } 1337 1338 return retval; 1339 1340 free_cookie: 1341 kfree(retval); 1342 nodata: 1343 *cookie_len = 0; 1344 return NULL; 1345 } 1346 1347 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1348 struct sctp_association *sctp_unpack_cookie( 1349 const struct sctp_endpoint *ep, 1350 const struct sctp_association *asoc, 1351 struct sctp_chunk *chunk, gfp_t gfp, 1352 int *error, struct sctp_chunk **errp) 1353 { 1354 struct sctp_association *retval = NULL; 1355 struct sctp_signed_cookie *cookie; 1356 struct sctp_cookie *bear_cookie; 1357 int headersize, bodysize, fixed_size; 1358 __u8 *digest = ep->digest; 1359 struct scatterlist sg; 1360 unsigned int keylen, len; 1361 char *key; 1362 sctp_scope_t scope; 1363 struct sk_buff *skb = chunk->skb; 1364 struct timeval tv; 1365 struct hash_desc desc; 1366 1367 /* Header size is static data prior to the actual cookie, including 1368 * any padding. 1369 */ 1370 headersize = sizeof(sctp_chunkhdr_t) + 1371 (sizeof(struct sctp_signed_cookie) - 1372 sizeof(struct sctp_cookie)); 1373 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1374 fixed_size = headersize + sizeof(struct sctp_cookie); 1375 1376 /* Verify that the chunk looks like it even has a cookie. 1377 * There must be enough room for our cookie and our peer's 1378 * INIT chunk. 1379 */ 1380 len = ntohs(chunk->chunk_hdr->length); 1381 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1382 goto malformed; 1383 1384 /* Verify that the cookie has been padded out. */ 1385 if (bodysize % SCTP_COOKIE_MULTIPLE) 1386 goto malformed; 1387 1388 /* Process the cookie. */ 1389 cookie = chunk->subh.cookie_hdr; 1390 bear_cookie = &cookie->c; 1391 1392 if (!sctp_sk(ep->base.sk)->hmac) 1393 goto no_hmac; 1394 1395 /* Check the signature. */ 1396 keylen = SCTP_SECRET_SIZE; 1397 sg.page = virt_to_page(bear_cookie); 1398 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1399 sg.length = bodysize; 1400 key = (char *)ep->secret_key[ep->current_key]; 1401 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1402 desc.flags = 0; 1403 1404 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1405 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1406 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1407 *error = -SCTP_IERROR_NOMEM; 1408 goto fail; 1409 } 1410 1411 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1412 /* Try the previous key. */ 1413 key = (char *)ep->secret_key[ep->last_key]; 1414 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1415 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1416 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1417 *error = -SCTP_IERROR_NOMEM; 1418 goto fail; 1419 } 1420 1421 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1422 /* Yikes! Still bad signature! */ 1423 *error = -SCTP_IERROR_BAD_SIG; 1424 goto fail; 1425 } 1426 } 1427 1428 no_hmac: 1429 /* IG Section 2.35.2: 1430 * 3) Compare the port numbers and the verification tag contained 1431 * within the COOKIE ECHO chunk to the actual port numbers and the 1432 * verification tag within the SCTP common header of the received 1433 * packet. If these values do not match the packet MUST be silently 1434 * discarded, 1435 */ 1436 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1437 *error = -SCTP_IERROR_BAD_TAG; 1438 goto fail; 1439 } 1440 1441 if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port || 1442 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1443 *error = -SCTP_IERROR_BAD_PORTS; 1444 goto fail; 1445 } 1446 1447 /* Check to see if the cookie is stale. If there is already 1448 * an association, there is no need to check cookie's expiration 1449 * for init collision case of lost COOKIE ACK. 1450 */ 1451 skb_get_timestamp(skb, &tv); 1452 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1453 __u16 len; 1454 /* 1455 * Section 3.3.10.3 Stale Cookie Error (3) 1456 * 1457 * Cause of error 1458 * --------------- 1459 * Stale Cookie Error: Indicates the receipt of a valid State 1460 * Cookie that has expired. 1461 */ 1462 len = ntohs(chunk->chunk_hdr->length); 1463 *errp = sctp_make_op_error_space(asoc, chunk, len); 1464 if (*errp) { 1465 suseconds_t usecs = (tv.tv_sec - 1466 bear_cookie->expiration.tv_sec) * 1000000L + 1467 tv.tv_usec - bear_cookie->expiration.tv_usec; 1468 1469 usecs = htonl(usecs); 1470 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1471 &usecs, sizeof(usecs)); 1472 *error = -SCTP_IERROR_STALE_COOKIE; 1473 } else 1474 *error = -SCTP_IERROR_NOMEM; 1475 1476 goto fail; 1477 } 1478 1479 /* Make a new base association. */ 1480 scope = sctp_scope(sctp_source(chunk)); 1481 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1482 if (!retval) { 1483 *error = -SCTP_IERROR_NOMEM; 1484 goto fail; 1485 } 1486 1487 /* Set up our peer's port number. */ 1488 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1489 1490 /* Populate the association from the cookie. */ 1491 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1492 1493 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1494 GFP_ATOMIC) < 0) { 1495 *error = -SCTP_IERROR_NOMEM; 1496 goto fail; 1497 } 1498 1499 /* Also, add the destination address. */ 1500 if (list_empty(&retval->base.bind_addr.address_list)) { 1501 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1, 1502 GFP_ATOMIC); 1503 } 1504 1505 retval->next_tsn = retval->c.initial_tsn; 1506 retval->ctsn_ack_point = retval->next_tsn - 1; 1507 retval->addip_serial = retval->c.initial_tsn; 1508 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1509 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1510 retval->peer.adaption_ind = retval->c.adaption_ind; 1511 1512 /* The INIT stuff will be done by the side effects. */ 1513 return retval; 1514 1515 fail: 1516 if (retval) 1517 sctp_association_free(retval); 1518 1519 return NULL; 1520 1521 malformed: 1522 /* Yikes! The packet is either corrupt or deliberately 1523 * malformed. 