1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 54 55 #include <linux/types.h> 56 #include <linux/kernel.h> 57 #include <linux/ip.h> 58 #include <linux/ipv6.h> 59 #include <linux/net.h> 60 #include <linux/inet.h> 61 #include <linux/scatterlist.h> 62 #include <linux/crypto.h> 63 #include <linux/slab.h> 64 #include <net/sock.h> 65 66 #include <linux/skbuff.h> 67 #include <linux/random.h> /* for get_random_bytes */ 68 #include <net/sctp/sctp.h> 69 #include <net/sctp/sm.h> 70 71 SCTP_STATIC 72 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 73 __u8 type, __u8 flags, int paylen); 74 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 75 const struct sctp_association *asoc, 76 const struct sctp_chunk *init_chunk, 77 int *cookie_len, 78 const __u8 *raw_addrs, int addrs_len); 79 static int sctp_process_param(struct sctp_association *asoc, 80 union sctp_params param, 81 const union sctp_addr *peer_addr, 82 gfp_t gfp); 83 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 84 const void *data); 85 86 /* What was the inbound interface for this chunk? */ 87 int sctp_chunk_iif(const struct sctp_chunk *chunk) 88 { 89 struct sctp_af *af; 90 int iif = 0; 91 92 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 93 if (af) 94 iif = af->skb_iif(chunk->skb); 95 96 return iif; 97 } 98 99 /* RFC 2960 3.3.2 Initiation (INIT) (1) 100 * 101 * Note 2: The ECN capable field is reserved for future use of 102 * Explicit Congestion Notification. 103 */ 104 static const struct sctp_paramhdr ecap_param = { 105 SCTP_PARAM_ECN_CAPABLE, 106 cpu_to_be16(sizeof(struct sctp_paramhdr)), 107 }; 108 static const struct sctp_paramhdr prsctp_param = { 109 SCTP_PARAM_FWD_TSN_SUPPORT, 110 cpu_to_be16(sizeof(struct sctp_paramhdr)), 111 }; 112 113 /* A helper to initialize an op error inside a 114 * provided chunk, as most cause codes will be embedded inside an 115 * abort chunk. 116 */ 117 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 118 size_t paylen) 119 { 120 sctp_errhdr_t err; 121 __u16 len; 122 123 /* Cause code constants are now defined in network order. */ 124 err.cause = cause_code; 125 len = sizeof(sctp_errhdr_t) + paylen; 126 err.length = htons(len); 127 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 } 129 130 /* A helper to initialize an op error inside a 131 * provided chunk, as most cause codes will be embedded inside an 132 * abort chunk. Differs from sctp_init_cause in that it won't oops 133 * if there isn't enough space in the op error chunk 134 */ 135 int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 136 size_t paylen) 137 { 138 sctp_errhdr_t err; 139 __u16 len; 140 141 /* Cause code constants are now defined in network order. */ 142 err.cause = cause_code; 143 len = sizeof(sctp_errhdr_t) + paylen; 144 err.length = htons(len); 145 146 if (skb_tailroom(chunk->skb) < len) 147 return -ENOSPC; 148 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 149 sizeof(sctp_errhdr_t), 150 &err); 151 return 0; 152 } 153 /* 3.3.2 Initiation (INIT) (1) 154 * 155 * This chunk is used to initiate a SCTP association between two 156 * endpoints. The format of the INIT chunk is shown below: 157 * 158 * 0 1 2 3 159 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 160 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 * | Type = 1 | Chunk Flags | Chunk Length | 162 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 * | Initiate Tag | 164 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 * | Advertised Receiver Window Credit (a_rwnd) | 166 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 167 * | Number of Outbound Streams | Number of Inbound Streams | 168 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 * | Initial TSN | 170 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 171 * \ \ 172 * / Optional/Variable-Length Parameters / 173 * \ \ 174 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 * 176 * 177 * The INIT chunk contains the following parameters. Unless otherwise 178 * noted, each parameter MUST only be included once in the INIT chunk. 179 * 180 * Fixed Parameters Status 181 * ---------------------------------------------- 182 * Initiate Tag Mandatory 183 * Advertised Receiver Window Credit Mandatory 184 * Number of Outbound Streams Mandatory 185 * Number of Inbound Streams Mandatory 186 * Initial TSN Mandatory 187 * 188 * Variable Parameters Status Type Value 189 * ------------------------------------------------------------- 190 * IPv4 Address (Note 1) Optional 5 191 * IPv6 Address (Note 1) Optional 6 192 * Cookie Preservative Optional 9 193 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 194 * Host Name Address (Note 3) Optional 11 195 * Supported Address Types (Note 4) Optional 12 196 */ 197 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 198 const struct sctp_bind_addr *bp, 199 gfp_t gfp, int vparam_len) 200 { 201 sctp_inithdr_t init; 202 union sctp_params addrs; 203 size_t chunksize; 204 struct sctp_chunk *retval = NULL; 205 int num_types, addrs_len = 0; 206 struct sctp_sock *sp; 207 sctp_supported_addrs_param_t sat; 208 __be16 types[2]; 209 sctp_adaptation_ind_param_t aiparam; 210 sctp_supported_ext_param_t ext_param; 211 int num_ext = 0; 212 __u8 extensions[3]; 213 sctp_paramhdr_t *auth_chunks = NULL, 214 *auth_hmacs = NULL; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 1: The INIT chunks can contain multiple addresses that 219 * can be IPv4 and/or IPv6 in any combination. 220 */ 221 retval = NULL; 222 223 /* Convert the provided bind address list to raw format. */ 224 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 225 226 init.init_tag = htonl(asoc->c.my_vtag); 227 init.a_rwnd = htonl(asoc->rwnd); 228 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 229 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 230 init.initial_tsn = htonl(asoc->c.initial_tsn); 231 232 /* How many address types are needed? */ 233 sp = sctp_sk(asoc->base.sk); 234 num_types = sp->pf->supported_addrs(sp, types); 235 236 chunksize = sizeof(init) + addrs_len; 237 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 238 chunksize += sizeof(ecap_param); 239 240 if (sctp_prsctp_enable) 241 chunksize += sizeof(prsctp_param); 242 243 /* ADDIP: Section 4.2.7: 244 * An implementation supporting this extension [ADDIP] MUST list 245 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 246 * INIT-ACK parameters. 247 */ 248 if (sctp_addip_enable) { 249 extensions[num_ext] = SCTP_CID_ASCONF; 250 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 251 num_ext += 2; 252 } 253 254 if (sp->adaptation_ind) 255 chunksize += sizeof(aiparam); 256 257 chunksize += vparam_len; 258 259 /* Account for AUTH related parameters */ 260 if (sctp_auth_enable) { 261 /* Add random parameter length*/ 262 chunksize += sizeof(asoc->c.auth_random); 263 264 /* Add HMACS parameter length if any were defined */ 265 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 266 if (auth_hmacs->length) 267 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 268 else 269 auth_hmacs = NULL; 270 271 /* Add CHUNKS parameter length */ 272 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 273 if (auth_chunks->length) 274 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 275 else 276 auth_chunks = NULL; 277 278 extensions[num_ext] = SCTP_CID_AUTH; 279 num_ext += 1; 280 } 281 282 /* If we have any extensions to report, account for that */ 283 if (num_ext) 284 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 285 num_ext); 286 287 /* RFC 2960 3.3.2 Initiation (INIT) (1) 288 * 289 * Note 3: An INIT chunk MUST NOT contain more than one Host 290 * Name address parameter. Moreover, the sender of the INIT 291 * MUST NOT combine any other address types with the Host Name 292 * address in the INIT. The receiver of INIT MUST ignore any 293 * other address types if the Host Name address parameter is 294 * present in the received INIT chunk. 295 * 296 * PLEASE DO NOT FIXME [This version does not support Host Name.] 297 */ 298 299 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 300 if (!retval) 301 goto nodata; 302 303 retval->subh.init_hdr = 304 sctp_addto_chunk(retval, sizeof(init), &init); 305 retval->param_hdr.v = 306 sctp_addto_chunk(retval, addrs_len, addrs.v); 307 308 /* RFC 2960 3.3.2 Initiation (INIT) (1) 309 * 310 * Note 4: This parameter, when present, specifies all the 311 * address types the sending endpoint can support. The absence 312 * of this parameter indicates that the sending endpoint can 313 * support any address type. 314 */ 315 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 316 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 317 sctp_addto_chunk(retval, sizeof(sat), &sat); 318 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 319 320 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 321 322 /* Add the supported extensions parameter. Be nice and add this 323 * fist before addiding the parameters for the extensions themselves 324 */ 325 if (num_ext) { 326 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 327 ext_param.param_hdr.length = 328 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 329 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 330 &ext_param); 331 sctp_addto_param(retval, num_ext, extensions); 332 } 333 334 if (sctp_prsctp_enable) 335 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 336 337 if (sp->adaptation_ind) { 338 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 339 aiparam.param_hdr.length = htons(sizeof(aiparam)); 340 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 341 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 342 } 343 344 /* Add SCTP-AUTH chunks to the parameter list */ 345 if (sctp_auth_enable) { 346 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 347 asoc->c.auth_random); 348 if (auth_hmacs) 349 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 350 auth_hmacs); 351 if (auth_chunks) 352 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 353 auth_chunks); 354 } 355 nodata: 356 kfree(addrs.v); 357 return retval; 358 } 359 360 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 361 const struct sctp_chunk *chunk, 362 gfp_t gfp, int unkparam_len) 363 { 364 sctp_inithdr_t initack; 365 struct sctp_chunk *retval; 366 union sctp_params addrs; 367 struct sctp_sock *sp; 368 int addrs_len; 369 sctp_cookie_param_t *cookie; 370 int cookie_len; 371 size_t chunksize; 372 sctp_adaptation_ind_param_t aiparam; 373 sctp_supported_ext_param_t ext_param; 374 int num_ext = 0; 375 __u8 extensions[3]; 376 sctp_paramhdr_t *auth_chunks = NULL, 377 *auth_hmacs = NULL, 378 *auth_random = NULL; 379 380 retval = NULL; 381 382 /* Note: there may be no addresses to embed. */ 383 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 384 385 initack.init_tag = htonl(asoc->c.my_vtag); 386 initack.a_rwnd = htonl(asoc->rwnd); 387 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 388 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 389 initack.initial_tsn = htonl(asoc->c.initial_tsn); 390 391 /* FIXME: We really ought to build the cookie right 392 * into the packet instead of allocating more fresh memory. 393 */ 394 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 395 addrs.v, addrs_len); 396 if (!cookie) 397 goto nomem_cookie; 398 399 /* Calculate the total size of allocation, include the reserved 400 * space for reporting unknown parameters if it is specified. 401 */ 402 sp = sctp_sk(asoc->base.sk); 403 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 404 405 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 406 if (asoc->peer.ecn_capable) 407 chunksize += sizeof(ecap_param); 408 409 if (asoc->peer.prsctp_capable) 410 chunksize += sizeof(prsctp_param); 411 412 if (asoc->peer.asconf_capable) { 413 extensions[num_ext] = SCTP_CID_ASCONF; 414 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 415 num_ext += 2; 416 } 417 418 if (sp->adaptation_ind) 419 chunksize += sizeof(aiparam); 420 421 if (asoc->peer.auth_capable) { 422 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 423 chunksize += ntohs(auth_random->length); 424 425 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 426 if (auth_hmacs->length) 427 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 428 else 429 auth_hmacs = NULL; 430 431 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 432 if (auth_chunks->length) 433 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 434 else 435 auth_chunks = NULL; 436 437 extensions[num_ext] = SCTP_CID_AUTH; 438 num_ext += 1; 439 } 440 441 if (num_ext) 442 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 443 num_ext); 444 445 /* Now allocate and fill out the chunk. */ 446 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 447 if (!retval) 448 goto nomem_chunk; 449 450 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 451 * 452 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 453 * HEARTBEAT ACK, * etc.) to the same destination transport 454 * address from which it received the DATA or control chunk 455 * to which it is replying. 