1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, see 27 * <http://www.gnu.org/licenses/>. 28 * 29 * Please send any bug reports or fixes you make to the 30 * email address(es): 31 * lksctp developers <linux-sctp@vger.kernel.org> 32 * 33 * Written or modified by: 34 * La Monte H.P. Yarroll <piggy@acm.org> 35 * Karl Knutson <karl@athena.chicago.il.us> 36 * C. Robin <chris@hundredacre.ac.uk> 37 * Jon Grimm <jgrimm@us.ibm.com> 38 * Xingang Guo <xingang.guo@intel.com> 39 * Dajiang Zhang <dajiang.zhang@nokia.com> 40 * Sridhar Samudrala <sri@us.ibm.com> 41 * Daisy Chang <daisyc@us.ibm.com> 42 * Ardelle Fan <ardelle.fan@intel.com> 43 * Kevin Gao <kevin.gao@intel.com> 44 */ 45 46 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 47 48 #include <linux/types.h> 49 #include <linux/kernel.h> 50 #include <linux/ip.h> 51 #include <linux/ipv6.h> 52 #include <linux/net.h> 53 #include <linux/inet.h> 54 #include <linux/scatterlist.h> 55 #include <linux/crypto.h> 56 #include <linux/slab.h> 57 #include <net/sock.h> 58 59 #include <linux/skbuff.h> 60 #include <linux/random.h> /* for get_random_bytes */ 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 65 __u8 type, __u8 flags, int paylen); 66 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 67 __u8 flags, int paylen); 68 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 69 __u8 type, __u8 flags, int paylen); 70 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 71 const struct sctp_association *asoc, 72 const struct sctp_chunk *init_chunk, 73 int *cookie_len, 74 const __u8 *raw_addrs, int addrs_len); 75 static int sctp_process_param(struct sctp_association *asoc, 76 union sctp_params param, 77 const union sctp_addr *peer_addr, 78 gfp_t gfp); 79 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 80 const void *data); 81 82 /* Control chunk destructor */ 83 static void sctp_control_release_owner(struct sk_buff *skb) 84 { 85 /*TODO: do memory release */ 86 } 87 88 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 89 { 90 struct sctp_association *asoc = chunk->asoc; 91 struct sk_buff *skb = chunk->skb; 92 93 /* TODO: properly account for control chunks. 94 * To do it right we'll need: 95 * 1) endpoint if association isn't known. 96 * 2) proper memory accounting. 97 * 98 * For now don't do anything for now. 99 */ 100 skb->sk = asoc ? asoc->base.sk : NULL; 101 skb->destructor = sctp_control_release_owner; 102 } 103 104 /* What was the inbound interface for this chunk? */ 105 int sctp_chunk_iif(const struct sctp_chunk *chunk) 106 { 107 struct sctp_af *af; 108 int iif = 0; 109 110 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 111 if (af) 112 iif = af->skb_iif(chunk->skb); 113 114 return iif; 115 } 116 117 /* RFC 2960 3.3.2 Initiation (INIT) (1) 118 * 119 * Note 2: The ECN capable field is reserved for future use of 120 * Explicit Congestion Notification. 121 */ 122 static const struct sctp_paramhdr ecap_param = { 123 SCTP_PARAM_ECN_CAPABLE, 124 cpu_to_be16(sizeof(struct sctp_paramhdr)), 125 }; 126 static const struct sctp_paramhdr prsctp_param = { 127 SCTP_PARAM_FWD_TSN_SUPPORT, 128 cpu_to_be16(sizeof(struct sctp_paramhdr)), 129 }; 130 131 /* A helper to initialize an op error inside a 132 * provided chunk, as most cause codes will be embedded inside an 133 * abort chunk. 134 */ 135 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 136 size_t paylen) 137 { 138 sctp_errhdr_t err; 139 __u16 len; 140 141 /* Cause code constants are now defined in network order. */ 142 err.cause = cause_code; 143 len = sizeof(sctp_errhdr_t) + paylen; 144 err.length = htons(len); 145 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 146 } 147 148 /* A helper to initialize an op error inside a 149 * provided chunk, as most cause codes will be embedded inside an 150 * abort chunk. Differs from sctp_init_cause in that it won't oops 151 * if there isn't enough space in the op error chunk 152 */ 153 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 154 size_t paylen) 155 { 156 sctp_errhdr_t err; 157 __u16 len; 158 159 /* Cause code constants are now defined in network order. */ 160 err.cause = cause_code; 161 len = sizeof(sctp_errhdr_t) + paylen; 162 err.length = htons(len); 163 164 if (skb_tailroom(chunk->skb) < len) 165 return -ENOSPC; 166 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 167 sizeof(sctp_errhdr_t), 168 &err); 169 return 0; 170 } 171 /* 3.3.2 Initiation (INIT) (1) 172 * 173 * This chunk is used to initiate a SCTP association between two 174 * endpoints. The format of the INIT chunk is shown below: 175 * 176 * 0 1 2 3 177 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 178 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 179 * | Type = 1 | Chunk Flags | Chunk Length | 180 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 * | Initiate Tag | 182 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 * | Advertised Receiver Window Credit (a_rwnd) | 184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 * | Number of Outbound Streams | Number of Inbound Streams | 186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 * | Initial TSN | 188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 * \ \ 190 * / Optional/Variable-Length Parameters / 191 * \ \ 192 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 * 194 * 195 * The INIT chunk contains the following parameters. Unless otherwise 196 * noted, each parameter MUST only be included once in the INIT chunk. 197 * 198 * Fixed Parameters Status 199 * ---------------------------------------------- 200 * Initiate Tag Mandatory 201 * Advertised Receiver Window Credit Mandatory 202 * Number of Outbound Streams Mandatory 203 * Number of Inbound Streams Mandatory 204 * Initial TSN Mandatory 205 * 206 * Variable Parameters Status Type Value 207 * ------------------------------------------------------------- 208 * IPv4 Address (Note 1) Optional 5 209 * IPv6 Address (Note 1) Optional 6 210 * Cookie Preservative Optional 9 211 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 212 * Host Name Address (Note 3) Optional 11 213 * Supported Address Types (Note 4) Optional 12 214 */ 215 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 216 const struct sctp_bind_addr *bp, 217 gfp_t gfp, int vparam_len) 218 { 219 struct net *net = sock_net(asoc->base.sk); 220 sctp_inithdr_t init; 221 union sctp_params addrs; 222 size_t chunksize; 223 struct sctp_chunk *retval = NULL; 224 int num_types, addrs_len = 0; 225 struct sctp_sock *sp; 226 sctp_supported_addrs_param_t sat; 227 __be16 types[2]; 228 sctp_adaptation_ind_param_t aiparam; 229 sctp_supported_ext_param_t ext_param; 230 int num_ext = 0; 231 __u8 extensions[3]; 232 sctp_paramhdr_t *auth_chunks = NULL, 233 *auth_hmacs = NULL; 234 235 /* RFC 2960 3.3.2 Initiation (INIT) (1) 236 * 237 * Note 1: The INIT chunks can contain multiple addresses that 238 * can be IPv4 and/or IPv6 in any combination. 239 */ 240 retval = NULL; 241 242 /* Convert the provided bind address list to raw format. */ 243 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 244 245 init.init_tag = htonl(asoc->c.my_vtag); 246 init.a_rwnd = htonl(asoc->rwnd); 247 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 248 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 249 init.initial_tsn = htonl(asoc->c.initial_tsn); 250 251 /* How many address types are needed? */ 252 sp = sctp_sk(asoc->base.sk); 253 num_types = sp->pf->supported_addrs(sp, types); 254 255 chunksize = sizeof(init) + addrs_len; 256 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 257 chunksize += sizeof(ecap_param); 258 259 if (net->sctp.prsctp_enable) 260 chunksize += sizeof(prsctp_param); 261 262 /* ADDIP: Section 4.2.7: 263 * An implementation supporting this extension [ADDIP] MUST list 264 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 265 * INIT-ACK parameters. 