1524 */ 1525 *error = -SCTP_IERROR_MALFORMED; 1526 goto fail; 1527 } 1528 1529 /******************************************************************** 1530 * 3rd Level Abstractions 1531 ********************************************************************/ 1532 1533 struct __sctp_missing { 1534 __u32 num_missing; 1535 __u16 type; 1536 } __attribute__((packed)); 1537 1538 /* 1539 * Report a missing mandatory parameter. 1540 */ 1541 static int sctp_process_missing_param(const struct sctp_association *asoc, 1542 sctp_param_t paramtype, 1543 struct sctp_chunk *chunk, 1544 struct sctp_chunk **errp) 1545 { 1546 struct __sctp_missing report; 1547 __u16 len; 1548 1549 len = WORD_ROUND(sizeof(report)); 1550 1551 /* Make an ERROR chunk, preparing enough room for 1552 * returning multiple unknown parameters. 1553 */ 1554 if (!*errp) 1555 *errp = sctp_make_op_error_space(asoc, chunk, len); 1556 1557 if (*errp) { 1558 report.num_missing = htonl(1); 1559 report.type = paramtype; 1560 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 1561 &report, sizeof(report)); 1562 } 1563 1564 /* Stop processing this chunk. */ 1565 return 0; 1566 } 1567 1568 /* Report an Invalid Mandatory Parameter. */ 1569 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1570 struct sctp_chunk *chunk, 1571 struct sctp_chunk **errp) 1572 { 1573 /* Invalid Mandatory Parameter Error has no payload. */ 1574 1575 if (!*errp) 1576 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1577 1578 if (*errp) 1579 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1580 1581 /* Stop processing this chunk. */ 1582 return 0; 1583 } 1584 1585 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1586 struct sctp_paramhdr *param, 1587 const struct sctp_chunk *chunk, 1588 struct sctp_chunk **errp) 1589 { 1590 char error[] = "The following parameter had invalid length:"; 1591 size_t payload_len = WORD_ROUND(sizeof(error)) + 1592 sizeof(sctp_paramhdr_t); 1593 1594 1595 /* Create an error chunk and fill it in with our payload. */ 1596 if (!*errp) 1597 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1598 1599 if (*errp) { 1600 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1601 sizeof(error)); 1602 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1603 } 1604 1605 return 0; 1606 } 1607 1608 1609 /* Do not attempt to handle the HOST_NAME parm. However, do 1610 * send back an indicator to the peer. 1611 */ 1612 static int sctp_process_hn_param(const struct sctp_association *asoc, 1613 union sctp_params param, 1614 struct sctp_chunk *chunk, 1615 struct sctp_chunk **errp) 1616 { 1617 __u16 len = ntohs(param.p->length); 1618 1619 /* Make an ERROR chunk. */ 1620 if (!*errp) 1621 *errp = sctp_make_op_error_space(asoc, chunk, len); 1622 1623 if (*errp) 1624 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1625 param.v, len); 1626 1627 /* Stop processing this chunk. */ 1628 return 0; 1629 } 1630 1631 /* RFC 3.2.1 & the Implementers Guide 2.2. 1632 * 1633 * The Parameter Types are encoded such that the 1634 * highest-order two bits specify the action that must be 1635 * taken if the processing endpoint does not recognize the 1636 * Parameter Type. 1637 * 1638 * 00 - Stop processing this SCTP chunk and discard it, 1639 * do not process any further chunks within it. 1640 * 1641 * 01 - Stop processing this SCTP chunk and discard it, 1642 * do not process any further chunks within it, and report 1643 * the unrecognized parameter in an 'Unrecognized 1644 * Parameter Type' (in either an ERROR or in the INIT ACK). 1645 * 1646 * 10 - Skip this parameter and continue processing. 1647 * 1648 * 11 - Skip this parameter and continue processing but 1649 * report the unrecognized parameter in an 1650 * 'Unrecognized Parameter Type' (in either an ERROR or in 1651 * the INIT ACK). 1652 * 1653 * Return value: 1654 * 0 - discard the chunk 1655 * 1 - continue with the chunk 1656 */ 1657 static int sctp_process_unk_param(const struct sctp_association *asoc, 1658 union sctp_params param, 1659 struct sctp_chunk *chunk, 1660 struct sctp_chunk **errp) 1661 { 1662 int retval = 1; 1663 1664 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1665 case SCTP_PARAM_ACTION_DISCARD: 1666 retval = 0; 1667 break; 1668 case SCTP_PARAM_ACTION_DISCARD_ERR: 1669 retval = 0; 1670 /* Make an ERROR chunk, preparing enough room for 1671 * returning multiple unknown parameters. 1672 */ 1673 if (NULL == *errp) 1674 *errp = sctp_make_op_error_space(asoc, chunk, 1675 ntohs(chunk->chunk_hdr->length)); 1676 1677 if (*errp) 1678 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1679 param.v, 1680 WORD_ROUND(ntohs(param.p->length))); 1681 1682 break; 1683 case SCTP_PARAM_ACTION_SKIP: 1684 break; 1685 case SCTP_PARAM_ACTION_SKIP_ERR: 1686 /* Make an ERROR chunk, preparing enough room for 1687 * returning multiple unknown parameters. 1688 */ 1689 if (NULL == *errp) 1690 *errp = sctp_make_op_error_space(asoc, chunk, 1691 ntohs(chunk->chunk_hdr->length)); 1692 1693 if (*errp) { 1694 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1695 param.v, 1696 WORD_ROUND(ntohs(param.p->length))); 1697 } else { 1698 /* If there is no memory for generating the ERROR 1699 * report as specified, an ABORT will be triggered 1700 * to the peer and the association won't be 1701 * established. 1702 */ 1703 retval = 0; 1704 } 1705 1706 break; 1707 default: 1708 break; 1709 } 1710 1711 return retval; 1712 } 1713 1714 /* Find unrecognized parameters in the chunk. 