1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* SCTP kernel implementation 3 * (C) Copyright IBM Corp. 2001, 2004 4 * Copyright (c) 1999-2000 Cisco, Inc. 5 * Copyright (c) 1999-2001 Motorola, Inc. 6 * Copyright (c) 2001-2002 Intel Corp. 7 * 8 * This file is part of the SCTP kernel implementation 9 * 10 * These functions work with the state functions in sctp_sm_statefuns.c 11 * to implement the state operations. These functions implement the 12 * steps which require modifying existing data structures. 13 * 14 * Please send any bug reports or fixes you make to the 15 * email address(es): 16 * lksctp developers <linux-sctp@vger.kernel.org> 17 * 18 * Written or modified by: 19 * La Monte H.P. Yarroll <piggy@acm.org> 20 * Karl Knutson <karl@athena.chicago.il.us> 21 * C. Robin <chris@hundredacre.ac.uk> 22 * Jon Grimm <jgrimm@us.ibm.com> 23 * Xingang Guo <xingang.guo@intel.com> 24 * Dajiang Zhang <dajiang.zhang@nokia.com> 25 * Sridhar Samudrala <sri@us.ibm.com> 26 * Daisy Chang <daisyc@us.ibm.com> 27 * Ardelle Fan <ardelle.fan@intel.com> 28 * Kevin Gao <kevin.gao@intel.com> 29 */ 30 31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 32 33 #include <crypto/hash.h> 34 #include <linux/types.h> 35 #include <linux/kernel.h> 36 #include <linux/ip.h> 37 #include <linux/ipv6.h> 38 #include <linux/net.h> 39 #include <linux/inet.h> 40 #include <linux/scatterlist.h> 41 #include <linux/slab.h> 42 #include <net/sock.h> 43 44 #include <linux/skbuff.h> 45 #include <linux/random.h> /* for get_random_bytes */ 46 #include <net/sctp/sctp.h> 47 #include <net/sctp/sm.h> 48 49 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 50 __u8 type, __u8 flags, int paylen, 51 gfp_t gfp); 52 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 53 __u8 flags, int paylen, gfp_t gfp); 54 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 55 __u8 type, __u8 flags, int paylen, 56 gfp_t gfp); 57 static struct sctp_cookie_param *sctp_pack_cookie( 58 const struct sctp_endpoint *ep, 59 const struct sctp_association *asoc, 60 const struct sctp_chunk *init_chunk, 61 int *cookie_len, 62 const __u8 *raw_addrs, int addrs_len); 63 static int sctp_process_param(struct sctp_association *asoc, 64 union sctp_params param, 65 const union sctp_addr *peer_addr, 66 gfp_t gfp); 67 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 68 const void *data); 69 70 /* Control chunk destructor */ 71 static void sctp_control_release_owner(struct sk_buff *skb) 72 { 73 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg; 74 75 if (chunk->shkey) { 76 struct sctp_shared_key *shkey = chunk->shkey; 77 struct sctp_association *asoc = chunk->asoc; 78 79 /* refcnt == 2 and !list_empty mean after this release, it's 80 * not being used anywhere, and it's time to notify userland 81 * that this shkey can be freed if it's been deactivated. 82 */ 83 if (shkey->deactivated && !list_empty(&shkey->key_list) && 84 refcount_read(&shkey->refcnt) == 2) { 85 struct sctp_ulpevent *ev; 86 87 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id, 88 SCTP_AUTH_FREE_KEY, 89 GFP_KERNEL); 90 if (ev) 91 asoc->stream.si->enqueue_event(&asoc->ulpq, ev); 92 } 93 sctp_auth_shkey_release(chunk->shkey); 94 } 95 } 96 97 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 98 { 99 struct sctp_association *asoc = chunk->asoc; 100 struct sk_buff *skb = chunk->skb; 101 102 /* TODO: properly account for control chunks. 103 * To do it right we'll need: 104 * 1) endpoint if association isn't known. 105 * 2) proper memory accounting. 106 * 107 * For now don't do anything for now. 108 */ 109 if (chunk->auth) { 110 chunk->shkey = asoc->shkey; 111 sctp_auth_shkey_hold(chunk->shkey); 112 } 113 skb->sk = asoc ? asoc->base.sk : NULL; 114 skb_shinfo(skb)->destructor_arg = chunk; 115 skb->destructor = sctp_control_release_owner; 116 } 117 118 /* What was the inbound interface for this chunk? */ 119 int sctp_chunk_iif(const struct sctp_chunk *chunk) 120 { 121 struct sk_buff *skb = chunk->skb; 122 123 return SCTP_INPUT_CB(skb)->af->skb_iif(skb); 124 } 125 126 /* RFC 2960 3.3.2 Initiation (INIT) (1) 127 * 128 * Note 2: The ECN capable field is reserved for future use of 129 * Explicit Congestion Notification. 130 */ 131 static const struct sctp_paramhdr ecap_param = { 132 SCTP_PARAM_ECN_CAPABLE, 133 cpu_to_be16(sizeof(struct sctp_paramhdr)), 134 }; 135 static const struct sctp_paramhdr prsctp_param = { 136 SCTP_PARAM_FWD_TSN_SUPPORT, 137 cpu_to_be16(sizeof(struct sctp_paramhdr)), 138 }; 139 140 /* A helper to initialize an op error inside a provided chunk, as most 141 * cause codes will be embedded inside an abort chunk. 142 */ 143 int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 144 size_t paylen) 145 { 146 struct sctp_errhdr err; 147 __u16 len; 148 149 /* Cause code constants are now defined in network order. */ 150 err.cause = cause_code; 151 len = sizeof(err) + paylen; 152 err.length = htons(len); 153 154 if (skb_tailroom(chunk->skb) < len) 155 return -ENOSPC; 156 157 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err); 158 159 return 0; 160 } 161 162 /* 3.3.2 Initiation (INIT) (1) 163 * 164 * This chunk is used to initiate a SCTP association between two 165 * endpoints. The format of the INIT chunk is shown below: 166 * 167 * 0 1 2 3 168 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 * | Type = 1 | Chunk Flags | Chunk Length | 171 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 * | Initiate Tag | 173 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 * | Advertised Receiver Window Credit (a_rwnd) | 175 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 * | Number of Outbound Streams | Number of Inbound Streams | 177 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 * | Initial TSN | 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * \ \ 181 * / Optional/Variable-Length Parameters / 182 * \ \ 183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 * 185 * 186 * The INIT chunk contains the following parameters. Unless otherwise 187 * noted, each parameter MUST only be included once in the INIT chunk. 188 * 189 * Fixed Parameters Status 190 * ---------------------------------------------- 191 * Initiate Tag Mandatory 192 * Advertised Receiver Window Credit Mandatory 193 * Number of Outbound Streams Mandatory 194 * Number of Inbound Streams Mandatory 195 * Initial TSN Mandatory 196 * 197 * Variable Parameters Status Type Value 198 * ------------------------------------------------------------- 199 * IPv4 Address (Note 1) Optional 5 200 * IPv6 Address (Note 1) Optional 6 201 * Cookie Preservative Optional 9 202 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 203 * Host Name Address (Note 3) Optional 11 204 * Supported Address Types (Note 4) Optional 12 205 */ 206 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 207 const struct sctp_bind_addr *bp, 208 gfp_t gfp, int vparam_len) 209 { 210 struct net *net = sock_net(asoc->base.sk); 211 struct sctp_supported_ext_param ext_param; 212 struct sctp_adaptation_ind_param aiparam; 213 struct sctp_paramhdr *auth_chunks = NULL; 214 struct sctp_paramhdr *auth_hmacs = NULL; 215 struct sctp_supported_addrs_param sat; 216 struct sctp_endpoint *ep = asoc->ep; 217 struct sctp_chunk *retval = NULL; 218 int num_types, addrs_len = 0; 219 struct sctp_inithdr init; 220 union sctp_params addrs; 221 struct sctp_sock *sp; 222 __u8 extensions[5]; 223 size_t chunksize; 224 __be16 types[2]; 225 int num_ext = 0; 226 227 /* RFC 2960 3.3.2 Initiation (INIT) (1) 228 * 229 * Note 1: The INIT chunks can contain multiple addresses that 230 * can be IPv4 and/or IPv6 in any combination. 231 */ 232 233 /* Convert the provided bind address list to raw format. */ 234 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 235 236 init.init_tag = htonl(asoc->c.my_vtag); 237 init.a_rwnd = htonl(asoc->rwnd); 238 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 239 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 240 init.initial_tsn = htonl(asoc->c.initial_tsn); 241 242 /* How many address types are needed? */ 243 sp = sctp_sk(asoc->base.sk); 244 num_types = sp->pf->supported_addrs(sp, types); 245 246 chunksize = sizeof(init) + addrs_len; 247 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); 248 chunksize += sizeof(ecap_param); 249 250 if (asoc->prsctp_enable) 251 chunksize += sizeof(prsctp_param); 252 253 /* ADDIP: Section 4.2.7: 254 * An implementation supporting this extension [ADDIP] MUST list 255 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 256 * INIT-ACK parameters. 257 */ 258 if (net->sctp.addip_enable) { 259 extensions[num_ext] = SCTP_CID_ASCONF; 260 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 261 num_ext += 2; 262 } 263 264 if (asoc->reconf_enable) { 265 extensions[num_ext] = SCTP_CID_RECONF; 266 num_ext += 1; 267 } 268 269 if (sp->adaptation_ind) 270 chunksize += sizeof(aiparam); 271 272 if (sp->strm_interleave) { 273 extensions[num_ext] = SCTP_CID_I_DATA; 274 num_ext += 1; 275 } 276 277 chunksize += vparam_len; 278 279 /* Account for AUTH related parameters */ 280 if (ep->auth_enable) { 281 /* Add random parameter length*/ 282 chunksize += sizeof(asoc->c.auth_random); 283 284 /* Add HMACS parameter length if any were defined */ 285 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 286 if (auth_hmacs->length) 287 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 288 else 289 auth_hmacs = NULL; 290 291 /* Add CHUNKS parameter length */ 292 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 293 if (auth_chunks->length) 294 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 295 else 296 auth_chunks = NULL; 297 298 extensions[num_ext] = SCTP_CID_AUTH; 299 num_ext += 1; 300 } 301 302 /* If we have any extensions to report, account for that */ 303 if (num_ext) 304 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 305 306 /* RFC 2960 3.3.2 Initiation (INIT) (1) 307 * 308 * Note 3: An INIT chunk MUST NOT contain more than one Host 309 * Name address parameter. Moreover, the sender of the INIT 310 * MUST NOT combine any other address types with the Host Name 311 * address in the INIT. The receiver of INIT MUST ignore any 312 * other address types if the Host Name address parameter is 313 * present in the received INIT chunk. 314 * 315 * PLEASE DO NOT FIXME [This version does not support Host Name.] 316 */ 317 318 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp); 319 if (!retval) 320 goto nodata; 321 322 retval->subh.init_hdr = 323 sctp_addto_chunk(retval, sizeof(init), &init); 324 retval->param_hdr.v = 325 sctp_addto_chunk(retval, addrs_len, addrs.v); 326 327 /* RFC 2960 3.3.2 Initiation (INIT) (1) 328 * 329 * Note 4: This parameter, when present, specifies all the 330 * address types the sending endpoint can support. The absence 331 * of this parameter indicates that the sending endpoint can 332 * support any address type. 333 */ 334 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 335 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 336 sctp_addto_chunk(retval, sizeof(sat), &sat); 337 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 338 339 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 340 341 /* Add the supported extensions parameter. Be nice and add this 342 * fist before addiding the parameters for the extensions themselves 343 */ 344 if (num_ext) { 345 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 346 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 347 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 348 sctp_addto_param(retval, num_ext, extensions); 349 } 350 351 if (asoc->prsctp_enable) 352 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 353 354 if (sp->adaptation_ind) { 355 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 356 aiparam.param_hdr.length = htons(sizeof(aiparam)); 357 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 358 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 359 } 360 361 /* Add SCTP-AUTH chunks to the parameter list */ 362 if (ep->auth_enable) { 363 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 364 asoc->c.auth_random); 365 if (auth_hmacs) 366 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 367 auth_hmacs); 368 if (auth_chunks) 369 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 370 auth_chunks); 371 } 372 nodata: 373 kfree(addrs.v); 374 return retval; 375 } 376 377 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 378 const struct sctp_chunk *chunk, 379 gfp_t gfp, int unkparam_len) 380 { 381 struct sctp_supported_ext_param ext_param; 382 struct sctp_adaptation_ind_param aiparam; 383 struct sctp_paramhdr *auth_chunks = NULL; 384 struct sctp_paramhdr *auth_random = NULL; 385 struct sctp_paramhdr *auth_hmacs = NULL; 386 struct sctp_chunk *retval = NULL; 387 struct sctp_cookie_param *cookie; 388 struct sctp_inithdr initack; 389 union sctp_params addrs; 390 struct sctp_sock *sp; 391 __u8 extensions[5]; 392 size_t chunksize; 393 int num_ext = 0; 394 int cookie_len; 395 int addrs_len; 396 397 /* Note: there may be no addresses to embed. */ 398 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 399 400 initack.init_tag = htonl(asoc->c.my_vtag); 401 initack.a_rwnd = htonl(asoc->rwnd); 402 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 403 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 404 initack.initial_tsn = htonl(asoc->c.initial_tsn); 405 406 /* FIXME: We really ought to build the cookie right 407 * into the packet instead of allocating more fresh memory. 408 */ 409 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 410 addrs.v, addrs_len); 411 if (!cookie) 412 goto nomem_cookie; 413 414 /* Calculate the total size of allocation, include the reserved 415 * space for reporting unknown parameters if it is specified. 416 */ 417 sp = sctp_sk(asoc->base.sk); 418 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 419 420 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 421 if (asoc->peer.ecn_capable) 422 chunksize += sizeof(ecap_param); 423 424 if (asoc->peer.prsctp_capable) 425 chunksize += sizeof(prsctp_param); 426 427 if (asoc->peer.asconf_capable) { 428 extensions[num_ext] = SCTP_CID_ASCONF; 429 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 430 num_ext += 2; 431 } 432 433 if (asoc->peer.reconf_capable) { 434 extensions[num_ext] = SCTP_CID_RECONF; 435 num_ext += 1; 436 } 437 438 if (sp->adaptation_ind) 439 chunksize += sizeof(aiparam); 440 441 if (asoc->intl_enable) { 442 extensions[num_ext] = SCTP_CID_I_DATA; 443 num_ext += 1; 444 } 445 446 if (asoc->peer.auth_capable) { 447 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random; 448 chunksize += ntohs(auth_random->length); 449 450 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 451 if (auth_hmacs->length) 452 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 453 else 454 auth_hmacs = NULL; 455 456 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 457 if (auth_chunks->length) 458 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 459 else 460 auth_chunks = NULL; 461 462 extensions[num_ext] = SCTP_CID_AUTH; 463 num_ext += 1; 464 } 465 466 if (num_ext) 467 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 468 469 /* Now allocate and fill out the chunk. */ 470 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp); 471 if (!retval) 472 goto nomem_chunk; 473 474 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 475 * 476 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 477 * HEARTBEAT ACK, * etc.) to the same destination transport 478 * address from which it received the DATA or control chunk 479 * to which it is replying. 