456 * 457 * [INIT ACK back to where the INIT came from.] 458 */ 459 retval->transport = chunk->transport; 460 461 retval->subh.init_hdr = 462 sctp_addto_chunk(retval, sizeof(initack), &initack); 463 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 464 sctp_addto_chunk(retval, cookie_len, cookie); 465 if (asoc->peer.ecn_capable) 466 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 467 if (num_ext) { 468 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 469 ext_param.param_hdr.length = 470 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 471 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 472 &ext_param); 473 sctp_addto_param(retval, num_ext, extensions); 474 } 475 if (asoc->peer.prsctp_capable) 476 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 477 478 if (sp->adaptation_ind) { 479 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 480 aiparam.param_hdr.length = htons(sizeof(aiparam)); 481 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 482 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 483 } 484 485 if (asoc->peer.auth_capable) { 486 sctp_addto_chunk(retval, ntohs(auth_random->length), 487 auth_random); 488 if (auth_hmacs) 489 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 490 auth_hmacs); 491 if (auth_chunks) 492 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 493 auth_chunks); 494 } 495 496 /* We need to remove the const qualifier at this point. */ 497 retval->asoc = (struct sctp_association *) asoc; 498 499 nomem_chunk: 500 kfree(cookie); 501 nomem_cookie: 502 kfree(addrs.v); 503 return retval; 504 } 505 506 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 507 * 508 * This chunk is used only during the initialization of an association. 509 * It is sent by the initiator of an association to its peer to complete 510 * the initialization process. This chunk MUST precede any DATA chunk 511 * sent within the association, but MAY be bundled with one or more DATA 512 * chunks in the same packet. 513 * 514 * 0 1 2 3 515 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 516 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 * | Type = 10 |Chunk Flags | Length | 518 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 519 * / Cookie / 520 * \ \ 521 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 522 * 523 * Chunk Flags: 8 bit 524 * 525 * Set to zero on transmit and ignored on receipt. 526 * 527 * Length: 16 bits (unsigned integer) 528 * 529 * Set to the size of the chunk in bytes, including the 4 bytes of 530 * the chunk header and the size of the Cookie. 531 * 532 * Cookie: variable size 533 * 534 * This field must contain the exact cookie received in the 535 * State Cookie parameter from the previous INIT ACK. 536 * 537 * An implementation SHOULD make the cookie as small as possible 538 * to insure interoperability. 539 */ 540 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 541 const struct sctp_chunk *chunk) 542 { 543 struct sctp_chunk *retval; 544 void *cookie; 545 int cookie_len; 546 547 cookie = asoc->peer.cookie; 548 cookie_len = asoc->peer.cookie_len; 549 550 /* Build a cookie echo chunk. */ 551 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 552 if (!retval) 553 goto nodata; 554 retval->subh.cookie_hdr = 555 sctp_addto_chunk(retval, cookie_len, cookie); 556 557 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 558 * 559 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 560 * HEARTBEAT ACK, * etc.) to the same destination transport 561 * address from which it * received the DATA or control chunk 562 * to which it is replying. 563 * 564 * [COOKIE ECHO back to where the INIT ACK came from.] 565 */ 566 if (chunk) 567 retval->transport = chunk->transport; 568 569 nodata: 570 return retval; 571 } 572 573 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 574 * 575 * This chunk is used only during the initialization of an 576 * association. It is used to acknowledge the receipt of a COOKIE 577 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 578 * within the association, but MAY be bundled with one or more DATA 579 * chunks or SACK chunk in the same SCTP packet. 580 * 581 * 0 1 2 3 582 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 583 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 584 * | Type = 11 |Chunk Flags | Length = 4 | 585 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 586 * 587 * Chunk Flags: 8 bits 588 * 589 * Set to zero on transmit and ignored on receipt. 590 */ 591 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 592 const struct sctp_chunk *chunk) 593 { 594 struct sctp_chunk *retval; 595 596 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 597 598 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 599 * 600 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 601 * HEARTBEAT ACK, * etc.) to the same destination transport 602 * address from which it * received the DATA or control chunk 603 * to which it is replying. 604 * 605 * [COOKIE ACK back to where the COOKIE ECHO came from.] 606 */ 607 if (retval && chunk) 608 retval->transport = chunk->transport; 609 610 return retval; 611 } 612 613 /* 614 * Appendix A: Explicit Congestion Notification: 615 * CWR: 616 * 617 * RFC 2481 details a specific bit for a sender to send in the header of 618 * its next outbound TCP segment to indicate to its peer that it has 619 * reduced its congestion window. This is termed the CWR bit. For 620 * SCTP the same indication is made by including the CWR chunk. 621 * This chunk contains one data element, i.e. the TSN number that 622 * was sent in the ECNE chunk. This element represents the lowest 623 * TSN number in the datagram that was originally marked with the 624 * CE bit. 625 * 626 * 0 1 2 3 627 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 628 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 629 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 630 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 631 * | Lowest TSN Number | 632 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 633 * 634 * Note: The CWR is considered a Control chunk. 635 */ 636 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 637 const __u32 lowest_tsn, 638 const struct sctp_chunk *chunk) 639 { 640 struct sctp_chunk *retval; 641 sctp_cwrhdr_t cwr; 642 643 cwr.lowest_tsn = htonl(lowest_tsn); 644 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 645 sizeof(sctp_cwrhdr_t)); 646 647 if (!retval) 648 goto nodata; 649 650 retval->subh.ecn_cwr_hdr = 651 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 652 653 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 654 * 655 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 656 * HEARTBEAT ACK, * etc.) to the same destination transport 657 * address from which it * received the DATA or control chunk 658 * to which it is replying. 659 * 660 * [Report a reduced congestion window back to where the ECNE 661 * came from.] 662 */ 663 if (chunk) 664 retval->transport = chunk->transport; 665 666 nodata: 667 return retval; 668 } 669 670 /* Make an ECNE chunk. This is a congestion experienced report. */ 671 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 672 const __u32 lowest_tsn) 673 { 674 struct sctp_chunk *retval; 675 sctp_ecnehdr_t ecne; 676 677 ecne.lowest_tsn = htonl(lowest_tsn); 678 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 679 sizeof(sctp_ecnehdr_t)); 680 if (!retval) 681 goto nodata; 682 retval->subh.ecne_hdr = 683 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 684 685 nodata: 686 return retval; 687 } 688 689 /* Make a DATA chunk for the given association from the provided 690 * parameters. However, do not populate the data payload. 691 */ 692 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 693 const struct sctp_sndrcvinfo *sinfo, 694 int data_len, __u8 flags, __u16 ssn) 695 { 696 struct sctp_chunk *retval; 697 struct sctp_datahdr dp; 698 int chunk_len; 699 700 /* We assign the TSN as LATE as possible, not here when 701 * creating the chunk. 702 */ 703 dp.tsn = 0; 704 dp.stream = htons(sinfo->sinfo_stream); 705 dp.ppid = sinfo->sinfo_ppid; 706 707 /* Set the flags for an unordered send. */ 708 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 709 flags |= SCTP_DATA_UNORDERED; 710 dp.ssn = 0; 711 } else 712 dp.ssn = htons(ssn); 713 714 chunk_len = sizeof(dp) + data_len; 715 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 716 if (!retval) 717 goto nodata; 718 719 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 720 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 721 722 nodata: 723 return retval; 724 } 725 726 /* Create a selective ackowledgement (SACK) for the given 727 * association. This reports on which TSN's we've seen to date, 728 * including duplicates and gaps. 729 */ 730 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 731 { 732 struct sctp_chunk *retval; 733 struct sctp_sackhdr sack; 734 int len; 735 __u32 ctsn; 736 __u16 num_gabs, num_dup_tsns; 737 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 738 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 739 740 memset(gabs, 0, sizeof(gabs)); 741 ctsn = sctp_tsnmap_get_ctsn(map); 742 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 743 744 /* How much room is needed in the chunk? */ 745 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 746 num_dup_tsns = sctp_tsnmap_num_dups(map); 747 748 /* Initialize the SACK header. */ 749 sack.cum_tsn_ack = htonl(ctsn); 750 sack.a_rwnd = htonl(asoc->a_rwnd); 751 sack.num_gap_ack_blocks = htons(num_gabs); 752 sack.num_dup_tsns = htons(num_dup_tsns); 753 754 len = sizeof(sack) 755 + sizeof(struct sctp_gap_ack_block) * num_gabs 756 + sizeof(__u32) * num_dup_tsns; 757 758 /* Create the chunk. */ 759 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 760 if (!retval) 761 goto nodata; 762 763 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 764 * 765 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 766 * HEARTBEAT ACK, etc.) to the same destination transport 767 * address from which it received the DATA or control chunk to 768 * which it is replying. This rule should also be followed if 769 * the endpoint is bundling DATA chunks together with the 770 * reply chunk. 771 * 772 * However, when acknowledging multiple DATA chunks received 773 * in packets from different source addresses in a single 774 * SACK, the SACK chunk may be transmitted to one of the 775 * destination transport addresses from which the DATA or 776 * control chunks being acknowledged were received. 777 * 778 * [BUG: We do not implement the following paragraph. 779 * Perhaps we should remember the last transport we used for a 780 * SACK and avoid that (if possible) if we have seen any 781 * duplicates. --piggy] 782 * 783 * When a receiver of a duplicate DATA chunk sends a SACK to a 784 * multi- homed endpoint it MAY be beneficial to vary the 785 * destination address and not use the source address of the 786 * DATA chunk. The reason being that receiving a duplicate 787 * from a multi-homed endpoint might indicate that the return 788 * path (as specified in the source address of the DATA chunk) 789 * for the SACK is broken. 790 * 791 * [Send to the address from which we last received a DATA chunk.] 792 */ 793 retval->transport = asoc->peer.last_data_from; 794 795 retval->subh.sack_hdr = 796 sctp_addto_chunk(retval, sizeof(sack), &sack); 797 798 /* Add the gap ack block information. */ 799 if (num_gabs) 800 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 801 gabs); 802 803 /* Add the duplicate TSN information. */ 804 if (num_dup_tsns) 805 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 806 sctp_tsnmap_get_dups(map)); 807 808 nodata: 809 return retval; 810 } 811 812 /* Make a SHUTDOWN chunk. */ 813 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 814 const struct sctp_chunk *chunk) 815 { 816 struct sctp_chunk *retval; 817 sctp_shutdownhdr_t shut; 818 __u32 ctsn; 819 820 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 821 shut.cum_tsn_ack = htonl(ctsn); 822 823 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 824 sizeof(sctp_shutdownhdr_t)); 825 if (!retval) 826 goto nodata; 827 828 retval->subh.shutdown_hdr = 829 sctp_addto_chunk(retval, sizeof(shut), &shut); 830 831 if (chunk) 832 retval->transport = chunk->transport; 833 nodata: 834 return retval; 835 } 836 837 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 838 const struct sctp_chunk *chunk) 839 { 840 struct sctp_chunk *retval; 841 842 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 843 844 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 845 * 846 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 847 * HEARTBEAT ACK, * etc.) to the same destination transport 848 * address from which it * received the DATA or control chunk 849 * to which it is replying. 