1715 * Return values: 1716 * 0 - discard the chunk 1717 * 1 - continue with the chunk 1718 */ 1719 static int sctp_verify_param(const struct sctp_association *asoc, 1720 union sctp_params param, 1721 sctp_cid_t cid, 1722 struct sctp_chunk *chunk, 1723 struct sctp_chunk **err_chunk) 1724 { 1725 int retval = 1; 1726 1727 /* FIXME - This routine is not looking at each parameter per the 1728 * chunk type, i.e., unrecognized parameters should be further 1729 * identified based on the chunk id. 1730 */ 1731 1732 switch (param.p->type) { 1733 case SCTP_PARAM_IPV4_ADDRESS: 1734 case SCTP_PARAM_IPV6_ADDRESS: 1735 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1736 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1737 case SCTP_PARAM_STATE_COOKIE: 1738 case SCTP_PARAM_HEARTBEAT_INFO: 1739 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1740 case SCTP_PARAM_ECN_CAPABLE: 1741 case SCTP_PARAM_ADAPTION_LAYER_IND: 1742 break; 1743 1744 case SCTP_PARAM_HOST_NAME_ADDRESS: 1745 /* Tell the peer, we won't support this param. */ 1746 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1747 case SCTP_PARAM_FWD_TSN_SUPPORT: 1748 if (sctp_prsctp_enable) 1749 break; 1750 /* Fall Through */ 1751 default: 1752 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1753 ntohs(param.p->type), cid); 1754 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1755 1756 break; 1757 } 1758 return retval; 1759 } 1760 1761 /* Verify the INIT packet before we process it. */ 1762 int sctp_verify_init(const struct sctp_association *asoc, 1763 sctp_cid_t cid, 1764 sctp_init_chunk_t *peer_init, 1765 struct sctp_chunk *chunk, 1766 struct sctp_chunk **errp) 1767 { 1768 union sctp_params param; 1769 int has_cookie = 0; 1770 1771 /* Verify stream values are non-zero. */ 1772 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1773 (0 == peer_init->init_hdr.num_inbound_streams)) { 1774 1775 sctp_process_inv_mandatory(asoc, chunk, errp); 1776 return 0; 1777 } 1778 1779 /* Check for missing mandatory parameters. */ 1780 sctp_walk_params(param, peer_init, init_hdr.params) { 1781 1782 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1783 has_cookie = 1; 1784 1785 } /* for (loop through all parameters) */ 1786 1787 /* There is a possibility that a parameter length was bad and 1788 * in that case we would have stoped walking the parameters. 1789 * The current param.p would point at the bad one. 1790 * Current consensus on the mailing list is to generate a PROTOCOL 1791 * VIOLATION error. We build the ERROR chunk here and let the normal 1792 * error handling code build and send the packet. 1793 */ 1794 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1795 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1796 return 0; 1797 } 1798 1799 /* The only missing mandatory param possible today is 1800 * the state cookie for an INIT-ACK chunk. 1801 */ 1802 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1803 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1804 chunk, errp); 1805 return 0; 1806 } 1807 1808 /* Find unrecognized parameters. */ 1809 1810 sctp_walk_params(param, peer_init, init_hdr.params) { 1811 1812 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1813 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1814 return 0; 1815 else 1816 return 1; 1817 } 1818 1819 } /* for (loop through all parameters) */ 1820 1821 return 1; 1822 } 1823 1824 /* Unpack the parameters in an INIT packet into an association. 1825 * Returns 0 on failure, else success. 1826 * FIXME: This is an association method. 1827 */ 1828 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1829 const union sctp_addr *peer_addr, 1830 sctp_init_chunk_t *peer_init, gfp_t gfp) 1831 { 1832 union sctp_params param; 1833 struct sctp_transport *transport; 1834 struct list_head *pos, *temp; 1835 char *cookie; 1836 1837 /* We must include the address that the INIT packet came from. 1838 * This is the only address that matters for an INIT packet. 1839 * When processing a COOKIE ECHO, we retrieve the from address 1840 * of the INIT from the cookie. 1841 */ 1842 1843 /* This implementation defaults to making the first transport 1844 * added as the primary transport. The source address seems to 1845 * be a a better choice than any of the embedded addresses. 1846 */ 1847 if (peer_addr) 1848 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 1849 goto nomem; 1850 1851 /* Process the initialization parameters. */ 1852 1853 sctp_walk_params(param, peer_init, init_hdr.params) { 1854 1855 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1856 goto clean_up; 1857 } 1858 1859 /* Walk list of transports, removing transports in the UNKNOWN state. */ 1860 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1861 transport = list_entry(pos, struct sctp_transport, transports); 1862 if (transport->state == SCTP_UNKNOWN) { 1863 sctp_assoc_rm_peer(asoc, transport); 1864 } 1865 } 1866 1867 /* The fixed INIT headers are always in network byte 1868 * order. 1869 */ 1870 asoc->peer.i.init_tag = 1871 ntohl(peer_init->init_hdr.init_tag); 1872 asoc->peer.i.a_rwnd = 1873 ntohl(peer_init->init_hdr.a_rwnd); 1874 asoc->peer.i.num_outbound_streams = 1875 ntohs(peer_init->init_hdr.num_outbound_streams); 1876 asoc->peer.i.num_inbound_streams = 1877 ntohs(peer_init->init_hdr.num_inbound_streams); 1878 asoc->peer.i.initial_tsn = 1879 ntohl(peer_init->init_hdr.initial_tsn); 1880 1881 /* Apply the upper bounds for output streams based on peer's 1882 * number of inbound streams. 