1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <asm/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 extern kmem_cache_t *sctp_chunk_cachep; 69 70 SCTP_STATIC 71 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 int gfp); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(chunk->skb->nh.iph->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __u16 cause_code, 115 const void *payload, size_t paylen) 116 { 117 sctp_errhdr_t err; 118 int padlen; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 padlen = len % 4; 125 err.length = htons(len); 126 len += padlen; 127 sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 128 chunk->subh.err_hdr = sctp_addto_chunk(chunk, paylen, payload); 129 } 130 131 /* 3.3.2 Initiation (INIT) (1) 132 * 133 * This chunk is used to initiate a SCTP association between two 134 * endpoints. The format of the INIT chunk is shown below: 135 * 136 * 0 1 2 3 137 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Type = 1 | Chunk Flags | Chunk Length | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initiate Tag | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Advertised Receiver Window Credit (a_rwnd) | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * | Number of Outbound Streams | Number of Inbound Streams | 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * | Initial TSN | 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * \ \ 150 * / Optional/Variable-Length Parameters / 151 * \ \ 152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 153 * 154 * 155 * The INIT chunk contains the following parameters. Unless otherwise 156 * noted, each parameter MUST only be included once in the INIT chunk. 157 * 158 * Fixed Parameters Status 159 * ---------------------------------------------- 160 * Initiate Tag Mandatory 161 * Advertised Receiver Window Credit Mandatory 162 * Number of Outbound Streams Mandatory 163 * Number of Inbound Streams Mandatory 164 * Initial TSN Mandatory 165 * 166 * Variable Parameters Status Type Value 167 * ------------------------------------------------------------- 168 * IPv4 Address (Note 1) Optional 5 169 * IPv6 Address (Note 1) Optional 6 170 * Cookie Preservative Optional 9 171 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 172 * Host Name Address (Note 3) Optional 11 173 * Supported Address Types (Note 4) Optional 12 174 */ 175 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 176 const struct sctp_bind_addr *bp, 177 int gfp, int vparam_len) 178 { 179 sctp_inithdr_t init; 180 union sctp_params addrs; 181 size_t chunksize; 182 struct sctp_chunk *retval = NULL; 183 int num_types, addrs_len = 0; 184 struct sctp_sock *sp; 185 sctp_supported_addrs_param_t sat; 186 __u16 types[2]; 187 sctp_adaption_ind_param_t aiparam; 188 189 /* RFC 2960 3.3.2 Initiation (INIT) (1) 190 * 191 * Note 1: The INIT chunks can contain multiple addresses that 192 * can be IPv4 and/or IPv6 in any combination. 193 */ 194 retval = NULL; 195 196 /* Convert the provided bind address list to raw format. */ 197 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 198 199 init.init_tag = htonl(asoc->c.my_vtag); 200 init.a_rwnd = htonl(asoc->rwnd); 201 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 202 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 203 init.initial_tsn = htonl(asoc->c.initial_tsn); 204 205 /* How many address types are needed? */ 206 sp = sctp_sk(asoc->base.sk); 207 num_types = sp->pf->supported_addrs(sp, types); 208 209 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 210 chunksize += sizeof(ecap_param); 211 if (sctp_prsctp_enable) 212 chunksize += sizeof(prsctp_param); 213 chunksize += sizeof(aiparam); 214 chunksize += vparam_len; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 3: An INIT chunk MUST NOT contain more than one Host 219 * Name address parameter. Moreover, the sender of the INIT 220 * MUST NOT combine any other address types with the Host Name 221 * address in the INIT. The receiver of INIT MUST ignore any 222 * other address types if the Host Name address parameter is 223 * present in the received INIT chunk. 224 * 225 * PLEASE DO NOT FIXME [This version does not support Host Name.] 226 */ 227 228 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 229 if (!retval) 230 goto nodata; 231 232 retval->subh.init_hdr = 233 sctp_addto_chunk(retval, sizeof(init), &init); 234 retval->param_hdr.v = 235 sctp_addto_chunk(retval, addrs_len, addrs.v); 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 4: This parameter, when present, specifies all the 240 * address types the sending endpoint can support. The absence 241 * of this parameter indicates that the sending endpoint can 242 * support any address type. 243 */ 244 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 245 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 246 sctp_addto_chunk(retval, sizeof(sat), &sat); 247 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 248 249 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 250 if (sctp_prsctp_enable) 251 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 252 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 253 aiparam.param_hdr.length = htons(sizeof(aiparam)); 254 aiparam.adaption_ind = htonl(sp->adaption_ind); 255 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 256 nodata: 257 if (addrs.v) 258 kfree(addrs.v); 259 return retval; 260 } 261 262 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 263 const struct sctp_chunk *chunk, 264 int gfp, int unkparam_len) 265 { 266 sctp_inithdr_t initack; 267 struct sctp_chunk *retval; 268 union sctp_params addrs; 269 int addrs_len; 270 sctp_cookie_param_t *cookie; 271 int cookie_len; 272 size_t chunksize; 273 sctp_adaption_ind_param_t aiparam; 274 275 retval = NULL; 276 277 /* Note: there may be no addresses to embed. */ 278 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 279 280 initack.init_tag = htonl(asoc->c.my_vtag); 281 initack.a_rwnd = htonl(asoc->rwnd); 282 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 283 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 284 initack.initial_tsn = htonl(asoc->c.initial_tsn); 285 286 /* FIXME: We really ought to build the cookie right 287 * into the packet instead of allocating more fresh memory. 288 */ 289 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 290 addrs.v, addrs_len); 291 if (!cookie) 292 goto nomem_cookie; 293 294 /* Calculate the total size of allocation, include the reserved 295 * space for reporting unknown parameters if it is specified. 296 */ 297 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 298 299 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 300 if (asoc->peer.ecn_capable) 301 chunksize += sizeof(ecap_param); 302 303 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 304 if (asoc->peer.prsctp_capable) 305 chunksize += sizeof(prsctp_param); 306 307 chunksize += sizeof(aiparam); 308 309 /* Now allocate and fill out the chunk. */ 310 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 311 if (!retval) 312 goto nomem_chunk; 313 314 /* Per the advice in RFC 2960 6.4, send this reply to 315 * the source of the INIT packet. 316 */ 317 retval->transport = chunk->transport; 318 retval->subh.init_hdr = 319 sctp_addto_chunk(retval, sizeof(initack), &initack); 320 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 321 sctp_addto_chunk(retval, cookie_len, cookie); 322 if (asoc->peer.ecn_capable) 323 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 324 if (asoc->peer.prsctp_capable) 325 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 326 327 aiparam.param_hdr.type = SCTP_PARAM_ADAPTION_LAYER_IND; 328 aiparam.param_hdr.length = htons(sizeof(aiparam)); 329 aiparam.adaption_ind = htonl(sctp_sk(asoc->base.sk)->adaption_ind); 330 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 331 332 /* We need to remove the const qualifier at this point. */ 333 retval->asoc = (struct sctp_association *) asoc; 334 335 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 336 * 337 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 338 * HEARTBEAT ACK, * etc.) to the same destination transport 339 * address from which it received the DATA or control chunk 340 * to which it is replying. 341 * 342 * [INIT ACK back to where the INIT came from.] 343 */ 344 if (chunk) 345 retval->transport = chunk->transport; 346 347 nomem_chunk: 348 kfree(cookie); 349 nomem_cookie: 350 if (addrs.v) 351 kfree(addrs.v); 352 return retval; 353 } 354 355 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 356 * 357 * This chunk is used only during the initialization of an association. 358 * It is sent by the initiator of an association to its peer to complete 359 * the initialization process. This chunk MUST precede any DATA chunk 360 * sent within the association, but MAY be bundled with one or more DATA 361 * chunks in the same packet. 362 * 363 * 0 1 2 3 364 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 365 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 * | Type = 10 |Chunk Flags | Length | 367 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 368 * / Cookie / 369 * \ \ 370 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 * 372 * Chunk Flags: 8 bit 373 * 374 * Set to zero on transmit and ignored on receipt. 375 * 376 * Length: 16 bits (unsigned integer) 377 * 378 * Set to the size of the chunk in bytes, including the 4 bytes of 379 * the chunk header and the size of the Cookie. 380 * 381 * Cookie: variable size 382 * 383 * This field must contain the exact cookie received in the 384 * State Cookie parameter from the previous INIT ACK. 385 * 386 * An implementation SHOULD make the cookie as small as possible 387 * to insure interoperability. 388 */ 389 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 390 const struct sctp_chunk *chunk) 391 { 392 struct sctp_chunk *retval; 393 void *cookie; 394 int cookie_len; 395 396 cookie = asoc->peer.cookie; 397 cookie_len = asoc->peer.cookie_len; 398 399 /* Build a cookie echo chunk. */ 400 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 401 if (!retval) 402 goto nodata; 403 retval->subh.cookie_hdr = 404 sctp_addto_chunk(retval, cookie_len, cookie); 405 406 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 407 * 408 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 409 * HEARTBEAT ACK, * etc.) to the same destination transport 410 * address from which it * received the DATA or control chunk 411 * to which it is replying. 