480 * 481 * [INIT ACK back to where the INIT came from.] 482 */ 483 if (chunk->transport) 484 retval->transport = 485 sctp_assoc_lookup_paddr(asoc, 486 &chunk->transport->ipaddr); 487 488 retval->subh.init_hdr = 489 sctp_addto_chunk(retval, sizeof(initack), &initack); 490 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 491 sctp_addto_chunk(retval, cookie_len, cookie); 492 if (asoc->peer.ecn_capable) 493 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 494 if (num_ext) { 495 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 496 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 497 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 498 sctp_addto_param(retval, num_ext, extensions); 499 } 500 if (asoc->peer.prsctp_capable) 501 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 502 503 if (sp->adaptation_ind) { 504 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 505 aiparam.param_hdr.length = htons(sizeof(aiparam)); 506 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 507 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 508 } 509 510 if (asoc->peer.auth_capable) { 511 sctp_addto_chunk(retval, ntohs(auth_random->length), 512 auth_random); 513 if (auth_hmacs) 514 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 515 auth_hmacs); 516 if (auth_chunks) 517 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 518 auth_chunks); 519 } 520 521 /* We need to remove the const qualifier at this point. */ 522 retval->asoc = (struct sctp_association *) asoc; 523 524 nomem_chunk: 525 kfree(cookie); 526 nomem_cookie: 527 kfree(addrs.v); 528 return retval; 529 } 530 531 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 532 * 533 * This chunk is used only during the initialization of an association. 534 * It is sent by the initiator of an association to its peer to complete 535 * the initialization process. This chunk MUST precede any DATA chunk 536 * sent within the association, but MAY be bundled with one or more DATA 537 * chunks in the same packet. 538 * 539 * 0 1 2 3 540 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 541 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 542 * | Type = 10 |Chunk Flags | Length | 543 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 * / Cookie / 545 * \ \ 546 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 547 * 548 * Chunk Flags: 8 bit 549 * 550 * Set to zero on transmit and ignored on receipt. 551 * 552 * Length: 16 bits (unsigned integer) 553 * 554 * Set to the size of the chunk in bytes, including the 4 bytes of 555 * the chunk header and the size of the Cookie. 556 * 557 * Cookie: variable size 558 * 559 * This field must contain the exact cookie received in the 560 * State Cookie parameter from the previous INIT ACK. 561 * 562 * An implementation SHOULD make the cookie as small as possible 563 * to insure interoperability. 564 */ 565 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 566 const struct sctp_chunk *chunk) 567 { 568 struct sctp_chunk *retval; 569 int cookie_len; 570 void *cookie; 571 572 cookie = asoc->peer.cookie; 573 cookie_len = asoc->peer.cookie_len; 574 575 /* Build a cookie echo chunk. */ 576 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, 577 cookie_len, GFP_ATOMIC); 578 if (!retval) 579 goto nodata; 580 retval->subh.cookie_hdr = 581 sctp_addto_chunk(retval, cookie_len, cookie); 582 583 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 584 * 585 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 586 * HEARTBEAT ACK, * etc.) to the same destination transport 587 * address from which it * received the DATA or control chunk 588 * to which it is replying. 589 * 590 * [COOKIE ECHO back to where the INIT ACK came from.] 591 */ 592 if (chunk) 593 retval->transport = chunk->transport; 594 595 nodata: 596 return retval; 597 } 598 599 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 600 * 601 * This chunk is used only during the initialization of an 602 * association. It is used to acknowledge the receipt of a COOKIE 603 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 604 * within the association, but MAY be bundled with one or more DATA 605 * chunks or SACK chunk in the same SCTP packet. 606 * 607 * 0 1 2 3 608 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 609 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 610 * | Type = 11 |Chunk Flags | Length = 4 | 611 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 612 * 613 * Chunk Flags: 8 bits 614 * 615 * Set to zero on transmit and ignored on receipt. 616 */ 617 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 618 const struct sctp_chunk *chunk) 619 { 620 struct sctp_chunk *retval; 621 622 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC); 623 624 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 625 * 626 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 627 * HEARTBEAT ACK, * etc.) to the same destination transport 628 * address from which it * received the DATA or control chunk 629 * to which it is replying. 630 * 631 * [COOKIE ACK back to where the COOKIE ECHO came from.] 632 */ 633 if (retval && chunk && chunk->transport) 634 retval->transport = 635 sctp_assoc_lookup_paddr(asoc, 636 &chunk->transport->ipaddr); 637 638 return retval; 639 } 640 641 /* 642 * Appendix A: Explicit Congestion Notification: 643 * CWR: 644 * 645 * RFC 2481 details a specific bit for a sender to send in the header of 646 * its next outbound TCP segment to indicate to its peer that it has 647 * reduced its congestion window. This is termed the CWR bit. For 648 * SCTP the same indication is made by including the CWR chunk. 649 * This chunk contains one data element, i.e. the TSN number that 650 * was sent in the ECNE chunk. This element represents the lowest 651 * TSN number in the datagram that was originally marked with the 652 * CE bit. 653 * 654 * 0 1 2 3 655 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 * | Lowest TSN Number | 660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 661 * 662 * Note: The CWR is considered a Control chunk. 663 */ 664 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 665 const __u32 lowest_tsn, 666 const struct sctp_chunk *chunk) 667 { 668 struct sctp_chunk *retval; 669 struct sctp_cwrhdr cwr; 670 671 cwr.lowest_tsn = htonl(lowest_tsn); 672 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 673 sizeof(cwr), GFP_ATOMIC); 674 675 if (!retval) 676 goto nodata; 677 678 retval->subh.ecn_cwr_hdr = 679 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 680 681 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 682 * 683 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 684 * HEARTBEAT ACK, * etc.) to the same destination transport 685 * address from which it * received the DATA or control chunk 686 * to which it is replying. 687 * 688 * [Report a reduced congestion window back to where the ECNE 689 * came from.] 690 */ 691 if (chunk) 692 retval->transport = chunk->transport; 693 694 nodata: 695 return retval; 696 } 697 698 /* Make an ECNE chunk. This is a congestion experienced report. */ 699 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 700 const __u32 lowest_tsn) 701 { 702 struct sctp_chunk *retval; 703 struct sctp_ecnehdr ecne; 704 705 ecne.lowest_tsn = htonl(lowest_tsn); 706 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 707 sizeof(ecne), GFP_ATOMIC); 708 if (!retval) 709 goto nodata; 710 retval->subh.ecne_hdr = 711 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 712 713 nodata: 714 return retval; 715 } 716 717 /* Make a DATA chunk for the given association from the provided 718 * parameters. However, do not populate the data payload. 719 */ 720 struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc, 721 const struct sctp_sndrcvinfo *sinfo, 722 int len, __u8 flags, gfp_t gfp) 723 { 724 struct sctp_chunk *retval; 725 struct sctp_datahdr dp; 726 727 /* We assign the TSN as LATE as possible, not here when 728 * creating the chunk. 729 */ 730 memset(&dp, 0, sizeof(dp)); 731 dp.ppid = sinfo->sinfo_ppid; 732 dp.stream = htons(sinfo->sinfo_stream); 733 734 /* Set the flags for an unordered send. */ 735 if (sinfo->sinfo_flags & SCTP_UNORDERED) 736 flags |= SCTP_DATA_UNORDERED; 737 738 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp); 739 if (!retval) 740 return NULL; 741 742 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 743 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 744 745 return retval; 746 } 747 748 /* Create a selective ackowledgement (SACK) for the given 749 * association. This reports on which TSN's we've seen to date, 750 * including duplicates and gaps. 751 */ 752 struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc) 753 { 754 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 755 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 756 __u16 num_gabs, num_dup_tsns; 757 struct sctp_transport *trans; 758 struct sctp_chunk *retval; 759 struct sctp_sackhdr sack; 760 __u32 ctsn; 761 int len; 762 763 memset(gabs, 0, sizeof(gabs)); 764 ctsn = sctp_tsnmap_get_ctsn(map); 765 766 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 767 768 /* How much room is needed in the chunk? */ 769 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 770 num_dup_tsns = sctp_tsnmap_num_dups(map); 771 772 /* Initialize the SACK header. */ 773 sack.cum_tsn_ack = htonl(ctsn); 774 sack.a_rwnd = htonl(asoc->a_rwnd); 775 sack.num_gap_ack_blocks = htons(num_gabs); 776 sack.num_dup_tsns = htons(num_dup_tsns); 777 778 len = sizeof(sack) 779 + sizeof(struct sctp_gap_ack_block) * num_gabs 780 + sizeof(__u32) * num_dup_tsns; 781 782 /* Create the chunk. */ 783 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC); 784 if (!retval) 785 goto nodata; 786 787 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 788 * 789 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 790 * HEARTBEAT ACK, etc.) to the same destination transport 791 * address from which it received the DATA or control chunk to 792 * which it is replying. This rule should also be followed if 793 * the endpoint is bundling DATA chunks together with the 794 * reply chunk. 795 * 796 * However, when acknowledging multiple DATA chunks received 797 * in packets from different source addresses in a single 798 * SACK, the SACK chunk may be transmitted to one of the 799 * destination transport addresses from which the DATA or 800 * control chunks being acknowledged were received. 801 * 802 * [BUG: We do not implement the following paragraph. 803 * Perhaps we should remember the last transport we used for a 804 * SACK and avoid that (if possible) if we have seen any 805 * duplicates. --piggy] 806 * 807 * When a receiver of a duplicate DATA chunk sends a SACK to a 808 * multi- homed endpoint it MAY be beneficial to vary the 809 * destination address and not use the source address of the 810 * DATA chunk. The reason being that receiving a duplicate 811 * from a multi-homed endpoint might indicate that the return 812 * path (as specified in the source address of the DATA chunk) 813 * for the SACK is broken. 814 * 815 * [Send to the address from which we last received a DATA chunk.] 816 */ 817 retval->transport = asoc->peer.last_data_from; 818 819 retval->subh.sack_hdr = 820 sctp_addto_chunk(retval, sizeof(sack), &sack); 821 822 /* Add the gap ack block information. */ 823 if (num_gabs) 824 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 825 gabs); 826 827 /* Add the duplicate TSN information. */ 828 if (num_dup_tsns) { 829 asoc->stats.idupchunks += num_dup_tsns; 830 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 831 sctp_tsnmap_get_dups(map)); 832 } 833 /* Once we have a sack generated, check to see what our sack 834 * generation is, if its 0, reset the transports to 0, and reset 835 * the association generation to 1 836 * 837 * The idea is that zero is never used as a valid generation for the 838 * association so no transport will match after a wrap event like this, 839 * Until the next sack 840 */ 841 if (++asoc->peer.sack_generation == 0) { 842 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 843 transports) 844 trans->sack_generation = 0; 845 asoc->peer.sack_generation = 1; 846 } 847 nodata: 848 return retval; 849 } 850 851 /* Make a SHUTDOWN chunk. */ 852 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 853 const struct sctp_chunk *chunk) 854 { 855 struct sctp_shutdownhdr shut; 856 struct sctp_chunk *retval; 857 __u32 ctsn; 858 859 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 860 shut.cum_tsn_ack = htonl(ctsn); 861 862 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 863 sizeof(shut), GFP_ATOMIC); 864 if (!retval) 865 goto nodata; 866 867 retval->subh.shutdown_hdr = 868 sctp_addto_chunk(retval, sizeof(shut), &shut); 869 870 if (chunk) 871 retval->transport = chunk->transport; 872 nodata: 873 return retval; 874 } 875 876 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 877 const struct sctp_chunk *chunk) 878 { 879 struct sctp_chunk *retval; 880 881 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0, 882 GFP_ATOMIC); 883 884 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 885 * 886 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 887 * HEARTBEAT ACK, * etc.) to the same destination transport 888 * address from which it * received the DATA or control chunk 889 * to which it is replying. 890 * 891 * [ACK back to where the SHUTDOWN came from.] 892 */ 893 if (retval && chunk) 894 retval->transport = chunk->transport; 895 896 return retval; 897 } 898 899 struct sctp_chunk *sctp_make_shutdown_complete( 900 const struct sctp_association *asoc, 901 const struct sctp_chunk *chunk) 902 { 903 struct sctp_chunk *retval; 904 __u8 flags = 0; 905 906 /* Set the T-bit if we have no association (vtag will be 907 * reflected) 908 */ 909 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 910 911 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 912 0, GFP_ATOMIC); 913 914 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 915 * 916 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 917 * HEARTBEAT ACK, * etc.) to the same destination transport 918 * address from which it * received the DATA or control chunk 919 * to which it is replying. 920 * 921 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 922 * came from.] 923 */ 924 if (retval && chunk) 925 retval->transport = chunk->transport; 926 927 return retval; 928 } 929 930 /* Create an ABORT. Note that we set the T bit if we have no 931 * association, except when responding to an INIT (sctpimpguide 2.41). 932 */ 933 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 934 const struct sctp_chunk *chunk, 935 const size_t hint) 936 { 937 struct sctp_chunk *retval; 938 __u8 flags = 0; 939 940 /* Set the T-bit if we have no association and 'chunk' is not 941 * an INIT (vtag will be reflected). 