1883 */ 1884 if (asoc->c.sinit_num_ostreams > 1885 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1886 asoc->c.sinit_num_ostreams = 1887 ntohs(peer_init->init_hdr.num_inbound_streams); 1888 } 1889 1890 if (asoc->c.sinit_max_instreams > 1891 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1892 asoc->c.sinit_max_instreams = 1893 ntohs(peer_init->init_hdr.num_outbound_streams); 1894 } 1895 1896 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1897 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1898 1899 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1900 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1901 1902 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1903 cookie = asoc->peer.cookie; 1904 if (cookie) { 1905 asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp); 1906 if (!asoc->peer.cookie) 1907 goto clean_up; 1908 memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len); 1909 } 1910 1911 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1912 * high (for example, implementations MAY use the size of the receiver 1913 * advertised window). 1914 */ 1915 list_for_each(pos, &asoc->peer.transport_addr_list) { 1916 transport = list_entry(pos, struct sctp_transport, transports); 1917 transport->ssthresh = asoc->peer.i.a_rwnd; 1918 } 1919 1920 /* Set up the TSN tracking pieces. */ 1921 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1922 asoc->peer.i.initial_tsn); 1923 1924 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1925 * 1926 * The stream sequence number in all the streams shall start 1927 * from 0 when the association is established. Also, when the 1928 * stream sequence number reaches the value 65535 the next 1929 * stream sequence number shall be set to 0. 1930 */ 1931 1932 /* Allocate storage for the negotiated streams if it is not a temporary 1933 * association. 1934 */ 1935 if (!asoc->temp) { 1936 int assoc_id; 1937 int error; 1938 1939 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1940 asoc->c.sinit_num_ostreams, gfp); 1941 if (!asoc->ssnmap) 1942 goto clean_up; 1943 1944 retry: 1945 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1946 goto clean_up; 1947 spin_lock_bh(&sctp_assocs_id_lock); 1948 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1949 &assoc_id); 1950 spin_unlock_bh(&sctp_assocs_id_lock); 1951 if (error == -EAGAIN) 1952 goto retry; 1953 else if (error) 1954 goto clean_up; 1955 1956 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1957 } 1958 1959 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1960 * 1961 * When an endpoint has an ASCONF signaled change to be sent to the 1962 * remote endpoint it should do the following: 1963 * ... 1964 * A2) A serial number should be assigned to the Chunk. The serial 1965 * number should be a monotonically increasing number. All serial 1966 * numbers are defined to be initialized at the start of the 1967 * association to the same value as the Initial TSN. 1968 */ 1969 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1970 return 1; 1971 1972 clean_up: 1973 /* Release the transport structures. */ 1974 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1975 transport = list_entry(pos, struct sctp_transport, transports); 1976 list_del_init(pos); 1977 sctp_transport_free(transport); 1978 } 1979 1980 asoc->peer.transport_count = 0; 1981 1982 nomem: 1983 return 0; 1984 } 1985 1986 1987 /* Update asoc with the option described in param. 1988 * 1989 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1990 * 1991 * asoc is the association to update. 1992 * param is the variable length parameter to use for update. 1993 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 1994 * If the current packet is an INIT we want to minimize the amount of 1995 * work we do. In particular, we should not build transport 1996 * structures for the addresses. 1997 */ 1998 static int sctp_process_param(struct sctp_association *asoc, 1999 union sctp_params param, 2000 const union sctp_addr *peer_addr, 2001 gfp_t gfp) 2002 { 2003 union sctp_addr addr; 2004 int i; 2005 __u16 sat; 2006 int retval = 1; 2007 sctp_scope_t scope; 2008 time_t stale; 2009 struct sctp_af *af; 2010 2011 /* We maintain all INIT parameters in network byte order all the 2012 * time. This allows us to not worry about whether the parameters 2013 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2014 */ 2015 switch (param.p->type) { 2016 case SCTP_PARAM_IPV6_ADDRESS: 2017 if (PF_INET6 != asoc->base.sk->sk_family) 2018 break; 2019 /* Fall through. */ 2020 case SCTP_PARAM_IPV4_ADDRESS: 2021 af = sctp_get_af_specific(param_type2af(param.p->type)); 2022 af->from_addr_param(&addr, param.addr, asoc->peer.port, 0); 2023 scope = sctp_scope(peer_addr); 2024 if (sctp_in_scope(&addr, scope)) 2025 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2026 return 0; 2027 break; 2028 2029 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2030 if (!sctp_cookie_preserve_enable) 2031 break; 2032 2033 stale = ntohl(param.life->lifespan_increment); 2034 2035 /* Suggested Cookie Life span increment's unit is msec, 2036 * (1/1000sec). 2037 */ 2038 asoc->cookie_life.tv_sec += stale / 1000; 2039 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2040 break; 2041 2042 case SCTP_PARAM_HOST_NAME_ADDRESS: 2043 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2044 break; 2045 2046 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2047 /* Turn off the default values first so we'll know which 2048 * ones are really set by the peer. 2049 */ 2050 asoc->peer.ipv4_address = 0; 2051 asoc->peer.ipv6_address = 0; 2052 2053 /* Cycle through address types; avoid divide by 0. */ 2054 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2055 if (sat) 2056 sat /= sizeof(__u16); 2057 2058 for (i = 0; i < sat; ++i) { 2059 switch (param.sat->types[i]) { 2060 case SCTP_PARAM_IPV4_ADDRESS: 2061 asoc->peer.ipv4_address = 1; 2062 break; 2063 2064 case SCTP_PARAM_IPV6_ADDRESS: 2065 asoc->peer.ipv6_address = 1; 2066 break; 2067 2068 case SCTP_PARAM_HOST_NAME_ADDRESS: 2069 asoc->peer.hostname_address = 1; 2070 break; 2071 2072 default: /* Just ignore anything else. */ 2073 break; 2074 }; 2075 } 2076 break; 2077 2078 case