412 * 413 * [COOKIE ECHO back to where the INIT ACK came from.] 414 */ 415 if (chunk) 416 retval->transport = chunk->transport; 417 418 nodata: 419 return retval; 420 } 421 422 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 423 * 424 * This chunk is used only during the initialization of an 425 * association. It is used to acknowledge the receipt of a COOKIE 426 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 427 * within the association, but MAY be bundled with one or more DATA 428 * chunks or SACK chunk in the same SCTP packet. 429 * 430 * 0 1 2 3 431 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 432 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 * | Type = 11 |Chunk Flags | Length = 4 | 434 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 * 436 * Chunk Flags: 8 bits 437 * 438 * Set to zero on transmit and ignored on receipt. 439 */ 440 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 441 const struct sctp_chunk *chunk) 442 { 443 struct sctp_chunk *retval; 444 445 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 446 447 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 448 * 449 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 450 * HEARTBEAT ACK, * etc.) to the same destination transport 451 * address from which it * received the DATA or control chunk 452 * to which it is replying. 453 * 454 * [COOKIE ACK back to where the COOKIE ECHO came from.] 455 */ 456 if (retval && chunk) 457 retval->transport = chunk->transport; 458 459 return retval; 460 } 461 462 /* 463 * Appendix A: Explicit Congestion Notification: 464 * CWR: 465 * 466 * RFC 2481 details a specific bit for a sender to send in the header of 467 * its next outbound TCP segment to indicate to its peer that it has 468 * reduced its congestion window. This is termed the CWR bit. For 469 * SCTP the same indication is made by including the CWR chunk. 470 * This chunk contains one data element, i.e. the TSN number that 471 * was sent in the ECNE chunk. This element represents the lowest 472 * TSN number in the datagram that was originally marked with the 473 * CE bit. 474 * 475 * 0 1 2 3 476 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * | Lowest TSN Number | 481 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 * 483 * Note: The CWR is considered a Control chunk. 484 */ 485 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 486 const __u32 lowest_tsn, 487 const struct sctp_chunk *chunk) 488 { 489 struct sctp_chunk *retval; 490 sctp_cwrhdr_t cwr; 491 492 cwr.lowest_tsn = htonl(lowest_tsn); 493 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 494 sizeof(sctp_cwrhdr_t)); 495 496 if (!retval) 497 goto nodata; 498 499 retval->subh.ecn_cwr_hdr = 500 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 501 502 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 503 * 504 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 505 * HEARTBEAT ACK, * etc.) to the same destination transport 506 * address from which it * received the DATA or control chunk 507 * to which it is replying. 508 * 509 * [Report a reduced congestion window back to where the ECNE 510 * came from.] 511 */ 512 if (chunk) 513 retval->transport = chunk->transport; 514 515 nodata: 516 return retval; 517 } 518 519 /* Make an ECNE chunk. This is a congestion experienced report. */ 520 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 521 const __u32 lowest_tsn) 522 { 523 struct sctp_chunk *retval; 524 sctp_ecnehdr_t ecne; 525 526 ecne.lowest_tsn = htonl(lowest_tsn); 527 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 528 sizeof(sctp_ecnehdr_t)); 529 if (!retval) 530 goto nodata; 531 retval->subh.ecne_hdr = 532 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 533 534 nodata: 535 return retval; 536 } 537 538 /* Make a DATA chunk for the given association from the provided 539 * parameters. However, do not populate the data payload. 540 */ 541 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 542 const struct sctp_sndrcvinfo *sinfo, 543 int data_len, __u8 flags, __u16 ssn) 544 { 545 struct sctp_chunk *retval; 546 struct sctp_datahdr dp; 547 int chunk_len; 548 549 /* We assign the TSN as LATE as possible, not here when 550 * creating the chunk. 551 */ 552 dp.tsn = 0; 553 dp.stream = htons(sinfo->sinfo_stream); 554 dp.ppid = sinfo->sinfo_ppid; 555 556 /* Set the flags for an unordered send. */ 557 if (sinfo->sinfo_flags & MSG_UNORDERED) { 558 flags |= SCTP_DATA_UNORDERED; 559 dp.ssn = 0; 560 } else 561 dp.ssn = htons(ssn); 562 563 chunk_len = sizeof(dp) + data_len; 564 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 565 if (!retval) 566 goto nodata; 567 568 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 569 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 570 571 nodata: 572 return retval; 573 } 574 575 /* Create a selective ackowledgement (SACK) for the given 576 * association. This reports on which TSN's we've seen to date, 577 * including duplicates and gaps. 578 */ 579 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 580 { 581 struct sctp_chunk *retval; 582 struct sctp_sackhdr sack; 583 int len; 584 __u32 ctsn; 585 __u16 num_gabs, num_dup_tsns; 586 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 587 588 ctsn = sctp_tsnmap_get_ctsn(map); 589 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 590 591 /* How much room is needed in the chunk? */ 592 num_gabs = sctp_tsnmap_num_gabs(map); 593 num_dup_tsns = sctp_tsnmap_num_dups(map); 594 595 /* Initialize the SACK header. */ 596 sack.cum_tsn_ack = htonl(ctsn); 597 sack.a_rwnd = htonl(asoc->a_rwnd); 598 sack.num_gap_ack_blocks = htons(num_gabs); 599 sack.num_dup_tsns = htons(num_dup_tsns); 600 601 len = sizeof(sack) 602 + sizeof(struct sctp_gap_ack_block) * num_gabs 603 + sizeof(__u32) * num_dup_tsns; 604 605 /* Create the chunk. */ 606 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 607 if (!retval) 608 goto nodata; 609 610 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 611 * 612 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 613 * HEARTBEAT ACK, etc.) to the same destination transport 614 * address from which it received the DATA or control chunk to 615 * which it is replying. This rule should also be followed if 616 * the endpoint is bundling DATA chunks together with the 617 * reply chunk. 618 * 619 * However, when acknowledging multiple DATA chunks received 620 * in packets from different source addresses in a single 621 * SACK, the SACK chunk may be transmitted to one of the 622 * destination transport addresses from which the DATA or 623 * control chunks being acknowledged were received. 624 * 625 * [BUG: We do not implement the following paragraph. 626 * Perhaps we should remember the last transport we used for a 627 * SACK and avoid that (if possible) if we have seen any 628 * duplicates. --piggy] 629 * 630 * When a receiver of a duplicate DATA chunk sends a SACK to a 631 * multi- homed endpoint it MAY be beneficial to vary the 632 * destination address and not use the source address of the 633 * DATA chunk. The reason being that receiving a duplicate 634 * from a multi-homed endpoint might indicate that the return 635 * path (as specified in the source address of the DATA chunk) 636 * for the SACK is broken. 637 * 638 * [Send to the address from which we last received a DATA chunk.] 639 */ 640 retval->transport = asoc->peer.last_data_from; 641 642 retval->subh.sack_hdr = 643 sctp_addto_chunk(retval, sizeof(sack), &sack); 644 645 /* Add the gap ack block information. */ 646 if (num_gabs) 647 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 648 sctp_tsnmap_get_gabs(map)); 649 650 /* Add the duplicate TSN information. */ 651 if (num_dup_tsns) 652 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 653 sctp_tsnmap_get_dups(map)); 654 655 nodata: 656 return retval; 657 } 658 659 /* Make a SHUTDOWN chunk. */ 660 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 661 const struct sctp_chunk *chunk) 662 { 663 struct sctp_chunk *retval; 664 sctp_shutdownhdr_t shut; 665 __u32 ctsn; 666 667 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 668 shut.cum_tsn_ack = htonl(ctsn); 669 670 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 671 sizeof(sctp_shutdownhdr_t)); 672 if (!retval) 673 goto nodata; 674 675 retval->subh.shutdown_hdr = 676 sctp_addto_chunk(retval, sizeof(shut), &shut); 677 678 if (chunk) 679 retval->transport = chunk->transport; 680 nodata: 681 return retval; 682 } 683 684 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 685 const struct sctp_chunk *chunk) 686 { 687 struct sctp_chunk *retval; 688 689 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 690 691 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 692 * 693 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 694 * HEARTBEAT ACK, * etc.) to the same destination transport 695 * address from which it * received the DATA or control chunk 696 * to which it is replying. 697 * 698 * [ACK back to where the SHUTDOWN came from.] 699 */ 700 if (retval && chunk) 701 retval->transport = chunk->transport; 702 703 return retval; 704 } 705 706 struct sctp_chunk *sctp_make_shutdown_complete( 707 const struct sctp_association *asoc, 708 const struct sctp_chunk *chunk) 709 { 710 struct sctp_chunk *retval; 711 __u8 flags = 0; 712 713 /* Set the T-bit if we have no association (vtag will be 714 * reflected) 715 */ 716 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 717 718 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 719 720 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 721 * 722 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 723 * HEARTBEAT ACK, * etc.) to the same destination transport 724 * address from which it * received the DATA or control chunk 725 * to which it is replying. 726 * 727 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 728 * came from.] 729 */ 730 if (retval && chunk) 731 retval->transport = chunk->transport; 732 733 return retval; 734 } 735 736 /* Create an ABORT. Note that we set the T bit if we have no 737 * association, except when responding to an INIT (sctpimpguide 2.41). 738 */ 739 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 740 const struct sctp_chunk *chunk, 741 const size_t hint) 742 { 743 struct sctp_chunk *retval; 744 __u8 flags = 0; 745 746 /* Set the T-bit if we have no association and 'chunk' is not 747 * an INIT (vtag will be reflected). 