266 */ 267 if (net->sctp.addip_enable) { 268 extensions[num_ext] = SCTP_CID_ASCONF; 269 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 270 num_ext += 2; 271 } 272 273 if (sp->adaptation_ind) 274 chunksize += sizeof(aiparam); 275 276 chunksize += vparam_len; 277 278 /* Account for AUTH related parameters */ 279 if (net->sctp.auth_enable) { 280 /* Add random parameter length*/ 281 chunksize += sizeof(asoc->c.auth_random); 282 283 /* Add HMACS parameter length if any were defined */ 284 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 285 if (auth_hmacs->length) 286 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 287 else 288 auth_hmacs = NULL; 289 290 /* Add CHUNKS parameter length */ 291 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 292 if (auth_chunks->length) 293 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 294 else 295 auth_chunks = NULL; 296 297 extensions[num_ext] = SCTP_CID_AUTH; 298 num_ext += 1; 299 } 300 301 /* If we have any extensions to report, account for that */ 302 if (num_ext) 303 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 304 num_ext); 305 306 /* RFC 2960 3.3.2 Initiation (INIT) (1) 307 * 308 * Note 3: An INIT chunk MUST NOT contain more than one Host 309 * Name address parameter. Moreover, the sender of the INIT 310 * MUST NOT combine any other address types with the Host Name 311 * address in the INIT. The receiver of INIT MUST ignore any 312 * other address types if the Host Name address parameter is 313 * present in the received INIT chunk. 314 * 315 * PLEASE DO NOT FIXME [This version does not support Host Name.] 316 */ 317 318 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize); 319 if (!retval) 320 goto nodata; 321 322 retval->subh.init_hdr = 323 sctp_addto_chunk(retval, sizeof(init), &init); 324 retval->param_hdr.v = 325 sctp_addto_chunk(retval, addrs_len, addrs.v); 326 327 /* RFC 2960 3.3.2 Initiation (INIT) (1) 328 * 329 * Note 4: This parameter, when present, specifies all the 330 * address types the sending endpoint can support. The absence 331 * of this parameter indicates that the sending endpoint can 332 * support any address type. 333 */ 334 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 335 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 336 sctp_addto_chunk(retval, sizeof(sat), &sat); 337 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 338 339 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 340 341 /* Add the supported extensions parameter. Be nice and add this 342 * fist before addiding the parameters for the extensions themselves 343 */ 344 if (num_ext) { 345 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 346 ext_param.param_hdr.length = 347 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 348 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 349 &ext_param); 350 sctp_addto_param(retval, num_ext, extensions); 351 } 352 353 if (net->sctp.prsctp_enable) 354 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 355 356 if (sp->adaptation_ind) { 357 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 358 aiparam.param_hdr.length = htons(sizeof(aiparam)); 359 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 360 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 361 } 362 363 /* Add SCTP-AUTH chunks to the parameter list */ 364 if (net->sctp.auth_enable) { 365 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 366 asoc->c.auth_random); 367 if (auth_hmacs) 368 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 369 auth_hmacs); 370 if (auth_chunks) 371 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 372 auth_chunks); 373 } 374 nodata: 375 kfree(addrs.v); 376 return retval; 377 } 378 379 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 380 const struct sctp_chunk *chunk, 381 gfp_t gfp, int unkparam_len) 382 { 383 sctp_inithdr_t initack; 384 struct sctp_chunk *retval; 385 union sctp_params addrs; 386 struct sctp_sock *sp; 387 int addrs_len; 388 sctp_cookie_param_t *cookie; 389 int cookie_len; 390 size_t chunksize; 391 sctp_adaptation_ind_param_t aiparam; 392 sctp_supported_ext_param_t ext_param; 393 int num_ext = 0; 394 __u8 extensions[3]; 395 sctp_paramhdr_t *auth_chunks = NULL, 396 *auth_hmacs = NULL, 397 *auth_random = NULL; 398 399 retval = NULL; 400 401 /* Note: there may be no addresses to embed. */ 402 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 403 404 initack.init_tag = htonl(asoc->c.my_vtag); 405 initack.a_rwnd = htonl(asoc->rwnd); 406 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 407 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 408 initack.initial_tsn = htonl(asoc->c.initial_tsn); 409 410 /* FIXME: We really ought to build the cookie right 411 * into the packet instead of allocating more fresh memory. 412 */ 413 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 414 addrs.v, addrs_len); 415 if (!cookie) 416 goto nomem_cookie; 417 418 /* Calculate the total size of allocation, include the reserved 419 * space for reporting unknown parameters if it is specified. 420 */ 421 sp = sctp_sk(asoc->base.sk); 422 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 423 424 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 425 if (asoc->peer.ecn_capable) 426 chunksize += sizeof(ecap_param); 427 428 if (asoc->peer.prsctp_capable) 429 chunksize += sizeof(prsctp_param); 430 431 if (asoc->peer.asconf_capable) { 432 extensions[num_ext] = SCTP_CID_ASCONF; 433 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 434 num_ext += 2; 435 } 436 437 if (sp->adaptation_ind) 438 chunksize += sizeof(aiparam); 439 440 if (asoc->peer.auth_capable) { 441 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 442 chunksize += ntohs(auth_random->length); 443 444 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 445 if (auth_hmacs->length) 446 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 447 else 448 auth_hmacs = NULL; 449 450 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 451 if (auth_chunks->length) 452 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 453 else 454 auth_chunks = NULL; 455 456 extensions[num_ext] = SCTP_CID_AUTH; 457 num_ext += 1; 458 } 459 460 if (num_ext) 461 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 462 num_ext); 463 464 /* Now allocate and fill out the chunk. */ 465 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 466 if (!retval) 467 goto nomem_chunk; 468 469 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 470 * 471 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 472 * HEARTBEAT ACK, * etc.) to the same destination transport 473 * address from which it received the DATA or control chunk 474 * to which it is replying. 