SCTP_PARAM_STATE_COOKIE: 2079 asoc->peer.cookie_len = 2080 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2081 asoc->peer.cookie = param.cookie->body; 2082 break; 2083 2084 case SCTP_PARAM_HEARTBEAT_INFO: 2085 /* Would be odd to receive, but it causes no problems. */ 2086 break; 2087 2088 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2089 /* Rejected during verify stage. */ 2090 break; 2091 2092 case SCTP_PARAM_ECN_CAPABLE: 2093 asoc->peer.ecn_capable = 1; 2094 break; 2095 2096 case SCTP_PARAM_ADAPTION_LAYER_IND: 2097 asoc->peer.adaption_ind = param.aind->adaption_ind; 2098 break; 2099 2100 case SCTP_PARAM_FWD_TSN_SUPPORT: 2101 if (sctp_prsctp_enable) { 2102 asoc->peer.prsctp_capable = 1; 2103 break; 2104 } 2105 /* Fall Through */ 2106 default: 2107 /* Any unrecognized parameters should have been caught 2108 * and handled by sctp_verify_param() which should be 2109 * called prior to this routine. Simply log the error 2110 * here. 2111 */ 2112 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2113 ntohs(param.p->type), asoc); 2114 break; 2115 }; 2116 2117 return retval; 2118 } 2119 2120 /* Select a new verification tag. */ 2121 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2122 { 2123 /* I believe that this random number generator complies with RFC1750. 2124 * A tag of 0 is reserved for special cases (e.g. INIT). 2125 */ 2126 __u32 x; 2127 2128 do { 2129 get_random_bytes(&x, sizeof(__u32)); 2130 } while (x == 0); 2131 2132 return x; 2133 } 2134 2135 /* Select an initial TSN to send during startup. */ 2136 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2137 { 2138 __u32 retval; 2139 2140 get_random_bytes(&retval, sizeof(__u32)); 2141 return retval; 2142 } 2143 2144 /* 2145 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2146 * 0 1 2 3 2147 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2149 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2150 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2151 * | Serial Number | 2152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2153 * | Address Parameter | 2154 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2155 * | ASCONF Parameter #1 | 2156 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2157 * \ \ 2158 * / .... / 2159 * \ \ 2160 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2161 * | ASCONF Parameter #N | 2162 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2163 * 2164 * Address Parameter and other parameter will not be wrapped in this function 2165 */ 2166 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2167 union sctp_addr *addr, 2168 int vparam_len) 2169 { 2170 sctp_addiphdr_t asconf; 2171 struct sctp_chunk *retval; 2172 int length = sizeof(asconf) + vparam_len; 2173 union sctp_addr_param addrparam; 2174 int addrlen; 2175 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2176 2177 addrlen = af->to_addr_param(addr, &addrparam); 2178 if (!addrlen) 2179 return NULL; 2180 length += addrlen; 2181 2182 /* Create the chunk. */ 2183 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2184 if (!retval) 2185 return NULL; 2186 2187 asconf.serial = htonl(asoc->addip_serial++); 2188 2189 retval->subh.addip_hdr = 2190 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2191 retval->param_hdr.v = 2192 sctp_addto_chunk(retval, addrlen, &addrparam); 2193 2194 return retval; 2195 } 2196 2197 /* ADDIP 2198 * 3.2.1 Add IP Address 2199 * 0 1 2 3 2200 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2201 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2202 * | Type = 0xC001 | Length = Variable | 2203 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2204 * | ASCONF-Request Correlation ID | 2205 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2206 * | Address Parameter | 2207 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2208 * 2209 * 3.2.2 Delete IP Address 2210 * 0 1 2 3 2211 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2213 * | Type = 0xC002 | Length = Variable | 2214 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2215 * | ASCONF-Request Correlation ID | 2216 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2217 * | Address Parameter | 2218 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2219 * 2220 */ 2221 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2222 union sctp_addr *laddr, 2223 struct sockaddr *addrs, 2224 int addrcnt, 2225 __u16 flags) 2226 { 2227 sctp_addip_param_t param; 2228 struct sctp_chunk *retval; 2229 union sctp_addr_param addr_param; 2230 union sctp_addr *addr; 2231 void *addr_buf; 2232 struct sctp_af *af; 2233 int paramlen = sizeof(param); 2234 int addr_param_len = 0; 2235 int totallen = 0; 2236 int i; 2237 2238 /* Get total length of all the address parameters. */ 2239 addr_buf = addrs; 2240 for (i = 0; i < addrcnt; i++) { 2241 addr = (union sctp_addr *)addr_buf; 2242 af = sctp_get_af_specific(addr->v4.sin_family); 2243 addr_param_len = af->to_addr_param(addr, &addr_param); 2244 2245 totallen += paramlen; 2246 totallen += addr_param_len; 2247 2248 addr_buf += af->sockaddr_len; 2249 } 2250 2251 /* Create an asconf chunk with the required length. */ 2252 retval = sctp_make_asconf(asoc, laddr, totallen); 2253 if (!retval) 2254 return NULL; 2255 2256 /* Add the address parameters to the asconf chunk. */ 2257 addr_buf = addrs; 2258 for (i = 0; i < addrcnt; i++) { 2259 addr = (union sctp_addr *)addr_buf; 2260 af = sctp_get_af_specific(addr->v4.sin_family); 2261 addr_param_len = af->to_addr_param(addr, &addr_param); 2262 param.param_hdr.type = flags; 2263 param.param_hdr.length = htons(paramlen + addr_param_len); 2264 param.crr_id = i; 2265 2266 sctp_addto_chunk(retval, paramlen, ¶m); 2267 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2268 2269 addr_buf += af->sockaddr_len; 2270 } 2271 return retval; 2272 } 2273 2274 /* ADDIP 2275 * 3.2.4 Set Primary IP Address 2276 * 0 1 2 3 2277 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2278 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2279 * | Type =0xC004 | Length = Variable | 2280 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2281 * | ASCONF-Request Correlation ID | 2282 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2283 * | Address Parameter | 2284 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2285 * 2286 * Create an ASCONF chunk with Set Primary IP address parameter. 