850 * 851 * [ACK back to where the SHUTDOWN came from.] 852 */ 853 if (retval && chunk) 854 retval->transport = chunk->transport; 855 856 return retval; 857 } 858 859 struct sctp_chunk *sctp_make_shutdown_complete( 860 const struct sctp_association *asoc, 861 const struct sctp_chunk *chunk) 862 { 863 struct sctp_chunk *retval; 864 __u8 flags = 0; 865 866 /* Set the T-bit if we have no association (vtag will be 867 * reflected) 868 */ 869 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 870 871 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 872 873 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 874 * 875 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 876 * HEARTBEAT ACK, * etc.) to the same destination transport 877 * address from which it * received the DATA or control chunk 878 * to which it is replying. 879 * 880 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 881 * came from.] 882 */ 883 if (retval && chunk) 884 retval->transport = chunk->transport; 885 886 return retval; 887 } 888 889 /* Create an ABORT. Note that we set the T bit if we have no 890 * association, except when responding to an INIT (sctpimpguide 2.41). 891 */ 892 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 893 const struct sctp_chunk *chunk, 894 const size_t hint) 895 { 896 struct sctp_chunk *retval; 897 __u8 flags = 0; 898 899 /* Set the T-bit if we have no association and 'chunk' is not 900 * an INIT (vtag will be reflected). 901 */ 902 if (!asoc) { 903 if (chunk && chunk->chunk_hdr && 904 chunk->chunk_hdr->type == SCTP_CID_INIT) 905 flags = 0; 906 else 907 flags = SCTP_CHUNK_FLAG_T; 908 } 909 910 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 911 912 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 913 * 914 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 915 * HEARTBEAT ACK, * etc.) to the same destination transport 916 * address from which it * received the DATA or control chunk 917 * to which it is replying. 918 * 919 * [ABORT back to where the offender came from.] 920 */ 921 if (retval && chunk) 922 retval->transport = chunk->transport; 923 924 return retval; 925 } 926 927 /* Helper to create ABORT with a NO_USER_DATA error. */ 928 struct sctp_chunk *sctp_make_abort_no_data( 929 const struct sctp_association *asoc, 930 const struct sctp_chunk *chunk, __u32 tsn) 931 { 932 struct sctp_chunk *retval; 933 __be32 payload; 934 935 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 936 + sizeof(tsn)); 937 938 if (!retval) 939 goto no_mem; 940 941 /* Put the tsn back into network byte order. */ 942 payload = htonl(tsn); 943 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 944 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 945 946 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 947 * 948 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 949 * HEARTBEAT ACK, * etc.) to the same destination transport 950 * address from which it * received the DATA or control chunk 951 * to which it is replying. 952 * 953 * [ABORT back to where the offender came from.] 954 */ 955 if (chunk) 956 retval->transport = chunk->transport; 957 958 no_mem: 959 return retval; 960 } 961 962 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 963 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 964 const struct msghdr *msg, 965 size_t paylen) 966 { 967 struct sctp_chunk *retval; 968 void *payload = NULL; 969 int err; 970 971 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 972 if (!retval) 973 goto err_chunk; 974 975 if (paylen) { 976 /* Put the msg_iov together into payload. */ 977 payload = kmalloc(paylen, GFP_KERNEL); 978 if (!payload) 979 goto err_payload; 980 981 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 982 if (err < 0) 983 goto err_copy; 984 } 985 986 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 987 sctp_addto_chunk(retval, paylen, payload); 988 989 if (paylen) 990 kfree(payload); 991 992 return retval; 993 994 err_copy: 995 kfree(payload); 996 err_payload: 997 sctp_chunk_free(retval); 998 retval = NULL; 999 err_chunk: 1000 return retval; 1001 } 1002 1003 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1004 * enough. 1005 */ 1006 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1007 const void *data) 1008 { 1009 void *target; 1010 int chunklen = ntohs(chunk->chunk_hdr->length); 1011 1012 target = skb_put(chunk->skb, len); 1013 1014 if (data) 1015 memcpy(target, data, len); 1016 else 1017 memset(target, 0, len); 1018 1019 /* Adjust the chunk length field. */ 1020 chunk->chunk_hdr->length = htons(chunklen + len); 1021 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1022 1023 return target; 1024 } 1025 1026 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1027 struct sctp_chunk *sctp_make_abort_violation( 1028 const struct sctp_association *asoc, 1029 const struct sctp_chunk *chunk, 1030 const __u8 *payload, 1031 const size_t paylen) 1032 { 1033 struct sctp_chunk *retval; 1034 struct sctp_paramhdr phdr; 1035 1036 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1037 + sizeof(sctp_paramhdr_t)); 1038 if (!retval) 1039 goto end; 1040 1041 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1042 + sizeof(sctp_paramhdr_t)); 1043 1044 phdr.type = htons(chunk->chunk_hdr->type); 1045 phdr.length = chunk->chunk_hdr->length; 1046 sctp_addto_chunk(retval, paylen, payload); 1047 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1048 1049 end: 1050 return retval; 1051 } 1052 1053 struct sctp_chunk *sctp_make_violation_paramlen( 1054 const struct sctp_association *asoc, 1055 const struct sctp_chunk *chunk, 1056 struct sctp_paramhdr *param) 1057 { 1058 struct sctp_chunk *retval; 1059 static const char error[] = "The following parameter had invalid length:"; 1060 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1061 sizeof(sctp_paramhdr_t); 1062 1063 retval = sctp_make_abort(asoc, chunk, payload_len); 1064 if (!retval) 1065 goto nodata; 1066 1067 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1068 sizeof(error) + sizeof(sctp_paramhdr_t)); 1069 sctp_addto_chunk(retval, sizeof(error), error); 1070 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1071 1072 nodata: 1073 return retval; 1074 } 1075 1076 /* Make a HEARTBEAT chunk. */ 1077 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1078 const struct sctp_transport *transport, 1079 const void *payload, const size_t paylen) 1080 { 1081 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1082 0, paylen); 1083 1084 if (!retval) 1085 goto nodata; 1086 1087 /* Cast away the 'const', as this is just telling the chunk 1088 * what transport it belongs to. 1089 */ 1090 retval->transport = (struct sctp_transport *) transport; 1091 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1092 1093 nodata: 1094 return retval; 1095 } 1096 1097 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1098 const struct sctp_chunk *chunk, 1099 const void *payload, const size_t paylen) 1100 { 1101 struct sctp_chunk *retval; 1102 1103 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1104 if (!retval) 1105 goto nodata; 1106 1107 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1108 1109 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1110 * 1111 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1112 * HEARTBEAT ACK, * etc.) to the same destination transport 1113 * address from which it * received the DATA or control chunk 1114 * to which it is replying. 1115 * 1116 * [HBACK back to where the HEARTBEAT came from.] 1117 */ 1118 if (chunk) 1119 retval->transport = chunk->transport; 1120 1121 nodata: 1122 return retval; 1123 } 1124 1125 /* Create an Operation Error chunk with the specified space reserved. 1126 * This routine can be used for containing multiple causes in the chunk. 1127 */ 1128 static struct sctp_chunk *sctp_make_op_error_space( 1129 const struct sctp_association *asoc, 1130 const struct sctp_chunk *chunk, 1131 size_t size) 1132 { 1133 struct sctp_chunk *retval; 1134 1135 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1136 sizeof(sctp_errhdr_t) + size); 1137 if (!retval) 1138 goto nodata; 1139 1140 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1141 * 1142 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1143 * HEARTBEAT ACK, etc.) to the same destination transport 1144 * address from which it received the DATA or control chunk 1145 * to which it is replying. 1146 * 1147 */ 1148 if (chunk) 1149 retval->transport = chunk->transport; 1150 1151 nodata: 1152 return retval; 1153 } 1154 1155 /* Create an Operation Error chunk of a fixed size, 1156 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1157 * This is a helper function to allocate an error chunk for 1158 * for those invalid parameter codes in which we may not want 1159 * to report all the errors, if the incomming chunk is large 1160 */ 1161 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1162 const struct sctp_association *asoc, 1163 const struct sctp_chunk *chunk) 1164 { 1165 size_t size = asoc ? asoc->pathmtu : 0; 1166 1167 if (!size) 1168 size = SCTP_DEFAULT_MAXSEGMENT; 1169 1170 return sctp_make_op_error_space(asoc, chunk, size); 1171 } 1172 1173 /* Create an Operation Error chunk. */ 1174 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1175 const struct sctp_chunk *chunk, 1176 __be16 cause_code, const void *payload, 1177 size_t paylen, size_t reserve_tail) 1178 { 1179 struct sctp_chunk *retval; 1180 1181 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1182 if (!retval) 1183 goto nodata; 1184 1185 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1186 sctp_addto_chunk(retval, paylen, payload); 1187 if (reserve_tail) 1188 sctp_addto_param(retval, reserve_tail, NULL); 1189 1190 nodata: 1191 return retval; 1192 } 1193 1194 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1195 { 1196 struct sctp_chunk *retval; 1197 struct sctp_hmac *hmac_desc; 1198 struct sctp_authhdr auth_hdr; 1199 __u8 *hmac; 1200 1201 /* Get the first hmac that the peer told us to use */ 1202 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1203 if (unlikely(!hmac_desc)) 1204 return NULL; 1205 1206 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1207 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1208 if (!retval) 1209 return NULL; 1210 1211 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1212 auth_hdr.shkey_id = htons(asoc->active_key_id); 1213 1214 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1215 &auth_hdr); 1216 1217 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1218 memset(hmac, 0, hmac_desc->hmac_len); 1219 1220 /* Adjust the chunk header to include the empty MAC */ 1221 retval->chunk_hdr->length = 1222 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1223 retval->chunk_end = skb_tail_pointer(retval->skb); 1224 1225 return retval; 1226 } 1227 1228 1229 /******************************************************************** 1230 * 2nd Level Abstractions 1231 ********************************************************************/ 1232 1233 /* Turn an skb into a chunk. 1234 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1235 */ 1236 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1237 const struct sctp_association *asoc, 1238 struct sock *sk) 1239 { 1240 struct sctp_chunk *retval; 1241 1242 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1243 1244 if (!retval) 1245 goto nodata; 1246 1247 if (!sk) { 1248 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1249 } 1250 1251 INIT_LIST_HEAD(&retval->list); 1252 retval->skb = skb; 1253 retval->asoc = (struct sctp_association *)asoc; 1254 retval->has_tsn = 0; 1255 retval->has_ssn = 0; 1256 retval->rtt_in_progress = 0; 1257 retval->sent_at = 0; 1258 retval->singleton = 1; 1259 retval->end_of_packet = 0; 1260 retval->ecn_ce_done = 0; 1261 retval->pdiscard = 0; 1262 1263 /* sctpimpguide-05.txt Section 2.8.2 1264 * M1) Each time a new DATA chunk is transmitted 1265 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1266 * 'TSN.Missing.Report' count will be used to determine missing chunks 1267 * and when to fast retransmit. 1268 */ 1269 retval->tsn_missing_report = 0; 1270 retval->tsn_gap_acked = 0; 1271 retval->fast_retransmit = SCTP_CAN_FRTX; 1272 1273 /* If this is a fragmented message, track all fragments 1274 * of the message (for SEND_FAILED). 1275 */ 1276 retval->msg = NULL; 1277 1278 /* Polish the bead hole. */ 1279 INIT_LIST_HEAD(&retval->transmitted_list); 1280 INIT_LIST_HEAD(&retval->frag_list); 1281 SCTP_DBG_OBJCNT_INC(chunk); 1282 atomic_set(&retval->refcnt, 1); 1283 1284 nodata: 1285 return retval; 1286 } 1287 1288 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1289 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1290 union sctp_addr *dest) 1291 { 1292 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1293 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1294 } 1295 1296 /* Extract the source address from a chunk. */ 1297 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1298 { 1299 /* If we have a known transport, use that. */ 1300 if (chunk->transport) { 1301 return &chunk->transport->ipaddr; 1302 } else { 1303 /* Otherwise, extract it from the IP header. */ 1304 return &chunk->source; 1305 } 1306 } 1307 1308 /* Create a new chunk, setting the type and flags headers from the 1309 * arguments, reserving enough space for a 'paylen' byte payload. 