748 */ 749 if (!asoc) { 750 if (chunk && chunk->chunk_hdr && 751 chunk->chunk_hdr->type == SCTP_CID_INIT) 752 flags = 0; 753 else 754 flags = SCTP_CHUNK_FLAG_T; 755 } 756 757 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 758 759 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 760 * 761 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 762 * HEARTBEAT ACK, * etc.) to the same destination transport 763 * address from which it * received the DATA or control chunk 764 * to which it is replying. 765 * 766 * [ABORT back to where the offender came from.] 767 */ 768 if (retval && chunk) 769 retval->transport = chunk->transport; 770 771 return retval; 772 } 773 774 /* Helper to create ABORT with a NO_USER_DATA error. */ 775 struct sctp_chunk *sctp_make_abort_no_data( 776 const struct sctp_association *asoc, 777 const struct sctp_chunk *chunk, __u32 tsn) 778 { 779 struct sctp_chunk *retval; 780 __u32 payload; 781 782 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 783 + sizeof(tsn)); 784 785 if (!retval) 786 goto no_mem; 787 788 /* Put the tsn back into network byte order. */ 789 payload = htonl(tsn); 790 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, (const void *)&payload, 791 sizeof(payload)); 792 793 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 794 * 795 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 796 * HEARTBEAT ACK, * etc.) to the same destination transport 797 * address from which it * received the DATA or control chunk 798 * to which it is replying. 799 * 800 * [ABORT back to where the offender came from.] 801 */ 802 if (chunk) 803 retval->transport = chunk->transport; 804 805 no_mem: 806 return retval; 807 } 808 809 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 810 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 811 const struct sctp_chunk *chunk, 812 const struct msghdr *msg) 813 { 814 struct sctp_chunk *retval; 815 void *payload = NULL, *payoff; 816 size_t paylen = 0; 817 struct iovec *iov = NULL; 818 int iovlen = 0; 819 820 if (msg) { 821 iov = msg->msg_iov; 822 iovlen = msg->msg_iovlen; 823 paylen = get_user_iov_size(iov, iovlen); 824 } 825 826 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen); 827 if (!retval) 828 goto err_chunk; 829 830 if (paylen) { 831 /* Put the msg_iov together into payload. */ 832 payload = kmalloc(paylen, GFP_ATOMIC); 833 if (!payload) 834 goto err_payload; 835 payoff = payload; 836 837 for (; iovlen > 0; --iovlen) { 838 if (copy_from_user(payoff, iov->iov_base,iov->iov_len)) 839 goto err_copy; 840 payoff += iov->iov_len; 841 iov++; 842 } 843 } 844 845 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, payload, paylen); 846 847 if (paylen) 848 kfree(payload); 849 850 return retval; 851 852 err_copy: 853 kfree(payload); 854 err_payload: 855 sctp_chunk_free(retval); 856 retval = NULL; 857 err_chunk: 858 return retval; 859 } 860 861 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 862 struct sctp_chunk *sctp_make_abort_violation( 863 const struct sctp_association *asoc, 864 const struct sctp_chunk *chunk, 865 const __u8 *payload, 866 const size_t paylen) 867 { 868 struct sctp_chunk *retval; 869 struct sctp_paramhdr phdr; 870 871 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 872 + sizeof(sctp_chunkhdr_t)); 873 if (!retval) 874 goto end; 875 876 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, payload, paylen); 877 878 phdr.type = htons(chunk->chunk_hdr->type); 879 phdr.length = chunk->chunk_hdr->length; 880 sctp_addto_chunk(retval, sizeof(sctp_paramhdr_t), &phdr); 881 882 end: 883 return retval; 884 } 885 886 /* Make a HEARTBEAT chunk. */ 887 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 888 const struct sctp_transport *transport, 889 const void *payload, const size_t paylen) 890 { 891 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 892 0, paylen); 893 894 if (!retval) 895 goto nodata; 896 897 /* Cast away the 'const', as this is just telling the chunk 898 * what transport it belongs to. 899 */ 900 retval->transport = (struct sctp_transport *) transport; 901 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 902 903 nodata: 904 return retval; 905 } 906 907 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 908 const struct sctp_chunk *chunk, 909 const void *payload, const size_t paylen) 910 { 911 struct sctp_chunk *retval; 912 913 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 914 if (!retval) 915 goto nodata; 916 917 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 918 919 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 920 * 921 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 922 * HEARTBEAT ACK, * etc.) to the same destination transport 923 * address from which it * received the DATA or control chunk 924 * to which it is replying. 925 * 926 * [HBACK back to where the HEARTBEAT came from.] 927 */ 928 if (chunk) 929 retval->transport = chunk->transport; 930 931 nodata: 932 return retval; 933 } 934 935 /* Create an Operation Error chunk with the specified space reserved. 936 * This routine can be used for containing multiple causes in the chunk. 937 */ 938 static struct sctp_chunk *sctp_make_op_error_space( 939 const struct sctp_association *asoc, 940 const struct sctp_chunk *chunk, 941 size_t size) 942 { 943 struct sctp_chunk *retval; 944 945 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 946 sizeof(sctp_errhdr_t) + size); 947 if (!retval) 948 goto nodata; 949 950 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 951 * 952 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 953 * HEARTBEAT ACK, etc.) to the same destination transport 954 * address from which it received the DATA or control chunk 955 * to which it is replying. 956 * 957 */ 958 if (chunk) 959 retval->transport = chunk->transport; 960 961 nodata: 962 return retval; 963 } 964 965 /* Create an Operation Error chunk. */ 966 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 967 const struct sctp_chunk *chunk, 968 __u16 cause_code, const void *payload, 969 size_t paylen) 970 { 971 struct sctp_chunk *retval; 972 973 retval = sctp_make_op_error_space(asoc, chunk, paylen); 974 if (!retval) 975 goto nodata; 976 977 sctp_init_cause(retval, cause_code, payload, paylen); 978 979 nodata: 980 return retval; 981 } 982 983 /******************************************************************** 984 * 2nd Level Abstractions 985 ********************************************************************/ 986 987 /* Turn an skb into a chunk. 988 * FIXME: Eventually move the structure directly inside the skb->cb[]. 989 */ 990 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 991 const struct sctp_association *asoc, 992 struct sock *sk) 993 { 994 struct sctp_chunk *retval; 995 996 retval = kmem_cache_alloc(sctp_chunk_cachep, SLAB_ATOMIC); 997 998 if (!retval) 999 goto nodata; 1000 memset(retval, 0, sizeof(struct sctp_chunk)); 1001 1002 if (!sk) { 1003 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1004 } 1005 1006 retval->skb = skb; 1007 retval->asoc = (struct sctp_association *)asoc; 1008 retval->resent = 0; 1009 retval->has_tsn = 0; 1010 retval->has_ssn = 0; 1011 retval->rtt_in_progress = 0; 1012 retval->sent_at = 0; 1013 retval->singleton = 1; 1014 retval->end_of_packet = 0; 1015 retval->ecn_ce_done = 0; 1016 retval->pdiscard = 0; 1017 1018 /* sctpimpguide-05.txt Section 2.8.2 1019 * M1) Each time a new DATA chunk is transmitted 1020 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1021 * 'TSN.Missing.Report' count will be used to determine missing chunks 1022 * and when to fast retransmit. 1023 */ 1024 retval->tsn_missing_report = 0; 1025 retval->tsn_gap_acked = 0; 1026 retval->fast_retransmit = 0; 1027 1028 /* If this is a fragmented message, track all fragments 1029 * of the message (for SEND_FAILED). 1030 */ 1031 retval->msg = NULL; 1032 1033 /* Polish the bead hole. */ 1034 INIT_LIST_HEAD(&retval->transmitted_list); 1035 INIT_LIST_HEAD(&retval->frag_list); 1036 SCTP_DBG_OBJCNT_INC(chunk); 1037 atomic_set(&retval->refcnt, 1); 1038 1039 nodata: 1040 return retval; 1041 } 1042 1043 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1044 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1045 union sctp_addr *dest) 1046 { 1047 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1048 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1049 } 1050 1051 /* Extract the source address from a chunk. */ 1052 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1053 { 1054 /* If we have a known transport, use that. */ 1055 if (chunk->transport) { 1056 return &chunk->transport->ipaddr; 1057 } else { 1058 /* Otherwise, extract it from the IP header. */ 1059 return &chunk->source; 1060 } 1061 } 1062 1063 /* Create a new chunk, setting the type and flags headers from the 1064 * arguments, reserving enough space for a 'paylen' byte payload. 1065 */ 1066 SCTP_STATIC 1067 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1068 __u8 type, __u8 flags, int paylen) 1069 { 1070 struct sctp_chunk *retval; 1071 sctp_chunkhdr_t *chunk_hdr; 1072 struct sk_buff *skb; 1073 struct sock *sk; 1074 1075 /* No need to allocate LL here, as this is only a chunk. */ 1076 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1077 GFP_ATOMIC); 1078 if (!skb) 1079 goto nodata; 1080 1081 /* Make room for the chunk header. */ 1082 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1083 chunk_hdr->type = type; 1084 chunk_hdr->flags = flags; 1085 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1086 1087 sk = asoc ? asoc->base.sk : NULL; 1088 retval = sctp_chunkify(skb, asoc, sk); 1089 if (!retval) { 1090 kfree_skb(skb); 1091 goto nodata; 1092 } 1093 1094 retval->chunk_hdr = chunk_hdr; 1095 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1096 1097 /* Set the skb to the belonging sock for accounting. */ 1098 skb->sk = sk; 1099 1100 return retval; 1101 nodata: 1102 return NULL; 1103 } 1104 1105 1106 /* Release the memory occupied by a chunk. */ 1107 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1108 { 1109 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1110 dev_kfree_skb(chunk->skb); 1111 1112 SCTP_DBG_OBJCNT_DEC(chunk); 1113 kmem_cache_free(sctp_chunk_cachep, chunk); 1114 } 1115 1116 /* Possibly, free the chunk. */ 1117 void sctp_chunk_free(struct sctp_chunk *chunk) 1118 { 1119 /* Make sure that we are not on any list. */ 1120 skb_unlink((struct sk_buff *) chunk); 1121 list_del_init(&chunk->transmitted_list); 1122 1123 /* Release our reference on the message tracker. */ 1124 if (chunk->msg) 1125 sctp_datamsg_put(chunk->msg); 1126 1127 sctp_chunk_put(chunk); 1128 } 1129 1130 /* Grab a reference to the chunk. */ 1131 void sctp_chunk_hold(struct sctp_chunk *ch) 1132 { 1133 atomic_inc(&ch->refcnt); 1134 } 1135 1136 /* Release a reference to the chunk. */ 1137 void sctp_chunk_put(struct sctp_chunk *ch) 1138 { 1139 if (atomic_dec_and_test(&ch->refcnt)) 1140 sctp_chunk_destroy(ch); 1141 } 1142 1143 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1144 * enough. 