942 */ 943 if (!asoc) { 944 if (chunk && chunk->chunk_hdr && 945 chunk->chunk_hdr->type == SCTP_CID_INIT) 946 flags = 0; 947 else 948 flags = SCTP_CHUNK_FLAG_T; 949 } 950 951 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint, 952 GFP_ATOMIC); 953 954 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 955 * 956 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 957 * HEARTBEAT ACK, * etc.) to the same destination transport 958 * address from which it * received the DATA or control chunk 959 * to which it is replying. 960 * 961 * [ABORT back to where the offender came from.] 962 */ 963 if (retval && chunk) 964 retval->transport = chunk->transport; 965 966 return retval; 967 } 968 969 /* Helper to create ABORT with a NO_USER_DATA error. */ 970 struct sctp_chunk *sctp_make_abort_no_data( 971 const struct sctp_association *asoc, 972 const struct sctp_chunk *chunk, 973 __u32 tsn) 974 { 975 struct sctp_chunk *retval; 976 __be32 payload; 977 978 retval = sctp_make_abort(asoc, chunk, 979 sizeof(struct sctp_errhdr) + sizeof(tsn)); 980 981 if (!retval) 982 goto no_mem; 983 984 /* Put the tsn back into network byte order. */ 985 payload = htonl(tsn); 986 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 987 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 988 989 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 990 * 991 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 992 * HEARTBEAT ACK, * etc.) to the same destination transport 993 * address from which it * received the DATA or control chunk 994 * to which it is replying. 995 * 996 * [ABORT back to where the offender came from.] 997 */ 998 if (chunk) 999 retval->transport = chunk->transport; 1000 1001 no_mem: 1002 return retval; 1003 } 1004 1005 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1006 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1007 struct msghdr *msg, 1008 size_t paylen) 1009 { 1010 struct sctp_chunk *retval; 1011 void *payload = NULL; 1012 int err; 1013 1014 retval = sctp_make_abort(asoc, NULL, 1015 sizeof(struct sctp_errhdr) + paylen); 1016 if (!retval) 1017 goto err_chunk; 1018 1019 if (paylen) { 1020 /* Put the msg_iov together into payload. */ 1021 payload = kmalloc(paylen, GFP_KERNEL); 1022 if (!payload) 1023 goto err_payload; 1024 1025 err = memcpy_from_msg(payload, msg, paylen); 1026 if (err < 0) 1027 goto err_copy; 1028 } 1029 1030 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1031 sctp_addto_chunk(retval, paylen, payload); 1032 1033 if (paylen) 1034 kfree(payload); 1035 1036 return retval; 1037 1038 err_copy: 1039 kfree(payload); 1040 err_payload: 1041 sctp_chunk_free(retval); 1042 retval = NULL; 1043 err_chunk: 1044 return retval; 1045 } 1046 1047 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1048 * enough. 1049 */ 1050 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1051 const void *data) 1052 { 1053 int chunklen = ntohs(chunk->chunk_hdr->length); 1054 void *target; 1055 1056 target = skb_put(chunk->skb, len); 1057 1058 if (data) 1059 memcpy(target, data, len); 1060 else 1061 memset(target, 0, len); 1062 1063 /* Adjust the chunk length field. */ 1064 chunk->chunk_hdr->length = htons(chunklen + len); 1065 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1066 1067 return target; 1068 } 1069 1070 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1071 struct sctp_chunk *sctp_make_abort_violation( 1072 const struct sctp_association *asoc, 1073 const struct sctp_chunk *chunk, 1074 const __u8 *payload, 1075 const size_t paylen) 1076 { 1077 struct sctp_chunk *retval; 1078 struct sctp_paramhdr phdr; 1079 1080 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) + 1081 paylen + sizeof(phdr)); 1082 if (!retval) 1083 goto end; 1084 1085 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen + 1086 sizeof(phdr)); 1087 1088 phdr.type = htons(chunk->chunk_hdr->type); 1089 phdr.length = chunk->chunk_hdr->length; 1090 sctp_addto_chunk(retval, paylen, payload); 1091 sctp_addto_param(retval, sizeof(phdr), &phdr); 1092 1093 end: 1094 return retval; 1095 } 1096 1097 struct sctp_chunk *sctp_make_violation_paramlen( 1098 const struct sctp_association *asoc, 1099 const struct sctp_chunk *chunk, 1100 struct sctp_paramhdr *param) 1101 { 1102 static const char error[] = "The following parameter had invalid length:"; 1103 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) + 1104 sizeof(*param); 1105 struct sctp_chunk *retval; 1106 1107 retval = sctp_make_abort(asoc, chunk, payload_len); 1108 if (!retval) 1109 goto nodata; 1110 1111 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1112 sizeof(error) + sizeof(*param)); 1113 sctp_addto_chunk(retval, sizeof(error), error); 1114 sctp_addto_param(retval, sizeof(*param), param); 1115 1116 nodata: 1117 return retval; 1118 } 1119 1120 struct sctp_chunk *sctp_make_violation_max_retrans( 1121 const struct sctp_association *asoc, 1122 const struct sctp_chunk *chunk) 1123 { 1124 static const char error[] = "Association exceeded its max_retrans count"; 1125 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr); 1126 struct sctp_chunk *retval; 1127 1128 retval = sctp_make_abort(asoc, chunk, payload_len); 1129 if (!retval) 1130 goto nodata; 1131 1132 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1133 sctp_addto_chunk(retval, sizeof(error), error); 1134 1135 nodata: 1136 return retval; 1137 } 1138 1139 /* Make a HEARTBEAT chunk. */ 1140 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1141 const struct sctp_transport *transport) 1142 { 1143 struct sctp_sender_hb_info hbinfo; 1144 struct sctp_chunk *retval; 1145 1146 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, 1147 sizeof(hbinfo), GFP_ATOMIC); 1148 1149 if (!retval) 1150 goto nodata; 1151 1152 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1153 hbinfo.param_hdr.length = htons(sizeof(hbinfo)); 1154 hbinfo.daddr = transport->ipaddr; 1155 hbinfo.sent_at = jiffies; 1156 hbinfo.hb_nonce = transport->hb_nonce; 1157 1158 /* Cast away the 'const', as this is just telling the chunk 1159 * what transport it belongs to. 1160 */ 1161 retval->transport = (struct sctp_transport *) transport; 1162 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1163 &hbinfo); 1164 1165 nodata: 1166 return retval; 1167 } 1168 1169 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1170 const struct sctp_chunk *chunk, 1171 const void *payload, 1172 const size_t paylen) 1173 { 1174 struct sctp_chunk *retval; 1175 1176 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen, 1177 GFP_ATOMIC); 1178 if (!retval) 1179 goto nodata; 1180 1181 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1182 1183 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1184 * 1185 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1186 * HEARTBEAT ACK, * etc.) to the same destination transport 1187 * address from which it * received the DATA or control chunk 1188 * to which it is replying. 1189 * 1190 * [HBACK back to where the HEARTBEAT came from.] 1191 */ 1192 if (chunk) 1193 retval->transport = chunk->transport; 1194 1195 nodata: 1196 return retval; 1197 } 1198 1199 /* Create an Operation Error chunk with the specified space reserved. 1200 * This routine can be used for containing multiple causes in the chunk. 1201 */ 1202 static struct sctp_chunk *sctp_make_op_error_space( 1203 const struct sctp_association *asoc, 1204 const struct sctp_chunk *chunk, 1205 size_t size) 1206 { 1207 struct sctp_chunk *retval; 1208 1209 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1210 sizeof(struct sctp_errhdr) + size, 1211 GFP_ATOMIC); 1212 if (!retval) 1213 goto nodata; 1214 1215 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1216 * 1217 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1218 * HEARTBEAT ACK, etc.) to the same destination transport 1219 * address from which it received the DATA or control chunk 1220 * to which it is replying. 1221 * 1222 */ 1223 if (chunk) 1224 retval->transport = chunk->transport; 1225 1226 nodata: 1227 return retval; 1228 } 1229 1230 /* Create an Operation Error chunk of a fixed size, specifically, 1231 * min(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) - overheads. 1232 * This is a helper function to allocate an error chunk for for those 1233 * invalid parameter codes in which we may not want to report all the 1234 * errors, if the incoming chunk is large. If it can't fit in a single 1235 * packet, we ignore it. 1236 */ 1237 static inline struct sctp_chunk *sctp_make_op_error_limited( 1238 const struct sctp_association *asoc, 1239 const struct sctp_chunk *chunk) 1240 { 1241 size_t size = SCTP_DEFAULT_MAXSEGMENT; 1242 struct sctp_sock *sp = NULL; 1243 1244 if (asoc) { 1245 size = min_t(size_t, size, asoc->pathmtu); 1246 sp = sctp_sk(asoc->base.sk); 1247 } 1248 1249 size = sctp_mtu_payload(sp, size, sizeof(struct sctp_errhdr)); 1250 1251 return sctp_make_op_error_space(asoc, chunk, size); 1252 } 1253 1254 /* Create an Operation Error chunk. */ 1255 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1256 const struct sctp_chunk *chunk, 1257 __be16 cause_code, const void *payload, 1258 size_t paylen, size_t reserve_tail) 1259 { 1260 struct sctp_chunk *retval; 1261 1262 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1263 if (!retval) 1264 goto nodata; 1265 1266 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1267 sctp_addto_chunk(retval, paylen, payload); 1268 if (reserve_tail) 1269 sctp_addto_param(retval, reserve_tail, NULL); 1270 1271 nodata: 1272 return retval; 1273 } 1274 1275 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc, 1276 __u16 key_id) 1277 { 1278 struct sctp_authhdr auth_hdr; 1279 struct sctp_hmac *hmac_desc; 1280 struct sctp_chunk *retval; 1281 1282 /* Get the first hmac that the peer told us to use */ 1283 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1284 if (unlikely(!hmac_desc)) 1285 return NULL; 1286 1287 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1288 hmac_desc->hmac_len + sizeof(auth_hdr), 1289 GFP_ATOMIC); 1290 if (!retval) 1291 return NULL; 1292 1293 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1294 auth_hdr.shkey_id = htons(key_id); 1295 1296 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr), 1297 &auth_hdr); 1298 1299 skb_put_zero(retval->skb, hmac_desc->hmac_len); 1300 1301 /* Adjust the chunk header to include the empty MAC */ 1302 retval->chunk_hdr->length = 1303 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1304 retval->chunk_end = skb_tail_pointer(retval->skb); 1305 1306 return retval; 1307 } 1308 1309 1310 /******************************************************************** 1311 * 2nd Level Abstractions 1312 ********************************************************************/ 1313 1314 /* Turn an skb into a chunk. 1315 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1316 * 1317 * sctpimpguide-05.txt Section 2.8.2 1318 * M1) Each time a new DATA chunk is transmitted 1319 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1320 * 'TSN.Missing.Report' count will be used to determine missing chunks 1321 * and when to fast retransmit. 1322 * 1323 */ 1324 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1325 const struct sctp_association *asoc, 1326 struct sock *sk, gfp_t gfp) 1327 { 1328 struct sctp_chunk *retval; 1329 1330 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp); 1331 1332 if (!retval) 1333 goto nodata; 1334 if (!sk) 1335 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1336 1337 INIT_LIST_HEAD(&retval->list); 1338 retval->skb = skb; 1339 retval->asoc = (struct sctp_association *)asoc; 1340 retval->singleton = 1; 1341 1342 retval->fast_retransmit = SCTP_CAN_FRTX; 1343 1344 /* Polish the bead hole. */ 1345 INIT_LIST_HEAD(&retval->transmitted_list); 1346 INIT_LIST_HEAD(&retval->frag_list); 1347 SCTP_DBG_OBJCNT_INC(chunk); 1348 refcount_set(&retval->refcnt, 1); 1349 1350 nodata: 1351 return retval; 1352 } 1353 1354 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1355 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1356 union sctp_addr *dest) 1357 { 1358 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1359 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1360 } 1361 1362 /* Extract the source address from a chunk. */ 1363 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1364 { 1365 /* If we have a known transport, use that. */ 1366 if (chunk->transport) { 1367 return &chunk->transport->ipaddr; 1368 } else { 1369 /* Otherwise, extract it from the IP header. */ 1370 return &chunk->source; 1371 } 1372 } 1373 1374 /* Create a new chunk, setting the type and flags headers from the 1375 * arguments, reserving enough space for a 'paylen' byte payload. 1376 */ 1377 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1378 __u8 type, __u8 flags, int paylen, 1379 gfp_t gfp) 1380 { 1381 struct sctp_chunkhdr *chunk_hdr; 1382 struct sctp_chunk *retval; 1383 struct sk_buff *skb; 1384 struct sock *sk; 1385 int chunklen; 1386 1387 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen); 1388 if (chunklen > SCTP_MAX_CHUNK_LEN) 1389 goto nodata; 1390 1391 /* No need to allocate LL here, as this is only a chunk. */ 1392 skb = alloc_skb(chunklen, gfp); 1393 if (!skb) 1394 goto nodata; 1395 1396 /* Make room for the chunk header. */ 1397 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr)); 1398 chunk_hdr->type = type; 1399 chunk_hdr->flags = flags; 1400 chunk_hdr->length = htons(sizeof(*chunk_hdr)); 1401 1402 sk = asoc ? asoc->base.sk : NULL; 1403 retval = sctp_chunkify(skb, asoc, sk, gfp); 1404 if (!retval) { 1405 kfree_skb(skb); 1406 goto nodata; 1407 } 1408 1409 retval->chunk_hdr = chunk_hdr; 1410 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr); 1411 1412 /* Determine if the chunk needs to be authenticated */ 1413 if (sctp_auth_send_cid(type, asoc)) 1414 retval->auth = 1; 1415 1416 return retval; 1417 nodata: 1418 return NULL; 1419 } 1420 1421 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1422 __u8 flags, int paylen, gfp_t gfp) 1423 { 1424 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp); 1425 } 1426 1427 struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc, 1428 __u8 flags, int paylen, gfp_t gfp) 1429 { 1430 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp); 1431 } 1432 1433 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1434 __u8 type, __u8 flags, int paylen, 1435 gfp_t gfp) 1436 { 1437 struct sctp_chunk *chunk; 1438 1439 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); 1440 if (chunk) 1441 sctp_control_set_owner_w(chunk); 1442 1443 return chunk; 1444 } 1445 1446 /* Release the memory occupied by a chunk. */ 1447 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1448 { 1449 BUG_ON(!list_empty(&chunk->list)); 1450 list_del_init(&chunk->transmitted_list); 1451 1452 consume_skb(chunk->skb); 1453 consume_skb(chunk->auth_chunk); 1454 1455 SCTP_DBG_OBJCNT_DEC(chunk); 1456 kmem_cache_free(sctp_chunk_cachep, chunk); 1457 } 1458 1459 /* Possibly, free the chunk. */ 1460 void sctp_chunk_free(struct sctp_chunk *chunk) 1461 { 1462 /* Release our reference on the message tracker. */ 1463 if (chunk->msg) 1464 sctp_datamsg_put(chunk->msg); 1465 1466 sctp_chunk_put(chunk); 1467 } 1468 1469 /* Grab a reference to the chunk. */ 1470 void sctp_chunk_hold(struct sctp_chunk *ch) 1471 { 1472 refcount_inc(&ch->refcnt); 1473 } 1474 1475 /* Release a reference to the chunk. */ 1476 void sctp_chunk_put(struct sctp_chunk *ch) 1477 { 1478 if (refcount_dec_and_test(&ch->refcnt)) 1479 sctp_chunk_destroy(ch); 1480 } 1481 1482 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1483 * enough. 