1310 */ 1311 SCTP_STATIC 1312 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1313 __u8 type, __u8 flags, int paylen) 1314 { 1315 struct sctp_chunk *retval; 1316 sctp_chunkhdr_t *chunk_hdr; 1317 struct sk_buff *skb; 1318 struct sock *sk; 1319 1320 /* No need to allocate LL here, as this is only a chunk. */ 1321 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1322 GFP_ATOMIC); 1323 if (!skb) 1324 goto nodata; 1325 1326 /* Make room for the chunk header. */ 1327 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1328 chunk_hdr->type = type; 1329 chunk_hdr->flags = flags; 1330 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1331 1332 sk = asoc ? asoc->base.sk : NULL; 1333 retval = sctp_chunkify(skb, asoc, sk); 1334 if (!retval) { 1335 kfree_skb(skb); 1336 goto nodata; 1337 } 1338 1339 retval->chunk_hdr = chunk_hdr; 1340 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1341 1342 /* Determine if the chunk needs to be authenticated */ 1343 if (sctp_auth_send_cid(type, asoc)) 1344 retval->auth = 1; 1345 1346 /* Set the skb to the belonging sock for accounting. */ 1347 skb->sk = sk; 1348 1349 return retval; 1350 nodata: 1351 return NULL; 1352 } 1353 1354 1355 /* Release the memory occupied by a chunk. */ 1356 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1357 { 1358 BUG_ON(!list_empty(&chunk->list)); 1359 list_del_init(&chunk->transmitted_list); 1360 1361 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1362 dev_kfree_skb(chunk->skb); 1363 1364 SCTP_DBG_OBJCNT_DEC(chunk); 1365 kmem_cache_free(sctp_chunk_cachep, chunk); 1366 } 1367 1368 /* Possibly, free the chunk. */ 1369 void sctp_chunk_free(struct sctp_chunk *chunk) 1370 { 1371 /* Release our reference on the message tracker. */ 1372 if (chunk->msg) 1373 sctp_datamsg_put(chunk->msg); 1374 1375 sctp_chunk_put(chunk); 1376 } 1377 1378 /* Grab a reference to the chunk. */ 1379 void sctp_chunk_hold(struct sctp_chunk *ch) 1380 { 1381 atomic_inc(&ch->refcnt); 1382 } 1383 1384 /* Release a reference to the chunk. */ 1385 void sctp_chunk_put(struct sctp_chunk *ch) 1386 { 1387 if (atomic_dec_and_test(&ch->refcnt)) 1388 sctp_chunk_destroy(ch); 1389 } 1390 1391 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1392 * enough. 1393 */ 1394 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1395 { 1396 void *target; 1397 void *padding; 1398 int chunklen = ntohs(chunk->chunk_hdr->length); 1399 int padlen = WORD_ROUND(chunklen) - chunklen; 1400 1401 padding = skb_put(chunk->skb, padlen); 1402 target = skb_put(chunk->skb, len); 1403 1404 memset(padding, 0, padlen); 1405 memcpy(target, data, len); 1406 1407 /* Adjust the chunk length field. */ 1408 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1409 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1410 1411 return target; 1412 } 1413 1414 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1415 * space in the chunk 1416 */ 1417 void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1418 int len, const void *data) 1419 { 1420 if (skb_tailroom(chunk->skb) >= len) 1421 return sctp_addto_chunk(chunk, len, data); 1422 else 1423 return NULL; 1424 } 1425 1426 /* Append bytes from user space to the end of a chunk. Will panic if 1427 * chunk is not big enough. 1428 * Returns a kernel err value. 1429 */ 1430 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1431 struct iovec *data) 1432 { 1433 __u8 *target; 1434 int err = 0; 1435 1436 /* Make room in chunk for data. */ 1437 target = skb_put(chunk->skb, len); 1438 1439 /* Copy data (whole iovec) into chunk */ 1440 if ((err = memcpy_fromiovecend(target, data, off, len))) 1441 goto out; 1442 1443 /* Adjust the chunk length field. */ 1444 chunk->chunk_hdr->length = 1445 htons(ntohs(chunk->chunk_hdr->length) + len); 1446 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1447 1448 out: 1449 return err; 1450 } 1451 1452 /* Helper function to assign a TSN if needed. This assumes that both 1453 * the data_hdr and association have already been assigned. 1454 */ 1455 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1456 { 1457 struct sctp_datamsg *msg; 1458 struct sctp_chunk *lchunk; 1459 struct sctp_stream *stream; 1460 __u16 ssn; 1461 __u16 sid; 1462 1463 if (chunk->has_ssn) 1464 return; 1465 1466 /* All fragments will be on the same stream */ 1467 sid = ntohs(chunk->subh.data_hdr->stream); 1468 stream = &chunk->asoc->ssnmap->out; 1469 1470 /* Now assign the sequence number to the entire message. 1471 * All fragments must have the same stream sequence number. 1472 */ 1473 msg = chunk->msg; 1474 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1475 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1476 ssn = 0; 1477 } else { 1478 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1479 ssn = sctp_ssn_next(stream, sid); 1480 else 1481 ssn = sctp_ssn_peek(stream, sid); 1482 } 1483 1484 lchunk->subh.data_hdr->ssn = htons(ssn); 1485 lchunk->has_ssn = 1; 1486 } 1487 } 1488 1489 /* Helper function to assign a TSN if needed. This assumes that both 1490 * the data_hdr and association have already been assigned. 1491 */ 1492 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1493 { 1494 if (!chunk->has_tsn) { 1495 /* This is the last possible instant to 1496 * assign a TSN. 1497 */ 1498 chunk->subh.data_hdr->tsn = 1499 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1500 chunk->has_tsn = 1; 1501 } 1502 } 1503 1504 /* Create a CLOSED association to use with an incoming packet. */ 1505 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1506 struct sctp_chunk *chunk, 1507 gfp_t gfp) 1508 { 1509 struct sctp_association *asoc; 1510 struct sk_buff *skb; 1511 sctp_scope_t scope; 1512 struct sctp_af *af; 1513 1514 /* Create the bare association. */ 1515 scope = sctp_scope(sctp_source(chunk)); 1516 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1517 if (!asoc) 1518 goto nodata; 1519 asoc->temp = 1; 1520 skb = chunk->skb; 1521 /* Create an entry for the source address of the packet. */ 1522 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1523 if (unlikely(!af)) 1524 goto fail; 1525 af->from_skb(&asoc->c.peer_addr, skb, 1); 1526 nodata: 1527 return asoc; 1528 1529 fail: 1530 sctp_association_free(asoc); 1531 return NULL; 1532 } 1533 1534 /* Build a cookie representing asoc. 1535 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1536 */ 1537 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1538 const struct sctp_association *asoc, 1539 const struct sctp_chunk *init_chunk, 1540 int *cookie_len, 1541 const __u8 *raw_addrs, int addrs_len) 1542 { 1543 sctp_cookie_param_t *retval; 1544 struct sctp_signed_cookie *cookie; 1545 struct scatterlist sg; 1546 int headersize, bodysize; 1547 unsigned int keylen; 1548 char *key; 1549 1550 /* Header size is static data prior to the actual cookie, including 1551 * any padding. 1552 */ 1553 headersize = sizeof(sctp_paramhdr_t) + 1554 (sizeof(struct sctp_signed_cookie) - 1555 sizeof(struct sctp_cookie)); 1556 bodysize = sizeof(struct sctp_cookie) 1557 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1558 1559 /* Pad out the cookie to a multiple to make the signature 1560 * functions simpler to write. 1561 */ 1562 if (bodysize % SCTP_COOKIE_MULTIPLE) 1563 bodysize += SCTP_COOKIE_MULTIPLE 1564 - (bodysize % SCTP_COOKIE_MULTIPLE); 1565 *cookie_len = headersize + bodysize; 1566 1567 /* Clear this memory since we are sending this data structure 1568 * out on the network. 1569 */ 1570 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1571 if (!retval) 1572 goto nodata; 1573 1574 cookie = (struct sctp_signed_cookie *) retval->body; 1575 1576 /* Set up the parameter header. */ 1577 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1578 retval->p.length = htons(*cookie_len); 1579 1580 /* Copy the cookie part of the association itself. */ 1581 cookie->c = asoc->c; 1582 /* Save the raw address list length in the cookie. */ 1583 cookie->c.raw_addr_list_len = addrs_len; 1584 1585 /* Remember PR-SCTP capability. */ 1586 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1587 1588 /* Save adaptation indication in the cookie. */ 1589 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1590 1591 /* Set an expiration time for the cookie. */ 1592 do_gettimeofday(&cookie->c.expiration); 1593 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1594 1595 /* Copy the peer's init packet. */ 1596 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1597 ntohs(init_chunk->chunk_hdr->length)); 1598 1599 /* Copy the raw local address list of the association. */ 1600 memcpy((__u8 *)&cookie->c.peer_init[0] + 1601 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1602 1603 if (sctp_sk(ep->base.sk)->hmac) { 1604 struct hash_desc desc; 1605 1606 /* Sign the message. */ 1607 sg_init_one(&sg, &cookie->c, bodysize); 1608 keylen = SCTP_SECRET_SIZE; 1609 key = (char *)ep->secret_key[ep->current_key]; 1610 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1611 desc.flags = 0; 1612 1613 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1614 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1615 goto free_cookie; 1616 } 1617 1618 return retval; 1619 1620 free_cookie: 1621 kfree(retval); 1622 nodata: 1623 *cookie_len = 0; 1624 return NULL; 1625 } 1626 1627 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1628 struct sctp_association *sctp_unpack_cookie( 1629 const struct sctp_endpoint *ep, 1630 const struct sctp_association *asoc, 1631 struct sctp_chunk *chunk, gfp_t gfp, 1632 int *error, struct sctp_chunk **errp) 1633 { 1634 struct sctp_association *retval = NULL; 1635 struct sctp_signed_cookie *cookie; 1636 struct sctp_cookie *bear_cookie; 1637 int headersize, bodysize, fixed_size; 1638 __u8 *digest = ep->digest; 1639 struct scatterlist sg; 1640 unsigned int keylen, len; 1641 char *key; 1642 sctp_scope_t scope; 1643 struct sk_buff *skb = chunk->skb; 1644 struct timeval tv; 1645 struct hash_desc desc; 1646 1647 /* Header size is static data prior to the actual cookie, including 1648 * any padding. 1649 */ 1650 headersize = sizeof(sctp_chunkhdr_t) + 1651 (sizeof(struct sctp_signed_cookie) - 1652 sizeof(struct sctp_cookie)); 1653 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1654 fixed_size = headersize + sizeof(struct sctp_cookie); 1655 1656 /* Verify that the chunk looks like it even has a cookie. 1657 * There must be enough room for our cookie and our peer's 1658 * INIT chunk. 1659 */ 1660 len = ntohs(chunk->chunk_hdr->length); 1661 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1662 goto malformed; 1663 1664 /* Verify that the cookie has been padded out. */ 1665 if (bodysize % SCTP_COOKIE_MULTIPLE) 1666 goto malformed; 1667 1668 /* Process the cookie. */ 1669 cookie = chunk->subh.cookie_hdr; 1670 bear_cookie = &cookie->c; 1671 1672 if (!sctp_sk(ep->base.sk)->hmac) 1673 goto no_hmac; 1674 1675 /* Check the signature. */ 1676 keylen = SCTP_SECRET_SIZE; 1677 sg_init_one(&sg, bear_cookie, bodysize); 1678 key = (char *)ep->secret_key[ep->current_key]; 1679 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1680 desc.flags = 0; 1681 1682 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1683 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1684 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1685 *error = -SCTP_IERROR_NOMEM; 1686 goto fail; 1687 } 1688 1689 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1690 /* Try the previous key. */ 1691 key = (char *)ep->secret_key[ep->last_key]; 1692 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1693 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1694 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1695 *error = -SCTP_IERROR_NOMEM; 1696 goto fail; 1697 } 1698 1699 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1700 /* Yikes! Still bad signature! */ 1701 *error = -SCTP_IERROR_BAD_SIG; 1702 goto fail; 1703 } 1704 } 1705 1706 no_hmac: 1707 /* IG Section 2.35.2: 1708 * 3) Compare the port numbers and the verification tag contained 1709 * within the COOKIE ECHO chunk to the actual port numbers and the 1710 * verification tag within the SCTP common header of the received 1711 * packet. If these values do not match the packet MUST be silently 1712 * discarded, 1713 */ 1714 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1715 *error = -SCTP_IERROR_BAD_TAG; 1716 goto fail; 1717 } 1718 1719 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1720 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1721 *error = -SCTP_IERROR_BAD_PORTS; 1722 goto fail; 1723 } 1724 1725 /* Check to see if the cookie is stale. If there is already 1726 * an association, there is no need to check cookie's expiration 1727 * for init collision case of lost COOKIE ACK. 1728 * If skb has been timestamped, then use the stamp, otherwise 1729 * use current time. This introduces a small possibility that 1730 * that a cookie may be considered expired, but his would only slow 1731 * down the new association establishment instead of every packet. 