1145 */ 1146 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1147 { 1148 void *target; 1149 void *padding; 1150 int chunklen = ntohs(chunk->chunk_hdr->length); 1151 int padlen = chunklen % 4; 1152 1153 padding = skb_put(chunk->skb, padlen); 1154 target = skb_put(chunk->skb, len); 1155 1156 memset(padding, 0, padlen); 1157 memcpy(target, data, len); 1158 1159 /* Adjust the chunk length field. */ 1160 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1161 chunk->chunk_end = chunk->skb->tail; 1162 1163 return target; 1164 } 1165 1166 /* Append bytes from user space to the end of a chunk. Will panic if 1167 * chunk is not big enough. 1168 * Returns a kernel err value. 1169 */ 1170 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1171 struct iovec *data) 1172 { 1173 __u8 *target; 1174 int err = 0; 1175 1176 /* Make room in chunk for data. */ 1177 target = skb_put(chunk->skb, len); 1178 1179 /* Copy data (whole iovec) into chunk */ 1180 if ((err = memcpy_fromiovecend(target, data, off, len))) 1181 goto out; 1182 1183 /* Adjust the chunk length field. */ 1184 chunk->chunk_hdr->length = 1185 htons(ntohs(chunk->chunk_hdr->length) + len); 1186 chunk->chunk_end = chunk->skb->tail; 1187 1188 out: 1189 return err; 1190 } 1191 1192 /* Helper function to assign a TSN if needed. This assumes that both 1193 * the data_hdr and association have already been assigned. 1194 */ 1195 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1196 { 1197 __u16 ssn; 1198 __u16 sid; 1199 1200 if (chunk->has_ssn) 1201 return; 1202 1203 /* This is the last possible instant to assign a SSN. */ 1204 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1205 ssn = 0; 1206 } else { 1207 sid = htons(chunk->subh.data_hdr->stream); 1208 if (chunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1209 ssn = sctp_ssn_next(&chunk->asoc->ssnmap->out, sid); 1210 else 1211 ssn = sctp_ssn_peek(&chunk->asoc->ssnmap->out, sid); 1212 ssn = htons(ssn); 1213 } 1214 1215 chunk->subh.data_hdr->ssn = ssn; 1216 chunk->has_ssn = 1; 1217 } 1218 1219 /* Helper function to assign a TSN if needed. This assumes that both 1220 * the data_hdr and association have already been assigned. 1221 */ 1222 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1223 { 1224 if (!chunk->has_tsn) { 1225 /* This is the last possible instant to 1226 * assign a TSN. 1227 */ 1228 chunk->subh.data_hdr->tsn = 1229 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1230 chunk->has_tsn = 1; 1231 } 1232 } 1233 1234 /* Create a CLOSED association to use with an incoming packet. */ 1235 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1236 struct sctp_chunk *chunk, int gfp) 1237 { 1238 struct sctp_association *asoc; 1239 struct sk_buff *skb; 1240 sctp_scope_t scope; 1241 struct sctp_af *af; 1242 1243 /* Create the bare association. */ 1244 scope = sctp_scope(sctp_source(chunk)); 1245 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1246 if (!asoc) 1247 goto nodata; 1248 asoc->temp = 1; 1249 skb = chunk->skb; 1250 /* Create an entry for the source address of the packet. */ 1251 af = sctp_get_af_specific(ipver2af(skb->nh.iph->version)); 1252 if (unlikely(!af)) 1253 goto fail; 1254 af->from_skb(&asoc->c.peer_addr, skb, 1); 1255 nodata: 1256 return asoc; 1257 1258 fail: 1259 sctp_association_free(asoc); 1260 return NULL; 1261 } 1262 1263 /* Build a cookie representing asoc. 1264 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1265 */ 1266 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1267 const struct sctp_association *asoc, 1268 const struct sctp_chunk *init_chunk, 1269 int *cookie_len, 1270 const __u8 *raw_addrs, int addrs_len) 1271 { 1272 sctp_cookie_param_t *retval; 1273 struct sctp_signed_cookie *cookie; 1274 struct scatterlist sg; 1275 int headersize, bodysize; 1276 unsigned int keylen; 1277 char *key; 1278 1279 headersize = sizeof(sctp_paramhdr_t) + SCTP_SECRET_SIZE; 1280 bodysize = sizeof(struct sctp_cookie) 1281 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1282 1283 /* Pad out the cookie to a multiple to make the signature 1284 * functions simpler to write. 1285 */ 1286 if (bodysize % SCTP_COOKIE_MULTIPLE) 1287 bodysize += SCTP_COOKIE_MULTIPLE 1288 - (bodysize % SCTP_COOKIE_MULTIPLE); 1289 *cookie_len = headersize + bodysize; 1290 1291 retval = (sctp_cookie_param_t *)kmalloc(*cookie_len, GFP_ATOMIC); 1292 1293 if (!retval) { 1294 *cookie_len = 0; 1295 goto nodata; 1296 } 1297 1298 /* Clear this memory since we are sending this data structure 1299 * out on the network. 1300 */ 1301 memset(retval, 0x00, *cookie_len); 1302 cookie = (struct sctp_signed_cookie *) retval->body; 1303 1304 /* Set up the parameter header. */ 1305 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1306 retval->p.length = htons(*cookie_len); 1307 1308 /* Copy the cookie part of the association itself. */ 1309 cookie->c = asoc->c; 1310 /* Save the raw address list length in the cookie. */ 1311 cookie->c.raw_addr_list_len = addrs_len; 1312 1313 /* Remember PR-SCTP capability. */ 1314 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1315 1316 /* Save adaption indication in the cookie. */ 1317 cookie->c.adaption_ind = asoc->peer.adaption_ind; 1318 1319 /* Set an expiration time for the cookie. */ 1320 do_gettimeofday(&cookie->c.expiration); 1321 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1322 1323 /* Copy the peer's init packet. */ 1324 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1325 ntohs(init_chunk->chunk_hdr->length)); 1326 1327 /* Copy the raw local address list of the association. */ 1328 memcpy((__u8 *)&cookie->c.peer_init[0] + 1329 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1330 1331 if (sctp_sk(ep->base.sk)->hmac) { 1332 /* Sign the message. */ 1333 sg.page = virt_to_page(&cookie->c); 1334 sg.offset = (unsigned long)(&cookie->c) % PAGE_SIZE; 1335 sg.length = bodysize; 1336 keylen = SCTP_SECRET_SIZE; 1337 key = (char *)ep->secret_key[ep->current_key]; 1338 1339 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1340 &sg, 1, cookie->signature); 1341 } 1342 1343 nodata: 1344 return retval; 1345 } 1346 1347 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1348 struct sctp_association *sctp_unpack_cookie( 1349 const struct sctp_endpoint *ep, 1350 const struct sctp_association *asoc, 1351 struct sctp_chunk *chunk, int gfp, 1352 int *error, struct sctp_chunk **errp) 1353 { 1354 struct sctp_association *retval = NULL; 1355 struct sctp_signed_cookie *cookie; 1356 struct sctp_cookie *bear_cookie; 1357 int headersize, bodysize, fixed_size; 1358 __u8 digest[SCTP_SIGNATURE_SIZE]; 1359 struct scatterlist sg; 1360 unsigned int keylen, len; 1361 char *key; 1362 sctp_scope_t scope; 1363 struct sk_buff *skb = chunk->skb; 1364 1365 headersize = sizeof(sctp_chunkhdr_t) + SCTP_SECRET_SIZE; 1366 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1367 fixed_size = headersize + sizeof(struct sctp_cookie); 1368 1369 /* Verify that the chunk looks like it even has a cookie. 1370 * There must be enough room for our cookie and our peer's 1371 * INIT chunk. 1372 */ 1373 len = ntohs(chunk->chunk_hdr->length); 1374 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1375 goto malformed; 1376 1377 /* Verify that the cookie has been padded out. */ 1378 if (bodysize % SCTP_COOKIE_MULTIPLE) 1379 goto malformed; 1380 1381 /* Process the cookie. */ 1382 cookie = chunk->subh.cookie_hdr; 1383 bear_cookie = &cookie->c; 1384 1385 if (!sctp_sk(ep->base.sk)->hmac) 1386 goto no_hmac; 1387 1388 /* Check the signature. */ 1389 keylen = SCTP_SECRET_SIZE; 1390 sg.page = virt_to_page(bear_cookie); 1391 sg.offset = (unsigned long)(bear_cookie) % PAGE_SIZE; 1392 sg.length = bodysize; 1393 key = (char *)ep->secret_key[ep->current_key]; 1394 1395 memset(digest, 0x00, sizeof(digest)); 1396 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, &sg, 1397 1, digest); 1398 1399 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1400 /* Try the previous key. */ 1401 key = (char *)ep->secret_key[ep->last_key]; 1402 memset(digest, 0x00, sizeof(digest)); 1403 sctp_crypto_hmac(sctp_sk(ep->base.sk)->hmac, key, &keylen, 1404 &sg, 1, digest); 1405 1406 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1407 /* Yikes! Still bad signature! */ 1408 *error = -SCTP_IERROR_BAD_SIG; 1409 goto fail; 1410 } 1411 } 1412 1413 no_hmac: 1414 /* IG Section 2.35.2: 1415 * 3) Compare the port numbers and the verification tag contained 1416 * within the COOKIE ECHO chunk to the actual port numbers and the 1417 * verification tag within the SCTP common header of the received 1418 * packet. If these values do not match the packet MUST be silently 1419 * discarded, 1420 */ 1421 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1422 *error = -SCTP_IERROR_BAD_TAG; 1423 goto fail; 1424 } 1425 1426 if (ntohs(chunk->sctp_hdr->source) != bear_cookie->peer_addr.v4.sin_port || 1427 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1428 *error = -SCTP_IERROR_BAD_PORTS; 1429 goto fail; 1430 } 1431 1432 /* Check to see if the cookie is stale. If there is already 1433 * an association, there is no need to check cookie's expiration 1434 * for init collision case of lost COOKIE ACK. 1435 */ 1436 if (!asoc && tv_lt(bear_cookie->expiration, skb->stamp)) { 1437 __u16 len; 1438 /* 1439 * Section 3.3.10.3 Stale Cookie Error (3) 1440 * 1441 * Cause of error 1442 * --------------- 1443 * Stale Cookie Error: Indicates the receipt of a valid State 1444 * Cookie that has expired. 