1484 */ 1485 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1486 { 1487 int chunklen = ntohs(chunk->chunk_hdr->length); 1488 int padlen = SCTP_PAD4(chunklen) - chunklen; 1489 void *target; 1490 1491 skb_put_zero(chunk->skb, padlen); 1492 target = skb_put_data(chunk->skb, data, len); 1493 1494 /* Adjust the chunk length field. */ 1495 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1496 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1497 1498 return target; 1499 } 1500 1501 /* Append bytes from user space to the end of a chunk. Will panic if 1502 * chunk is not big enough. 1503 * Returns a kernel err value. 1504 */ 1505 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1506 struct iov_iter *from) 1507 { 1508 void *target; 1509 1510 /* Make room in chunk for data. */ 1511 target = skb_put(chunk->skb, len); 1512 1513 /* Copy data (whole iovec) into chunk */ 1514 if (!copy_from_iter_full(target, len, from)) 1515 return -EFAULT; 1516 1517 /* Adjust the chunk length field. */ 1518 chunk->chunk_hdr->length = 1519 htons(ntohs(chunk->chunk_hdr->length) + len); 1520 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1521 1522 return 0; 1523 } 1524 1525 /* Helper function to assign a TSN if needed. This assumes that both 1526 * the data_hdr and association have already been assigned. 1527 */ 1528 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1529 { 1530 struct sctp_stream *stream; 1531 struct sctp_chunk *lchunk; 1532 struct sctp_datamsg *msg; 1533 __u16 ssn, sid; 1534 1535 if (chunk->has_ssn) 1536 return; 1537 1538 /* All fragments will be on the same stream */ 1539 sid = ntohs(chunk->subh.data_hdr->stream); 1540 stream = &chunk->asoc->stream; 1541 1542 /* Now assign the sequence number to the entire message. 1543 * All fragments must have the same stream sequence number. 1544 */ 1545 msg = chunk->msg; 1546 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1547 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1548 ssn = 0; 1549 } else { 1550 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1551 ssn = sctp_ssn_next(stream, out, sid); 1552 else 1553 ssn = sctp_ssn_peek(stream, out, sid); 1554 } 1555 1556 lchunk->subh.data_hdr->ssn = htons(ssn); 1557 lchunk->has_ssn = 1; 1558 } 1559 } 1560 1561 /* Helper function to assign a TSN if needed. This assumes that both 1562 * the data_hdr and association have already been assigned. 1563 */ 1564 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1565 { 1566 if (!chunk->has_tsn) { 1567 /* This is the last possible instant to 1568 * assign a TSN. 1569 */ 1570 chunk->subh.data_hdr->tsn = 1571 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1572 chunk->has_tsn = 1; 1573 } 1574 } 1575 1576 /* Create a CLOSED association to use with an incoming packet. */ 1577 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1578 struct sctp_chunk *chunk, 1579 gfp_t gfp) 1580 { 1581 struct sctp_association *asoc; 1582 enum sctp_scope scope; 1583 struct sk_buff *skb; 1584 1585 /* Create the bare association. */ 1586 scope = sctp_scope(sctp_source(chunk)); 1587 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1588 if (!asoc) 1589 goto nodata; 1590 asoc->temp = 1; 1591 skb = chunk->skb; 1592 /* Create an entry for the source address of the packet. */ 1593 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); 1594 1595 nodata: 1596 return asoc; 1597 } 1598 1599 /* Build a cookie representing asoc. 1600 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1601 */ 1602 static struct sctp_cookie_param *sctp_pack_cookie( 1603 const struct sctp_endpoint *ep, 1604 const struct sctp_association *asoc, 1605 const struct sctp_chunk *init_chunk, 1606 int *cookie_len, const __u8 *raw_addrs, 1607 int addrs_len) 1608 { 1609 struct sctp_signed_cookie *cookie; 1610 struct sctp_cookie_param *retval; 1611 int headersize, bodysize; 1612 1613 /* Header size is static data prior to the actual cookie, including 1614 * any padding. 1615 */ 1616 headersize = sizeof(struct sctp_paramhdr) + 1617 (sizeof(struct sctp_signed_cookie) - 1618 sizeof(struct sctp_cookie)); 1619 bodysize = sizeof(struct sctp_cookie) 1620 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1621 1622 /* Pad out the cookie to a multiple to make the signature 1623 * functions simpler to write. 1624 */ 1625 if (bodysize % SCTP_COOKIE_MULTIPLE) 1626 bodysize += SCTP_COOKIE_MULTIPLE 1627 - (bodysize % SCTP_COOKIE_MULTIPLE); 1628 *cookie_len = headersize + bodysize; 1629 1630 /* Clear this memory since we are sending this data structure 1631 * out on the network. 1632 */ 1633 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1634 if (!retval) 1635 goto nodata; 1636 1637 cookie = (struct sctp_signed_cookie *) retval->body; 1638 1639 /* Set up the parameter header. */ 1640 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1641 retval->p.length = htons(*cookie_len); 1642 1643 /* Copy the cookie part of the association itself. */ 1644 cookie->c = asoc->c; 1645 /* Save the raw address list length in the cookie. */ 1646 cookie->c.raw_addr_list_len = addrs_len; 1647 1648 /* Remember PR-SCTP capability. */ 1649 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1650 1651 /* Save adaptation indication in the cookie. */ 1652 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1653 1654 /* Set an expiration time for the cookie. */ 1655 cookie->c.expiration = ktime_add(asoc->cookie_life, 1656 ktime_get_real()); 1657 1658 /* Copy the peer's init packet. */ 1659 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1660 ntohs(init_chunk->chunk_hdr->length)); 1661 1662 /* Copy the raw local address list of the association. */ 1663 memcpy((__u8 *)&cookie->c.peer_init[0] + 1664 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1665 1666 if (sctp_sk(ep->base.sk)->hmac) { 1667 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1668 int err; 1669 1670 /* Sign the message. */ 1671 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1672 1673 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1674 sizeof(ep->secret_key)) ?: 1675 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize, 1676 cookie->signature); 1677 shash_desc_zero(desc); 1678 if (err) 1679 goto free_cookie; 1680 } 1681 1682 return retval; 1683 1684 free_cookie: 1685 kfree(retval); 1686 nodata: 1687 *cookie_len = 0; 1688 return NULL; 1689 } 1690 1691 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1692 struct sctp_association *sctp_unpack_cookie( 1693 const struct sctp_endpoint *ep, 1694 const struct sctp_association *asoc, 1695 struct sctp_chunk *chunk, gfp_t gfp, 1696 int *error, struct sctp_chunk **errp) 1697 { 1698 struct sctp_association *retval = NULL; 1699 int headersize, bodysize, fixed_size; 1700 struct sctp_signed_cookie *cookie; 1701 struct sk_buff *skb = chunk->skb; 1702 struct sctp_cookie *bear_cookie; 1703 __u8 *digest = ep->digest; 1704 enum sctp_scope scope; 1705 unsigned int len; 1706 ktime_t kt; 1707 1708 /* Header size is static data prior to the actual cookie, including 1709 * any padding. 1710 */ 1711 headersize = sizeof(struct sctp_chunkhdr) + 1712 (sizeof(struct sctp_signed_cookie) - 1713 sizeof(struct sctp_cookie)); 1714 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1715 fixed_size = headersize + sizeof(struct sctp_cookie); 1716 1717 /* Verify that the chunk looks like it even has a cookie. 1718 * There must be enough room for our cookie and our peer's 1719 * INIT chunk. 1720 */ 1721 len = ntohs(chunk->chunk_hdr->length); 1722 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1723 goto malformed; 1724 1725 /* Verify that the cookie has been padded out. */ 1726 if (bodysize % SCTP_COOKIE_MULTIPLE) 1727 goto malformed; 1728 1729 /* Process the cookie. */ 1730 cookie = chunk->subh.cookie_hdr; 1731 bear_cookie = &cookie->c; 1732 1733 if (!sctp_sk(ep->base.sk)->hmac) 1734 goto no_hmac; 1735 1736 /* Check the signature. */ 1737 { 1738 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1739 int err; 1740 1741 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1742 1743 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1744 sizeof(ep->secret_key)) ?: 1745 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize, 1746 digest); 1747 shash_desc_zero(desc); 1748 1749 if (err) { 1750 *error = -SCTP_IERROR_NOMEM; 1751 goto fail; 1752 } 1753 } 1754 1755 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1756 *error = -SCTP_IERROR_BAD_SIG; 1757 goto fail; 1758 } 1759 1760 no_hmac: 1761 /* IG Section 2.35.2: 1762 * 3) Compare the port numbers and the verification tag contained 1763 * within the COOKIE ECHO chunk to the actual port numbers and the 1764 * verification tag within the SCTP common header of the received 1765 * packet. If these values do not match the packet MUST be silently 1766 * discarded, 1767 */ 1768 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1769 *error = -SCTP_IERROR_BAD_TAG; 1770 goto fail; 1771 } 1772 1773 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1774 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1775 *error = -SCTP_IERROR_BAD_PORTS; 1776 goto fail; 1777 } 1778 1779 /* Check to see if the cookie is stale. If there is already 1780 * an association, there is no need to check cookie's expiration 1781 * for init collision case of lost COOKIE ACK. 1782 * If skb has been timestamped, then use the stamp, otherwise 1783 * use current time. This introduces a small possibility that 1784 * that a cookie may be considered expired, but his would only slow 1785 * down the new association establishment instead of every packet. 1786 */ 1787 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1788 kt = skb_get_ktime(skb); 1789 else 1790 kt = ktime_get_real(); 1791 1792 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1793 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1794 __be32 n = htonl(usecs); 1795 1796 /* 1797 * Section 3.3.10.3 Stale Cookie Error (3) 1798 * 1799 * Cause of error 1800 * --------------- 1801 * Stale Cookie Error: Indicates the receipt of a valid State 1802 * Cookie that has expired. 1803 */ 1804 *errp = sctp_make_op_error(asoc, chunk, 1805 SCTP_ERROR_STALE_COOKIE, &n, 1806 sizeof(n), 0); 1807 if (*errp) 1808 *error = -SCTP_IERROR_STALE_COOKIE; 1809 else 1810 *error = -SCTP_IERROR_NOMEM; 1811 1812 goto fail; 1813 } 1814 1815 /* Make a new base association. */ 1816 scope = sctp_scope(sctp_source(chunk)); 1817 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1818 if (!retval) { 1819 *error = -SCTP_IERROR_NOMEM; 1820 goto fail; 1821 } 1822 1823 /* Set up our peer's port number. */ 1824 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1825 1826 /* Populate the association from the cookie. */ 1827 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1828 1829 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1830 GFP_ATOMIC) < 0) { 1831 *error = -SCTP_IERROR_NOMEM; 1832 goto fail; 1833 } 1834 1835 /* Also, add the destination address. */ 1836 if (list_empty(&retval->base.bind_addr.address_list)) { 1837 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1838 sizeof(chunk->dest), SCTP_ADDR_SRC, 1839 GFP_ATOMIC); 1840 } 1841 1842 retval->next_tsn = retval->c.initial_tsn; 1843 retval->ctsn_ack_point = retval->next_tsn - 1; 1844 retval->addip_serial = retval->c.initial_tsn; 1845 retval->strreset_outseq = retval->c.initial_tsn; 1846 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1847 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1848 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1849 1850 /* The INIT stuff will be done by the side effects. */ 1851 return retval; 1852 1853 fail: 1854 if (retval) 1855 sctp_association_free(retval); 1856 1857 return NULL; 1858 1859 malformed: 1860 /* Yikes! The packet is either corrupt or deliberately 1861 * malformed. 1862 */ 1863 *error = -SCTP_IERROR_MALFORMED; 1864 goto fail; 1865 } 1866 1867 /******************************************************************** 1868 * 3rd Level Abstractions 1869 ********************************************************************/ 1870 1871 struct __sctp_missing { 1872 __be32 num_missing; 1873 __be16 type; 1874 } __packed; 1875 1876 /* 1877 * Report a missing mandatory parameter. 1878 */ 1879 static int sctp_process_missing_param(const struct sctp_association *asoc, 1880 enum sctp_param paramtype, 1881 struct sctp_chunk *chunk, 1882 struct sctp_chunk **errp) 1883 { 1884 struct __sctp_missing report; 1885 __u16 len; 1886 1887 len = SCTP_PAD4(sizeof(report)); 1888 1889 /* Make an ERROR chunk, preparing enough room for 1890 * returning multiple unknown parameters. 1891 */ 1892 if (!*errp) 1893 *errp = sctp_make_op_error_space(asoc, chunk, len); 1894 1895 if (*errp) { 1896 report.num_missing = htonl(1); 1897 report.type = paramtype; 1898 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1899 sizeof(report)); 1900 sctp_addto_chunk(*errp, sizeof(report), &report); 1901 } 1902 1903 /* Stop processing this chunk. */ 1904 return 0; 1905 } 1906 1907 /* Report an Invalid Mandatory Parameter. */ 1908 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1909 struct sctp_chunk *chunk, 1910 struct sctp_chunk **errp) 1911 { 1912 /* Invalid Mandatory Parameter Error has no payload. */ 1913 1914 if (!*errp) 1915 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1916 1917 if (*errp) 1918 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1919 1920 /* Stop processing this chunk. */ 1921 return 0; 1922 } 1923 1924 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1925 struct sctp_paramhdr *param, 1926 const struct sctp_chunk *chunk, 1927 struct sctp_chunk **errp) 1928 { 1929 /* This is a fatal error. Any accumulated non-fatal errors are 1930 * not reported. 1931 */ 1932 if (*errp) 1933 sctp_chunk_free(*errp); 1934 1935 /* Create an error chunk and fill it in with our payload. */ 1936 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1937 1938 return 0; 1939 } 1940 1941 1942 /* Do not attempt to handle the HOST_NAME parm. However, do 1943 * send back an indicator to the peer. 1944 */ 1945 static int sctp_process_hn_param(const struct sctp_association *asoc, 1946 union sctp_params param, 1947 struct sctp_chunk *chunk, 1948 struct sctp_chunk **errp) 1949 { 1950 __u16 len = ntohs(param.p->length); 1951 1952 /* Processing of the HOST_NAME parameter will generate an 1953 * ABORT. If we've accumulated any non-fatal errors, they 1954 * would be unrecognized parameters and we should not include 1955 * them in the ABORT. 