2287 */ 2288 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2289 union sctp_addr *addr) 2290 { 2291 sctp_addip_param_t param; 2292 struct sctp_chunk *retval; 2293 int len = sizeof(param); 2294 union sctp_addr_param addrparam; 2295 int addrlen; 2296 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2297 2298 addrlen = af->to_addr_param(addr, &addrparam); 2299 if (!addrlen) 2300 return NULL; 2301 len += addrlen; 2302 2303 /* Create the chunk and make asconf header. */ 2304 retval = sctp_make_asconf(asoc, addr, len); 2305 if (!retval) 2306 return NULL; 2307 2308 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2309 param.param_hdr.length = htons(len); 2310 param.crr_id = 0; 2311 2312 sctp_addto_chunk(retval, sizeof(param), ¶m); 2313 sctp_addto_chunk(retval, addrlen, &addrparam); 2314 2315 return retval; 2316 } 2317 2318 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2319 * 0 1 2 3 2320 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2321 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2322 * | Type = 0x80 | Chunk Flags | Chunk Length | 2323 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2324 * | Serial Number | 2325 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2326 * | ASCONF Parameter Response#1 | 2327 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2328 * \ \ 2329 * / .... / 2330 * \ \ 2331 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2332 * | ASCONF Parameter Response#N | 2333 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2334 * 2335 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2336 */ 2337 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2338 __u32 serial, int vparam_len) 2339 { 2340 sctp_addiphdr_t asconf; 2341 struct sctp_chunk *retval; 2342 int length = sizeof(asconf) + vparam_len; 2343 2344 /* Create the chunk. */ 2345 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2346 if (!retval) 2347 return NULL; 2348 2349 asconf.serial = htonl(serial); 2350 2351 retval->subh.addip_hdr = 2352 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2353 2354 return retval; 2355 } 2356 2357 /* Add response parameters to an ASCONF_ACK chunk. */ 2358 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id, 2359 __u16 err_code, sctp_addip_param_t *asconf_param) 2360 { 2361 sctp_addip_param_t ack_param; 2362 sctp_errhdr_t err_param; 2363 int asconf_param_len = 0; 2364 int err_param_len = 0; 2365 __u16 response_type; 2366 2367 if (SCTP_ERROR_NO_ERROR == err_code) { 2368 response_type = SCTP_PARAM_SUCCESS_REPORT; 2369 } else { 2370 response_type = SCTP_PARAM_ERR_CAUSE; 2371 err_param_len = sizeof(err_param); 2372 if (asconf_param) 2373 asconf_param_len = 2374 ntohs(asconf_param->param_hdr.length); 2375 } 2376 2377 /* Add Success Indication or Error Cause Indication parameter. */ 2378 ack_param.param_hdr.type = response_type; 2379 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2380 err_param_len + 2381 asconf_param_len); 2382 ack_param.crr_id = crr_id; 2383 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2384 2385 if (SCTP_ERROR_NO_ERROR == err_code) 2386 return; 2387 2388 /* Add Error Cause parameter. */ 2389 err_param.cause = err_code; 2390 err_param.length = htons(err_param_len + asconf_param_len); 2391 sctp_addto_chunk(chunk, err_param_len, &err_param); 2392 2393 /* Add the failed TLV copied from ASCONF chunk. */ 2394 if (asconf_param) 2395 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2396 } 2397 2398 /* Process a asconf parameter. */ 2399 static __u16 sctp_process_asconf_param(struct sctp_association *asoc, 2400 struct sctp_chunk *asconf, 2401 sctp_addip_param_t *asconf_param) 2402 { 2403 struct sctp_transport *peer; 2404 struct sctp_af *af; 2405 union sctp_addr addr; 2406 struct list_head *pos; 2407 union sctp_addr_param *addr_param; 2408 2409 addr_param = (union sctp_addr_param *) 2410 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2411 2412 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2413 if (unlikely(!af)) 2414 return SCTP_ERROR_INV_PARAM; 2415 2416 af->from_addr_param(&addr, addr_param, asoc->peer.port, 0); 2417 switch (asconf_param->param_hdr.type) { 2418 case SCTP_PARAM_ADD_IP: 2419 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2420 * request and does not have the local resources to add this 2421 * new address to the association, it MUST return an Error 2422 * Cause TLV set to the new error code 'Operation Refused 2423 * Due to Resource Shortage'. 2424 */ 2425 2426 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2427 if (!peer) 2428 return SCTP_ERROR_RSRC_LOW; 2429 2430 /* Start the heartbeat timer. */ 2431 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2432 sctp_transport_hold(peer); 2433 break; 2434 case SCTP_PARAM_DEL_IP: 2435 /* ADDIP 4.3 D7) If a request is received to delete the 2436 * last remaining IP address of a peer endpoint, the receiver 2437 * MUST send an Error Cause TLV with the error cause set to the 2438 * new error code 'Request to Delete Last Remaining IP Address'. 