1445 */ 1446 len = ntohs(chunk->chunk_hdr->length); 1447 *errp = sctp_make_op_error_space(asoc, chunk, len); 1448 if (*errp) { 1449 suseconds_t usecs = (skb->stamp.tv_sec - 1450 bear_cookie->expiration.tv_sec) * 1000000L + 1451 skb->stamp.tv_usec - 1452 bear_cookie->expiration.tv_usec; 1453 1454 usecs = htonl(usecs); 1455 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1456 &usecs, sizeof(usecs)); 1457 *error = -SCTP_IERROR_STALE_COOKIE; 1458 } else 1459 *error = -SCTP_IERROR_NOMEM; 1460 1461 goto fail; 1462 } 1463 1464 /* Make a new base association. */ 1465 scope = sctp_scope(sctp_source(chunk)); 1466 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1467 if (!retval) { 1468 *error = -SCTP_IERROR_NOMEM; 1469 goto fail; 1470 } 1471 1472 /* Set up our peer's port number. */ 1473 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1474 1475 /* Populate the association from the cookie. */ 1476 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1477 1478 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1479 GFP_ATOMIC) < 0) { 1480 *error = -SCTP_IERROR_NOMEM; 1481 goto fail; 1482 } 1483 1484 /* Also, add the destination address. */ 1485 if (list_empty(&retval->base.bind_addr.address_list)) { 1486 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1487 GFP_ATOMIC); 1488 } 1489 1490 retval->next_tsn = retval->c.initial_tsn; 1491 retval->ctsn_ack_point = retval->next_tsn - 1; 1492 retval->addip_serial = retval->c.initial_tsn; 1493 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1494 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1495 retval->peer.adaption_ind = retval->c.adaption_ind; 1496 1497 /* The INIT stuff will be done by the side effects. */ 1498 return retval; 1499 1500 fail: 1501 if (retval) 1502 sctp_association_free(retval); 1503 1504 return NULL; 1505 1506 malformed: 1507 /* Yikes! The packet is either corrupt or deliberately 1508 * malformed. 1509 */ 1510 *error = -SCTP_IERROR_MALFORMED; 1511 goto fail; 1512 } 1513 1514 /******************************************************************** 1515 * 3rd Level Abstractions 1516 ********************************************************************/ 1517 1518 struct __sctp_missing { 1519 __u32 num_missing; 1520 __u16 type; 1521 } __attribute__((packed)); 1522 1523 /* 1524 * Report a missing mandatory parameter. 1525 */ 1526 static int sctp_process_missing_param(const struct sctp_association *asoc, 1527 sctp_param_t paramtype, 1528 struct sctp_chunk *chunk, 1529 struct sctp_chunk **errp) 1530 { 1531 struct __sctp_missing report; 1532 __u16 len; 1533 1534 len = WORD_ROUND(sizeof(report)); 1535 1536 /* Make an ERROR chunk, preparing enough room for 1537 * returning multiple unknown parameters. 1538 */ 1539 if (!*errp) 1540 *errp = sctp_make_op_error_space(asoc, chunk, len); 1541 1542 if (*errp) { 1543 report.num_missing = htonl(1); 1544 report.type = paramtype; 1545 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 1546 &report, sizeof(report)); 1547 } 1548 1549 /* Stop processing this chunk. */ 1550 return 0; 1551 } 1552 1553 /* Report an Invalid Mandatory Parameter. */ 1554 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1555 struct sctp_chunk *chunk, 1556 struct sctp_chunk **errp) 1557 { 1558 /* Invalid Mandatory Parameter Error has no payload. */ 1559 1560 if (!*errp) 1561 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1562 1563 if (*errp) 1564 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, NULL, 0); 1565 1566 /* Stop processing this chunk. */ 1567 return 0; 1568 } 1569 1570 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1571 struct sctp_paramhdr *param, 1572 const struct sctp_chunk *chunk, 1573 struct sctp_chunk **errp) 1574 { 1575 char error[] = "The following parameter had invalid length:"; 1576 size_t payload_len = WORD_ROUND(sizeof(error)) + 1577 sizeof(sctp_paramhdr_t); 1578 1579 1580 /* Create an error chunk and fill it in with our payload. */ 1581 if (!*errp) 1582 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1583 1584 if (*errp) { 1585 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, error, 1586 sizeof(error)); 1587 sctp_addto_chunk(*errp, sizeof(sctp_paramhdr_t), param); 1588 } 1589 1590 return 0; 1591 } 1592 1593 1594 /* Do not attempt to handle the HOST_NAME parm. However, do 1595 * send back an indicator to the peer. 1596 */ 1597 static int sctp_process_hn_param(const struct sctp_association *asoc, 1598 union sctp_params param, 1599 struct sctp_chunk *chunk, 1600 struct sctp_chunk **errp) 1601 { 1602 __u16 len = ntohs(param.p->length); 1603 1604 /* Make an ERROR chunk. */ 1605 if (!*errp) 1606 *errp = sctp_make_op_error_space(asoc, chunk, len); 1607 1608 if (*errp) 1609 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, 1610 param.v, len); 1611 1612 /* Stop processing this chunk. */ 1613 return 0; 1614 } 1615 1616 /* RFC 3.2.1 & the Implementers Guide 2.2. 1617 * 1618 * The Parameter Types are encoded such that the 1619 * highest-order two bits specify the action that must be 1620 * taken if the processing endpoint does not recognize the 1621 * Parameter Type. 1622 * 1623 * 00 - Stop processing this SCTP chunk and discard it, 1624 * do not process any further chunks within it. 1625 * 1626 * 01 - Stop processing this SCTP chunk and discard it, 1627 * do not process any further chunks within it, and report 1628 * the unrecognized parameter in an 'Unrecognized 1629 * Parameter Type' (in either an ERROR or in the INIT ACK). 1630 * 1631 * 10 - Skip this parameter and continue processing. 1632 * 1633 * 11 - Skip this parameter and continue processing but 1634 * report the unrecognized parameter in an 1635 * 'Unrecognized Parameter Type' (in either an ERROR or in 1636 * the INIT ACK). 1637 * 1638 * Return value: 1639 * 0 - discard the chunk 1640 * 1 - continue with the chunk 1641 */ 1642 static int sctp_process_unk_param(const struct sctp_association *asoc, 1643 union sctp_params param, 1644 struct sctp_chunk *chunk, 1645 struct sctp_chunk **errp) 1646 { 1647 int retval = 1; 1648 1649 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1650 case SCTP_PARAM_ACTION_DISCARD: 1651 retval = 0; 1652 break; 1653 case SCTP_PARAM_ACTION_DISCARD_ERR: 1654 retval = 0; 1655 /* Make an ERROR chunk, preparing enough room for 1656 * returning multiple unknown parameters. 1657 */ 1658 if (NULL == *errp) 1659 *errp = sctp_make_op_error_space(asoc, chunk, 1660 ntohs(chunk->chunk_hdr->length)); 1661 1662 if (*errp) 1663 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1664 param.v, 1665 WORD_ROUND(ntohs(param.p->length))); 1666 1667 break; 1668 case SCTP_PARAM_ACTION_SKIP: 1669 break; 1670 case SCTP_PARAM_ACTION_SKIP_ERR: 1671 /* Make an ERROR chunk, preparing enough room for 1672 * returning multiple unknown parameters. 1673 */ 1674 if (NULL == *errp) 1675 *errp = sctp_make_op_error_space(asoc, chunk, 1676 ntohs(chunk->chunk_hdr->length)); 1677 1678 if (*errp) { 1679 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1680 param.v, 1681 WORD_ROUND(ntohs(param.p->length))); 1682 } else { 1683 /* If there is no memory for generating the ERROR 1684 * report as specified, an ABORT will be triggered 1685 * to the peer and the association won't be 1686 * established. 1687 */ 1688 retval = 0; 1689 } 1690 1691 break; 1692 default: 1693 break; 1694 } 1695 1696 return retval; 1697 } 1698 1699 /* Find unrecognized parameters in the chunk. 1700 * Return values: 1701 * 0 - discard the chunk 1702 * 1 - continue with the chunk 1703 */ 1704 static int sctp_verify_param(const struct sctp_association *asoc, 1705 union sctp_params param, 1706 sctp_cid_t cid, 1707 struct sctp_chunk *chunk, 1708 struct sctp_chunk **err_chunk) 1709 { 1710 int retval = 1; 1711 1712 /* FIXME - This routine is not looking at each parameter per the 1713 * chunk type, i.e., unrecognized parameters should be further 1714 * identified based on the chunk id. 1715 */ 1716 1717 switch (param.p->type) { 1718 case SCTP_PARAM_IPV4_ADDRESS: 1719 case SCTP_PARAM_IPV6_ADDRESS: 1720 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1721 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1722 case SCTP_PARAM_STATE_COOKIE: 1723 case SCTP_PARAM_HEARTBEAT_INFO: 1724 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1725 case SCTP_PARAM_ECN_CAPABLE: 1726 case SCTP_PARAM_ADAPTION_LAYER_IND: 1727 break; 1728 1729 case SCTP_PARAM_HOST_NAME_ADDRESS: 1730 /* Tell the peer, we won't support this param. */ 1731 return sctp_process_hn_param(asoc, param, chunk, err_chunk); 1732 case SCTP_PARAM_FWD_TSN_SUPPORT: 1733 if (sctp_prsctp_enable) 1734 break; 1735 /* Fall Through */ 1736 default: 1737 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 1738 ntohs(param.p->type), cid); 1739 return sctp_process_unk_param(asoc, param, chunk, err_chunk); 1740 1741 break; 1742 } 1743 return retval; 1744 } 1745 1746 /* Verify the INIT packet before we process it. */ 1747 int sctp_verify_init(const struct sctp_association *asoc, 1748 sctp_cid_t cid, 1749 sctp_init_chunk_t *peer_init, 1750 struct sctp_chunk *chunk, 1751 struct sctp_chunk **errp) 1752 { 1753 union sctp_params param; 1754 int has_cookie = 0; 1755 1756 /* Verify stream values are non-zero. */ 1757 if ((0 == peer_init->init_hdr.num_outbound_streams) || 1758 (0 == peer_init->init_hdr.num_inbound_streams)) { 1759 1760 sctp_process_inv_mandatory(asoc, chunk, errp); 1761 return 0; 1762 } 1763 1764 /* Check for missing mandatory parameters. */ 1765 sctp_walk_params(param, peer_init, init_hdr.params) { 1766 1767 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 1768 has_cookie = 1; 1769 1770 } /* for (loop through all parameters) */ 1771 1772 /* There is a possibility that a parameter length was bad and 1773 * in that case we would have stoped walking the parameters. 1774 * The current param.p would point at the bad one. 1775 * Current consensus on the mailing list is to generate a PROTOCOL 1776 * VIOLATION error. We build the ERROR chunk here and let the normal 1777 * error handling code build and send the packet. 1778 */ 1779 if (param.v < (void*)chunk->chunk_end - sizeof(sctp_paramhdr_t)) { 1780 sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 1781 return 0; 1782 } 1783 1784 /* The only missing mandatory param possible today is 1785 * the state cookie for an INIT-ACK chunk. 1786 */ 1787 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) { 1788 sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 1789 chunk, errp); 1790 return 0; 1791 } 1792 1793 /* Find unrecognized parameters. */ 1794 1795 sctp_walk_params(param, peer_init, init_hdr.params) { 1796 1797 if (!sctp_verify_param(asoc, param, cid, chunk, errp)) { 1798 if (SCTP_PARAM_HOST_NAME_ADDRESS == param.p->type) 1799 return 0; 1800 else 1801 return 1; 1802 } 1803 1804 } /* for (loop through all parameters) */ 1805 1806 return 1; 1807 } 1808 1809 /* Unpack the parameters in an INIT packet into an association. 