1956 */ 1957 if (*errp) 1958 sctp_chunk_free(*errp); 1959 1960 *errp = sctp_make_op_error(asoc, chunk, SCTP_ERROR_DNS_FAILED, 1961 param.v, len, 0); 1962 1963 /* Stop processing this chunk. */ 1964 return 0; 1965 } 1966 1967 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1968 { 1969 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 1970 int have_asconf = 0; 1971 int have_auth = 0; 1972 int i; 1973 1974 for (i = 0; i < num_ext; i++) { 1975 switch (param.ext->chunks[i]) { 1976 case SCTP_CID_AUTH: 1977 have_auth = 1; 1978 break; 1979 case SCTP_CID_ASCONF: 1980 case SCTP_CID_ASCONF_ACK: 1981 have_asconf = 1; 1982 break; 1983 } 1984 } 1985 1986 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1987 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1988 * only if ADD-IP is turned on and we are not backward-compatible 1989 * mode. 1990 */ 1991 if (net->sctp.addip_noauth) 1992 return 1; 1993 1994 if (net->sctp.addip_enable && !have_auth && have_asconf) 1995 return 0; 1996 1997 return 1; 1998 } 1999 2000 static void sctp_process_ext_param(struct sctp_association *asoc, 2001 union sctp_params param) 2002 { 2003 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2004 struct net *net = sock_net(asoc->base.sk); 2005 int i; 2006 2007 for (i = 0; i < num_ext; i++) { 2008 switch (param.ext->chunks[i]) { 2009 case SCTP_CID_RECONF: 2010 if (asoc->reconf_enable && 2011 !asoc->peer.reconf_capable) 2012 asoc->peer.reconf_capable = 1; 2013 break; 2014 case SCTP_CID_FWD_TSN: 2015 if (asoc->prsctp_enable && !asoc->peer.prsctp_capable) 2016 asoc->peer.prsctp_capable = 1; 2017 break; 2018 case SCTP_CID_AUTH: 2019 /* if the peer reports AUTH, assume that he 2020 * supports AUTH. 2021 */ 2022 if (asoc->ep->auth_enable) 2023 asoc->peer.auth_capable = 1; 2024 break; 2025 case SCTP_CID_ASCONF: 2026 case SCTP_CID_ASCONF_ACK: 2027 if (net->sctp.addip_enable) 2028 asoc->peer.asconf_capable = 1; 2029 break; 2030 case SCTP_CID_I_DATA: 2031 if (sctp_sk(asoc->base.sk)->strm_interleave) 2032 asoc->intl_enable = 1; 2033 break; 2034 default: 2035 break; 2036 } 2037 } 2038 } 2039 2040 /* RFC 3.2.1 & the Implementers Guide 2.2. 2041 * 2042 * The Parameter Types are encoded such that the 2043 * highest-order two bits specify the action that must be 2044 * taken if the processing endpoint does not recognize the 2045 * Parameter Type. 2046 * 2047 * 00 - Stop processing this parameter; do not process any further 2048 * parameters within this chunk 2049 * 2050 * 01 - Stop processing this parameter, do not process any further 2051 * parameters within this chunk, and report the unrecognized 2052 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2053 * 2054 * 10 - Skip this parameter and continue processing. 2055 * 2056 * 11 - Skip this parameter and continue processing but 2057 * report the unrecognized parameter in an 2058 * 'Unrecognized Parameter' ERROR chunk. 2059 * 2060 * Return value: 2061 * SCTP_IERROR_NO_ERROR - continue with the chunk 2062 * SCTP_IERROR_ERROR - stop and report an error. 2063 * SCTP_IERROR_NOMEME - out of memory. 2064 */ 2065 static enum sctp_ierror sctp_process_unk_param( 2066 const struct sctp_association *asoc, 2067 union sctp_params param, 2068 struct sctp_chunk *chunk, 2069 struct sctp_chunk **errp) 2070 { 2071 int retval = SCTP_IERROR_NO_ERROR; 2072 2073 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2074 case SCTP_PARAM_ACTION_DISCARD: 2075 retval = SCTP_IERROR_ERROR; 2076 break; 2077 case SCTP_PARAM_ACTION_SKIP: 2078 break; 2079 case SCTP_PARAM_ACTION_DISCARD_ERR: 2080 retval = SCTP_IERROR_ERROR; 2081 /* Fall through */ 2082 case SCTP_PARAM_ACTION_SKIP_ERR: 2083 /* Make an ERROR chunk, preparing enough room for 2084 * returning multiple unknown parameters. 2085 */ 2086 if (!*errp) { 2087 *errp = sctp_make_op_error_limited(asoc, chunk); 2088 if (!*errp) { 2089 /* If there is no memory for generating the 2090 * ERROR report as specified, an ABORT will be 2091 * triggered to the peer and the association 2092 * won't be established. 2093 */ 2094 retval = SCTP_IERROR_NOMEM; 2095 break; 2096 } 2097 } 2098 2099 if (!sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2100 ntohs(param.p->length))) 2101 sctp_addto_chunk(*errp, ntohs(param.p->length), 2102 param.v); 2103 break; 2104 default: 2105 break; 2106 } 2107 2108 return retval; 2109 } 2110 2111 /* Verify variable length parameters 2112 * Return values: 2113 * SCTP_IERROR_ABORT - trigger an ABORT 2114 * SCTP_IERROR_NOMEM - out of memory (abort) 2115 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2116 * SCTP_IERROR_NO_ERROR - continue with the chunk 2117 */ 2118 static enum sctp_ierror sctp_verify_param(struct net *net, 2119 const struct sctp_endpoint *ep, 2120 const struct sctp_association *asoc, 2121 union sctp_params param, 2122 enum sctp_cid cid, 2123 struct sctp_chunk *chunk, 2124 struct sctp_chunk **err_chunk) 2125 { 2126 struct sctp_hmac_algo_param *hmacs; 2127 int retval = SCTP_IERROR_NO_ERROR; 2128 __u16 n_elt, id = 0; 2129 int i; 2130 2131 /* FIXME - This routine is not looking at each parameter per the 2132 * chunk type, i.e., unrecognized parameters should be further 2133 * identified based on the chunk id. 2134 */ 2135 2136 switch (param.p->type) { 2137 case SCTP_PARAM_IPV4_ADDRESS: 2138 case SCTP_PARAM_IPV6_ADDRESS: 2139 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2140 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2141 case SCTP_PARAM_STATE_COOKIE: 2142 case SCTP_PARAM_HEARTBEAT_INFO: 2143 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2144 case SCTP_PARAM_ECN_CAPABLE: 2145 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2146 break; 2147 2148 case SCTP_PARAM_SUPPORTED_EXT: 2149 if (!sctp_verify_ext_param(net, param)) 2150 return SCTP_IERROR_ABORT; 2151 break; 2152 2153 case SCTP_PARAM_SET_PRIMARY: 2154 if (net->sctp.addip_enable) 2155 break; 2156 goto fallthrough; 2157 2158 case SCTP_PARAM_HOST_NAME_ADDRESS: 2159 /* Tell the peer, we won't support this param. */ 2160 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2161 retval = SCTP_IERROR_ABORT; 2162 break; 2163 2164 case SCTP_PARAM_FWD_TSN_SUPPORT: 2165 if (ep->prsctp_enable) 2166 break; 2167 goto fallthrough; 2168 2169 case SCTP_PARAM_RANDOM: 2170 if (!ep->auth_enable) 2171 goto fallthrough; 2172 2173 /* SCTP-AUTH: Secion 6.1 2174 * If the random number is not 32 byte long the association 2175 * MUST be aborted. The ABORT chunk SHOULD contain the error 2176 * cause 'Protocol Violation'. 2177 */ 2178 if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) - 2179 sizeof(struct sctp_paramhdr)) { 2180 sctp_process_inv_paramlength(asoc, param.p, 2181 chunk, err_chunk); 2182 retval = SCTP_IERROR_ABORT; 2183 } 2184 break; 2185 2186 case SCTP_PARAM_CHUNKS: 2187 if (!ep->auth_enable) 2188 goto fallthrough; 2189 2190 /* SCTP-AUTH: Section 3.2 2191 * The CHUNKS parameter MUST be included once in the INIT or 2192 * INIT-ACK chunk if the sender wants to receive authenticated 2193 * chunks. Its maximum length is 260 bytes. 2194 */ 2195 if (260 < ntohs(param.p->length)) { 2196 sctp_process_inv_paramlength(asoc, param.p, 2197 chunk, err_chunk); 2198 retval = SCTP_IERROR_ABORT; 2199 } 2200 break; 2201 2202 case SCTP_PARAM_HMAC_ALGO: 2203 if (!ep->auth_enable) 2204 goto fallthrough; 2205 2206 hmacs = (struct sctp_hmac_algo_param *)param.p; 2207 n_elt = (ntohs(param.p->length) - 2208 sizeof(struct sctp_paramhdr)) >> 1; 2209 2210 /* SCTP-AUTH: Section 6.1 2211 * The HMAC algorithm based on SHA-1 MUST be supported and 2212 * included in the HMAC-ALGO parameter. 2213 */ 2214 for (i = 0; i < n_elt; i++) { 2215 id = ntohs(hmacs->hmac_ids[i]); 2216 2217 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2218 break; 2219 } 2220 2221 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2222 sctp_process_inv_paramlength(asoc, param.p, chunk, 2223 err_chunk); 2224 retval = SCTP_IERROR_ABORT; 2225 } 2226 break; 2227 fallthrough: 2228 default: 2229 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2230 __func__, ntohs(param.p->type), cid); 2231 2232 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2233 break; 2234 } 2235 return retval; 2236 } 2237 2238 /* Verify the INIT packet before we process it. */ 2239 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2240 const struct sctp_association *asoc, enum sctp_cid cid, 2241 struct sctp_init_chunk *peer_init, 2242 struct sctp_chunk *chunk, struct sctp_chunk **errp) 2243 { 2244 union sctp_params param; 2245 bool has_cookie = false; 2246 int result; 2247 2248 /* Check for missing mandatory parameters. Note: Initial TSN is 2249 * also mandatory, but is not checked here since the valid range 2250 * is 0..2**32-1. RFC4960, section 3.3.3. 2251 */ 2252 if (peer_init->init_hdr.num_outbound_streams == 0 || 2253 peer_init->init_hdr.num_inbound_streams == 0 || 2254 peer_init->init_hdr.init_tag == 0 || 2255 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2256 return sctp_process_inv_mandatory(asoc, chunk, errp); 2257 2258 sctp_walk_params(param, peer_init, init_hdr.params) { 2259 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2260 has_cookie = true; 2261 } 2262 2263 /* There is a possibility that a parameter length was bad and 2264 * in that case we would have stoped walking the parameters. 2265 * The current param.p would point at the bad one. 2266 * Current consensus on the mailing list is to generate a PROTOCOL 2267 * VIOLATION error. We build the ERROR chunk here and let the normal 2268 * error handling code build and send the packet. 2269 */ 2270 if (param.v != (void *)chunk->chunk_end) 2271 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2272 2273 /* The only missing mandatory param possible today is 2274 * the state cookie for an INIT-ACK chunk. 2275 */ 2276 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2277 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2278 chunk, errp); 2279 2280 /* Verify all the variable length parameters */ 2281 sctp_walk_params(param, peer_init, init_hdr.params) { 2282 result = sctp_verify_param(net, ep, asoc, param, cid, 2283 chunk, errp); 2284 switch (result) { 2285 case SCTP_IERROR_ABORT: 2286 case SCTP_IERROR_NOMEM: 2287 return 0; 2288 case SCTP_IERROR_ERROR: 2289 return 1; 2290 case SCTP_IERROR_NO_ERROR: 2291 default: 2292 break; 2293 } 2294 2295 } /* for (loop through all parameters) */ 2296 2297 return 1; 2298 } 2299 2300 /* Unpack the parameters in an INIT packet into an association. 2301 * Returns 0 on failure, else success. 2302 * FIXME: This is an association method. 2303 */ 2304 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2305 const union sctp_addr *peer_addr, 2306 struct sctp_init_chunk *peer_init, gfp_t gfp) 2307 { 2308 struct net *net = sock_net(asoc->base.sk); 2309 struct sctp_transport *transport; 2310 struct list_head *pos, *temp; 2311 union sctp_params param; 2312 union sctp_addr addr; 2313 struct sctp_af *af; 2314 int src_match = 0; 2315 2316 /* We must include the address that the INIT packet came from. 2317 * This is the only address that matters for an INIT packet. 2318 * When processing a COOKIE ECHO, we retrieve the from address 2319 * of the INIT from the cookie. 2320 */ 2321 2322 /* This implementation defaults to making the first transport 2323 * added as the primary transport. The source address seems to 2324 * be a a better choice than any of the embedded addresses. 2325 */ 2326 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2327 goto nomem; 2328 2329 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2330 src_match = 1; 2331 2332 /* Process the initialization parameters. */ 2333 sctp_walk_params(param, peer_init, init_hdr.params) { 2334 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2335 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2336 af = sctp_get_af_specific(param_type2af(param.p->type)); 2337 af->from_addr_param(&addr, param.addr, 2338 chunk->sctp_hdr->source, 0); 2339 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2340 src_match = 1; 2341 } 2342 2343 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2344 goto clean_up; 2345 } 2346 2347 /* source address of chunk may not match any valid address */ 2348 if (!src_match) 2349 goto clean_up; 2350 2351 /* AUTH: After processing the parameters, make sure that we 2352 * have all the required info to potentially do authentications. 2353 */ 2354 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2355 !asoc->peer.peer_hmacs)) 2356 asoc->peer.auth_capable = 0; 2357 2358 /* In a non-backward compatible mode, if the peer claims 2359 * support for ADD-IP but not AUTH, the ADD-IP spec states 2360 * that we MUST ABORT the association. Section 6. The section 2361 * also give us an option to silently ignore the packet, which 2362 * is what we'll do here. 2363 */ 2364 if (!net->sctp.addip_noauth && 2365 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2366 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2367 SCTP_PARAM_DEL_IP | 2368 SCTP_PARAM_SET_PRIMARY); 2369 asoc->peer.asconf_capable = 0; 2370 goto clean_up; 2371 } 2372 2373 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2374 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2375 transport = list_entry(pos, struct sctp_transport, transports); 2376 if (transport->state == SCTP_UNKNOWN) { 2377 sctp_assoc_rm_peer(asoc, transport); 2378 } 2379 } 2380 2381 /* The fixed INIT headers are always in network byte 2382 * order. 2383 */ 2384 asoc->peer.i.init_tag = 2385 ntohl(peer_init->init_hdr.init_tag); 2386 asoc->peer.i.a_rwnd = 2387 ntohl(peer_init->init_hdr.a_rwnd); 2388 asoc->peer.i.num_outbound_streams = 2389 ntohs(peer_init->init_hdr.num_outbound_streams); 2390 asoc->peer.i.num_inbound_streams = 2391 ntohs(peer_init->init_hdr.num_inbound_streams); 2392 asoc->peer.i.initial_tsn = 2393 ntohl(peer_init->init_hdr.initial_tsn); 2394 2395 asoc->strreset_inseq = asoc->peer.i.initial_tsn; 2396 2397 /* Apply the upper bounds for output streams based on peer's 2398 * number of inbound streams. 2399 */ 2400 if (asoc->c.sinit_num_ostreams > 2401 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2402 asoc->c.sinit_num_ostreams = 2403 ntohs(peer_init->init_hdr.num_inbound_streams); 2404 } 2405 2406 if (asoc->c.sinit_max_instreams > 2407 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2408 asoc->c.sinit_max_instreams = 2409 ntohs(peer_init->init_hdr.num_outbound_streams); 2410 } 2411 2412 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2413 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2414 2415 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2416 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2417 2418 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2419 * high (for example, implementations MAY use the size of the receiver 2420 * advertised window). 2421 */ 2422 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2423 transports) { 2424 transport->ssthresh = asoc->peer.i.a_rwnd; 2425 } 2426 2427 /* Set up the TSN tracking pieces. */ 2428 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2429 asoc->peer.i.initial_tsn, gfp)) 2430 goto clean_up; 2431 2432 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2433 * 2434 * The stream sequence number in all the streams shall start 2435 * from 0 when the association is established. Also, when the 2436 * stream sequence number reaches the value 65535 the next 2437 * stream sequence number shall be set to 0. 