475 * 476 * [INIT ACK back to where the INIT came from.] 477 */ 478 retval->transport = chunk->transport; 479 480 retval->subh.init_hdr = 481 sctp_addto_chunk(retval, sizeof(initack), &initack); 482 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 483 sctp_addto_chunk(retval, cookie_len, cookie); 484 if (asoc->peer.ecn_capable) 485 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 486 if (num_ext) { 487 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 488 ext_param.param_hdr.length = 489 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 490 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 491 &ext_param); 492 sctp_addto_param(retval, num_ext, extensions); 493 } 494 if (asoc->peer.prsctp_capable) 495 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 496 497 if (sp->adaptation_ind) { 498 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 499 aiparam.param_hdr.length = htons(sizeof(aiparam)); 500 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 501 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 502 } 503 504 if (asoc->peer.auth_capable) { 505 sctp_addto_chunk(retval, ntohs(auth_random->length), 506 auth_random); 507 if (auth_hmacs) 508 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 509 auth_hmacs); 510 if (auth_chunks) 511 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 512 auth_chunks); 513 } 514 515 /* We need to remove the const qualifier at this point. */ 516 retval->asoc = (struct sctp_association *) asoc; 517 518 nomem_chunk: 519 kfree(cookie); 520 nomem_cookie: 521 kfree(addrs.v); 522 return retval; 523 } 524 525 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 526 * 527 * This chunk is used only during the initialization of an association. 528 * It is sent by the initiator of an association to its peer to complete 529 * the initialization process. This chunk MUST precede any DATA chunk 530 * sent within the association, but MAY be bundled with one or more DATA 531 * chunks in the same packet. 532 * 533 * 0 1 2 3 534 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 535 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 536 * | Type = 10 |Chunk Flags | Length | 537 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 538 * / Cookie / 539 * \ \ 540 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 * 542 * Chunk Flags: 8 bit 543 * 544 * Set to zero on transmit and ignored on receipt. 545 * 546 * Length: 16 bits (unsigned integer) 547 * 548 * Set to the size of the chunk in bytes, including the 4 bytes of 549 * the chunk header and the size of the Cookie. 550 * 551 * Cookie: variable size 552 * 553 * This field must contain the exact cookie received in the 554 * State Cookie parameter from the previous INIT ACK. 555 * 556 * An implementation SHOULD make the cookie as small as possible 557 * to insure interoperability. 558 */ 559 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 560 const struct sctp_chunk *chunk) 561 { 562 struct sctp_chunk *retval; 563 void *cookie; 564 int cookie_len; 565 566 cookie = asoc->peer.cookie; 567 cookie_len = asoc->peer.cookie_len; 568 569 /* Build a cookie echo chunk. */ 570 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 571 if (!retval) 572 goto nodata; 573 retval->subh.cookie_hdr = 574 sctp_addto_chunk(retval, cookie_len, cookie); 575 576 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 577 * 578 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 579 * HEARTBEAT ACK, * etc.) to the same destination transport 580 * address from which it * received the DATA or control chunk 581 * to which it is replying. 582 * 583 * [COOKIE ECHO back to where the INIT ACK came from.] 584 */ 585 if (chunk) 586 retval->transport = chunk->transport; 587 588 nodata: 589 return retval; 590 } 591 592 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 593 * 594 * This chunk is used only during the initialization of an 595 * association. It is used to acknowledge the receipt of a COOKIE 596 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 597 * within the association, but MAY be bundled with one or more DATA 598 * chunks or SACK chunk in the same SCTP packet. 599 * 600 * 0 1 2 3 601 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 602 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 603 * | Type = 11 |Chunk Flags | Length = 4 | 604 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 * 606 * Chunk Flags: 8 bits 607 * 608 * Set to zero on transmit and ignored on receipt. 609 */ 610 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 611 const struct sctp_chunk *chunk) 612 { 613 struct sctp_chunk *retval; 614 615 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 616 617 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 618 * 619 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 620 * HEARTBEAT ACK, * etc.) to the same destination transport 621 * address from which it * received the DATA or control chunk 622 * to which it is replying. 623 * 624 * [COOKIE ACK back to where the COOKIE ECHO came from.] 625 */ 626 if (retval && chunk) 627 retval->transport = chunk->transport; 628 629 return retval; 630 } 631 632 /* 633 * Appendix A: Explicit Congestion Notification: 634 * CWR: 635 * 636 * RFC 2481 details a specific bit for a sender to send in the header of 637 * its next outbound TCP segment to indicate to its peer that it has 638 * reduced its congestion window. This is termed the CWR bit. For 639 * SCTP the same indication is made by including the CWR chunk. 640 * This chunk contains one data element, i.e. the TSN number that 641 * was sent in the ECNE chunk. This element represents the lowest 642 * TSN number in the datagram that was originally marked with the 643 * CE bit. 644 * 645 * 0 1 2 3 646 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 647 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 648 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 649 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 650 * | Lowest TSN Number | 651 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 652 * 653 * Note: The CWR is considered a Control chunk. 654 */ 655 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 656 const __u32 lowest_tsn, 657 const struct sctp_chunk *chunk) 658 { 659 struct sctp_chunk *retval; 660 sctp_cwrhdr_t cwr; 661 662 cwr.lowest_tsn = htonl(lowest_tsn); 663 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 664 sizeof(sctp_cwrhdr_t)); 665 666 if (!retval) 667 goto nodata; 668 669 retval->subh.ecn_cwr_hdr = 670 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 671 672 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 673 * 674 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 675 * HEARTBEAT ACK, * etc.) to the same destination transport 676 * address from which it * received the DATA or control chunk 677 * to which it is replying. 678 * 679 * [Report a reduced congestion window back to where the ECNE 680 * came from.] 681 */ 682 if (chunk) 683 retval->transport = chunk->transport; 684 685 nodata: 686 return retval; 687 } 688 689 /* Make an ECNE chunk. This is a congestion experienced report. */ 690 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 691 const __u32 lowest_tsn) 692 { 693 struct sctp_chunk *retval; 694 sctp_ecnehdr_t ecne; 695 696 ecne.lowest_tsn = htonl(lowest_tsn); 697 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 698 sizeof(sctp_ecnehdr_t)); 699 if (!retval) 700 goto nodata; 701 retval->subh.ecne_hdr = 702 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 703 704 nodata: 705 return retval; 706 } 707 708 /* Make a DATA chunk for the given association from the provided 709 * parameters. However, do not populate the data payload. 710 */ 711 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 712 const struct sctp_sndrcvinfo *sinfo, 713 int data_len, __u8 flags, __u16 ssn) 714 { 715 struct sctp_chunk *retval; 716 struct sctp_datahdr dp; 717 int chunk_len; 718 719 /* We assign the TSN as LATE as possible, not here when 720 * creating the chunk. 