1810 * Returns 0 on failure, else success. 1811 * FIXME: This is an association method. 1812 */ 1813 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 1814 const union sctp_addr *peer_addr, 1815 sctp_init_chunk_t *peer_init, int gfp) 1816 { 1817 union sctp_params param; 1818 struct sctp_transport *transport; 1819 struct list_head *pos, *temp; 1820 char *cookie; 1821 1822 /* We must include the address that the INIT packet came from. 1823 * This is the only address that matters for an INIT packet. 1824 * When processing a COOKIE ECHO, we retrieve the from address 1825 * of the INIT from the cookie. 1826 */ 1827 1828 /* This implementation defaults to making the first transport 1829 * added as the primary transport. The source address seems to 1830 * be a a better choice than any of the embedded addresses. 1831 */ 1832 if (peer_addr) 1833 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 1834 goto nomem; 1835 1836 /* Process the initialization parameters. */ 1837 1838 sctp_walk_params(param, peer_init, init_hdr.params) { 1839 1840 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 1841 goto clean_up; 1842 } 1843 1844 /* Walk list of transports, removing transports in the UNKNOWN state. */ 1845 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1846 transport = list_entry(pos, struct sctp_transport, transports); 1847 if (transport->state == SCTP_UNKNOWN) { 1848 sctp_assoc_rm_peer(asoc, transport); 1849 } 1850 } 1851 1852 /* The fixed INIT headers are always in network byte 1853 * order. 1854 */ 1855 asoc->peer.i.init_tag = 1856 ntohl(peer_init->init_hdr.init_tag); 1857 asoc->peer.i.a_rwnd = 1858 ntohl(peer_init->init_hdr.a_rwnd); 1859 asoc->peer.i.num_outbound_streams = 1860 ntohs(peer_init->init_hdr.num_outbound_streams); 1861 asoc->peer.i.num_inbound_streams = 1862 ntohs(peer_init->init_hdr.num_inbound_streams); 1863 asoc->peer.i.initial_tsn = 1864 ntohl(peer_init->init_hdr.initial_tsn); 1865 1866 /* Apply the upper bounds for output streams based on peer's 1867 * number of inbound streams. 1868 */ 1869 if (asoc->c.sinit_num_ostreams > 1870 ntohs(peer_init->init_hdr.num_inbound_streams)) { 1871 asoc->c.sinit_num_ostreams = 1872 ntohs(peer_init->init_hdr.num_inbound_streams); 1873 } 1874 1875 if (asoc->c.sinit_max_instreams > 1876 ntohs(peer_init->init_hdr.num_outbound_streams)) { 1877 asoc->c.sinit_max_instreams = 1878 ntohs(peer_init->init_hdr.num_outbound_streams); 1879 } 1880 1881 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 1882 asoc->c.peer_vtag = asoc->peer.i.init_tag; 1883 1884 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 1885 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 1886 1887 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 1888 cookie = asoc->peer.cookie; 1889 if (cookie) { 1890 asoc->peer.cookie = kmalloc(asoc->peer.cookie_len, gfp); 1891 if (!asoc->peer.cookie) 1892 goto clean_up; 1893 memcpy(asoc->peer.cookie, cookie, asoc->peer.cookie_len); 1894 } 1895 1896 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 1897 * high (for example, implementations MAY use the size of the receiver 1898 * advertised window). 1899 */ 1900 list_for_each(pos, &asoc->peer.transport_addr_list) { 1901 transport = list_entry(pos, struct sctp_transport, transports); 1902 transport->ssthresh = asoc->peer.i.a_rwnd; 1903 } 1904 1905 /* Set up the TSN tracking pieces. */ 1906 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 1907 asoc->peer.i.initial_tsn); 1908 1909 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 1910 * 1911 * The stream sequence number in all the streams shall start 1912 * from 0 when the association is established. Also, when the 1913 * stream sequence number reaches the value 65535 the next 1914 * stream sequence number shall be set to 0. 1915 */ 1916 1917 /* Allocate storage for the negotiated streams if it is not a temporary 1918 * association. 1919 */ 1920 if (!asoc->temp) { 1921 int assoc_id; 1922 int error; 1923 1924 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 1925 asoc->c.sinit_num_ostreams, gfp); 1926 if (!asoc->ssnmap) 1927 goto clean_up; 1928 1929 retry: 1930 if (unlikely(!idr_pre_get(&sctp_assocs_id, gfp))) 1931 goto clean_up; 1932 spin_lock_bh(&sctp_assocs_id_lock); 1933 error = idr_get_new_above(&sctp_assocs_id, (void *)asoc, 1, 1934 &assoc_id); 1935 spin_unlock_bh(&sctp_assocs_id_lock); 1936 if (error == -EAGAIN) 1937 goto retry; 1938 else if (error) 1939 goto clean_up; 1940 1941 asoc->assoc_id = (sctp_assoc_t) assoc_id; 1942 } 1943 1944 /* ADDIP Section 4.1 ASCONF Chunk Procedures 1945 * 1946 * When an endpoint has an ASCONF signaled change to be sent to the 1947 * remote endpoint it should do the following: 1948 * ... 1949 * A2) A serial number should be assigned to the Chunk. The serial 1950 * number should be a monotonically increasing number. All serial 1951 * numbers are defined to be initialized at the start of the 1952 * association to the same value as the Initial TSN. 1953 */ 1954 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 1955 return 1; 1956 1957 clean_up: 1958 /* Release the transport structures. */ 1959 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 1960 transport = list_entry(pos, struct sctp_transport, transports); 1961 list_del_init(pos); 1962 sctp_transport_free(transport); 1963 } 1964 1965 asoc->peer.transport_count = 0; 1966 1967 nomem: 1968 return 0; 1969 } 1970 1971 1972 /* Update asoc with the option described in param. 1973 * 1974 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 1975 * 1976 * asoc is the association to update. 1977 * param is the variable length parameter to use for update. 1978 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 1979 * If the current packet is an INIT we want to minimize the amount of 1980 * work we do. In particular, we should not build transport 1981 * structures for the addresses. 1982 */ 1983 static int sctp_process_param(struct sctp_association *asoc, 1984 union sctp_params param, 1985 const union sctp_addr *peer_addr, 1986 int gfp) 1987 { 1988 union sctp_addr addr; 1989 int i; 1990 __u16 sat; 1991 int retval = 1; 1992 sctp_scope_t scope; 1993 time_t stale; 1994 struct sctp_af *af; 1995 1996 /* We maintain all INIT parameters in network byte order all the 1997 * time. This allows us to not worry about whether the parameters 1998 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 1999 */ 2000 switch (param.p->type) { 2001 case SCTP_PARAM_IPV6_ADDRESS: 2002 if (PF_INET6 != asoc->base.sk->sk_family) 2003 break; 2004 /* Fall through. */ 2005 case SCTP_PARAM_IPV4_ADDRESS: 2006 af = sctp_get_af_specific(param_type2af(param.p->type)); 2007 af->from_addr_param(&addr, param.addr, asoc->peer.port, 0); 2008 scope = sctp_scope(peer_addr); 2009 if (sctp_in_scope(&addr, scope)) 2010 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_ACTIVE)) 2011 return 0; 2012 break; 2013 2014 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2015 if (!sctp_cookie_preserve_enable) 2016 break; 2017 2018 stale = ntohl(param.life->lifespan_increment); 2019 2020 /* Suggested Cookie Life span increment's unit is msec, 2021 * (1/1000sec). 2022 */ 2023 asoc->cookie_life.tv_sec += stale / 1000; 2024 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2025 break; 2026 2027 case SCTP_PARAM_HOST_NAME_ADDRESS: 2028 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2029 break; 2030 2031 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2032 /* Turn off the default values first so we'll know which 2033 * ones are really set by the peer. 2034 */ 2035 asoc->peer.ipv4_address = 0; 2036 asoc->peer.ipv6_address = 0; 2037 2038 /* Cycle through address types; avoid divide by 0. */ 2039 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2040 if (sat) 2041 sat /= sizeof(__u16); 2042 2043 for (i = 0; i < sat; ++i) { 2044 switch (param.sat->types[i]) { 2045 case SCTP_PARAM_IPV4_ADDRESS: 2046 asoc->peer.ipv4_address = 1; 2047 break; 2048 2049 case SCTP_PARAM_IPV6_ADDRESS: 2050 asoc->peer.ipv6_address = 1; 2051 break; 2052 2053 case SCTP_PARAM_HOST_NAME_ADDRESS: 2054 asoc->peer.hostname_address = 1; 2055 break; 2056 2057 default: /* Just ignore anything else. */ 2058 break; 2059 }; 2060 } 2061 break; 2062 2063 case SCTP_PARAM_STATE_COOKIE: 2064 asoc->peer.cookie_len = 2065 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2066 asoc->peer.cookie = param.cookie->body; 2067 break; 2068 2069 case SCTP_PARAM_HEARTBEAT_INFO: 2070 /* Would be odd to receive, but it causes no problems. */ 2071 break; 2072 2073 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2074 /* Rejected during verify stage. */ 2075 break; 2076 2077 case SCTP_PARAM_ECN_CAPABLE: 2078 asoc->peer.ecn_capable = 1; 2079 break; 2080 2081 case SCTP_PARAM_ADAPTION_LAYER_IND: 2082 asoc->peer.adaption_ind = param.aind->adaption_ind; 2083 break; 2084 2085 case SCTP_PARAM_FWD_TSN_SUPPORT: 2086 if (sctp_prsctp_enable) { 2087 asoc->peer.prsctp_capable = 1; 2088 break; 2089 } 2090 /* Fall Through */ 2091 default: 2092 /* Any unrecognized parameters should have been caught 2093 * and handled by sctp_verify_param() which should be 2094 * called prior to this routine. Simply log the error 2095 * here. 2096 */ 2097 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2098 ntohs(param.p->type), asoc); 2099 break; 2100 }; 2101 2102 return retval; 2103 } 2104 2105 /* Select a new verification tag. */ 2106 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2107 { 2108 /* I believe that this random number generator complies with RFC1750. 2109 * A tag of 0 is reserved for special cases (e.g. INIT). 