2438 */ 2439 2440 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 2441 asoc->c.sinit_max_instreams, gfp)) 2442 goto clean_up; 2443 2444 /* Update frag_point when stream_interleave may get changed. */ 2445 sctp_assoc_update_frag_point(asoc); 2446 2447 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp)) 2448 goto clean_up; 2449 2450 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2451 * 2452 * When an endpoint has an ASCONF signaled change to be sent to the 2453 * remote endpoint it should do the following: 2454 * ... 2455 * A2) A serial number should be assigned to the Chunk. The serial 2456 * number should be a monotonically increasing number. All serial 2457 * numbers are defined to be initialized at the start of the 2458 * association to the same value as the Initial TSN. 2459 */ 2460 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2461 return 1; 2462 2463 clean_up: 2464 /* Release the transport structures. */ 2465 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2466 transport = list_entry(pos, struct sctp_transport, transports); 2467 if (transport->state != SCTP_ACTIVE) 2468 sctp_assoc_rm_peer(asoc, transport); 2469 } 2470 2471 nomem: 2472 return 0; 2473 } 2474 2475 2476 /* Update asoc with the option described in param. 2477 * 2478 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2479 * 2480 * asoc is the association to update. 2481 * param is the variable length parameter to use for update. 2482 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2483 * If the current packet is an INIT we want to minimize the amount of 2484 * work we do. In particular, we should not build transport 2485 * structures for the addresses. 2486 */ 2487 static int sctp_process_param(struct sctp_association *asoc, 2488 union sctp_params param, 2489 const union sctp_addr *peer_addr, 2490 gfp_t gfp) 2491 { 2492 struct net *net = sock_net(asoc->base.sk); 2493 struct sctp_endpoint *ep = asoc->ep; 2494 union sctp_addr_param *addr_param; 2495 struct sctp_transport *t; 2496 enum sctp_scope scope; 2497 union sctp_addr addr; 2498 struct sctp_af *af; 2499 int retval = 1, i; 2500 u32 stale; 2501 __u16 sat; 2502 2503 /* We maintain all INIT parameters in network byte order all the 2504 * time. This allows us to not worry about whether the parameters 2505 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2506 */ 2507 switch (param.p->type) { 2508 case SCTP_PARAM_IPV6_ADDRESS: 2509 if (PF_INET6 != asoc->base.sk->sk_family) 2510 break; 2511 goto do_addr_param; 2512 2513 case SCTP_PARAM_IPV4_ADDRESS: 2514 /* v4 addresses are not allowed on v6-only socket */ 2515 if (ipv6_only_sock(asoc->base.sk)) 2516 break; 2517 do_addr_param: 2518 af = sctp_get_af_specific(param_type2af(param.p->type)); 2519 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2520 scope = sctp_scope(peer_addr); 2521 if (sctp_in_scope(net, &addr, scope)) 2522 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2523 return 0; 2524 break; 2525 2526 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2527 if (!net->sctp.cookie_preserve_enable) 2528 break; 2529 2530 stale = ntohl(param.life->lifespan_increment); 2531 2532 /* Suggested Cookie Life span increment's unit is msec, 2533 * (1/1000sec). 2534 */ 2535 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2536 break; 2537 2538 case SCTP_PARAM_HOST_NAME_ADDRESS: 2539 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2540 break; 2541 2542 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2543 /* Turn off the default values first so we'll know which 2544 * ones are really set by the peer. 2545 */ 2546 asoc->peer.ipv4_address = 0; 2547 asoc->peer.ipv6_address = 0; 2548 2549 /* Assume that peer supports the address family 2550 * by which it sends a packet. 2551 */ 2552 if (peer_addr->sa.sa_family == AF_INET6) 2553 asoc->peer.ipv6_address = 1; 2554 else if (peer_addr->sa.sa_family == AF_INET) 2555 asoc->peer.ipv4_address = 1; 2556 2557 /* Cycle through address types; avoid divide by 0. */ 2558 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2559 if (sat) 2560 sat /= sizeof(__u16); 2561 2562 for (i = 0; i < sat; ++i) { 2563 switch (param.sat->types[i]) { 2564 case SCTP_PARAM_IPV4_ADDRESS: 2565 asoc->peer.ipv4_address = 1; 2566 break; 2567 2568 case SCTP_PARAM_IPV6_ADDRESS: 2569 if (PF_INET6 == asoc->base.sk->sk_family) 2570 asoc->peer.ipv6_address = 1; 2571 break; 2572 2573 case SCTP_PARAM_HOST_NAME_ADDRESS: 2574 asoc->peer.hostname_address = 1; 2575 break; 2576 2577 default: /* Just ignore anything else. */ 2578 break; 2579 } 2580 } 2581 break; 2582 2583 case SCTP_PARAM_STATE_COOKIE: 2584 asoc->peer.cookie_len = 2585 ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2586 asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp); 2587 if (!asoc->peer.cookie) 2588 retval = 0; 2589 break; 2590 2591 case SCTP_PARAM_HEARTBEAT_INFO: 2592 /* Would be odd to receive, but it causes no problems. */ 2593 break; 2594 2595 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2596 /* Rejected during verify stage. */ 2597 break; 2598 2599 case SCTP_PARAM_ECN_CAPABLE: 2600 asoc->peer.ecn_capable = 1; 2601 break; 2602 2603 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2604 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2605 break; 2606 2607 case SCTP_PARAM_SET_PRIMARY: 2608 if (!net->sctp.addip_enable) 2609 goto fall_through; 2610 2611 addr_param = param.v + sizeof(struct sctp_addip_param); 2612 2613 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2614 if (af == NULL) 2615 break; 2616 2617 af->from_addr_param(&addr, addr_param, 2618 htons(asoc->peer.port), 0); 2619 2620 /* if the address is invalid, we can't process it. 2621 * XXX: see spec for what to do. 2622 */ 2623 if (!af->addr_valid(&addr, NULL, NULL)) 2624 break; 2625 2626 t = sctp_assoc_lookup_paddr(asoc, &addr); 2627 if (!t) 2628 break; 2629 2630 sctp_assoc_set_primary(asoc, t); 2631 break; 2632 2633 case SCTP_PARAM_SUPPORTED_EXT: 2634 sctp_process_ext_param(asoc, param); 2635 break; 2636 2637 case SCTP_PARAM_FWD_TSN_SUPPORT: 2638 if (asoc->prsctp_enable) { 2639 asoc->peer.prsctp_capable = 1; 2640 break; 2641 } 2642 /* Fall Through */ 2643 goto fall_through; 2644 2645 case SCTP_PARAM_RANDOM: 2646 if (!ep->auth_enable) 2647 goto fall_through; 2648 2649 /* Save peer's random parameter */ 2650 asoc->peer.peer_random = kmemdup(param.p, 2651 ntohs(param.p->length), gfp); 2652 if (!asoc->peer.peer_random) { 2653 retval = 0; 2654 break; 2655 } 2656 break; 2657 2658 case SCTP_PARAM_HMAC_ALGO: 2659 if (!ep->auth_enable) 2660 goto fall_through; 2661 2662 /* Save peer's HMAC list */ 2663 asoc->peer.peer_hmacs = kmemdup(param.p, 2664 ntohs(param.p->length), gfp); 2665 if (!asoc->peer.peer_hmacs) { 2666 retval = 0; 2667 break; 2668 } 2669 2670 /* Set the default HMAC the peer requested*/ 2671 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2672 break; 2673 2674 case SCTP_PARAM_CHUNKS: 2675 if (!ep->auth_enable) 2676 goto fall_through; 2677 2678 asoc->peer.peer_chunks = kmemdup(param.p, 2679 ntohs(param.p->length), gfp); 2680 if (!asoc->peer.peer_chunks) 2681 retval = 0; 2682 break; 2683 fall_through: 2684 default: 2685 /* Any unrecognized parameters should have been caught 2686 * and handled by sctp_verify_param() which should be 2687 * called prior to this routine. Simply log the error 2688 * here. 2689 */ 2690 pr_debug("%s: ignoring param:%d for association:%p.\n", 2691 __func__, ntohs(param.p->type), asoc); 2692 break; 2693 } 2694 2695 return retval; 2696 } 2697 2698 /* Select a new verification tag. */ 2699 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2700 { 2701 /* I believe that this random number generator complies with RFC1750. 2702 * A tag of 0 is reserved for special cases (e.g. INIT). 2703 */ 2704 __u32 x; 2705 2706 do { 2707 get_random_bytes(&x, sizeof(__u32)); 2708 } while (x == 0); 2709 2710 return x; 2711 } 2712 2713 /* Select an initial TSN to send during startup. */ 2714 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2715 { 2716 __u32 retval; 2717 2718 get_random_bytes(&retval, sizeof(__u32)); 2719 return retval; 2720 } 2721 2722 /* 2723 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2724 * 0 1 2 3 2725 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2726 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2727 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2728 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2729 * | Serial Number | 2730 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2731 * | Address Parameter | 2732 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2733 * | ASCONF Parameter #1 | 2734 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2735 * \ \ 2736 * / .... / 2737 * \ \ 2738 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2739 * | ASCONF Parameter #N | 2740 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2741 * 2742 * Address Parameter and other parameter will not be wrapped in this function 2743 */ 2744 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2745 union sctp_addr *addr, 2746 int vparam_len) 2747 { 2748 struct sctp_addiphdr asconf; 2749 struct sctp_chunk *retval; 2750 int length = sizeof(asconf) + vparam_len; 2751 union sctp_addr_param addrparam; 2752 int addrlen; 2753 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2754 2755 addrlen = af->to_addr_param(addr, &addrparam); 2756 if (!addrlen) 2757 return NULL; 2758 length += addrlen; 2759 2760 /* Create the chunk. */ 2761 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length, 2762 GFP_ATOMIC); 2763 if (!retval) 2764 return NULL; 2765 2766 asconf.serial = htonl(asoc->addip_serial++); 2767 2768 retval->subh.addip_hdr = 2769 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2770 retval->param_hdr.v = 2771 sctp_addto_chunk(retval, addrlen, &addrparam); 2772 2773 return retval; 2774 } 2775 2776 /* ADDIP 2777 * 3.2.1 Add IP Address 2778 * 0 1 2 3 2779 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2780 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2781 * | Type = 0xC001 | Length = Variable | 2782 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2783 * | ASCONF-Request Correlation ID | 2784 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2785 * | Address Parameter | 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * 2788 * 3.2.2 Delete IP Address 2789 * 0 1 2 3 2790 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2791 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2792 * | Type = 0xC002 | Length = Variable | 2793 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2794 * | ASCONF-Request Correlation ID | 2795 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2796 * | Address Parameter | 2797 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2798 * 2799 */ 2800 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2801 union sctp_addr *laddr, 2802 struct sockaddr *addrs, 2803 int addrcnt, __be16 flags) 2804 { 2805 union sctp_addr_param addr_param; 2806 struct sctp_addip_param param; 2807 int paramlen = sizeof(param); 2808 struct sctp_chunk *retval; 2809 int addr_param_len = 0; 2810 union sctp_addr *addr; 2811 int totallen = 0, i; 2812 int del_pickup = 0; 2813 struct sctp_af *af; 2814 void *addr_buf; 2815 2816 /* Get total length of all the address parameters. */ 2817 addr_buf = addrs; 2818 for (i = 0; i < addrcnt; i++) { 2819 addr = addr_buf; 2820 af = sctp_get_af_specific(addr->v4.sin_family); 2821 addr_param_len = af->to_addr_param(addr, &addr_param); 2822 2823 totallen += paramlen; 2824 totallen += addr_param_len; 2825 2826 addr_buf += af->sockaddr_len; 2827 if (asoc->asconf_addr_del_pending && !del_pickup) { 2828 /* reuse the parameter length from the same scope one */ 2829 totallen += paramlen; 2830 totallen += addr_param_len; 2831 del_pickup = 1; 2832 2833 pr_debug("%s: picked same-scope del_pending addr, " 2834 "totallen for all addresses is %d\n", 2835 __func__, totallen); 2836 } 2837 } 2838 2839 /* Create an asconf chunk with the required length. */ 2840 retval = sctp_make_asconf(asoc, laddr, totallen); 2841 if (!retval) 2842 return NULL; 2843 2844 /* Add the address parameters to the asconf chunk. */ 2845 addr_buf = addrs; 2846 for (i = 0; i < addrcnt; i++) { 2847 addr = addr_buf; 2848 af = sctp_get_af_specific(addr->v4.sin_family); 2849 addr_param_len = af->to_addr_param(addr, &addr_param); 2850 param.param_hdr.type = flags; 2851 param.param_hdr.length = htons(paramlen + addr_param_len); 2852 param.crr_id = htonl(i); 2853 2854 sctp_addto_chunk(retval, paramlen, ¶m); 2855 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2856 2857 addr_buf += af->sockaddr_len; 2858 } 2859 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2860 addr = asoc->asconf_addr_del_pending; 2861 af = sctp_get_af_specific(addr->v4.sin_family); 2862 addr_param_len = af->to_addr_param(addr, &addr_param); 2863 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2864 param.param_hdr.length = htons(paramlen + addr_param_len); 2865 param.crr_id = htonl(i); 2866 2867 sctp_addto_chunk(retval, paramlen, ¶m); 2868 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2869 } 2870 return retval; 2871 } 2872 2873 /* ADDIP 2874 * 3.2.4 Set Primary IP Address 2875 * 0 1 2 3 2876 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2877 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2878 * | Type =0xC004 | Length = Variable | 2879 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2880 * | ASCONF-Request Correlation ID | 2881 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2882 * | Address Parameter | 2883 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2884 * 2885 * Create an ASCONF chunk with Set Primary IP address parameter. 