2439 */ 2440 pos = asoc->peer.transport_addr_list.next; 2441 if (pos->next == &asoc->peer.transport_addr_list) 2442 return SCTP_ERROR_DEL_LAST_IP; 2443 2444 /* ADDIP 4.3 D8) If a request is received to delete an IP 2445 * address which is also the source address of the IP packet 2446 * which contained the ASCONF chunk, the receiver MUST reject 2447 * this request. To reject the request the receiver MUST send 2448 * an Error Cause TLV set to the new error code 'Request to 2449 * Delete Source IP Address' 2450 */ 2451 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2452 return SCTP_ERROR_DEL_SRC_IP; 2453 2454 sctp_assoc_del_peer(asoc, &addr); 2455 break; 2456 case SCTP_PARAM_SET_PRIMARY: 2457 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2458 if (!peer) 2459 return SCTP_ERROR_INV_PARAM; 2460 2461 sctp_assoc_set_primary(asoc, peer); 2462 break; 2463 default: 2464 return SCTP_ERROR_INV_PARAM; 2465 break; 2466 } 2467 2468 return SCTP_ERROR_NO_ERROR; 2469 } 2470 2471 /* Process an incoming ASCONF chunk with the next expected serial no. and 2472 * return an ASCONF_ACK chunk to be sent in response. 2473 */ 2474 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2475 struct sctp_chunk *asconf) 2476 { 2477 sctp_addiphdr_t *hdr; 2478 union sctp_addr_param *addr_param; 2479 sctp_addip_param_t *asconf_param; 2480 struct sctp_chunk *asconf_ack; 2481 2482 __u16 err_code; 2483 int length = 0; 2484 int chunk_len = asconf->skb->len; 2485 __u32 serial; 2486 int all_param_pass = 1; 2487 2488 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2489 serial = ntohl(hdr->serial); 2490 2491 /* Skip the addiphdr and store a pointer to address parameter. */ 2492 length = sizeof(sctp_addiphdr_t); 2493 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2494 chunk_len -= length; 2495 2496 /* Skip the address parameter and store a pointer to the first 2497 * asconf paramter. 2498 */ 2499 length = ntohs(addr_param->v4.param_hdr.length); 2500 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2501 chunk_len -= length; 2502 2503 /* create an ASCONF_ACK chunk. 2504 * Based on the definitions of parameters, we know that the size of 2505 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2506 * paramters. 2507 */ 2508 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2509 if (!asconf_ack) 2510 goto done; 2511 2512 /* Process the TLVs contained within the ASCONF chunk. */ 2513 while (chunk_len > 0) { 2514 err_code = sctp_process_asconf_param(asoc, asconf, 2515 asconf_param); 2516 /* ADDIP 4.1 A7) 2517 * If an error response is received for a TLV parameter, 2518 * all TLVs with no response before the failed TLV are 2519 * considered successful if not reported. All TLVs after 2520 * the failed response are considered unsuccessful unless 2521 * a specific success indication is present for the parameter. 2522 */ 2523 if (SCTP_ERROR_NO_ERROR != err_code) 2524 all_param_pass = 0; 2525 2526 if (!all_param_pass) 2527 sctp_add_asconf_response(asconf_ack, 2528 asconf_param->crr_id, err_code, 2529 asconf_param); 2530 2531 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2532 * an IP address sends an 'Out of Resource' in its response, it 2533 * MUST also fail any subsequent add or delete requests bundled 2534 * in the ASCONF. 2535 */ 2536 if (SCTP_ERROR_RSRC_LOW == err_code) 2537 goto done; 2538 2539 /* Move to the next ASCONF param. */ 2540 length = ntohs(asconf_param->param_hdr.length); 2541 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2542 length); 2543 chunk_len -= length; 2544 } 2545 2546 done: 2547 asoc->peer.addip_serial++; 2548 2549 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2550 * after freeing the reference to old asconf ack if any. 2551 */ 2552 if (asconf_ack) { 2553 if (asoc->addip_last_asconf_ack) 2554 sctp_chunk_free(asoc->addip_last_asconf_ack); 2555 2556 sctp_chunk_hold(asconf_ack); 2557 asoc->addip_last_asconf_ack = asconf_ack; 2558 } 2559 2560 return asconf_ack; 2561 } 2562 2563 /* Process a asconf parameter that is successfully acked. */ 2564 static int sctp_asconf_param_success(struct sctp_association *asoc, 2565 sctp_addip_param_t *asconf_param) 2566 { 2567 struct sctp_af *af; 2568 union sctp_addr addr; 2569 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2570 union sctp_addr_param *addr_param; 2571 struct list_head *pos; 2572 struct sctp_transport *transport; 2573 struct sctp_sockaddr_entry *saddr; 2574 int retval = 0; 2575 2576 addr_param = (union sctp_addr_param *) 2577 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2578 2579 /* We have checked the packet before, so we do not check again. */ 2580 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2581 af->from_addr_param(&addr, addr_param, bp->port, 0); 2582 2583 switch (asconf_param->param_hdr.type) { 2584 case SCTP_PARAM_ADD_IP: 2585 sctp_local_bh_disable(); 2586 sctp_write_lock(&asoc->base.addr_lock); 2587 list_for_each(pos, &bp->address_list) { 2588 saddr = list_entry(pos, struct sctp_sockaddr_entry, list); 2589 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 2590 saddr->use_as_src = 1; 2591 } 2592 sctp_write_unlock(&asoc->base.addr_lock); 2593 sctp_local_bh_enable(); 2594 break; 2595 case SCTP_PARAM_DEL_IP: 2596 sctp_local_bh_disable(); 2597 sctp_write_lock(&asoc->base.addr_lock); 2598 retval = sctp_del_bind_addr(bp, &addr); 2599 sctp_write_unlock(&asoc->base.addr_lock); 2600 sctp_local_bh_enable(); 2601 list_for_each(pos, &asoc->peer.transport_addr_list) { 2602 transport = list_entry(pos, struct sctp_transport, 2603 transports); 2604 dst_release(transport->dst); 2605 sctp_transport_route(transport, NULL, 2606 sctp_sk(asoc->base.sk)); 2607 } 2608 break; 2609 default: 2610 break; 2611 } 2612 2613 return retval; 2614 } 2615 2616 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2617 * for the given asconf parameter. If there is no response for this parameter, 2618 * return the error code based on the third argument 'no_err'. 