1732 */ 1733 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1734 skb_get_timestamp(skb, &tv); 1735 else 1736 do_gettimeofday(&tv); 1737 1738 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1739 /* 1740 * Section 3.3.10.3 Stale Cookie Error (3) 1741 * 1742 * Cause of error 1743 * --------------- 1744 * Stale Cookie Error: Indicates the receipt of a valid State 1745 * Cookie that has expired. 1746 */ 1747 len = ntohs(chunk->chunk_hdr->length); 1748 *errp = sctp_make_op_error_space(asoc, chunk, len); 1749 if (*errp) { 1750 suseconds_t usecs = (tv.tv_sec - 1751 bear_cookie->expiration.tv_sec) * 1000000L + 1752 tv.tv_usec - bear_cookie->expiration.tv_usec; 1753 __be32 n = htonl(usecs); 1754 1755 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1756 sizeof(n)); 1757 sctp_addto_chunk(*errp, sizeof(n), &n); 1758 *error = -SCTP_IERROR_STALE_COOKIE; 1759 } else 1760 *error = -SCTP_IERROR_NOMEM; 1761 1762 goto fail; 1763 } 1764 1765 /* Make a new base association. */ 1766 scope = sctp_scope(sctp_source(chunk)); 1767 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1768 if (!retval) { 1769 *error = -SCTP_IERROR_NOMEM; 1770 goto fail; 1771 } 1772 1773 /* Set up our peer's port number. */ 1774 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1775 1776 /* Populate the association from the cookie. */ 1777 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1778 1779 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1780 GFP_ATOMIC) < 0) { 1781 *error = -SCTP_IERROR_NOMEM; 1782 goto fail; 1783 } 1784 1785 /* Also, add the destination address. */ 1786 if (list_empty(&retval->base.bind_addr.address_list)) { 1787 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1788 SCTP_ADDR_SRC, GFP_ATOMIC); 1789 } 1790 1791 retval->next_tsn = retval->c.initial_tsn; 1792 retval->ctsn_ack_point = retval->next_tsn - 1; 1793 retval->addip_serial = retval->c.initial_tsn; 1794 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1795 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1796 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1797 1798 /* The INIT stuff will be done by the side effects. */ 1799 return retval; 1800 1801 fail: 1802 if (retval) 1803 sctp_association_free(retval); 1804 1805 return NULL; 1806 1807 malformed: 1808 /* Yikes! The packet is either corrupt or deliberately 1809 * malformed. 1810 */ 1811 *error = -SCTP_IERROR_MALFORMED; 1812 goto fail; 1813 } 1814 1815 /******************************************************************** 1816 * 3rd Level Abstractions 1817 ********************************************************************/ 1818 1819 struct __sctp_missing { 1820 __be32 num_missing; 1821 __be16 type; 1822 } __packed; 1823 1824 /* 1825 * Report a missing mandatory parameter. 1826 */ 1827 static int sctp_process_missing_param(const struct sctp_association *asoc, 1828 sctp_param_t paramtype, 1829 struct sctp_chunk *chunk, 1830 struct sctp_chunk **errp) 1831 { 1832 struct __sctp_missing report; 1833 __u16 len; 1834 1835 len = WORD_ROUND(sizeof(report)); 1836 1837 /* Make an ERROR chunk, preparing enough room for 1838 * returning multiple unknown parameters. 1839 */ 1840 if (!*errp) 1841 *errp = sctp_make_op_error_space(asoc, chunk, len); 1842 1843 if (*errp) { 1844 report.num_missing = htonl(1); 1845 report.type = paramtype; 1846 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1847 sizeof(report)); 1848 sctp_addto_chunk(*errp, sizeof(report), &report); 1849 } 1850 1851 /* Stop processing this chunk. */ 1852 return 0; 1853 } 1854 1855 /* Report an Invalid Mandatory Parameter. */ 1856 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1857 struct sctp_chunk *chunk, 1858 struct sctp_chunk **errp) 1859 { 1860 /* Invalid Mandatory Parameter Error has no payload. */ 1861 1862 if (!*errp) 1863 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1864 1865 if (*errp) 1866 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1867 1868 /* Stop processing this chunk. */ 1869 return 0; 1870 } 1871 1872 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1873 struct sctp_paramhdr *param, 1874 const struct sctp_chunk *chunk, 1875 struct sctp_chunk **errp) 1876 { 1877 /* This is a fatal error. Any accumulated non-fatal errors are 1878 * not reported. 1879 */ 1880 if (*errp) 1881 sctp_chunk_free(*errp); 1882 1883 /* Create an error chunk and fill it in with our payload. */ 1884 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1885 1886 return 0; 1887 } 1888 1889 1890 /* Do not attempt to handle the HOST_NAME parm. However, do 1891 * send back an indicator to the peer. 1892 */ 1893 static int sctp_process_hn_param(const struct sctp_association *asoc, 1894 union sctp_params param, 1895 struct sctp_chunk *chunk, 1896 struct sctp_chunk **errp) 1897 { 1898 __u16 len = ntohs(param.p->length); 1899 1900 /* Processing of the HOST_NAME parameter will generate an 1901 * ABORT. If we've accumulated any non-fatal errors, they 1902 * would be unrecognized parameters and we should not include 1903 * them in the ABORT. 1904 */ 1905 if (*errp) 1906 sctp_chunk_free(*errp); 1907 1908 *errp = sctp_make_op_error_space(asoc, chunk, len); 1909 1910 if (*errp) { 1911 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1912 sctp_addto_chunk(*errp, len, param.v); 1913 } 1914 1915 /* Stop processing this chunk. */ 1916 return 0; 1917 } 1918 1919 static int sctp_verify_ext_param(union sctp_params param) 1920 { 1921 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1922 int have_auth = 0; 1923 int have_asconf = 0; 1924 int i; 1925 1926 for (i = 0; i < num_ext; i++) { 1927 switch (param.ext->chunks[i]) { 1928 case SCTP_CID_AUTH: 1929 have_auth = 1; 1930 break; 1931 case SCTP_CID_ASCONF: 1932 case SCTP_CID_ASCONF_ACK: 1933 have_asconf = 1; 1934 break; 1935 } 1936 } 1937 1938 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1939 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1940 * only if ADD-IP is turned on and we are not backward-compatible 1941 * mode. 1942 */ 1943 if (sctp_addip_noauth) 1944 return 1; 1945 1946 if (sctp_addip_enable && !have_auth && have_asconf) 1947 return 0; 1948 1949 return 1; 1950 } 1951 1952 static void sctp_process_ext_param(struct sctp_association *asoc, 1953 union sctp_params param) 1954 { 1955 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1956 int i; 1957 1958 for (i = 0; i < num_ext; i++) { 1959 switch (param.ext->chunks[i]) { 1960 case SCTP_CID_FWD_TSN: 1961 if (sctp_prsctp_enable && 1962 !asoc->peer.prsctp_capable) 1963 asoc->peer.prsctp_capable = 1; 1964 break; 1965 case SCTP_CID_AUTH: 1966 /* if the peer reports AUTH, assume that he 1967 * supports AUTH. 1968 */ 1969 if (sctp_auth_enable) 1970 asoc->peer.auth_capable = 1; 1971 break; 1972 case SCTP_CID_ASCONF: 1973 case SCTP_CID_ASCONF_ACK: 1974 if (sctp_addip_enable) 1975 asoc->peer.asconf_capable = 1; 1976 break; 1977 default: 1978 break; 1979 } 1980 } 1981 } 1982 1983 /* RFC 3.2.1 & the Implementers Guide 2.2. 1984 * 1985 * The Parameter Types are encoded such that the 1986 * highest-order two bits specify the action that must be 1987 * taken if the processing endpoint does not recognize the 1988 * Parameter Type. 1989 * 1990 * 00 - Stop processing this parameter; do not process any further 1991 * parameters within this chunk 1992 * 1993 * 01 - Stop processing this parameter, do not process any further 1994 * parameters within this chunk, and report the unrecognized 1995 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1996 * 1997 * 10 - Skip this parameter and continue processing. 1998 * 1999 * 11 - Skip this parameter and continue processing but 2000 * report the unrecognized parameter in an 2001 * 'Unrecognized Parameter' ERROR chunk. 2002 * 2003 * Return value: 2004 * SCTP_IERROR_NO_ERROR - continue with the chunk 2005 * SCTP_IERROR_ERROR - stop and report an error. 2006 * SCTP_IERROR_NOMEME - out of memory. 2007 */ 2008 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2009 union sctp_params param, 2010 struct sctp_chunk *chunk, 2011 struct sctp_chunk **errp) 2012 { 2013 int retval = SCTP_IERROR_NO_ERROR; 2014 2015 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2016 case SCTP_PARAM_ACTION_DISCARD: 2017 retval = SCTP_IERROR_ERROR; 2018 break; 2019 case SCTP_PARAM_ACTION_SKIP: 2020 break; 2021 case SCTP_PARAM_ACTION_DISCARD_ERR: 2022 retval = SCTP_IERROR_ERROR; 2023 /* Fall through */ 2024 case SCTP_PARAM_ACTION_SKIP_ERR: 2025 /* Make an ERROR chunk, preparing enough room for 2026 * returning multiple unknown parameters. 2027 */ 2028 if (NULL == *errp) 2029 *errp = sctp_make_op_error_fixed(asoc, chunk); 2030 2031 if (*errp) { 2032 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2033 WORD_ROUND(ntohs(param.p->length)))) 2034 sctp_addto_chunk_fixed(*errp, 2035 WORD_ROUND(ntohs(param.p->length)), 2036 param.v); 2037 } else { 2038 /* If there is no memory for generating the ERROR 2039 * report as specified, an ABORT will be triggered 2040 * to the peer and the association won't be 2041 * established. 2042 */ 2043 retval = SCTP_IERROR_NOMEM; 2044 } 2045 break; 2046 default: 2047 break; 2048 } 2049 2050 return retval; 2051 } 2052 2053 /* Verify variable length parameters 2054 * Return values: 2055 * SCTP_IERROR_ABORT - trigger an ABORT 2056 * SCTP_IERROR_NOMEM - out of memory (abort) 2057 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2058 * SCTP_IERROR_NO_ERROR - continue with the chunk 2059 */ 2060 static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 2061 union sctp_params param, 2062 sctp_cid_t cid, 2063 struct sctp_chunk *chunk, 2064 struct sctp_chunk **err_chunk) 2065 { 2066 struct sctp_hmac_algo_param *hmacs; 2067 int retval = SCTP_IERROR_NO_ERROR; 2068 __u16 n_elt, id = 0; 2069 int i; 2070 2071 /* FIXME - This routine is not looking at each parameter per the 2072 * chunk type, i.e., unrecognized parameters should be further 2073 * identified based on the chunk id. 2074 */ 2075 2076 switch (param.p->type) { 2077 case SCTP_PARAM_IPV4_ADDRESS: 2078 case SCTP_PARAM_IPV6_ADDRESS: 2079 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2080 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2081 case SCTP_PARAM_STATE_COOKIE: 2082 case SCTP_PARAM_HEARTBEAT_INFO: 2083 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2084 case SCTP_PARAM_ECN_CAPABLE: 2085 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2086 break; 2087 2088 case SCTP_PARAM_SUPPORTED_EXT: 2089 if (!sctp_verify_ext_param(param)) 2090 return SCTP_IERROR_ABORT; 2091 break; 2092 2093 case SCTP_PARAM_SET_PRIMARY: 2094 if (sctp_addip_enable) 2095 break; 2096 goto fallthrough; 2097 2098 case SCTP_PARAM_HOST_NAME_ADDRESS: 2099 /* Tell the peer, we won't support this param. */ 2100 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2101 retval = SCTP_IERROR_ABORT; 2102 break; 2103 2104 case SCTP_PARAM_FWD_TSN_SUPPORT: 2105 if (sctp_prsctp_enable) 2106 break; 2107 goto fallthrough; 2108 2109 case SCTP_PARAM_RANDOM: 2110 if (!sctp_auth_enable) 2111 goto fallthrough; 2112 2113 /* SCTP-AUTH: Secion 6.1 2114 * If the random number is not 32 byte long the association 2115 * MUST be aborted. The ABORT chunk SHOULD contain the error 2116 * cause 'Protocol Violation'. 2117 */ 2118 if (SCTP_AUTH_RANDOM_LENGTH != 2119 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2120 sctp_process_inv_paramlength(asoc, param.p, 2121 chunk, err_chunk); 2122 retval = SCTP_IERROR_ABORT; 2123 } 2124 break; 2125 2126 case SCTP_PARAM_CHUNKS: 2127 if (!sctp_auth_enable) 2128 goto fallthrough; 2129 2130 /* SCTP-AUTH: Section 3.2 2131 * The CHUNKS parameter MUST be included once in the INIT or 2132 * INIT-ACK chunk if the sender wants to receive authenticated 2133 * chunks. Its maximum length is 260 bytes. 2134 */ 2135 if (260 < ntohs(param.p->length)) { 2136 sctp_process_inv_paramlength(asoc, param.p, 2137 chunk, err_chunk); 2138 retval = SCTP_IERROR_ABORT; 2139 } 2140 break; 2141 2142 case SCTP_PARAM_HMAC_ALGO: 2143 if (!sctp_auth_enable) 2144 goto fallthrough; 2145 2146 hmacs = (struct sctp_hmac_algo_param *)param.p; 2147 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2148 2149 /* SCTP-AUTH: Section 6.1 2150 * The HMAC algorithm based on SHA-1 MUST be supported and 2151 * included in the HMAC-ALGO parameter. 