721 */ 722 dp.tsn = 0; 723 dp.stream = htons(sinfo->sinfo_stream); 724 dp.ppid = sinfo->sinfo_ppid; 725 726 /* Set the flags for an unordered send. */ 727 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 728 flags |= SCTP_DATA_UNORDERED; 729 dp.ssn = 0; 730 } else 731 dp.ssn = htons(ssn); 732 733 chunk_len = sizeof(dp) + data_len; 734 retval = sctp_make_data(asoc, flags, chunk_len); 735 if (!retval) 736 goto nodata; 737 738 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 739 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 740 741 nodata: 742 return retval; 743 } 744 745 /* Create a selective ackowledgement (SACK) for the given 746 * association. This reports on which TSN's we've seen to date, 747 * including duplicates and gaps. 748 */ 749 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 750 { 751 struct sctp_chunk *retval; 752 struct sctp_sackhdr sack; 753 int len; 754 __u32 ctsn; 755 __u16 num_gabs, num_dup_tsns; 756 struct sctp_association *aptr = (struct sctp_association *)asoc; 757 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 758 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 759 struct sctp_transport *trans; 760 761 memset(gabs, 0, sizeof(gabs)); 762 ctsn = sctp_tsnmap_get_ctsn(map); 763 764 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 765 766 /* How much room is needed in the chunk? */ 767 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 768 num_dup_tsns = sctp_tsnmap_num_dups(map); 769 770 /* Initialize the SACK header. */ 771 sack.cum_tsn_ack = htonl(ctsn); 772 sack.a_rwnd = htonl(asoc->a_rwnd); 773 sack.num_gap_ack_blocks = htons(num_gabs); 774 sack.num_dup_tsns = htons(num_dup_tsns); 775 776 len = sizeof(sack) 777 + sizeof(struct sctp_gap_ack_block) * num_gabs 778 + sizeof(__u32) * num_dup_tsns; 779 780 /* Create the chunk. */ 781 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len); 782 if (!retval) 783 goto nodata; 784 785 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 786 * 787 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 788 * HEARTBEAT ACK, etc.) to the same destination transport 789 * address from which it received the DATA or control chunk to 790 * which it is replying. This rule should also be followed if 791 * the endpoint is bundling DATA chunks together with the 792 * reply chunk. 793 * 794 * However, when acknowledging multiple DATA chunks received 795 * in packets from different source addresses in a single 796 * SACK, the SACK chunk may be transmitted to one of the 797 * destination transport addresses from which the DATA or 798 * control chunks being acknowledged were received. 799 * 800 * [BUG: We do not implement the following paragraph. 801 * Perhaps we should remember the last transport we used for a 802 * SACK and avoid that (if possible) if we have seen any 803 * duplicates. --piggy] 804 * 805 * When a receiver of a duplicate DATA chunk sends a SACK to a 806 * multi- homed endpoint it MAY be beneficial to vary the 807 * destination address and not use the source address of the 808 * DATA chunk. The reason being that receiving a duplicate 809 * from a multi-homed endpoint might indicate that the return 810 * path (as specified in the source address of the DATA chunk) 811 * for the SACK is broken. 812 * 813 * [Send to the address from which we last received a DATA chunk.] 814 */ 815 retval->transport = asoc->peer.last_data_from; 816 817 retval->subh.sack_hdr = 818 sctp_addto_chunk(retval, sizeof(sack), &sack); 819 820 /* Add the gap ack block information. */ 821 if (num_gabs) 822 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 823 gabs); 824 825 /* Add the duplicate TSN information. */ 826 if (num_dup_tsns) { 827 aptr->stats.idupchunks += num_dup_tsns; 828 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 829 sctp_tsnmap_get_dups(map)); 830 } 831 /* Once we have a sack generated, check to see what our sack 832 * generation is, if its 0, reset the transports to 0, and reset 833 * the association generation to 1 834 * 835 * The idea is that zero is never used as a valid generation for the 836 * association so no transport will match after a wrap event like this, 837 * Until the next sack 838 */ 839 if (++aptr->peer.sack_generation == 0) { 840 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 841 transports) 842 trans->sack_generation = 0; 843 aptr->peer.sack_generation = 1; 844 } 845 nodata: 846 return retval; 847 } 848 849 /* Make a SHUTDOWN chunk. */ 850 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 851 const struct sctp_chunk *chunk) 852 { 853 struct sctp_chunk *retval; 854 sctp_shutdownhdr_t shut; 855 __u32 ctsn; 856 857 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 858 shut.cum_tsn_ack = htonl(ctsn); 859 860 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 861 sizeof(sctp_shutdownhdr_t)); 862 if (!retval) 863 goto nodata; 864 865 retval->subh.shutdown_hdr = 866 sctp_addto_chunk(retval, sizeof(shut), &shut); 867 868 if (chunk) 869 retval->transport = chunk->transport; 870 nodata: 871 return retval; 872 } 873 874 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 875 const struct sctp_chunk *chunk) 876 { 877 struct sctp_chunk *retval; 878 879 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 880 881 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 882 * 883 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 884 * HEARTBEAT ACK, * etc.) to the same destination transport 885 * address from which it * received the DATA or control chunk 886 * to which it is replying. 887 * 888 * [ACK back to where the SHUTDOWN came from.] 889 */ 890 if (retval && chunk) 891 retval->transport = chunk->transport; 892 893 return retval; 894 } 895 896 struct sctp_chunk *sctp_make_shutdown_complete( 897 const struct sctp_association *asoc, 898 const struct sctp_chunk *chunk) 899 { 900 struct sctp_chunk *retval; 901 __u8 flags = 0; 902 903 /* Set the T-bit if we have no association (vtag will be 904 * reflected) 905 */ 906 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 907 908 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 909 910 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 911 * 912 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 913 * HEARTBEAT ACK, * etc.) to the same destination transport 914 * address from which it * received the DATA or control chunk 915 * to which it is replying. 916 * 917 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 918 * came from.] 919 */ 920 if (retval && chunk) 921 retval->transport = chunk->transport; 922 923 return retval; 924 } 925 926 /* Create an ABORT. Note that we set the T bit if we have no 927 * association, except when responding to an INIT (sctpimpguide 2.41). 928 */ 929 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 930 const struct sctp_chunk *chunk, 931 const size_t hint) 932 { 933 struct sctp_chunk *retval; 934 __u8 flags = 0; 935 936 /* Set the T-bit if we have no association and 'chunk' is not 937 * an INIT (vtag will be reflected). 938 */ 939 if (!asoc) { 940 if (chunk && chunk->chunk_hdr && 941 chunk->chunk_hdr->type == SCTP_CID_INIT) 942 flags = 0; 943 else 944 flags = SCTP_CHUNK_FLAG_T; 945 } 946 947 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint); 948 949 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 950 * 951 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 952 * HEARTBEAT ACK, * etc.) to the same destination transport 953 * address from which it * received the DATA or control chunk 954 * to which it is replying. 955 * 956 * [ABORT back to where the offender came from.] 957 */ 958 if (retval && chunk) 959 retval->transport = chunk->transport; 960 961 return retval; 962 } 963 964 /* Helper to create ABORT with a NO_USER_DATA error. */ 965 struct sctp_chunk *sctp_make_abort_no_data( 966 const struct sctp_association *asoc, 967 const struct sctp_chunk *chunk, __u32 tsn) 968 { 969 struct sctp_chunk *retval; 970 __be32 payload; 971 972 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 973 + sizeof(tsn)); 974 975 if (!retval) 976 goto no_mem; 977 978 /* Put the tsn back into network byte order. */ 979 payload = htonl(tsn); 980 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 981 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 982 983 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 984 * 985 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 986 * HEARTBEAT ACK, * etc.) to the same destination transport 987 * address from which it * received the DATA or control chunk 988 * to which it is replying. 