2619 * ADDIP 4.1 2620 * A7) If an error response is received for a TLV parameter, all TLVs with no 2621 * response before the failed TLV are considered successful if not reported. 2622 * All TLVs after the failed response are considered unsuccessful unless a 2623 * specific success indication is present for the parameter. 2624 */ 2625 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2626 sctp_addip_param_t *asconf_param, 2627 int no_err) 2628 { 2629 sctp_addip_param_t *asconf_ack_param; 2630 sctp_errhdr_t *err_param; 2631 int length; 2632 int asconf_ack_len = asconf_ack->skb->len; 2633 __u16 err_code; 2634 2635 if (no_err) 2636 err_code = SCTP_ERROR_NO_ERROR; 2637 else 2638 err_code = SCTP_ERROR_REQ_REFUSED; 2639 2640 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2641 * the first asconf_ack parameter. 2642 */ 2643 length = sizeof(sctp_addiphdr_t); 2644 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2645 length); 2646 asconf_ack_len -= length; 2647 2648 while (asconf_ack_len > 0) { 2649 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2650 switch(asconf_ack_param->param_hdr.type) { 2651 case SCTP_PARAM_SUCCESS_REPORT: 2652 return SCTP_ERROR_NO_ERROR; 2653 case SCTP_PARAM_ERR_CAUSE: 2654 length = sizeof(sctp_addip_param_t); 2655 err_param = (sctp_errhdr_t *) 2656 ((void *)asconf_ack_param + length); 2657 asconf_ack_len -= length; 2658 if (asconf_ack_len > 0) 2659 return err_param->cause; 2660 else 2661 return SCTP_ERROR_INV_PARAM; 2662 break; 2663 default: 2664 return SCTP_ERROR_INV_PARAM; 2665 } 2666 } 2667 2668 length = ntohs(asconf_ack_param->param_hdr.length); 2669 asconf_ack_param = (sctp_addip_param_t *) 2670 ((void *)asconf_ack_param + length); 2671 asconf_ack_len -= length; 2672 } 2673 2674 return err_code; 2675 } 2676 2677 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2678 int sctp_process_asconf_ack(struct sctp_association *asoc, 2679 struct sctp_chunk *asconf_ack) 2680 { 2681 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2682 union sctp_addr_param *addr_param; 2683 sctp_addip_param_t *asconf_param; 2684 int length = 0; 2685 int asconf_len = asconf->skb->len; 2686 int all_param_pass = 0; 2687 int no_err = 1; 2688 int retval = 0; 2689 __u16 err_code = SCTP_ERROR_NO_ERROR; 2690 2691 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2692 * a pointer to address parameter. 2693 */ 2694 length = sizeof(sctp_addip_chunk_t); 2695 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2696 asconf_len -= length; 2697 2698 /* Skip the address parameter in the last asconf sent and store a 2699 * pointer to the first asconf paramter. 2700 */ 2701 length = ntohs(addr_param->v4.param_hdr.length); 2702 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2703 asconf_len -= length; 2704 2705 /* ADDIP 4.1 2706 * A8) If there is no response(s) to specific TLV parameter(s), and no 2707 * failures are indicated, then all request(s) are considered 2708 * successful. 2709 */ 2710 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2711 all_param_pass = 1; 2712 2713 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2714 while (asconf_len > 0) { 2715 if (all_param_pass) 2716 err_code = SCTP_ERROR_NO_ERROR; 2717 else { 2718 err_code = sctp_get_asconf_response(asconf_ack, 2719 asconf_param, 2720 no_err); 2721 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2722 no_err = 0; 2723 } 2724 2725 switch (err_code) { 2726 case SCTP_ERROR_NO_ERROR: 2727 retval = sctp_asconf_param_success(asoc, asconf_param); 2728 break; 2729 2730 case SCTP_ERROR_RSRC_LOW: 2731 retval = 1; 2732 break; 2733 2734 case SCTP_ERROR_INV_PARAM: 2735 /* Disable sending this type of asconf parameter in 2736 * future. 2737 */ 2738 asoc->peer.addip_disabled_mask |= 2739 asconf_param->param_hdr.type; 2740 break; 2741 2742 case SCTP_ERROR_REQ_REFUSED: 2743 case SCTP_ERROR_DEL_LAST_IP: 2744 case SCTP_ERROR_DEL_SRC_IP: 2745 default: 2746 break; 2747 } 2748 2749 /* Skip the processed asconf parameter and move to the next 2750 * one. 2751 */ 2752 length = ntohs(asconf_param->param_hdr.length); 2753 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2754 length); 2755 asconf_len -= length; 2756 } 2757 2758 /* Free the cached last sent asconf chunk. */ 2759 sctp_chunk_free(asconf); 2760 asoc->addip_last_asconf = NULL; 2761 2762 /* Send the next asconf chunk from the addip chunk queue. */ 2763 if (!list_empty(&asoc->addip_chunk_list)) { 2764 struct list_head *entry = asoc->addip_chunk_list.next; 2765 asconf = list_entry(entry, struct sctp_chunk, list); 2766 2767 list_del_init(entry); 2768 2769 /* Hold the chunk until an ASCONF_ACK is received. */ 2770 sctp_chunk_hold(asconf); 2771 if (sctp_primitive_ASCONF(asoc, asconf)) 2772 sctp_chunk_free(asconf); 2773 else 2774 asoc->addip_last_asconf = asconf; 2775 } 2776 2777 return retval; 2778 } 2779 2780 /* Make a FWD TSN chunk. */ 2781 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2782 __u32 new_cum_tsn, size_t nstreams, 2783 struct sctp_fwdtsn_skip *skiplist) 2784 { 2785 struct sctp_chunk *retval = NULL; 2786 struct sctp_fwdtsn_chunk *ftsn_chunk; 2787 struct sctp_fwdtsn_hdr ftsn_hdr; 2788 struct sctp_fwdtsn_skip skip; 2789 size_t hint; 2790 int i; 2791 2792 hint = (nstreams + 1) * sizeof(__u32); 2793 2794 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2795 2796 if (!retval) 2797 return NULL; 2798 2799 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2800 2801 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2802 retval->subh.fwdtsn_hdr = 2803 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2804 2805 for (i = 0; i < nstreams; i++) { 2806 skip.stream = skiplist[i].stream; 2807 skip.ssn = skiplist[i].ssn; 2808 sctp_addto_chunk(retval, sizeof(skip), &skip); 2809 } 2810 2811 return retval; 2812 } 2813