2152 */ 2153 for (i = 0; i < n_elt; i++) { 2154 id = ntohs(hmacs->hmac_ids[i]); 2155 2156 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2157 break; 2158 } 2159 2160 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2161 sctp_process_inv_paramlength(asoc, param.p, chunk, 2162 err_chunk); 2163 retval = SCTP_IERROR_ABORT; 2164 } 2165 break; 2166 fallthrough: 2167 default: 2168 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2169 ntohs(param.p->type), cid); 2170 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2171 break; 2172 } 2173 return retval; 2174 } 2175 2176 /* Verify the INIT packet before we process it. */ 2177 int sctp_verify_init(const struct sctp_association *asoc, 2178 sctp_cid_t cid, 2179 sctp_init_chunk_t *peer_init, 2180 struct sctp_chunk *chunk, 2181 struct sctp_chunk **errp) 2182 { 2183 union sctp_params param; 2184 int has_cookie = 0; 2185 int result; 2186 2187 /* Verify stream values are non-zero. */ 2188 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2189 (0 == peer_init->init_hdr.num_inbound_streams) || 2190 (0 == peer_init->init_hdr.init_tag) || 2191 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2192 2193 return sctp_process_inv_mandatory(asoc, chunk, errp); 2194 } 2195 2196 /* Check for missing mandatory parameters. */ 2197 sctp_walk_params(param, peer_init, init_hdr.params) { 2198 2199 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2200 has_cookie = 1; 2201 2202 } /* for (loop through all parameters) */ 2203 2204 /* There is a possibility that a parameter length was bad and 2205 * in that case we would have stoped walking the parameters. 2206 * The current param.p would point at the bad one. 2207 * Current consensus on the mailing list is to generate a PROTOCOL 2208 * VIOLATION error. We build the ERROR chunk here and let the normal 2209 * error handling code build and send the packet. 2210 */ 2211 if (param.v != (void*)chunk->chunk_end) 2212 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2213 2214 /* The only missing mandatory param possible today is 2215 * the state cookie for an INIT-ACK chunk. 2216 */ 2217 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2218 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2219 chunk, errp); 2220 2221 /* Verify all the variable length parameters */ 2222 sctp_walk_params(param, peer_init, init_hdr.params) { 2223 2224 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2225 switch (result) { 2226 case SCTP_IERROR_ABORT: 2227 case SCTP_IERROR_NOMEM: 2228 return 0; 2229 case SCTP_IERROR_ERROR: 2230 return 1; 2231 case SCTP_IERROR_NO_ERROR: 2232 default: 2233 break; 2234 } 2235 2236 } /* for (loop through all parameters) */ 2237 2238 return 1; 2239 } 2240 2241 /* Unpack the parameters in an INIT packet into an association. 2242 * Returns 0 on failure, else success. 2243 * FIXME: This is an association method. 2244 */ 2245 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2246 const union sctp_addr *peer_addr, 2247 sctp_init_chunk_t *peer_init, gfp_t gfp) 2248 { 2249 union sctp_params param; 2250 struct sctp_transport *transport; 2251 struct list_head *pos, *temp; 2252 char *cookie; 2253 2254 /* We must include the address that the INIT packet came from. 2255 * This is the only address that matters for an INIT packet. 2256 * When processing a COOKIE ECHO, we retrieve the from address 2257 * of the INIT from the cookie. 2258 */ 2259 2260 /* This implementation defaults to making the first transport 2261 * added as the primary transport. The source address seems to 2262 * be a a better choice than any of the embedded addresses. 2263 */ 2264 if (peer_addr) { 2265 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2266 goto nomem; 2267 } 2268 2269 /* Process the initialization parameters. */ 2270 sctp_walk_params(param, peer_init, init_hdr.params) { 2271 2272 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2273 goto clean_up; 2274 } 2275 2276 /* AUTH: After processing the parameters, make sure that we 2277 * have all the required info to potentially do authentications. 2278 */ 2279 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2280 !asoc->peer.peer_hmacs)) 2281 asoc->peer.auth_capable = 0; 2282 2283 /* In a non-backward compatible mode, if the peer claims 2284 * support for ADD-IP but not AUTH, the ADD-IP spec states 2285 * that we MUST ABORT the association. Section 6. The section 2286 * also give us an option to silently ignore the packet, which 2287 * is what we'll do here. 2288 */ 2289 if (!sctp_addip_noauth && 2290 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2291 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2292 SCTP_PARAM_DEL_IP | 2293 SCTP_PARAM_SET_PRIMARY); 2294 asoc->peer.asconf_capable = 0; 2295 goto clean_up; 2296 } 2297 2298 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2299 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2300 transport = list_entry(pos, struct sctp_transport, transports); 2301 if (transport->state == SCTP_UNKNOWN) { 2302 sctp_assoc_rm_peer(asoc, transport); 2303 } 2304 } 2305 2306 /* The fixed INIT headers are always in network byte 2307 * order. 2308 */ 2309 asoc->peer.i.init_tag = 2310 ntohl(peer_init->init_hdr.init_tag); 2311 asoc->peer.i.a_rwnd = 2312 ntohl(peer_init->init_hdr.a_rwnd); 2313 asoc->peer.i.num_outbound_streams = 2314 ntohs(peer_init->init_hdr.num_outbound_streams); 2315 asoc->peer.i.num_inbound_streams = 2316 ntohs(peer_init->init_hdr.num_inbound_streams); 2317 asoc->peer.i.initial_tsn = 2318 ntohl(peer_init->init_hdr.initial_tsn); 2319 2320 /* Apply the upper bounds for output streams based on peer's 2321 * number of inbound streams. 2322 */ 2323 if (asoc->c.sinit_num_ostreams > 2324 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2325 asoc->c.sinit_num_ostreams = 2326 ntohs(peer_init->init_hdr.num_inbound_streams); 2327 } 2328 2329 if (asoc->c.sinit_max_instreams > 2330 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2331 asoc->c.sinit_max_instreams = 2332 ntohs(peer_init->init_hdr.num_outbound_streams); 2333 } 2334 2335 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2336 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2337 2338 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2339 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2340 2341 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2342 cookie = asoc->peer.cookie; 2343 if (cookie) { 2344 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2345 if (!asoc->peer.cookie) 2346 goto clean_up; 2347 } 2348 2349 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2350 * high (for example, implementations MAY use the size of the receiver 2351 * advertised window). 2352 */ 2353 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2354 transports) { 2355 transport->ssthresh = asoc->peer.i.a_rwnd; 2356 } 2357 2358 /* Set up the TSN tracking pieces. */ 2359 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2360 asoc->peer.i.initial_tsn, gfp)) 2361 goto clean_up; 2362 2363 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2364 * 2365 * The stream sequence number in all the streams shall start 2366 * from 0 when the association is established. Also, when the 2367 * stream sequence number reaches the value 65535 the next 2368 * stream sequence number shall be set to 0. 2369 */ 2370 2371 /* Allocate storage for the negotiated streams if it is not a temporary 2372 * association. 2373 */ 2374 if (!asoc->temp) { 2375 int error; 2376 2377 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2378 asoc->c.sinit_num_ostreams, gfp); 2379 if (!asoc->ssnmap) 2380 goto clean_up; 2381 2382 error = sctp_assoc_set_id(asoc, gfp); 2383 if (error) 2384 goto clean_up; 2385 } 2386 2387 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2388 * 2389 * When an endpoint has an ASCONF signaled change to be sent to the 2390 * remote endpoint it should do the following: 2391 * ... 2392 * A2) A serial number should be assigned to the Chunk. The serial 2393 * number should be a monotonically increasing number. All serial 2394 * numbers are defined to be initialized at the start of the 2395 * association to the same value as the Initial TSN. 2396 */ 2397 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2398 return 1; 2399 2400 clean_up: 2401 /* Release the transport structures. */ 2402 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2403 transport = list_entry(pos, struct sctp_transport, transports); 2404 if (transport->state != SCTP_ACTIVE) 2405 sctp_assoc_rm_peer(asoc, transport); 2406 } 2407 2408 nomem: 2409 return 0; 2410 } 2411 2412 2413 /* Update asoc with the option described in param. 2414 * 2415 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2416 * 2417 * asoc is the association to update. 2418 * param is the variable length parameter to use for update. 2419 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2420 * If the current packet is an INIT we want to minimize the amount of 2421 * work we do. In particular, we should not build transport 2422 * structures for the addresses. 2423 */ 2424 static int sctp_process_param(struct sctp_association *asoc, 2425 union sctp_params param, 2426 const union sctp_addr *peer_addr, 2427 gfp_t gfp) 2428 { 2429 union sctp_addr addr; 2430 int i; 2431 __u16 sat; 2432 int retval = 1; 2433 sctp_scope_t scope; 2434 time_t stale; 2435 struct sctp_af *af; 2436 union sctp_addr_param *addr_param; 2437 struct sctp_transport *t; 2438 2439 /* We maintain all INIT parameters in network byte order all the 2440 * time. This allows us to not worry about whether the parameters 2441 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2442 */ 2443 switch (param.p->type) { 2444 case SCTP_PARAM_IPV6_ADDRESS: 2445 if (PF_INET6 != asoc->base.sk->sk_family) 2446 break; 2447 goto do_addr_param; 2448 2449 case SCTP_PARAM_IPV4_ADDRESS: 2450 /* v4 addresses are not allowed on v6-only socket */ 2451 if (ipv6_only_sock(asoc->base.sk)) 2452 break; 2453 do_addr_param: 2454 af = sctp_get_af_specific(param_type2af(param.p->type)); 2455 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2456 scope = sctp_scope(peer_addr); 2457 if (sctp_in_scope(&addr, scope)) 2458 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2459 return 0; 2460 break; 2461 2462 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2463 if (!sctp_cookie_preserve_enable) 2464 break; 2465 2466 stale = ntohl(param.life->lifespan_increment); 2467 2468 /* Suggested Cookie Life span increment's unit is msec, 2469 * (1/1000sec). 2470 */ 2471 asoc->cookie_life.tv_sec += stale / 1000; 2472 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2473 break; 2474 2475 case SCTP_PARAM_HOST_NAME_ADDRESS: 2476 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2477 break; 2478 2479 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2480 /* Turn off the default values first so we'll know which 2481 * ones are really set by the peer. 2482 */ 2483 asoc->peer.ipv4_address = 0; 2484 asoc->peer.ipv6_address = 0; 2485 2486 /* Assume that peer supports the address family 2487 * by which it sends a packet. 2488 */ 2489 if (peer_addr->sa.sa_family == AF_INET6) 2490 asoc->peer.ipv6_address = 1; 2491 else if (peer_addr->sa.sa_family == AF_INET) 2492 asoc->peer.ipv4_address = 1; 2493 2494 /* Cycle through address types; avoid divide by 0. */ 2495 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2496 if (sat) 2497 sat /= sizeof(__u16); 2498 2499 for (i = 0; i < sat; ++i) { 2500 switch (param.sat->types[i]) { 2501 case SCTP_PARAM_IPV4_ADDRESS: 2502 asoc->peer.ipv4_address = 1; 2503 break; 2504 2505 case SCTP_PARAM_IPV6_ADDRESS: 2506 if (PF_INET6 == asoc->base.sk->sk_family) 2507 asoc->peer.ipv6_address = 1; 2508 break; 2509 2510 case SCTP_PARAM_HOST_NAME_ADDRESS: 2511 asoc->peer.hostname_address = 1; 2512 break; 2513 2514 default: /* Just ignore anything else. */ 2515 break; 2516 } 2517 } 2518 break; 2519 2520 case SCTP_PARAM_STATE_COOKIE: 2521 asoc->peer.cookie_len = 2522 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2523 asoc->peer.cookie = param.cookie->body; 2524 break; 2525 2526 case SCTP_PARAM_HEARTBEAT_INFO: 2527 /* Would be odd to receive, but it causes no problems. */ 2528 break; 2529 2530 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2531 /* Rejected during verify stage. */ 2532 break; 2533 2534 case SCTP_PARAM_ECN_CAPABLE: 2535 asoc->peer.ecn_capable = 1; 2536 break; 2537 2538 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2539 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2540 break; 2541 2542 case SCTP_PARAM_SET_PRIMARY: 2543 if (!sctp_addip_enable) 2544 goto fall_through; 2545 2546 addr_param = param.v + sizeof(sctp_addip_param_t); 2547 2548 af = sctp_get_af_specific(param_type2af(param.p->type)); 2549 af->from_addr_param(&addr, addr_param, 2550 htons(asoc->peer.port), 0); 2551 2552 /* if the address is invalid, we can't process it. 2553 * XXX: see spec for what to do. 2554 */ 2555 if (!af->addr_valid(&addr, NULL, NULL)) 2556 break; 2557 2558 t = sctp_assoc_lookup_paddr(asoc, &addr); 2559 if (!t) 2560 break; 2561 2562 sctp_assoc_set_primary(asoc, t); 2563 break; 2564 2565 case SCTP_PARAM_SUPPORTED_EXT: 2566 sctp_process_ext_param(asoc, param); 2567 break; 2568 2569 case SCTP_PARAM_FWD_TSN_SUPPORT: 2570 if (sctp_prsctp_enable) { 2571 asoc->peer.prsctp_capable = 1; 2572 break; 2573 } 2574 /* Fall Through */ 2575 goto fall_through; 2576 2577 case SCTP_PARAM_RANDOM: 2578 if (!sctp_auth_enable) 2579 goto fall_through; 2580 2581 /* Save peer's random parameter */ 2582 asoc->peer.peer_random = kmemdup(param.p, 2583 ntohs(param.p->length), gfp); 2584 if (!asoc->peer.peer_random) { 2585 retval = 0; 2586 break; 2587 } 2588 break; 2589 2590 case SCTP_PARAM_HMAC_ALGO: 2591 if (!sctp_auth_enable) 2592 goto fall_through; 2593 2594 /* Save peer's HMAC list */ 2595 asoc->peer.peer_hmacs = kmemdup(param.p, 2596 ntohs(param.p->length), gfp); 2597 if (!asoc->peer.peer_hmacs) { 2598 retval = 0; 2599 break; 2600 } 2601 2602 /* Set the default HMAC the peer requested*/ 2603 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2604 break; 2605 2606 case SCTP_PARAM_CHUNKS: 2607 if (!sctp_auth_enable) 2608 goto fall_through; 2609 2610 asoc->peer.peer_chunks = kmemdup(param.p, 2611 ntohs(param.p->length), gfp); 2612 if (!asoc->peer.peer_chunks) 2613 retval = 0; 2614 break; 2615 fall_through: 2616 default: 2617 /* Any unrecognized parameters should have been caught 2618 * and handled by sctp_verify_param() which should be 2619 * called prior to this routine. Simply log the error 2620 * here. 2621 */ 2622 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2623 ntohs(param.p->type), asoc); 2624 break; 2625 } 2626 2627 return retval; 2628 } 2629 2630 /* Select a new verification tag. */ 2631 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2632 { 2633 /* I believe that this random number generator complies with RFC1750. 