2110 */ 2111 __u32 x; 2112 2113 do { 2114 get_random_bytes(&x, sizeof(__u32)); 2115 } while (x == 0); 2116 2117 return x; 2118 } 2119 2120 /* Select an initial TSN to send during startup. */ 2121 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2122 { 2123 __u32 retval; 2124 2125 get_random_bytes(&retval, sizeof(__u32)); 2126 return retval; 2127 } 2128 2129 /* 2130 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2131 * 0 1 2 3 2132 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2133 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2134 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2135 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2136 * | Serial Number | 2137 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2138 * | Address Parameter | 2139 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2140 * | ASCONF Parameter #1 | 2141 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2142 * \ \ 2143 * / .... / 2144 * \ \ 2145 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2146 * | ASCONF Parameter #N | 2147 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2148 * 2149 * Address Parameter and other parameter will not be wrapped in this function 2150 */ 2151 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2152 union sctp_addr *addr, 2153 int vparam_len) 2154 { 2155 sctp_addiphdr_t asconf; 2156 struct sctp_chunk *retval; 2157 int length = sizeof(asconf) + vparam_len; 2158 union sctp_addr_param addrparam; 2159 int addrlen; 2160 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2161 2162 addrlen = af->to_addr_param(addr, &addrparam); 2163 if (!addrlen) 2164 return NULL; 2165 length += addrlen; 2166 2167 /* Create the chunk. */ 2168 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2169 if (!retval) 2170 return NULL; 2171 2172 asconf.serial = htonl(asoc->addip_serial++); 2173 2174 retval->subh.addip_hdr = 2175 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2176 retval->param_hdr.v = 2177 sctp_addto_chunk(retval, addrlen, &addrparam); 2178 2179 return retval; 2180 } 2181 2182 /* ADDIP 2183 * 3.2.1 Add IP Address 2184 * 0 1 2 3 2185 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2187 * | Type = 0xC001 | Length = Variable | 2188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2189 * | ASCONF-Request Correlation ID | 2190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2191 * | Address Parameter | 2192 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2193 * 2194 * 3.2.2 Delete IP Address 2195 * 0 1 2 3 2196 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2197 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2198 * | Type = 0xC002 | Length = Variable | 2199 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2200 * | ASCONF-Request Correlation ID | 2201 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2202 * | Address Parameter | 2203 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2204 * 2205 */ 2206 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2207 union sctp_addr *laddr, 2208 struct sockaddr *addrs, 2209 int addrcnt, 2210 __u16 flags) 2211 { 2212 sctp_addip_param_t param; 2213 struct sctp_chunk *retval; 2214 union sctp_addr_param addr_param; 2215 union sctp_addr *addr; 2216 void *addr_buf; 2217 struct sctp_af *af; 2218 int paramlen = sizeof(param); 2219 int addr_param_len = 0; 2220 int totallen = 0; 2221 int i; 2222 2223 /* Get total length of all the address parameters. */ 2224 addr_buf = addrs; 2225 for (i = 0; i < addrcnt; i++) { 2226 addr = (union sctp_addr *)addr_buf; 2227 af = sctp_get_af_specific(addr->v4.sin_family); 2228 addr_param_len = af->to_addr_param(addr, &addr_param); 2229 2230 totallen += paramlen; 2231 totallen += addr_param_len; 2232 2233 addr_buf += af->sockaddr_len; 2234 } 2235 2236 /* Create an asconf chunk with the required length. */ 2237 retval = sctp_make_asconf(asoc, laddr, totallen); 2238 if (!retval) 2239 return NULL; 2240 2241 /* Add the address parameters to the asconf chunk. */ 2242 addr_buf = addrs; 2243 for (i = 0; i < addrcnt; i++) { 2244 addr = (union sctp_addr *)addr_buf; 2245 af = sctp_get_af_specific(addr->v4.sin_family); 2246 addr_param_len = af->to_addr_param(addr, &addr_param); 2247 param.param_hdr.type = flags; 2248 param.param_hdr.length = htons(paramlen + addr_param_len); 2249 param.crr_id = i; 2250 2251 sctp_addto_chunk(retval, paramlen, ¶m); 2252 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2253 2254 addr_buf += af->sockaddr_len; 2255 } 2256 return retval; 2257 } 2258 2259 /* ADDIP 2260 * 3.2.4 Set Primary IP Address 2261 * 0 1 2 3 2262 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2263 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2264 * | Type =0xC004 | Length = Variable | 2265 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2266 * | ASCONF-Request Correlation ID | 2267 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2268 * | Address Parameter | 2269 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2270 * 2271 * Create an ASCONF chunk with Set Primary IP address parameter. 2272 */ 2273 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2274 union sctp_addr *addr) 2275 { 2276 sctp_addip_param_t param; 2277 struct sctp_chunk *retval; 2278 int len = sizeof(param); 2279 union sctp_addr_param addrparam; 2280 int addrlen; 2281 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2282 2283 addrlen = af->to_addr_param(addr, &addrparam); 2284 if (!addrlen) 2285 return NULL; 2286 len += addrlen; 2287 2288 /* Create the chunk and make asconf header. */ 2289 retval = sctp_make_asconf(asoc, addr, len); 2290 if (!retval) 2291 return NULL; 2292 2293 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2294 param.param_hdr.length = htons(len); 2295 param.crr_id = 0; 2296 2297 sctp_addto_chunk(retval, sizeof(param), ¶m); 2298 sctp_addto_chunk(retval, addrlen, &addrparam); 2299 2300 return retval; 2301 } 2302 2303 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2304 * 0 1 2 3 2305 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2306 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2307 * | Type = 0x80 | Chunk Flags | Chunk Length | 2308 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2309 * | Serial Number | 2310 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2311 * | ASCONF Parameter Response#1 | 2312 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2313 * \ \ 2314 * / .... / 2315 * \ \ 2316 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2317 * | ASCONF Parameter Response#N | 2318 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2319 * 2320 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2321 */ 2322 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2323 __u32 serial, int vparam_len) 2324 { 2325 sctp_addiphdr_t asconf; 2326 struct sctp_chunk *retval; 2327 int length = sizeof(asconf) + vparam_len; 2328 2329 /* Create the chunk. */ 2330 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2331 if (!retval) 2332 return NULL; 2333 2334 asconf.serial = htonl(serial); 2335 2336 retval->subh.addip_hdr = 2337 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2338 2339 return retval; 2340 } 2341 2342 /* Add response parameters to an ASCONF_ACK chunk. */ 2343 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __u32 crr_id, 2344 __u16 err_code, sctp_addip_param_t *asconf_param) 2345 { 2346 sctp_addip_param_t ack_param; 2347 sctp_errhdr_t err_param; 2348 int asconf_param_len = 0; 2349 int err_param_len = 0; 2350 __u16 response_type; 2351 2352 if (SCTP_ERROR_NO_ERROR == err_code) { 2353 response_type = SCTP_PARAM_SUCCESS_REPORT; 2354 } else { 2355 response_type = SCTP_PARAM_ERR_CAUSE; 2356 err_param_len = sizeof(err_param); 2357 if (asconf_param) 2358 asconf_param_len = 2359 ntohs(asconf_param->param_hdr.length); 2360 } 2361 2362 /* Add Success Indication or Error Cause Indication parameter. */ 2363 ack_param.param_hdr.type = response_type; 2364 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2365 err_param_len + 2366 asconf_param_len); 2367 ack_param.crr_id = crr_id; 2368 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2369 2370 if (SCTP_ERROR_NO_ERROR == err_code) 2371 return; 2372 2373 /* Add Error Cause parameter. */ 2374 err_param.cause = err_code; 2375 err_param.length = htons(err_param_len + asconf_param_len); 2376 sctp_addto_chunk(chunk, err_param_len, &err_param); 2377 2378 /* Add the failed TLV copied from ASCONF chunk. */ 2379 if (asconf_param) 2380 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2381 } 2382 2383 /* Process a asconf parameter. */ 2384 static __u16 sctp_process_asconf_param(struct sctp_association *asoc, 2385 struct sctp_chunk *asconf, 2386 sctp_addip_param_t *asconf_param) 2387 { 2388 struct sctp_transport *peer; 2389 struct sctp_af *af; 2390 union sctp_addr addr; 2391 struct list_head *pos; 2392 union sctp_addr_param *addr_param; 2393 2394 addr_param = (union sctp_addr_param *) 2395 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2396 2397 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2398 if (unlikely(!af)) 2399 return SCTP_ERROR_INV_PARAM; 2400 2401 af->from_addr_param(&addr, addr_param, asoc->peer.port, 0); 2402 switch (asconf_param->param_hdr.type) { 2403 case SCTP_PARAM_ADD_IP: 2404 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2405 * request and does not have the local resources to add this 2406 * new address to the association, it MUST return an Error 2407 * Cause TLV set to the new error code 'Operation Refused 2408 * Due to Resource Shortage'. 2409 */ 2410 2411 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_ACTIVE); 2412 if (!peer) 2413 return SCTP_ERROR_RSRC_LOW; 2414 2415 /* Start the heartbeat timer. */ 2416 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2417 sctp_transport_hold(peer); 2418 break; 2419 case SCTP_PARAM_DEL_IP: 2420 /* ADDIP 4.3 D7) If a request is received to delete the 2421 * last remaining IP address of a peer endpoint, the receiver 2422 * MUST send an Error Cause TLV with the error cause set to the 2423 * new error code 'Request to Delete Last Remaining IP Address'. 2424 */ 2425 pos = asoc->peer.transport_addr_list.next; 2426 if (pos->next == &asoc->peer.transport_addr_list) 2427 return SCTP_ERROR_DEL_LAST_IP; 2428 2429 /* ADDIP 4.3 D8) If a request is received to delete an IP 2430 * address which is also the source address of the IP packet 2431 * which contained the ASCONF chunk, the receiver MUST reject 2432 * this request. To reject the request the receiver MUST send 2433 * an Error Cause TLV set to the new error code 'Request to 2434 * Delete Source IP Address' 2435 */ 2436 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2437 return SCTP_ERROR_DEL_SRC_IP; 2438 2439 sctp_assoc_del_peer(asoc, &addr); 2440 break; 2441 case SCTP_PARAM_SET_PRIMARY: 2442 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2443 if (!peer) 2444 return SCTP_ERROR_INV_PARAM; 2445 2446 sctp_assoc_set_primary(asoc, peer); 2447 break; 2448 default: 2449 return SCTP_ERROR_INV_PARAM; 2450 break; 2451 } 2452 2453 return SCTP_ERROR_NO_ERROR; 2454 } 2455 2456 /* Process an incoming ASCONF chunk with the next expected serial no. and 2457 * return an ASCONF_ACK chunk to be sent in response. 