989 * 990 * [ABORT back to where the offender came from.] 991 */ 992 if (chunk) 993 retval->transport = chunk->transport; 994 995 no_mem: 996 return retval; 997 } 998 999 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1000 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1001 const struct msghdr *msg, 1002 size_t paylen) 1003 { 1004 struct sctp_chunk *retval; 1005 void *payload = NULL; 1006 int err; 1007 1008 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 1009 if (!retval) 1010 goto err_chunk; 1011 1012 if (paylen) { 1013 /* Put the msg_iov together into payload. */ 1014 payload = kmalloc(paylen, GFP_KERNEL); 1015 if (!payload) 1016 goto err_payload; 1017 1018 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 1019 if (err < 0) 1020 goto err_copy; 1021 } 1022 1023 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1024 sctp_addto_chunk(retval, paylen, payload); 1025 1026 if (paylen) 1027 kfree(payload); 1028 1029 return retval; 1030 1031 err_copy: 1032 kfree(payload); 1033 err_payload: 1034 sctp_chunk_free(retval); 1035 retval = NULL; 1036 err_chunk: 1037 return retval; 1038 } 1039 1040 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1041 * enough. 1042 */ 1043 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1044 const void *data) 1045 { 1046 void *target; 1047 int chunklen = ntohs(chunk->chunk_hdr->length); 1048 1049 target = skb_put(chunk->skb, len); 1050 1051 if (data) 1052 memcpy(target, data, len); 1053 else 1054 memset(target, 0, len); 1055 1056 /* Adjust the chunk length field. */ 1057 chunk->chunk_hdr->length = htons(chunklen + len); 1058 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1059 1060 return target; 1061 } 1062 1063 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1064 struct sctp_chunk *sctp_make_abort_violation( 1065 const struct sctp_association *asoc, 1066 const struct sctp_chunk *chunk, 1067 const __u8 *payload, 1068 const size_t paylen) 1069 { 1070 struct sctp_chunk *retval; 1071 struct sctp_paramhdr phdr; 1072 1073 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1074 + sizeof(sctp_paramhdr_t)); 1075 if (!retval) 1076 goto end; 1077 1078 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1079 + sizeof(sctp_paramhdr_t)); 1080 1081 phdr.type = htons(chunk->chunk_hdr->type); 1082 phdr.length = chunk->chunk_hdr->length; 1083 sctp_addto_chunk(retval, paylen, payload); 1084 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1085 1086 end: 1087 return retval; 1088 } 1089 1090 struct sctp_chunk *sctp_make_violation_paramlen( 1091 const struct sctp_association *asoc, 1092 const struct sctp_chunk *chunk, 1093 struct sctp_paramhdr *param) 1094 { 1095 struct sctp_chunk *retval; 1096 static const char error[] = "The following parameter had invalid length:"; 1097 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1098 sizeof(sctp_paramhdr_t); 1099 1100 retval = sctp_make_abort(asoc, chunk, payload_len); 1101 if (!retval) 1102 goto nodata; 1103 1104 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1105 sizeof(error) + sizeof(sctp_paramhdr_t)); 1106 sctp_addto_chunk(retval, sizeof(error), error); 1107 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1108 1109 nodata: 1110 return retval; 1111 } 1112 1113 struct sctp_chunk *sctp_make_violation_max_retrans( 1114 const struct sctp_association *asoc, 1115 const struct sctp_chunk *chunk) 1116 { 1117 struct sctp_chunk *retval; 1118 static const char error[] = "Association exceeded its max_retans count"; 1119 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1120 1121 retval = sctp_make_abort(asoc, chunk, payload_len); 1122 if (!retval) 1123 goto nodata; 1124 1125 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1126 sctp_addto_chunk(retval, sizeof(error), error); 1127 1128 nodata: 1129 return retval; 1130 } 1131 1132 /* Make a HEARTBEAT chunk. */ 1133 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1134 const struct sctp_transport *transport) 1135 { 1136 struct sctp_chunk *retval; 1137 sctp_sender_hb_info_t hbinfo; 1138 1139 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo)); 1140 1141 if (!retval) 1142 goto nodata; 1143 1144 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1145 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1146 hbinfo.daddr = transport->ipaddr; 1147 hbinfo.sent_at = jiffies; 1148 hbinfo.hb_nonce = transport->hb_nonce; 1149 1150 /* Cast away the 'const', as this is just telling the chunk 1151 * what transport it belongs to. 1152 */ 1153 retval->transport = (struct sctp_transport *) transport; 1154 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1155 &hbinfo); 1156 1157 nodata: 1158 return retval; 1159 } 1160 1161 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1162 const struct sctp_chunk *chunk, 1163 const void *payload, const size_t paylen) 1164 { 1165 struct sctp_chunk *retval; 1166 1167 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1168 if (!retval) 1169 goto nodata; 1170 1171 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1172 1173 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1174 * 1175 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1176 * HEARTBEAT ACK, * etc.) to the same destination transport 1177 * address from which it * received the DATA or control chunk 1178 * to which it is replying. 1179 * 1180 * [HBACK back to where the HEARTBEAT came from.] 1181 */ 1182 if (chunk) 1183 retval->transport = chunk->transport; 1184 1185 nodata: 1186 return retval; 1187 } 1188 1189 /* Create an Operation Error chunk with the specified space reserved. 1190 * This routine can be used for containing multiple causes in the chunk. 1191 */ 1192 static struct sctp_chunk *sctp_make_op_error_space( 1193 const struct sctp_association *asoc, 1194 const struct sctp_chunk *chunk, 1195 size_t size) 1196 { 1197 struct sctp_chunk *retval; 1198 1199 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1200 sizeof(sctp_errhdr_t) + size); 1201 if (!retval) 1202 goto nodata; 1203 1204 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1205 * 1206 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1207 * HEARTBEAT ACK, etc.) to the same destination transport 1208 * address from which it received the DATA or control chunk 1209 * to which it is replying. 