2634 * A tag of 0 is reserved for special cases (e.g. INIT). 2635 */ 2636 __u32 x; 2637 2638 do { 2639 get_random_bytes(&x, sizeof(__u32)); 2640 } while (x == 0); 2641 2642 return x; 2643 } 2644 2645 /* Select an initial TSN to send during startup. */ 2646 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2647 { 2648 __u32 retval; 2649 2650 get_random_bytes(&retval, sizeof(__u32)); 2651 return retval; 2652 } 2653 2654 /* 2655 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2656 * 0 1 2 3 2657 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2659 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2661 * | Serial Number | 2662 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2663 * | Address Parameter | 2664 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2665 * | ASCONF Parameter #1 | 2666 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2667 * \ \ 2668 * / .... / 2669 * \ \ 2670 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2671 * | ASCONF Parameter #N | 2672 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2673 * 2674 * Address Parameter and other parameter will not be wrapped in this function 2675 */ 2676 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2677 union sctp_addr *addr, 2678 int vparam_len) 2679 { 2680 sctp_addiphdr_t asconf; 2681 struct sctp_chunk *retval; 2682 int length = sizeof(asconf) + vparam_len; 2683 union sctp_addr_param addrparam; 2684 int addrlen; 2685 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2686 2687 addrlen = af->to_addr_param(addr, &addrparam); 2688 if (!addrlen) 2689 return NULL; 2690 length += addrlen; 2691 2692 /* Create the chunk. */ 2693 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2694 if (!retval) 2695 return NULL; 2696 2697 asconf.serial = htonl(asoc->addip_serial++); 2698 2699 retval->subh.addip_hdr = 2700 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2701 retval->param_hdr.v = 2702 sctp_addto_chunk(retval, addrlen, &addrparam); 2703 2704 return retval; 2705 } 2706 2707 /* ADDIP 2708 * 3.2.1 Add IP Address 2709 * 0 1 2 3 2710 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2711 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2712 * | Type = 0xC001 | Length = Variable | 2713 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2714 * | ASCONF-Request Correlation ID | 2715 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2716 * | Address Parameter | 2717 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2718 * 2719 * 3.2.2 Delete IP Address 2720 * 0 1 2 3 2721 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2722 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2723 * | Type = 0xC002 | Length = Variable | 2724 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2725 * | ASCONF-Request Correlation ID | 2726 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2727 * | Address Parameter | 2728 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2729 * 2730 */ 2731 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2732 union sctp_addr *laddr, 2733 struct sockaddr *addrs, 2734 int addrcnt, 2735 __be16 flags) 2736 { 2737 sctp_addip_param_t param; 2738 struct sctp_chunk *retval; 2739 union sctp_addr_param addr_param; 2740 union sctp_addr *addr; 2741 void *addr_buf; 2742 struct sctp_af *af; 2743 int paramlen = sizeof(param); 2744 int addr_param_len = 0; 2745 int totallen = 0; 2746 int i; 2747 2748 /* Get total length of all the address parameters. */ 2749 addr_buf = addrs; 2750 for (i = 0; i < addrcnt; i++) { 2751 addr = (union sctp_addr *)addr_buf; 2752 af = sctp_get_af_specific(addr->v4.sin_family); 2753 addr_param_len = af->to_addr_param(addr, &addr_param); 2754 2755 totallen += paramlen; 2756 totallen += addr_param_len; 2757 2758 addr_buf += af->sockaddr_len; 2759 } 2760 2761 /* Create an asconf chunk with the required length. */ 2762 retval = sctp_make_asconf(asoc, laddr, totallen); 2763 if (!retval) 2764 return NULL; 2765 2766 /* Add the address parameters to the asconf chunk. */ 2767 addr_buf = addrs; 2768 for (i = 0; i < addrcnt; i++) { 2769 addr = (union sctp_addr *)addr_buf; 2770 af = sctp_get_af_specific(addr->v4.sin_family); 2771 addr_param_len = af->to_addr_param(addr, &addr_param); 2772 param.param_hdr.type = flags; 2773 param.param_hdr.length = htons(paramlen + addr_param_len); 2774 param.crr_id = i; 2775 2776 sctp_addto_chunk(retval, paramlen, ¶m); 2777 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2778 2779 addr_buf += af->sockaddr_len; 2780 } 2781 return retval; 2782 } 2783 2784 /* ADDIP 2785 * 3.2.4 Set Primary IP Address 2786 * 0 1 2 3 2787 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * | Type =0xC004 | Length = Variable | 2790 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2791 * | ASCONF-Request Correlation ID | 2792 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2793 * | Address Parameter | 2794 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2795 * 2796 * Create an ASCONF chunk with Set Primary IP address parameter. 2797 */ 2798 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2799 union sctp_addr *addr) 2800 { 2801 sctp_addip_param_t param; 2802 struct sctp_chunk *retval; 2803 int len = sizeof(param); 2804 union sctp_addr_param addrparam; 2805 int addrlen; 2806 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2807 2808 addrlen = af->to_addr_param(addr, &addrparam); 2809 if (!addrlen) 2810 return NULL; 2811 len += addrlen; 2812 2813 /* Create the chunk and make asconf header. */ 2814 retval = sctp_make_asconf(asoc, addr, len); 2815 if (!retval) 2816 return NULL; 2817 2818 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2819 param.param_hdr.length = htons(len); 2820 param.crr_id = 0; 2821 2822 sctp_addto_chunk(retval, sizeof(param), ¶m); 2823 sctp_addto_chunk(retval, addrlen, &addrparam); 2824 2825 return retval; 2826 } 2827 2828 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2829 * 0 1 2 3 2830 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2831 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2832 * | Type = 0x80 | Chunk Flags | Chunk Length | 2833 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2834 * | Serial Number | 2835 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2836 * | ASCONF Parameter Response#1 | 2837 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2838 * \ \ 2839 * / .... / 2840 * \ \ 2841 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2842 * | ASCONF Parameter Response#N | 2843 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2844 * 2845 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2846 */ 2847 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2848 __u32 serial, int vparam_len) 2849 { 2850 sctp_addiphdr_t asconf; 2851 struct sctp_chunk *retval; 2852 int length = sizeof(asconf) + vparam_len; 2853 2854 /* Create the chunk. */ 2855 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2856 if (!retval) 2857 return NULL; 2858 2859 asconf.serial = htonl(serial); 2860 2861 retval->subh.addip_hdr = 2862 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2863 2864 return retval; 2865 } 2866 2867 /* Add response parameters to an ASCONF_ACK chunk. */ 2868 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2869 __be16 err_code, sctp_addip_param_t *asconf_param) 2870 { 2871 sctp_addip_param_t ack_param; 2872 sctp_errhdr_t err_param; 2873 int asconf_param_len = 0; 2874 int err_param_len = 0; 2875 __be16 response_type; 2876 2877 if (SCTP_ERROR_NO_ERROR == err_code) { 2878 response_type = SCTP_PARAM_SUCCESS_REPORT; 2879 } else { 2880 response_type = SCTP_PARAM_ERR_CAUSE; 2881 err_param_len = sizeof(err_param); 2882 if (asconf_param) 2883 asconf_param_len = 2884 ntohs(asconf_param->param_hdr.length); 2885 } 2886 2887 /* Add Success Indication or Error Cause Indication parameter. */ 2888 ack_param.param_hdr.type = response_type; 2889 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2890 err_param_len + 2891 asconf_param_len); 2892 ack_param.crr_id = crr_id; 2893 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2894 2895 if (SCTP_ERROR_NO_ERROR == err_code) 2896 return; 2897 2898 /* Add Error Cause parameter. */ 2899 err_param.cause = err_code; 2900 err_param.length = htons(err_param_len + asconf_param_len); 2901 sctp_addto_chunk(chunk, err_param_len, &err_param); 2902 2903 /* Add the failed TLV copied from ASCONF chunk. */ 2904 if (asconf_param) 2905 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2906 } 2907 2908 /* Process a asconf parameter. */ 2909 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2910 struct sctp_chunk *asconf, 2911 sctp_addip_param_t *asconf_param) 2912 { 2913 struct sctp_transport *peer; 2914 struct sctp_af *af; 2915 union sctp_addr addr; 2916 union sctp_addr_param *addr_param; 2917 2918 addr_param = (union sctp_addr_param *) 2919 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2920 2921 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 2922 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 2923 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 2924 return SCTP_ERROR_UNKNOWN_PARAM; 2925 2926 switch (addr_param->v4.param_hdr.type) { 2927 case SCTP_PARAM_IPV6_ADDRESS: 2928 if (!asoc->peer.ipv6_address) 2929 return SCTP_ERROR_DNS_FAILED; 2930 break; 2931 case SCTP_PARAM_IPV4_ADDRESS: 2932 if (!asoc->peer.ipv4_address) 2933 return SCTP_ERROR_DNS_FAILED; 2934 break; 2935 default: 2936 return SCTP_ERROR_DNS_FAILED; 2937 } 2938 2939 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2940 if (unlikely(!af)) 2941 return SCTP_ERROR_DNS_FAILED; 2942 2943 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2944 2945 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 2946 * or multicast address. 2947 * (note: wildcard is permitted and requires special handling so 2948 * make sure we check for that) 2949 */ 2950 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 2951 return SCTP_ERROR_DNS_FAILED; 2952 2953 switch (asconf_param->param_hdr.type) { 2954 case SCTP_PARAM_ADD_IP: 2955 /* Section 4.2.1: 2956 * If the address 0.0.0.0 or ::0 is provided, the source 2957 * address of the packet MUST be added. 2958 */ 2959 if (af->is_any(&addr)) 2960 memcpy(&addr, &asconf->source, sizeof(addr)); 2961 2962 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2963 * request and does not have the local resources to add this 2964 * new address to the association, it MUST return an Error 2965 * Cause TLV set to the new error code 'Operation Refused 2966 * Due to Resource Shortage'. 2967 */ 2968 2969 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2970 if (!peer) 2971 return SCTP_ERROR_RSRC_LOW; 2972 2973 /* Start the heartbeat timer. */ 2974 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2975 sctp_transport_hold(peer); 2976 break; 2977 case SCTP_PARAM_DEL_IP: 2978 /* ADDIP 4.3 D7) If a request is received to delete the 2979 * last remaining IP address of a peer endpoint, the receiver 2980 * MUST send an Error Cause TLV with the error cause set to the 2981 * new error code 'Request to Delete Last Remaining IP Address'. 