2886 */ 2887 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2888 union sctp_addr *addr) 2889 { 2890 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2891 union sctp_addr_param addrparam; 2892 struct sctp_addip_param param; 2893 struct sctp_chunk *retval; 2894 int len = sizeof(param); 2895 int addrlen; 2896 2897 addrlen = af->to_addr_param(addr, &addrparam); 2898 if (!addrlen) 2899 return NULL; 2900 len += addrlen; 2901 2902 /* Create the chunk and make asconf header. */ 2903 retval = sctp_make_asconf(asoc, addr, len); 2904 if (!retval) 2905 return NULL; 2906 2907 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2908 param.param_hdr.length = htons(len); 2909 param.crr_id = 0; 2910 2911 sctp_addto_chunk(retval, sizeof(param), ¶m); 2912 sctp_addto_chunk(retval, addrlen, &addrparam); 2913 2914 return retval; 2915 } 2916 2917 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2918 * 0 1 2 3 2919 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2920 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2921 * | Type = 0x80 | Chunk Flags | Chunk Length | 2922 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2923 * | Serial Number | 2924 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2925 * | ASCONF Parameter Response#1 | 2926 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2927 * \ \ 2928 * / .... / 2929 * \ \ 2930 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2931 * | ASCONF Parameter Response#N | 2932 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2933 * 2934 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2935 */ 2936 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2937 __u32 serial, int vparam_len) 2938 { 2939 struct sctp_addiphdr asconf; 2940 struct sctp_chunk *retval; 2941 int length = sizeof(asconf) + vparam_len; 2942 2943 /* Create the chunk. */ 2944 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length, 2945 GFP_ATOMIC); 2946 if (!retval) 2947 return NULL; 2948 2949 asconf.serial = htonl(serial); 2950 2951 retval->subh.addip_hdr = 2952 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2953 2954 return retval; 2955 } 2956 2957 /* Add response parameters to an ASCONF_ACK chunk. */ 2958 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2959 __be16 err_code, 2960 struct sctp_addip_param *asconf_param) 2961 { 2962 struct sctp_addip_param ack_param; 2963 struct sctp_errhdr err_param; 2964 int asconf_param_len = 0; 2965 int err_param_len = 0; 2966 __be16 response_type; 2967 2968 if (SCTP_ERROR_NO_ERROR == err_code) { 2969 response_type = SCTP_PARAM_SUCCESS_REPORT; 2970 } else { 2971 response_type = SCTP_PARAM_ERR_CAUSE; 2972 err_param_len = sizeof(err_param); 2973 if (asconf_param) 2974 asconf_param_len = 2975 ntohs(asconf_param->param_hdr.length); 2976 } 2977 2978 /* Add Success Indication or Error Cause Indication parameter. */ 2979 ack_param.param_hdr.type = response_type; 2980 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2981 err_param_len + 2982 asconf_param_len); 2983 ack_param.crr_id = crr_id; 2984 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2985 2986 if (SCTP_ERROR_NO_ERROR == err_code) 2987 return; 2988 2989 /* Add Error Cause parameter. */ 2990 err_param.cause = err_code; 2991 err_param.length = htons(err_param_len + asconf_param_len); 2992 sctp_addto_chunk(chunk, err_param_len, &err_param); 2993 2994 /* Add the failed TLV copied from ASCONF chunk. */ 2995 if (asconf_param) 2996 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2997 } 2998 2999 /* Process a asconf parameter. */ 3000 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3001 struct sctp_chunk *asconf, 3002 struct sctp_addip_param *asconf_param) 3003 { 3004 union sctp_addr_param *addr_param; 3005 struct sctp_transport *peer; 3006 union sctp_addr addr; 3007 struct sctp_af *af; 3008 3009 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3010 3011 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3012 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3013 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3014 return SCTP_ERROR_UNKNOWN_PARAM; 3015 3016 switch (addr_param->p.type) { 3017 case SCTP_PARAM_IPV6_ADDRESS: 3018 if (!asoc->peer.ipv6_address) 3019 return SCTP_ERROR_DNS_FAILED; 3020 break; 3021 case SCTP_PARAM_IPV4_ADDRESS: 3022 if (!asoc->peer.ipv4_address) 3023 return SCTP_ERROR_DNS_FAILED; 3024 break; 3025 default: 3026 return SCTP_ERROR_DNS_FAILED; 3027 } 3028 3029 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3030 if (unlikely(!af)) 3031 return SCTP_ERROR_DNS_FAILED; 3032 3033 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3034 3035 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3036 * or multicast address. 3037 * (note: wildcard is permitted and requires special handling so 3038 * make sure we check for that) 3039 */ 3040 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3041 return SCTP_ERROR_DNS_FAILED; 3042 3043 switch (asconf_param->param_hdr.type) { 3044 case SCTP_PARAM_ADD_IP: 3045 /* Section 4.2.1: 3046 * If the address 0.0.0.0 or ::0 is provided, the source 3047 * address of the packet MUST be added. 3048 */ 3049 if (af->is_any(&addr)) 3050 memcpy(&addr, &asconf->source, sizeof(addr)); 3051 3052 if (security_sctp_bind_connect(asoc->ep->base.sk, 3053 SCTP_PARAM_ADD_IP, 3054 (struct sockaddr *)&addr, 3055 af->sockaddr_len)) 3056 return SCTP_ERROR_REQ_REFUSED; 3057 3058 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3059 * request and does not have the local resources to add this 3060 * new address to the association, it MUST return an Error 3061 * Cause TLV set to the new error code 'Operation Refused 3062 * Due to Resource Shortage'. 3063 */ 3064 3065 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3066 if (!peer) 3067 return SCTP_ERROR_RSRC_LOW; 3068 3069 /* Start the heartbeat timer. */ 3070 sctp_transport_reset_hb_timer(peer); 3071 asoc->new_transport = peer; 3072 break; 3073 case SCTP_PARAM_DEL_IP: 3074 /* ADDIP 4.3 D7) If a request is received to delete the 3075 * last remaining IP address of a peer endpoint, the receiver 3076 * MUST send an Error Cause TLV with the error cause set to the 3077 * new error code 'Request to Delete Last Remaining IP Address'. 3078 */ 3079 if (asoc->peer.transport_count == 1) 3080 return SCTP_ERROR_DEL_LAST_IP; 3081 3082 /* ADDIP 4.3 D8) If a request is received to delete an IP 3083 * address which is also the source address of the IP packet 3084 * which contained the ASCONF chunk, the receiver MUST reject 3085 * this request. To reject the request the receiver MUST send 3086 * an Error Cause TLV set to the new error code 'Request to 3087 * Delete Source IP Address' 3088 */ 3089 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3090 return SCTP_ERROR_DEL_SRC_IP; 3091 3092 /* Section 4.2.2 3093 * If the address 0.0.0.0 or ::0 is provided, all 3094 * addresses of the peer except the source address of the 3095 * packet MUST be deleted. 3096 */ 3097 if (af->is_any(&addr)) { 3098 sctp_assoc_set_primary(asoc, asconf->transport); 3099 sctp_assoc_del_nonprimary_peers(asoc, 3100 asconf->transport); 3101 return SCTP_ERROR_NO_ERROR; 3102 } 3103 3104 /* If the address is not part of the association, the 3105 * ASCONF-ACK with Error Cause Indication Parameter 3106 * which including cause of Unresolvable Address should 3107 * be sent. 3108 */ 3109 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3110 if (!peer) 3111 return SCTP_ERROR_DNS_FAILED; 3112 3113 sctp_assoc_rm_peer(asoc, peer); 3114 break; 3115 case SCTP_PARAM_SET_PRIMARY: 3116 /* ADDIP Section 4.2.4 3117 * If the address 0.0.0.0 or ::0 is provided, the receiver 3118 * MAY mark the source address of the packet as its 3119 * primary. 3120 */ 3121 if (af->is_any(&addr)) 3122 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3123 3124 if (security_sctp_bind_connect(asoc->ep->base.sk, 3125 SCTP_PARAM_SET_PRIMARY, 3126 (struct sockaddr *)&addr, 3127 af->sockaddr_len)) 3128 return SCTP_ERROR_REQ_REFUSED; 3129 3130 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3131 if (!peer) 3132 return SCTP_ERROR_DNS_FAILED; 3133 3134 sctp_assoc_set_primary(asoc, peer); 3135 break; 3136 } 3137 3138 return SCTP_ERROR_NO_ERROR; 3139 } 3140 3141 /* Verify the ASCONF packet before we process it. */ 3142 bool sctp_verify_asconf(const struct sctp_association *asoc, 3143 struct sctp_chunk *chunk, bool addr_param_needed, 3144 struct sctp_paramhdr **errp) 3145 { 3146 struct sctp_addip_chunk *addip; 3147 bool addr_param_seen = false; 3148 union sctp_params param; 3149 3150 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr; 3151 sctp_walk_params(param, addip, addip_hdr.params) { 3152 size_t length = ntohs(param.p->length); 3153 3154 *errp = param.p; 3155 switch (param.p->type) { 3156 case SCTP_PARAM_ERR_CAUSE: 3157 break; 3158 case SCTP_PARAM_IPV4_ADDRESS: 3159 if (length != sizeof(struct sctp_ipv4addr_param)) 3160 return false; 3161 /* ensure there is only one addr param and it's in the 3162 * beginning of addip_hdr params, or we reject it. 3163 */ 3164 if (param.v != addip->addip_hdr.params) 3165 return false; 3166 addr_param_seen = true; 3167 break; 3168 case SCTP_PARAM_IPV6_ADDRESS: 3169 if (length != sizeof(struct sctp_ipv6addr_param)) 3170 return false; 3171 if (param.v != addip->addip_hdr.params) 3172 return false; 3173 addr_param_seen = true; 3174 break; 3175 case SCTP_PARAM_ADD_IP: 3176 case SCTP_PARAM_DEL_IP: 3177 case SCTP_PARAM_SET_PRIMARY: 3178 /* In ASCONF chunks, these need to be first. */ 3179 if (addr_param_needed && !addr_param_seen) 3180 return false; 3181 length = ntohs(param.addip->param_hdr.length); 3182 if (length < sizeof(struct sctp_addip_param) + 3183 sizeof(**errp)) 3184 return false; 3185 break; 3186 case SCTP_PARAM_SUCCESS_REPORT: 3187 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3188 if (length != sizeof(struct sctp_addip_param)) 3189 return false; 3190 break; 3191 default: 3192 /* This is unkown to us, reject! */ 3193 return false; 3194 } 3195 } 3196 3197 /* Remaining sanity checks. */ 3198 if (addr_param_needed && !addr_param_seen) 3199 return false; 3200 if (!addr_param_needed && addr_param_seen) 3201 return false; 3202 if (param.v != chunk->chunk_end) 3203 return false; 3204 3205 return true; 3206 } 3207 3208 /* Process an incoming ASCONF chunk with the next expected serial no. and 3209 * return an ASCONF_ACK chunk to be sent in response. 3210 */ 3211 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3212 struct sctp_chunk *asconf) 3213 { 3214 union sctp_addr_param *addr_param; 3215 struct sctp_addip_chunk *addip; 3216 struct sctp_chunk *asconf_ack; 3217 bool all_param_pass = true; 3218 struct sctp_addiphdr *hdr; 3219 int length = 0, chunk_len; 3220 union sctp_params param; 3221 __be16 err_code; 3222 __u32 serial; 3223 3224 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr; 3225 chunk_len = ntohs(asconf->chunk_hdr->length) - 3226 sizeof(struct sctp_chunkhdr); 3227 hdr = (struct sctp_addiphdr *)asconf->skb->data; 3228 serial = ntohl(hdr->serial); 3229 3230 /* Skip the addiphdr and store a pointer to address parameter. */ 3231 length = sizeof(*hdr); 3232 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3233 chunk_len -= length; 3234 3235 /* Skip the address parameter and store a pointer to the first 3236 * asconf parameter. 3237 */ 3238 length = ntohs(addr_param->p.length); 3239 chunk_len -= length; 3240 3241 /* create an ASCONF_ACK chunk. 3242 * Based on the definitions of parameters, we know that the size of 3243 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3244 * parameters. 3245 */ 3246 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3247 if (!asconf_ack) 3248 goto done; 3249 3250 /* Process the TLVs contained within the ASCONF chunk. */ 3251 sctp_walk_params(param, addip, addip_hdr.params) { 3252 /* Skip preceeding address parameters. */ 3253 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3254 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3255 continue; 3256 3257 err_code = sctp_process_asconf_param(asoc, asconf, 3258 param.addip); 3259 /* ADDIP 4.1 A7) 3260 * If an error response is received for a TLV parameter, 3261 * all TLVs with no response before the failed TLV are 3262 * considered successful if not reported. All TLVs after 3263 * the failed response are considered unsuccessful unless 3264 * a specific success indication is present for the parameter. 3265 */ 3266 if (err_code != SCTP_ERROR_NO_ERROR) 3267 all_param_pass = false; 3268 if (!all_param_pass) 3269 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3270 err_code, param.addip); 3271 3272 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3273 * an IP address sends an 'Out of Resource' in its response, it 3274 * MUST also fail any subsequent add or delete requests bundled 3275 * in the ASCONF. 3276 */ 3277 if (err_code == SCTP_ERROR_RSRC_LOW) 3278 goto done; 3279 } 3280 done: 3281 asoc->peer.addip_serial++; 3282 3283 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3284 * after freeing the reference to old asconf ack if any. 3285 */ 3286 if (asconf_ack) { 3287 sctp_chunk_hold(asconf_ack); 3288 list_add_tail(&asconf_ack->transmitted_list, 3289 &asoc->asconf_ack_list); 3290 } 3291 3292 return asconf_ack; 3293 } 3294 3295 /* Process a asconf parameter that is successfully acked. */ 3296 static void sctp_asconf_param_success(struct sctp_association *asoc, 3297 struct sctp_addip_param *asconf_param) 3298 { 3299 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3300 union sctp_addr_param *addr_param; 3301 struct sctp_sockaddr_entry *saddr; 3302 struct sctp_transport *transport; 3303 union sctp_addr addr; 3304 struct sctp_af *af; 3305 3306 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3307 3308 /* We have checked the packet before, so we do not check again. */ 3309 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3310 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3311 3312 switch (asconf_param->param_hdr.type) { 3313 case SCTP_PARAM_ADD_IP: 3314 /* This is always done in BH context with a socket lock 3315 * held, so the list can not change. 3316 */ 3317 local_bh_disable(); 3318 list_for_each_entry(saddr, &bp->address_list, list) { 3319 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3320 saddr->state = SCTP_ADDR_SRC; 3321 } 3322 local_bh_enable(); 3323 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3324 transports) { 3325 sctp_transport_dst_release(transport); 3326 } 3327 break; 3328 case SCTP_PARAM_DEL_IP: 3329 local_bh_disable(); 3330 sctp_del_bind_addr(bp, &addr); 3331 if (asoc->asconf_addr_del_pending != NULL && 3332 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3333 kfree(asoc->asconf_addr_del_pending); 3334 asoc->asconf_addr_del_pending = NULL; 3335 } 3336 local_bh_enable(); 3337 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3338 transports) { 3339 sctp_transport_dst_release(transport); 3340 } 3341 break; 3342 default: 3343 break; 3344 } 3345 } 3346 3347 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3348 * for the given asconf parameter. If there is no response for this parameter, 3349 * return the error code based on the third argument 'no_err'. 3350 * ADDIP 4.1 3351 * A7) If an error response is received for a TLV parameter, all TLVs with no 3352 * response before the failed TLV are considered successful if not reported. 3353 * All TLVs after the failed response are considered unsuccessful unless a 3354 * specific success indication is present for the parameter. 3355 */ 3356 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3357 struct sctp_addip_param *asconf_param, 3358 int no_err) 3359 { 3360 struct sctp_addip_param *asconf_ack_param; 3361 struct sctp_errhdr *err_param; 3362 int asconf_ack_len; 3363 __be16 err_code; 3364 int length; 3365 3366 if (no_err) 3367 err_code = SCTP_ERROR_NO_ERROR; 3368 else 3369 err_code = SCTP_ERROR_REQ_REFUSED; 3370 3371 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3372 sizeof(struct sctp_chunkhdr); 3373 3374 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3375 * the first asconf_ack parameter. 