1210 * 1211 */ 1212 if (chunk) 1213 retval->transport = chunk->transport; 1214 1215 nodata: 1216 return retval; 1217 } 1218 1219 /* Create an Operation Error chunk of a fixed size, 1220 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1221 * This is a helper function to allocate an error chunk for 1222 * for those invalid parameter codes in which we may not want 1223 * to report all the errors, if the incoming chunk is large 1224 */ 1225 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1226 const struct sctp_association *asoc, 1227 const struct sctp_chunk *chunk) 1228 { 1229 size_t size = asoc ? asoc->pathmtu : 0; 1230 1231 if (!size) 1232 size = SCTP_DEFAULT_MAXSEGMENT; 1233 1234 return sctp_make_op_error_space(asoc, chunk, size); 1235 } 1236 1237 /* Create an Operation Error chunk. */ 1238 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1239 const struct sctp_chunk *chunk, 1240 __be16 cause_code, const void *payload, 1241 size_t paylen, size_t reserve_tail) 1242 { 1243 struct sctp_chunk *retval; 1244 1245 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1246 if (!retval) 1247 goto nodata; 1248 1249 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1250 sctp_addto_chunk(retval, paylen, payload); 1251 if (reserve_tail) 1252 sctp_addto_param(retval, reserve_tail, NULL); 1253 1254 nodata: 1255 return retval; 1256 } 1257 1258 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1259 { 1260 struct sctp_chunk *retval; 1261 struct sctp_hmac *hmac_desc; 1262 struct sctp_authhdr auth_hdr; 1263 __u8 *hmac; 1264 1265 /* Get the first hmac that the peer told us to use */ 1266 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1267 if (unlikely(!hmac_desc)) 1268 return NULL; 1269 1270 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1271 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1272 if (!retval) 1273 return NULL; 1274 1275 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1276 auth_hdr.shkey_id = htons(asoc->active_key_id); 1277 1278 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1279 &auth_hdr); 1280 1281 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1282 memset(hmac, 0, hmac_desc->hmac_len); 1283 1284 /* Adjust the chunk header to include the empty MAC */ 1285 retval->chunk_hdr->length = 1286 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1287 retval->chunk_end = skb_tail_pointer(retval->skb); 1288 1289 return retval; 1290 } 1291 1292 1293 /******************************************************************** 1294 * 2nd Level Abstractions 1295 ********************************************************************/ 1296 1297 /* Turn an skb into a chunk. 1298 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1299 * 1300 * sctpimpguide-05.txt Section 2.8.2 1301 * M1) Each time a new DATA chunk is transmitted 1302 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1303 * 'TSN.Missing.Report' count will be used to determine missing chunks 1304 * and when to fast retransmit. 1305 * 1306 */ 1307 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1308 const struct sctp_association *asoc, 1309 struct sock *sk) 1310 { 1311 struct sctp_chunk *retval; 1312 1313 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1314 1315 if (!retval) 1316 goto nodata; 1317 if (!sk) 1318 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1319 1320 INIT_LIST_HEAD(&retval->list); 1321 retval->skb = skb; 1322 retval->asoc = (struct sctp_association *)asoc; 1323 retval->singleton = 1; 1324 1325 retval->fast_retransmit = SCTP_CAN_FRTX; 1326 1327 /* Polish the bead hole. */ 1328 INIT_LIST_HEAD(&retval->transmitted_list); 1329 INIT_LIST_HEAD(&retval->frag_list); 1330 SCTP_DBG_OBJCNT_INC(chunk); 1331 atomic_set(&retval->refcnt, 1); 1332 1333 nodata: 1334 return retval; 1335 } 1336 1337 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1338 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1339 union sctp_addr *dest) 1340 { 1341 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1342 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1343 } 1344 1345 /* Extract the source address from a chunk. */ 1346 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1347 { 1348 /* If we have a known transport, use that. */ 1349 if (chunk->transport) { 1350 return &chunk->transport->ipaddr; 1351 } else { 1352 /* Otherwise, extract it from the IP header. */ 1353 return &chunk->source; 1354 } 1355 } 1356 1357 /* Create a new chunk, setting the type and flags headers from the 1358 * arguments, reserving enough space for a 'paylen' byte payload. 1359 */ 1360 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1361 __u8 type, __u8 flags, int paylen) 1362 { 1363 struct sctp_chunk *retval; 1364 sctp_chunkhdr_t *chunk_hdr; 1365 struct sk_buff *skb; 1366 struct sock *sk; 1367 1368 /* No need to allocate LL here, as this is only a chunk. */ 1369 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1370 GFP_ATOMIC); 1371 if (!skb) 1372 goto nodata; 1373 1374 /* Make room for the chunk header. */ 1375 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1376 chunk_hdr->type = type; 1377 chunk_hdr->flags = flags; 1378 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1379 1380 sk = asoc ? asoc->base.sk : NULL; 1381 retval = sctp_chunkify(skb, asoc, sk); 1382 if (!retval) { 1383 kfree_skb(skb); 1384 goto nodata; 1385 } 1386 1387 retval->chunk_hdr = chunk_hdr; 1388 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1389 1390 /* Determine if the chunk needs to be authenticated */ 1391 if (sctp_auth_send_cid(type, asoc)) 1392 retval->auth = 1; 1393 1394 return retval; 1395 nodata: 1396 return NULL; 1397 } 1398 1399 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1400 __u8 flags, int paylen) 1401 { 1402 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen); 1403 } 1404 1405 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1406 __u8 type, __u8 flags, int paylen) 1407 { 1408 struct sctp_chunk *chunk = _sctp_make_chunk(asoc, type, flags, paylen); 1409 1410 if (chunk) 1411 sctp_control_set_owner_w(chunk); 1412 1413 return chunk; 1414 } 1415 1416 /* Release the memory occupied by a chunk. */ 1417 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1418 { 1419 BUG_ON(!list_empty(&chunk->list)); 1420 list_del_init(&chunk->transmitted_list); 1421 1422 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1423 dev_kfree_skb(chunk->skb); 1424 1425 SCTP_DBG_OBJCNT_DEC(chunk); 1426 kmem_cache_free(sctp_chunk_cachep, chunk); 1427 } 1428 1429 /* Possibly, free the chunk. */ 1430 void sctp_chunk_free(struct sctp_chunk *chunk) 1431 { 1432 /* Release our reference on the message tracker. */ 1433 if (chunk->msg) 1434 sctp_datamsg_put(chunk->msg); 1435 1436 sctp_chunk_put(chunk); 1437 } 1438 1439 /* Grab a reference to the chunk. */ 1440 void sctp_chunk_hold(struct sctp_chunk *ch) 1441 { 1442 atomic_inc(&ch->refcnt); 1443 } 1444 1445 /* Release a reference to the chunk. */ 1446 void sctp_chunk_put(struct sctp_chunk *ch) 1447 { 1448 if (atomic_dec_and_test(&ch->refcnt)) 1449 sctp_chunk_destroy(ch); 1450 } 1451 1452 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1453 * enough. 1454 */ 1455 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1456 { 1457 void *target; 1458 void *padding; 1459 int chunklen = ntohs(chunk->chunk_hdr->length); 1460 int padlen = WORD_ROUND(chunklen) - chunklen; 1461 1462 padding = skb_put(chunk->skb, padlen); 1463 target = skb_put(chunk->skb, len); 1464 1465 memset(padding, 0, padlen); 1466 memcpy(target, data, len); 1467 1468 /* Adjust the chunk length field. */ 1469 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1470 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1471 1472 return target; 1473 } 1474 1475 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1476 * space in the chunk 1477 */ 1478 void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1479 int len, const void *data) 1480 { 1481 if (skb_tailroom(chunk->skb) >= len) 1482 return sctp_addto_chunk(chunk, len, data); 1483 else 1484 return NULL; 1485 } 1486 1487 /* Append bytes from user space to the end of a chunk. Will panic if 1488 * chunk is not big enough. 1489 * Returns a kernel err value. 1490 */ 1491 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1492 struct iovec *data) 1493 { 1494 __u8 *target; 1495 int err = 0; 1496 1497 /* Make room in chunk for data. */ 1498 target = skb_put(chunk->skb, len); 1499 1500 /* Copy data (whole iovec) into chunk */ 1501 if ((err = memcpy_fromiovecend(target, data, off, len))) 1502 goto out; 1503 1504 /* Adjust the chunk length field. */ 1505 chunk->chunk_hdr->length = 1506 htons(ntohs(chunk->chunk_hdr->length) + len); 1507 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1508 1509 out: 1510 return err; 1511 } 1512 1513 /* Helper function to assign a TSN if needed. This assumes that both 1514 * the data_hdr and association have already been assigned. 