2982 */ 2983 if (asoc->peer.transport_count == 1) 2984 return SCTP_ERROR_DEL_LAST_IP; 2985 2986 /* ADDIP 4.3 D8) If a request is received to delete an IP 2987 * address which is also the source address of the IP packet 2988 * which contained the ASCONF chunk, the receiver MUST reject 2989 * this request. To reject the request the receiver MUST send 2990 * an Error Cause TLV set to the new error code 'Request to 2991 * Delete Source IP Address' 2992 */ 2993 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2994 return SCTP_ERROR_DEL_SRC_IP; 2995 2996 /* Section 4.2.2 2997 * If the address 0.0.0.0 or ::0 is provided, all 2998 * addresses of the peer except the source address of the 2999 * packet MUST be deleted. 3000 */ 3001 if (af->is_any(&addr)) { 3002 sctp_assoc_set_primary(asoc, asconf->transport); 3003 sctp_assoc_del_nonprimary_peers(asoc, 3004 asconf->transport); 3005 } else 3006 sctp_assoc_del_peer(asoc, &addr); 3007 break; 3008 case SCTP_PARAM_SET_PRIMARY: 3009 /* ADDIP Section 4.2.4 3010 * If the address 0.0.0.0 or ::0 is provided, the receiver 3011 * MAY mark the source address of the packet as its 3012 * primary. 3013 */ 3014 if (af->is_any(&addr)) 3015 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3016 3017 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3018 if (!peer) 3019 return SCTP_ERROR_DNS_FAILED; 3020 3021 sctp_assoc_set_primary(asoc, peer); 3022 break; 3023 } 3024 3025 return SCTP_ERROR_NO_ERROR; 3026 } 3027 3028 /* Verify the ASCONF packet before we process it. */ 3029 int sctp_verify_asconf(const struct sctp_association *asoc, 3030 struct sctp_paramhdr *param_hdr, void *chunk_end, 3031 struct sctp_paramhdr **errp) { 3032 sctp_addip_param_t *asconf_param; 3033 union sctp_params param; 3034 int length, plen; 3035 3036 param.v = (sctp_paramhdr_t *) param_hdr; 3037 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3038 length = ntohs(param.p->length); 3039 *errp = param.p; 3040 3041 if (param.v > chunk_end - length || 3042 length < sizeof(sctp_paramhdr_t)) 3043 return 0; 3044 3045 switch (param.p->type) { 3046 case SCTP_PARAM_ADD_IP: 3047 case SCTP_PARAM_DEL_IP: 3048 case SCTP_PARAM_SET_PRIMARY: 3049 asconf_param = (sctp_addip_param_t *)param.v; 3050 plen = ntohs(asconf_param->param_hdr.length); 3051 if (plen < sizeof(sctp_addip_param_t) + 3052 sizeof(sctp_paramhdr_t)) 3053 return 0; 3054 break; 3055 case SCTP_PARAM_SUCCESS_REPORT: 3056 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3057 if (length != sizeof(sctp_addip_param_t)) 3058 return 0; 3059 3060 break; 3061 default: 3062 break; 3063 } 3064 3065 param.v += WORD_ROUND(length); 3066 } 3067 3068 if (param.v != chunk_end) 3069 return 0; 3070 3071 return 1; 3072 } 3073 3074 /* Process an incoming ASCONF chunk with the next expected serial no. and 3075 * return an ASCONF_ACK chunk to be sent in response. 3076 */ 3077 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3078 struct sctp_chunk *asconf) 3079 { 3080 sctp_addiphdr_t *hdr; 3081 union sctp_addr_param *addr_param; 3082 sctp_addip_param_t *asconf_param; 3083 struct sctp_chunk *asconf_ack; 3084 3085 __be16 err_code; 3086 int length = 0; 3087 int chunk_len; 3088 __u32 serial; 3089 int all_param_pass = 1; 3090 3091 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3092 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3093 serial = ntohl(hdr->serial); 3094 3095 /* Skip the addiphdr and store a pointer to address parameter. */ 3096 length = sizeof(sctp_addiphdr_t); 3097 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3098 chunk_len -= length; 3099 3100 /* Skip the address parameter and store a pointer to the first 3101 * asconf parameter. 3102 */ 3103 length = ntohs(addr_param->v4.param_hdr.length); 3104 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3105 chunk_len -= length; 3106 3107 /* create an ASCONF_ACK chunk. 3108 * Based on the definitions of parameters, we know that the size of 3109 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3110 * parameters. 3111 */ 3112 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3113 if (!asconf_ack) 3114 goto done; 3115 3116 /* Process the TLVs contained within the ASCONF chunk. */ 3117 while (chunk_len > 0) { 3118 err_code = sctp_process_asconf_param(asoc, asconf, 3119 asconf_param); 3120 /* ADDIP 4.1 A7) 3121 * If an error response is received for a TLV parameter, 3122 * all TLVs with no response before the failed TLV are 3123 * considered successful if not reported. All TLVs after 3124 * the failed response are considered unsuccessful unless 3125 * a specific success indication is present for the parameter. 3126 */ 3127 if (SCTP_ERROR_NO_ERROR != err_code) 3128 all_param_pass = 0; 3129 3130 if (!all_param_pass) 3131 sctp_add_asconf_response(asconf_ack, 3132 asconf_param->crr_id, err_code, 3133 asconf_param); 3134 3135 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3136 * an IP address sends an 'Out of Resource' in its response, it 3137 * MUST also fail any subsequent add or delete requests bundled 3138 * in the ASCONF. 3139 */ 3140 if (SCTP_ERROR_RSRC_LOW == err_code) 3141 goto done; 3142 3143 /* Move to the next ASCONF param. */ 3144 length = ntohs(asconf_param->param_hdr.length); 3145 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3146 length); 3147 chunk_len -= length; 3148 } 3149 3150 done: 3151 asoc->peer.addip_serial++; 3152 3153 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3154 * after freeing the reference to old asconf ack if any. 3155 */ 3156 if (asconf_ack) { 3157 sctp_chunk_hold(asconf_ack); 3158 list_add_tail(&asconf_ack->transmitted_list, 3159 &asoc->asconf_ack_list); 3160 } 3161 3162 return asconf_ack; 3163 } 3164 3165 /* Process a asconf parameter that is successfully acked. */ 3166 static void sctp_asconf_param_success(struct sctp_association *asoc, 3167 sctp_addip_param_t *asconf_param) 3168 { 3169 struct sctp_af *af; 3170 union sctp_addr addr; 3171 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3172 union sctp_addr_param *addr_param; 3173 struct sctp_transport *transport; 3174 struct sctp_sockaddr_entry *saddr; 3175 3176 addr_param = (union sctp_addr_param *) 3177 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 3178 3179 /* We have checked the packet before, so we do not check again. */ 3180 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 3181 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3182 3183 switch (asconf_param->param_hdr.type) { 3184 case SCTP_PARAM_ADD_IP: 3185 /* This is always done in BH context with a socket lock 3186 * held, so the list can not change. 3187 */ 3188 local_bh_disable(); 3189 list_for_each_entry(saddr, &bp->address_list, list) { 3190 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3191 saddr->state = SCTP_ADDR_SRC; 3192 } 3193 local_bh_enable(); 3194 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3195 transports) { 3196 if (transport->state == SCTP_ACTIVE) 3197 continue; 3198 dst_release(transport->dst); 3199 sctp_transport_route(transport, NULL, 3200 sctp_sk(asoc->base.sk)); 3201 } 3202 break; 3203 case SCTP_PARAM_DEL_IP: 3204 local_bh_disable(); 3205 sctp_del_bind_addr(bp, &addr); 3206 local_bh_enable(); 3207 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3208 transports) { 3209 dst_release(transport->dst); 3210 sctp_transport_route(transport, NULL, 3211 sctp_sk(asoc->base.sk)); 3212 } 3213 break; 3214 default: 3215 break; 3216 } 3217 } 3218 3219 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3220 * for the given asconf parameter. If there is no response for this parameter, 3221 * return the error code based on the third argument 'no_err'. 3222 * ADDIP 4.1 3223 * A7) If an error response is received for a TLV parameter, all TLVs with no 3224 * response before the failed TLV are considered successful if not reported. 3225 * All TLVs after the failed response are considered unsuccessful unless a 3226 * specific success indication is present for the parameter. 3227 */ 3228 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3229 sctp_addip_param_t *asconf_param, 3230 int no_err) 3231 { 3232 sctp_addip_param_t *asconf_ack_param; 3233 sctp_errhdr_t *err_param; 3234 int length; 3235 int asconf_ack_len; 3236 __be16 err_code; 3237 3238 if (no_err) 3239 err_code = SCTP_ERROR_NO_ERROR; 3240 else 3241 err_code = SCTP_ERROR_REQ_REFUSED; 3242 3243 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3244 sizeof(sctp_chunkhdr_t); 3245 3246 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3247 * the first asconf_ack parameter. 3248 */ 3249 length = sizeof(sctp_addiphdr_t); 3250 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3251 length); 3252 asconf_ack_len -= length; 3253 3254 while (asconf_ack_len > 0) { 3255 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3256 switch(asconf_ack_param->param_hdr.type) { 3257 case SCTP_PARAM_SUCCESS_REPORT: 3258 return SCTP_ERROR_NO_ERROR; 3259 case SCTP_PARAM_ERR_CAUSE: 3260 length = sizeof(sctp_addip_param_t); 3261 err_param = (sctp_errhdr_t *) 3262 ((void *)asconf_ack_param + length); 3263 asconf_ack_len -= length; 3264 if (asconf_ack_len > 0) 3265 return err_param->cause; 3266 else 3267 return SCTP_ERROR_INV_PARAM; 3268 break; 3269 default: 3270 return SCTP_ERROR_INV_PARAM; 3271 } 3272 } 3273 3274 length = ntohs(asconf_ack_param->param_hdr.length); 3275 asconf_ack_param = (sctp_addip_param_t *) 3276 ((void *)asconf_ack_param + length); 3277 asconf_ack_len -= length; 3278 } 3279 3280 return err_code; 3281 } 3282 3283 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3284 int sctp_process_asconf_ack(struct sctp_association *asoc, 3285 struct sctp_chunk *asconf_ack) 3286 { 3287 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3288 union sctp_addr_param *addr_param; 3289 sctp_addip_param_t *asconf_param; 3290 int length = 0; 3291 int asconf_len = asconf->skb->len; 3292 int all_param_pass = 0; 3293 int no_err = 1; 3294 int retval = 0; 3295 __be16 err_code = SCTP_ERROR_NO_ERROR; 3296 3297 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3298 * a pointer to address parameter. 3299 */ 3300 length = sizeof(sctp_addip_chunk_t); 3301 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3302 asconf_len -= length; 3303 3304 /* Skip the address parameter in the last asconf sent and store a 3305 * pointer to the first asconf parameter. 3306 */ 3307 length = ntohs(addr_param->v4.param_hdr.length); 3308 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3309 asconf_len -= length; 3310 3311 /* ADDIP 4.1 3312 * A8) If there is no response(s) to specific TLV parameter(s), and no 3313 * failures are indicated, then all request(s) are considered 3314 * successful. 3315 */ 3316 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3317 all_param_pass = 1; 3318 3319 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3320 while (asconf_len > 0) { 3321 if (all_param_pass) 3322 err_code = SCTP_ERROR_NO_ERROR; 3323 else { 3324 err_code = sctp_get_asconf_response(asconf_ack, 3325 asconf_param, 3326 no_err); 3327 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3328 no_err = 0; 3329 } 3330 3331 switch (err_code) { 3332 case SCTP_ERROR_NO_ERROR: 3333 sctp_asconf_param_success(asoc, asconf_param); 3334 break; 3335 3336 case SCTP_ERROR_RSRC_LOW: 3337 retval = 1; 3338 break; 3339 3340 case SCTP_ERROR_UNKNOWN_PARAM: 3341 /* Disable sending this type of asconf parameter in 3342 * future. 3343 */ 3344 asoc->peer.addip_disabled_mask |= 3345 asconf_param->param_hdr.type; 3346 break; 3347 3348 case SCTP_ERROR_REQ_REFUSED: 3349 case SCTP_ERROR_DEL_LAST_IP: 3350 case SCTP_ERROR_DEL_SRC_IP: 3351 default: 3352 break; 3353 } 3354 3355 /* Skip the processed asconf parameter and move to the next 3356 * one. 3357 */ 3358 length = ntohs(asconf_param->param_hdr.length); 3359 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3360 length); 3361 asconf_len -= length; 3362 } 3363 3364 /* Free the cached last sent asconf chunk. */ 3365 list_del_init(&asconf->transmitted_list); 3366 sctp_chunk_free(asconf); 3367 asoc->addip_last_asconf = NULL; 3368 3369 return retval; 3370 } 3371 3372 /* Make a FWD TSN chunk. */ 3373 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3374 __u32 new_cum_tsn, size_t nstreams, 3375 struct sctp_fwdtsn_skip *skiplist) 3376 { 3377 struct sctp_chunk *retval = NULL; 3378 struct sctp_fwdtsn_hdr ftsn_hdr; 3379 struct sctp_fwdtsn_skip skip; 3380 size_t hint; 3381 int i; 3382 3383 hint = (nstreams + 1) * sizeof(__u32); 3384 3385 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3386 3387 if (!retval) 3388 return NULL; 3389 3390 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3391 retval->subh.fwdtsn_hdr = 3392 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3393 3394 for (i = 0; i < nstreams; i++) { 3395 skip.stream = skiplist[i].stream; 3396 skip.ssn = skiplist[i].ssn; 3397 sctp_addto_chunk(retval, sizeof(skip), &skip); 3398 } 3399 3400 return retval; 3401 } 3402