3376 */ 3377 length = sizeof(struct sctp_addiphdr); 3378 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data + 3379 length); 3380 asconf_ack_len -= length; 3381 3382 while (asconf_ack_len > 0) { 3383 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3384 switch (asconf_ack_param->param_hdr.type) { 3385 case SCTP_PARAM_SUCCESS_REPORT: 3386 return SCTP_ERROR_NO_ERROR; 3387 case SCTP_PARAM_ERR_CAUSE: 3388 length = sizeof(*asconf_ack_param); 3389 err_param = (void *)asconf_ack_param + length; 3390 asconf_ack_len -= length; 3391 if (asconf_ack_len > 0) 3392 return err_param->cause; 3393 else 3394 return SCTP_ERROR_INV_PARAM; 3395 break; 3396 default: 3397 return SCTP_ERROR_INV_PARAM; 3398 } 3399 } 3400 3401 length = ntohs(asconf_ack_param->param_hdr.length); 3402 asconf_ack_param = (void *)asconf_ack_param + length; 3403 asconf_ack_len -= length; 3404 } 3405 3406 return err_code; 3407 } 3408 3409 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3410 int sctp_process_asconf_ack(struct sctp_association *asoc, 3411 struct sctp_chunk *asconf_ack) 3412 { 3413 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3414 struct sctp_addip_param *asconf_param; 3415 __be16 err_code = SCTP_ERROR_NO_ERROR; 3416 union sctp_addr_param *addr_param; 3417 int asconf_len = asconf->skb->len; 3418 int all_param_pass = 0; 3419 int length = 0; 3420 int no_err = 1; 3421 int retval = 0; 3422 3423 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3424 * a pointer to address parameter. 3425 */ 3426 length = sizeof(struct sctp_addip_chunk); 3427 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3428 asconf_len -= length; 3429 3430 /* Skip the address parameter in the last asconf sent and store a 3431 * pointer to the first asconf parameter. 3432 */ 3433 length = ntohs(addr_param->p.length); 3434 asconf_param = (void *)addr_param + length; 3435 asconf_len -= length; 3436 3437 /* ADDIP 4.1 3438 * A8) If there is no response(s) to specific TLV parameter(s), and no 3439 * failures are indicated, then all request(s) are considered 3440 * successful. 3441 */ 3442 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr)) 3443 all_param_pass = 1; 3444 3445 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3446 while (asconf_len > 0) { 3447 if (all_param_pass) 3448 err_code = SCTP_ERROR_NO_ERROR; 3449 else { 3450 err_code = sctp_get_asconf_response(asconf_ack, 3451 asconf_param, 3452 no_err); 3453 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3454 no_err = 0; 3455 } 3456 3457 switch (err_code) { 3458 case SCTP_ERROR_NO_ERROR: 3459 sctp_asconf_param_success(asoc, asconf_param); 3460 break; 3461 3462 case SCTP_ERROR_RSRC_LOW: 3463 retval = 1; 3464 break; 3465 3466 case SCTP_ERROR_UNKNOWN_PARAM: 3467 /* Disable sending this type of asconf parameter in 3468 * future. 3469 */ 3470 asoc->peer.addip_disabled_mask |= 3471 asconf_param->param_hdr.type; 3472 break; 3473 3474 case SCTP_ERROR_REQ_REFUSED: 3475 case SCTP_ERROR_DEL_LAST_IP: 3476 case SCTP_ERROR_DEL_SRC_IP: 3477 default: 3478 break; 3479 } 3480 3481 /* Skip the processed asconf parameter and move to the next 3482 * one. 3483 */ 3484 length = ntohs(asconf_param->param_hdr.length); 3485 asconf_param = (void *)asconf_param + length; 3486 asconf_len -= length; 3487 } 3488 3489 if (no_err && asoc->src_out_of_asoc_ok) { 3490 asoc->src_out_of_asoc_ok = 0; 3491 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3492 } 3493 3494 /* Free the cached last sent asconf chunk. */ 3495 list_del_init(&asconf->transmitted_list); 3496 sctp_chunk_free(asconf); 3497 asoc->addip_last_asconf = NULL; 3498 3499 return retval; 3500 } 3501 3502 /* Make a FWD TSN chunk. */ 3503 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3504 __u32 new_cum_tsn, size_t nstreams, 3505 struct sctp_fwdtsn_skip *skiplist) 3506 { 3507 struct sctp_chunk *retval = NULL; 3508 struct sctp_fwdtsn_hdr ftsn_hdr; 3509 struct sctp_fwdtsn_skip skip; 3510 size_t hint; 3511 int i; 3512 3513 hint = (nstreams + 1) * sizeof(__u32); 3514 3515 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC); 3516 3517 if (!retval) 3518 return NULL; 3519 3520 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3521 retval->subh.fwdtsn_hdr = 3522 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3523 3524 for (i = 0; i < nstreams; i++) { 3525 skip.stream = skiplist[i].stream; 3526 skip.ssn = skiplist[i].ssn; 3527 sctp_addto_chunk(retval, sizeof(skip), &skip); 3528 } 3529 3530 return retval; 3531 } 3532 3533 struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc, 3534 __u32 new_cum_tsn, size_t nstreams, 3535 struct sctp_ifwdtsn_skip *skiplist) 3536 { 3537 struct sctp_chunk *retval = NULL; 3538 struct sctp_ifwdtsn_hdr ftsn_hdr; 3539 size_t hint; 3540 3541 hint = (nstreams + 1) * sizeof(__u32); 3542 3543 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint, 3544 GFP_ATOMIC); 3545 if (!retval) 3546 return NULL; 3547 3548 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3549 retval->subh.ifwdtsn_hdr = 3550 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3551 3552 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist); 3553 3554 return retval; 3555 } 3556 3557 /* RE-CONFIG 3.1 (RE-CONFIG chunk) 3558 * 0 1 2 3 3559 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3560 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3561 * | Type = 130 | Chunk Flags | Chunk Length | 3562 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3563 * \ \ 3564 * / Re-configuration Parameter / 3565 * \ \ 3566 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3567 * \ \ 3568 * / Re-configuration Parameter (optional) / 3569 * \ \ 3570 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3571 */ 3572 static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc, 3573 int length) 3574 { 3575 struct sctp_reconf_chunk *reconf; 3576 struct sctp_chunk *retval; 3577 3578 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length, 3579 GFP_ATOMIC); 3580 if (!retval) 3581 return NULL; 3582 3583 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr; 3584 retval->param_hdr.v = reconf->params; 3585 3586 return retval; 3587 } 3588 3589 /* RE-CONFIG 4.1 (STREAM OUT RESET) 3590 * 0 1 2 3 3591 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3592 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3593 * | Parameter Type = 13 | Parameter Length = 16 + 2 * N | 3594 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3595 * | Re-configuration Request Sequence Number | 3596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3597 * | Re-configuration Response Sequence Number | 3598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3599 * | Sender's Last Assigned TSN | 3600 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3601 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3602 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3603 * / ...... / 3604 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3605 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3606 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3607 * 3608 * RE-CONFIG 4.2 (STREAM IN RESET) 3609 * 0 1 2 3 3610 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3611 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3612 * | Parameter Type = 14 | Parameter Length = 8 + 2 * N | 3613 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3614 * | Re-configuration Request Sequence Number | 3615 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3616 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3617 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3618 * / ...... / 3619 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3620 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3621 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3622 */ 3623 struct sctp_chunk *sctp_make_strreset_req( 3624 const struct sctp_association *asoc, 3625 __u16 stream_num, __be16 *stream_list, 3626 bool out, bool in) 3627 { 3628 __u16 stream_len = stream_num * sizeof(__u16); 3629 struct sctp_strreset_outreq outreq; 3630 struct sctp_strreset_inreq inreq; 3631 struct sctp_chunk *retval; 3632 __u16 outlen, inlen; 3633 3634 outlen = (sizeof(outreq) + stream_len) * out; 3635 inlen = (sizeof(inreq) + stream_len) * in; 3636 3637 retval = sctp_make_reconf(asoc, outlen + inlen); 3638 if (!retval) 3639 return NULL; 3640 3641 if (outlen) { 3642 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST; 3643 outreq.param_hdr.length = htons(outlen); 3644 outreq.request_seq = htonl(asoc->strreset_outseq); 3645 outreq.response_seq = htonl(asoc->strreset_inseq - 1); 3646 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1); 3647 3648 sctp_addto_chunk(retval, sizeof(outreq), &outreq); 3649 3650 if (stream_len) 3651 sctp_addto_chunk(retval, stream_len, stream_list); 3652 } 3653 3654 if (inlen) { 3655 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST; 3656 inreq.param_hdr.length = htons(inlen); 3657 inreq.request_seq = htonl(asoc->strreset_outseq + out); 3658 3659 sctp_addto_chunk(retval, sizeof(inreq), &inreq); 3660 3661 if (stream_len) 3662 sctp_addto_chunk(retval, stream_len, stream_list); 3663 } 3664 3665 return retval; 3666 } 3667 3668 /* RE-CONFIG 4.3 (SSN/TSN RESET ALL) 3669 * 0 1 2 3 3670 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3671 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3672 * | Parameter Type = 15 | Parameter Length = 8 | 3673 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3674 * | Re-configuration Request Sequence Number | 3675 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3676 */ 3677 struct sctp_chunk *sctp_make_strreset_tsnreq( 3678 const struct sctp_association *asoc) 3679 { 3680 struct sctp_strreset_tsnreq tsnreq; 3681 __u16 length = sizeof(tsnreq); 3682 struct sctp_chunk *retval; 3683 3684 retval = sctp_make_reconf(asoc, length); 3685 if (!retval) 3686 return NULL; 3687 3688 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST; 3689 tsnreq.param_hdr.length = htons(length); 3690 tsnreq.request_seq = htonl(asoc->strreset_outseq); 3691 3692 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq); 3693 3694 return retval; 3695 } 3696 3697 /* RE-CONFIG 4.5/4.6 (ADD STREAM) 3698 * 0 1 2 3 3699 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3700 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3701 * | Parameter Type = 17 | Parameter Length = 12 | 3702 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3703 * | Re-configuration Request Sequence Number | 3704 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3705 * | Number of new streams | Reserved | 3706 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3707 */ 3708 struct sctp_chunk *sctp_make_strreset_addstrm( 3709 const struct sctp_association *asoc, 3710 __u16 out, __u16 in) 3711 { 3712 struct sctp_strreset_addstrm addstrm; 3713 __u16 size = sizeof(addstrm); 3714 struct sctp_chunk *retval; 3715 3716 retval = sctp_make_reconf(asoc, (!!out + !!in) * size); 3717 if (!retval) 3718 return NULL; 3719 3720 if (out) { 3721 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS; 3722 addstrm.param_hdr.length = htons(size); 3723 addstrm.number_of_streams = htons(out); 3724 addstrm.request_seq = htonl(asoc->strreset_outseq); 3725 addstrm.reserved = 0; 3726 3727 sctp_addto_chunk(retval, size, &addstrm); 3728 } 3729 3730 if (in) { 3731 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS; 3732 addstrm.param_hdr.length = htons(size); 3733 addstrm.number_of_streams = htons(in); 3734 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out); 3735 addstrm.reserved = 0; 3736 3737 sctp_addto_chunk(retval, size, &addstrm); 3738 } 3739 3740 return retval; 3741 } 3742 3743 /* RE-CONFIG 4.4 (RESP) 3744 * 0 1 2 3 3745 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3746 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3747 * | Parameter Type = 16 | Parameter Length | 3748 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3749 * | Re-configuration Response Sequence Number | 3750 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3751 * | Result | 3752 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3753 */ 3754 struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc, 3755 __u32 result, __u32 sn) 3756 { 3757 struct sctp_strreset_resp resp; 3758 __u16 length = sizeof(resp); 3759 struct sctp_chunk *retval; 3760 3761 retval = sctp_make_reconf(asoc, length); 3762 if (!retval) 3763 return NULL; 3764 3765 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3766 resp.param_hdr.length = htons(length); 3767 resp.response_seq = htonl(sn); 3768 resp.result = htonl(result); 3769 3770 sctp_addto_chunk(retval, sizeof(resp), &resp); 3771 3772 return retval; 3773 } 3774 3775 /* RE-CONFIG 4.4 OPTIONAL (TSNRESP) 3776 * 0 1 2 3 3777 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3778 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3779 * | Parameter Type = 16 | Parameter Length | 3780 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3781 * | Re-configuration Response Sequence Number | 3782 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3783 * | Result | 3784 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3785 * | Sender's Next TSN (optional) | 3786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3787 * | Receiver's Next TSN (optional) | 3788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3789 */ 3790 struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc, 3791 __u32 result, __u32 sn, 3792 __u32 sender_tsn, 3793 __u32 receiver_tsn) 3794 { 3795 struct sctp_strreset_resptsn tsnresp; 3796 __u16 length = sizeof(tsnresp); 3797 struct sctp_chunk *retval; 3798 3799 retval = sctp_make_reconf(asoc, length); 3800 if (!retval) 3801 return NULL; 3802 3803 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3804 tsnresp.param_hdr.length = htons(length); 3805 3806 tsnresp.response_seq = htonl(sn); 3807 tsnresp.result = htonl(result); 3808 tsnresp.senders_next_tsn = htonl(sender_tsn); 3809 tsnresp.receivers_next_tsn = htonl(receiver_tsn); 3810 3811 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp); 3812 3813 return retval; 3814 } 3815 3816 bool sctp_verify_reconf(const struct sctp_association *asoc, 3817 struct sctp_chunk *chunk, 3818 struct sctp_paramhdr **errp) 3819 { 3820 struct sctp_reconf_chunk *hdr; 3821 union sctp_params param; 3822 __be16 last = 0; 3823 __u16 cnt = 0; 3824 3825 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; 3826 sctp_walk_params(param, hdr, params) { 3827 __u16 length = ntohs(param.p->length); 3828 3829 *errp = param.p; 3830 if (cnt++ > 2) 3831 return false; 3832 switch (param.p->type) { 3833 case SCTP_PARAM_RESET_OUT_REQUEST: 3834 if (length < sizeof(struct sctp_strreset_outreq) || 3835 (last && last != SCTP_PARAM_RESET_RESPONSE && 3836 last != SCTP_PARAM_RESET_IN_REQUEST)) 3837 return false; 3838 break; 3839 case SCTP_PARAM_RESET_IN_REQUEST: 3840 if (length < sizeof(struct sctp_strreset_inreq) || 3841 (last && last != SCTP_PARAM_RESET_OUT_REQUEST)) 3842 return false; 3843 break; 3844 case SCTP_PARAM_RESET_RESPONSE: 3845 if ((length != sizeof(struct sctp_strreset_resp) && 3846 length != sizeof(struct sctp_strreset_resptsn)) || 3847 (last && last != SCTP_PARAM_RESET_RESPONSE && 3848 last != SCTP_PARAM_RESET_OUT_REQUEST)) 3849 return false; 3850 break; 3851 case SCTP_PARAM_RESET_TSN_REQUEST: 3852 if (length != 3853 sizeof(struct sctp_strreset_tsnreq) || last) 3854 return false; 3855 break; 3856 case SCTP_PARAM_RESET_ADD_IN_STREAMS: 3857 if (length != sizeof(struct sctp_strreset_addstrm) || 3858 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS)) 3859 return false; 3860 break; 3861 case SCTP_PARAM_RESET_ADD_OUT_STREAMS: 3862 if (length != sizeof(struct sctp_strreset_addstrm) || 3863 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS)) 3864 return false; 3865 break; 3866 default: 3867 return false; 3868 } 3869 3870 last = param.p->type; 3871 } 3872 3873 return true; 3874 } 3875