1515 */ 1516 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1517 { 1518 struct sctp_datamsg *msg; 1519 struct sctp_chunk *lchunk; 1520 struct sctp_stream *stream; 1521 __u16 ssn; 1522 __u16 sid; 1523 1524 if (chunk->has_ssn) 1525 return; 1526 1527 /* All fragments will be on the same stream */ 1528 sid = ntohs(chunk->subh.data_hdr->stream); 1529 stream = &chunk->asoc->ssnmap->out; 1530 1531 /* Now assign the sequence number to the entire message. 1532 * All fragments must have the same stream sequence number. 1533 */ 1534 msg = chunk->msg; 1535 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1536 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1537 ssn = 0; 1538 } else { 1539 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1540 ssn = sctp_ssn_next(stream, sid); 1541 else 1542 ssn = sctp_ssn_peek(stream, sid); 1543 } 1544 1545 lchunk->subh.data_hdr->ssn = htons(ssn); 1546 lchunk->has_ssn = 1; 1547 } 1548 } 1549 1550 /* Helper function to assign a TSN if needed. This assumes that both 1551 * the data_hdr and association have already been assigned. 1552 */ 1553 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1554 { 1555 if (!chunk->has_tsn) { 1556 /* This is the last possible instant to 1557 * assign a TSN. 1558 */ 1559 chunk->subh.data_hdr->tsn = 1560 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1561 chunk->has_tsn = 1; 1562 } 1563 } 1564 1565 /* Create a CLOSED association to use with an incoming packet. */ 1566 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1567 struct sctp_chunk *chunk, 1568 gfp_t gfp) 1569 { 1570 struct sctp_association *asoc; 1571 struct sk_buff *skb; 1572 sctp_scope_t scope; 1573 struct sctp_af *af; 1574 1575 /* Create the bare association. */ 1576 scope = sctp_scope(sctp_source(chunk)); 1577 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1578 if (!asoc) 1579 goto nodata; 1580 asoc->temp = 1; 1581 skb = chunk->skb; 1582 /* Create an entry for the source address of the packet. */ 1583 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1584 if (unlikely(!af)) 1585 goto fail; 1586 af->from_skb(&asoc->c.peer_addr, skb, 1); 1587 nodata: 1588 return asoc; 1589 1590 fail: 1591 sctp_association_free(asoc); 1592 return NULL; 1593 } 1594 1595 /* Build a cookie representing asoc. 1596 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1597 */ 1598 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1599 const struct sctp_association *asoc, 1600 const struct sctp_chunk *init_chunk, 1601 int *cookie_len, 1602 const __u8 *raw_addrs, int addrs_len) 1603 { 1604 sctp_cookie_param_t *retval; 1605 struct sctp_signed_cookie *cookie; 1606 struct scatterlist sg; 1607 int headersize, bodysize; 1608 1609 /* Header size is static data prior to the actual cookie, including 1610 * any padding. 1611 */ 1612 headersize = sizeof(sctp_paramhdr_t) + 1613 (sizeof(struct sctp_signed_cookie) - 1614 sizeof(struct sctp_cookie)); 1615 bodysize = sizeof(struct sctp_cookie) 1616 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1617 1618 /* Pad out the cookie to a multiple to make the signature 1619 * functions simpler to write. 1620 */ 1621 if (bodysize % SCTP_COOKIE_MULTIPLE) 1622 bodysize += SCTP_COOKIE_MULTIPLE 1623 - (bodysize % SCTP_COOKIE_MULTIPLE); 1624 *cookie_len = headersize + bodysize; 1625 1626 /* Clear this memory since we are sending this data structure 1627 * out on the network. 1628 */ 1629 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1630 if (!retval) 1631 goto nodata; 1632 1633 cookie = (struct sctp_signed_cookie *) retval->body; 1634 1635 /* Set up the parameter header. */ 1636 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1637 retval->p.length = htons(*cookie_len); 1638 1639 /* Copy the cookie part of the association itself. */ 1640 cookie->c = asoc->c; 1641 /* Save the raw address list length in the cookie. */ 1642 cookie->c.raw_addr_list_len = addrs_len; 1643 1644 /* Remember PR-SCTP capability. */ 1645 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1646 1647 /* Save adaptation indication in the cookie. */ 1648 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1649 1650 /* Set an expiration time for the cookie. */ 1651 cookie->c.expiration = ktime_add(asoc->cookie_life, 1652 ktime_get()); 1653 1654 /* Copy the peer's init packet. */ 1655 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1656 ntohs(init_chunk->chunk_hdr->length)); 1657 1658 /* Copy the raw local address list of the association. */ 1659 memcpy((__u8 *)&cookie->c.peer_init[0] + 1660 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1661 1662 if (sctp_sk(ep->base.sk)->hmac) { 1663 struct hash_desc desc; 1664 1665 /* Sign the message. */ 1666 sg_init_one(&sg, &cookie->c, bodysize); 1667 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1668 desc.flags = 0; 1669 1670 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1671 sizeof(ep->secret_key)) || 1672 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1673 goto free_cookie; 1674 } 1675 1676 return retval; 1677 1678 free_cookie: 1679 kfree(retval); 1680 nodata: 1681 *cookie_len = 0; 1682 return NULL; 1683 } 1684 1685 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1686 struct sctp_association *sctp_unpack_cookie( 1687 const struct sctp_endpoint *ep, 1688 const struct sctp_association *asoc, 1689 struct sctp_chunk *chunk, gfp_t gfp, 1690 int *error, struct sctp_chunk **errp) 1691 { 1692 struct sctp_association *retval = NULL; 1693 struct sctp_signed_cookie *cookie; 1694 struct sctp_cookie *bear_cookie; 1695 int headersize, bodysize, fixed_size; 1696 __u8 *digest = ep->digest; 1697 struct scatterlist sg; 1698 unsigned int len; 1699 sctp_scope_t scope; 1700 struct sk_buff *skb = chunk->skb; 1701 ktime_t kt; 1702 struct hash_desc desc; 1703 1704 /* Header size is static data prior to the actual cookie, including 1705 * any padding. 1706 */ 1707 headersize = sizeof(sctp_chunkhdr_t) + 1708 (sizeof(struct sctp_signed_cookie) - 1709 sizeof(struct sctp_cookie)); 1710 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1711 fixed_size = headersize + sizeof(struct sctp_cookie); 1712 1713 /* Verify that the chunk looks like it even has a cookie. 1714 * There must be enough room for our cookie and our peer's 1715 * INIT chunk. 1716 */ 1717 len = ntohs(chunk->chunk_hdr->length); 1718 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1719 goto malformed; 1720 1721 /* Verify that the cookie has been padded out. */ 1722 if (bodysize % SCTP_COOKIE_MULTIPLE) 1723 goto malformed; 1724 1725 /* Process the cookie. */ 1726 cookie = chunk->subh.cookie_hdr; 1727 bear_cookie = &cookie->c; 1728 1729 if (!sctp_sk(ep->base.sk)->hmac) 1730 goto no_hmac; 1731 1732 /* Check the signature. */ 1733 sg_init_one(&sg, bear_cookie, bodysize); 1734 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1735 desc.flags = 0; 1736 1737 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1738 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1739 sizeof(ep->secret_key)) || 1740 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1741 *error = -SCTP_IERROR_NOMEM; 1742 goto fail; 1743 } 1744 1745 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1746 *error = -SCTP_IERROR_BAD_SIG; 1747 goto fail; 1748 } 1749 1750 no_hmac: 1751 /* IG Section 2.35.2: 1752 * 3) Compare the port numbers and the verification tag contained 1753 * within the COOKIE ECHO chunk to the actual port numbers and the 1754 * verification tag within the SCTP common header of the received 1755 * packet. If these values do not match the packet MUST be silently 1756 * discarded, 1757 */ 1758 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1759 *error = -SCTP_IERROR_BAD_TAG; 1760 goto fail; 1761 } 1762 1763 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1764 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1765 *error = -SCTP_IERROR_BAD_PORTS; 1766 goto fail; 1767 } 1768 1769 /* Check to see if the cookie is stale. If there is already 1770 * an association, there is no need to check cookie's expiration 1771 * for init collision case of lost COOKIE ACK. 1772 * If skb has been timestamped, then use the stamp, otherwise 1773 * use current time. This introduces a small possibility that 1774 * that a cookie may be considered expired, but his would only slow 1775 * down the new association establishment instead of every packet. 