2458 */ 2459 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2460 struct sctp_chunk *asconf) 2461 { 2462 sctp_addiphdr_t *hdr; 2463 union sctp_addr_param *addr_param; 2464 sctp_addip_param_t *asconf_param; 2465 struct sctp_chunk *asconf_ack; 2466 2467 __u16 err_code; 2468 int length = 0; 2469 int chunk_len = asconf->skb->len; 2470 __u32 serial; 2471 int all_param_pass = 1; 2472 2473 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2474 serial = ntohl(hdr->serial); 2475 2476 /* Skip the addiphdr and store a pointer to address parameter. */ 2477 length = sizeof(sctp_addiphdr_t); 2478 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2479 chunk_len -= length; 2480 2481 /* Skip the address parameter and store a pointer to the first 2482 * asconf paramter. 2483 */ 2484 length = ntohs(addr_param->v4.param_hdr.length); 2485 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2486 chunk_len -= length; 2487 2488 /* create an ASCONF_ACK chunk. 2489 * Based on the definitions of parameters, we know that the size of 2490 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2491 * paramters. 2492 */ 2493 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2494 if (!asconf_ack) 2495 goto done; 2496 2497 /* Process the TLVs contained within the ASCONF chunk. */ 2498 while (chunk_len > 0) { 2499 err_code = sctp_process_asconf_param(asoc, asconf, 2500 asconf_param); 2501 /* ADDIP 4.1 A7) 2502 * If an error response is received for a TLV parameter, 2503 * all TLVs with no response before the failed TLV are 2504 * considered successful if not reported. All TLVs after 2505 * the failed response are considered unsuccessful unless 2506 * a specific success indication is present for the parameter. 2507 */ 2508 if (SCTP_ERROR_NO_ERROR != err_code) 2509 all_param_pass = 0; 2510 2511 if (!all_param_pass) 2512 sctp_add_asconf_response(asconf_ack, 2513 asconf_param->crr_id, err_code, 2514 asconf_param); 2515 2516 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2517 * an IP address sends an 'Out of Resource' in its response, it 2518 * MUST also fail any subsequent add or delete requests bundled 2519 * in the ASCONF. 2520 */ 2521 if (SCTP_ERROR_RSRC_LOW == err_code) 2522 goto done; 2523 2524 /* Move to the next ASCONF param. */ 2525 length = ntohs(asconf_param->param_hdr.length); 2526 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2527 length); 2528 chunk_len -= length; 2529 } 2530 2531 done: 2532 asoc->peer.addip_serial++; 2533 2534 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2535 * after freeing the reference to old asconf ack if any. 2536 */ 2537 if (asconf_ack) { 2538 if (asoc->addip_last_asconf_ack) 2539 sctp_chunk_free(asoc->addip_last_asconf_ack); 2540 2541 sctp_chunk_hold(asconf_ack); 2542 asoc->addip_last_asconf_ack = asconf_ack; 2543 } 2544 2545 return asconf_ack; 2546 } 2547 2548 /* Process a asconf parameter that is successfully acked. */ 2549 static int sctp_asconf_param_success(struct sctp_association *asoc, 2550 sctp_addip_param_t *asconf_param) 2551 { 2552 struct sctp_af *af; 2553 union sctp_addr addr; 2554 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2555 union sctp_addr_param *addr_param; 2556 struct list_head *pos; 2557 struct sctp_transport *transport; 2558 int retval = 0; 2559 2560 addr_param = (union sctp_addr_param *) 2561 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2562 2563 /* We have checked the packet before, so we do not check again. */ 2564 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2565 af->from_addr_param(&addr, addr_param, bp->port, 0); 2566 2567 switch (asconf_param->param_hdr.type) { 2568 case SCTP_PARAM_ADD_IP: 2569 sctp_local_bh_disable(); 2570 sctp_write_lock(&asoc->base.addr_lock); 2571 retval = sctp_add_bind_addr(bp, &addr, GFP_ATOMIC); 2572 sctp_write_unlock(&asoc->base.addr_lock); 2573 sctp_local_bh_enable(); 2574 break; 2575 case SCTP_PARAM_DEL_IP: 2576 sctp_local_bh_disable(); 2577 sctp_write_lock(&asoc->base.addr_lock); 2578 retval = sctp_del_bind_addr(bp, &addr); 2579 sctp_write_unlock(&asoc->base.addr_lock); 2580 sctp_local_bh_enable(); 2581 list_for_each(pos, &asoc->peer.transport_addr_list) { 2582 transport = list_entry(pos, struct sctp_transport, 2583 transports); 2584 sctp_transport_route(transport, NULL, 2585 sctp_sk(asoc->base.sk)); 2586 } 2587 break; 2588 default: 2589 break; 2590 } 2591 2592 return retval; 2593 } 2594 2595 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2596 * for the given asconf parameter. If there is no response for this parameter, 2597 * return the error code based on the third argument 'no_err'. 2598 * ADDIP 4.1 2599 * A7) If an error response is received for a TLV parameter, all TLVs with no 2600 * response before the failed TLV are considered successful if not reported. 2601 * All TLVs after the failed response are considered unsuccessful unless a 2602 * specific success indication is present for the parameter. 2603 */ 2604 static __u16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2605 sctp_addip_param_t *asconf_param, 2606 int no_err) 2607 { 2608 sctp_addip_param_t *asconf_ack_param; 2609 sctp_errhdr_t *err_param; 2610 int length; 2611 int asconf_ack_len = asconf_ack->skb->len; 2612 __u16 err_code; 2613 2614 if (no_err) 2615 err_code = SCTP_ERROR_NO_ERROR; 2616 else 2617 err_code = SCTP_ERROR_REQ_REFUSED; 2618 2619 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 2620 * the first asconf_ack parameter. 2621 */ 2622 length = sizeof(sctp_addiphdr_t); 2623 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 2624 length); 2625 asconf_ack_len -= length; 2626 2627 while (asconf_ack_len > 0) { 2628 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 2629 switch(asconf_ack_param->param_hdr.type) { 2630 case SCTP_PARAM_SUCCESS_REPORT: 2631 return SCTP_ERROR_NO_ERROR; 2632 case SCTP_PARAM_ERR_CAUSE: 2633 length = sizeof(sctp_addip_param_t); 2634 err_param = (sctp_errhdr_t *) 2635 ((void *)asconf_ack_param + length); 2636 asconf_ack_len -= length; 2637 if (asconf_ack_len > 0) 2638 return err_param->cause; 2639 else 2640 return SCTP_ERROR_INV_PARAM; 2641 break; 2642 default: 2643 return SCTP_ERROR_INV_PARAM; 2644 } 2645 } 2646 2647 length = ntohs(asconf_ack_param->param_hdr.length); 2648 asconf_ack_param = (sctp_addip_param_t *) 2649 ((void *)asconf_ack_param + length); 2650 asconf_ack_len -= length; 2651 } 2652 2653 return err_code; 2654 } 2655 2656 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 2657 int sctp_process_asconf_ack(struct sctp_association *asoc, 2658 struct sctp_chunk *asconf_ack) 2659 { 2660 struct sctp_chunk *asconf = asoc->addip_last_asconf; 2661 union sctp_addr_param *addr_param; 2662 sctp_addip_param_t *asconf_param; 2663 int length = 0; 2664 int asconf_len = asconf->skb->len; 2665 int all_param_pass = 0; 2666 int no_err = 1; 2667 int retval = 0; 2668 __u16 err_code = SCTP_ERROR_NO_ERROR; 2669 2670 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 2671 * a pointer to address parameter. 2672 */ 2673 length = sizeof(sctp_addip_chunk_t); 2674 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2675 asconf_len -= length; 2676 2677 /* Skip the address parameter in the last asconf sent and store a 2678 * pointer to the first asconf paramter. 2679 */ 2680 length = ntohs(addr_param->v4.param_hdr.length); 2681 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2682 asconf_len -= length; 2683 2684 /* ADDIP 4.1 2685 * A8) If there is no response(s) to specific TLV parameter(s), and no 2686 * failures are indicated, then all request(s) are considered 2687 * successful. 2688 */ 2689 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 2690 all_param_pass = 1; 2691 2692 /* Process the TLVs contained in the last sent ASCONF chunk. */ 2693 while (asconf_len > 0) { 2694 if (all_param_pass) 2695 err_code = SCTP_ERROR_NO_ERROR; 2696 else { 2697 err_code = sctp_get_asconf_response(asconf_ack, 2698 asconf_param, 2699 no_err); 2700 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 2701 no_err = 0; 2702 } 2703 2704 switch (err_code) { 2705 case SCTP_ERROR_NO_ERROR: 2706 retval = sctp_asconf_param_success(asoc, asconf_param); 2707 break; 2708 2709 case SCTP_ERROR_RSRC_LOW: 2710 retval = 1; 2711 break; 2712 2713 case SCTP_ERROR_INV_PARAM: 2714 /* Disable sending this type of asconf parameter in 2715 * future. 2716 */ 2717 asoc->peer.addip_disabled_mask |= 2718 asconf_param->param_hdr.type; 2719 break; 2720 2721 case SCTP_ERROR_REQ_REFUSED: 2722 case SCTP_ERROR_DEL_LAST_IP: 2723 case SCTP_ERROR_DEL_SRC_IP: 2724 default: 2725 break; 2726 } 2727 2728 /* Skip the processed asconf parameter and move to the next 2729 * one. 2730 */ 2731 length = ntohs(asconf_param->param_hdr.length); 2732 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2733 length); 2734 asconf_len -= length; 2735 } 2736 2737 /* Free the cached last sent asconf chunk. */ 2738 sctp_chunk_free(asconf); 2739 asoc->addip_last_asconf = NULL; 2740 2741 /* Send the next asconf chunk from the addip chunk queue. */ 2742 asconf = (struct sctp_chunk *)__skb_dequeue(&asoc->addip_chunks); 2743 if (asconf) { 2744 /* Hold the chunk until an ASCONF_ACK is received. */ 2745 sctp_chunk_hold(asconf); 2746 if (sctp_primitive_ASCONF(asoc, asconf)) 2747 sctp_chunk_free(asconf); 2748 else 2749 asoc->addip_last_asconf = asconf; 2750 } 2751 2752 return retval; 2753 } 2754 2755 /* Make a FWD TSN chunk. */ 2756 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 2757 __u32 new_cum_tsn, size_t nstreams, 2758 struct sctp_fwdtsn_skip *skiplist) 2759 { 2760 struct sctp_chunk *retval = NULL; 2761 struct sctp_fwdtsn_chunk *ftsn_chunk; 2762 struct sctp_fwdtsn_hdr ftsn_hdr; 2763 struct sctp_fwdtsn_skip skip; 2764 size_t hint; 2765 int i; 2766 2767 hint = (nstreams + 1) * sizeof(__u32); 2768 2769 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 2770 2771 if (!retval) 2772 return NULL; 2773 2774 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 2775 2776 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 2777 retval->subh.fwdtsn_hdr = 2778 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 2779 2780 for (i = 0; i < nstreams; i++) { 2781 skip.stream = skiplist[i].stream; 2782 skip.ssn = skiplist[i].ssn; 2783 sctp_addto_chunk(retval, sizeof(skip), &skip); 2784 } 2785 2786 return retval; 2787 } 2788