1776 */ 1777 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1778 kt = skb_get_ktime(skb); 1779 else 1780 kt = ktime_get(); 1781 1782 if (!asoc && ktime_compare(bear_cookie->expiration, kt) < 0) { 1783 /* 1784 * Section 3.3.10.3 Stale Cookie Error (3) 1785 * 1786 * Cause of error 1787 * --------------- 1788 * Stale Cookie Error: Indicates the receipt of a valid State 1789 * Cookie that has expired. 1790 */ 1791 len = ntohs(chunk->chunk_hdr->length); 1792 *errp = sctp_make_op_error_space(asoc, chunk, len); 1793 if (*errp) { 1794 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1795 __be32 n = htonl(usecs); 1796 1797 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1798 sizeof(n)); 1799 sctp_addto_chunk(*errp, sizeof(n), &n); 1800 *error = -SCTP_IERROR_STALE_COOKIE; 1801 } else 1802 *error = -SCTP_IERROR_NOMEM; 1803 1804 goto fail; 1805 } 1806 1807 /* Make a new base association. */ 1808 scope = sctp_scope(sctp_source(chunk)); 1809 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1810 if (!retval) { 1811 *error = -SCTP_IERROR_NOMEM; 1812 goto fail; 1813 } 1814 1815 /* Set up our peer's port number. */ 1816 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1817 1818 /* Populate the association from the cookie. */ 1819 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1820 1821 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1822 GFP_ATOMIC) < 0) { 1823 *error = -SCTP_IERROR_NOMEM; 1824 goto fail; 1825 } 1826 1827 /* Also, add the destination address. */ 1828 if (list_empty(&retval->base.bind_addr.address_list)) { 1829 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1830 SCTP_ADDR_SRC, GFP_ATOMIC); 1831 } 1832 1833 retval->next_tsn = retval->c.initial_tsn; 1834 retval->ctsn_ack_point = retval->next_tsn - 1; 1835 retval->addip_serial = retval->c.initial_tsn; 1836 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1837 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1838 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1839 1840 /* The INIT stuff will be done by the side effects. */ 1841 return retval; 1842 1843 fail: 1844 if (retval) 1845 sctp_association_free(retval); 1846 1847 return NULL; 1848 1849 malformed: 1850 /* Yikes! The packet is either corrupt or deliberately 1851 * malformed. 1852 */ 1853 *error = -SCTP_IERROR_MALFORMED; 1854 goto fail; 1855 } 1856 1857 /******************************************************************** 1858 * 3rd Level Abstractions 1859 ********************************************************************/ 1860 1861 struct __sctp_missing { 1862 __be32 num_missing; 1863 __be16 type; 1864 } __packed; 1865 1866 /* 1867 * Report a missing mandatory parameter. 1868 */ 1869 static int sctp_process_missing_param(const struct sctp_association *asoc, 1870 sctp_param_t paramtype, 1871 struct sctp_chunk *chunk, 1872 struct sctp_chunk **errp) 1873 { 1874 struct __sctp_missing report; 1875 __u16 len; 1876 1877 len = WORD_ROUND(sizeof(report)); 1878 1879 /* Make an ERROR chunk, preparing enough room for 1880 * returning multiple unknown parameters. 1881 */ 1882 if (!*errp) 1883 *errp = sctp_make_op_error_space(asoc, chunk, len); 1884 1885 if (*errp) { 1886 report.num_missing = htonl(1); 1887 report.type = paramtype; 1888 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1889 sizeof(report)); 1890 sctp_addto_chunk(*errp, sizeof(report), &report); 1891 } 1892 1893 /* Stop processing this chunk. */ 1894 return 0; 1895 } 1896 1897 /* Report an Invalid Mandatory Parameter. */ 1898 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1899 struct sctp_chunk *chunk, 1900 struct sctp_chunk **errp) 1901 { 1902 /* Invalid Mandatory Parameter Error has no payload. */ 1903 1904 if (!*errp) 1905 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1906 1907 if (*errp) 1908 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1909 1910 /* Stop processing this chunk. */ 1911 return 0; 1912 } 1913 1914 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1915 struct sctp_paramhdr *param, 1916 const struct sctp_chunk *chunk, 1917 struct sctp_chunk **errp) 1918 { 1919 /* This is a fatal error. Any accumulated non-fatal errors are 1920 * not reported. 1921 */ 1922 if (*errp) 1923 sctp_chunk_free(*errp); 1924 1925 /* Create an error chunk and fill it in with our payload. */ 1926 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1927 1928 return 0; 1929 } 1930 1931 1932 /* Do not attempt to handle the HOST_NAME parm. However, do 1933 * send back an indicator to the peer. 1934 */ 1935 static int sctp_process_hn_param(const struct sctp_association *asoc, 1936 union sctp_params param, 1937 struct sctp_chunk *chunk, 1938 struct sctp_chunk **errp) 1939 { 1940 __u16 len = ntohs(param.p->length); 1941 1942 /* Processing of the HOST_NAME parameter will generate an 1943 * ABORT. If we've accumulated any non-fatal errors, they 1944 * would be unrecognized parameters and we should not include 1945 * them in the ABORT. 1946 */ 1947 if (*errp) 1948 sctp_chunk_free(*errp); 1949 1950 *errp = sctp_make_op_error_space(asoc, chunk, len); 1951 1952 if (*errp) { 1953 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1954 sctp_addto_chunk(*errp, len, param.v); 1955 } 1956 1957 /* Stop processing this chunk. */ 1958 return 0; 1959 } 1960 1961 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1962 { 1963 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1964 int have_auth = 0; 1965 int have_asconf = 0; 1966 int i; 1967 1968 for (i = 0; i < num_ext; i++) { 1969 switch (param.ext->chunks[i]) { 1970 case SCTP_CID_AUTH: 1971 have_auth = 1; 1972 break; 1973 case SCTP_CID_ASCONF: 1974 case SCTP_CID_ASCONF_ACK: 1975 have_asconf = 1; 1976 break; 1977 } 1978 } 1979 1980 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1981 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1982 * only if ADD-IP is turned on and we are not backward-compatible 1983 * mode. 1984 */ 1985 if (net->sctp.addip_noauth) 1986 return 1; 1987 1988 if (net->sctp.addip_enable && !have_auth && have_asconf) 1989 return 0; 1990 1991 return 1; 1992 } 1993 1994 static void sctp_process_ext_param(struct sctp_association *asoc, 1995 union sctp_params param) 1996 { 1997 struct net *net = sock_net(asoc->base.sk); 1998 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1999 int i; 2000 2001 for (i = 0; i < num_ext; i++) { 2002 switch (param.ext->chunks[i]) { 2003 case SCTP_CID_FWD_TSN: 2004 if (net->sctp.prsctp_enable && 2005 !asoc->peer.prsctp_capable) 2006 asoc->peer.prsctp_capable = 1; 2007 break; 2008 case SCTP_CID_AUTH: 2009 /* if the peer reports AUTH, assume that he 2010 * supports AUTH. 2011 */ 2012 if (net->sctp.auth_enable) 2013 asoc->peer.auth_capable = 1; 2014 break; 2015 case SCTP_CID_ASCONF: 2016 case SCTP_CID_ASCONF_ACK: 2017 if (net->sctp.addip_enable) 2018 asoc->peer.asconf_capable = 1; 2019 break; 2020 default: 2021 break; 2022 } 2023 } 2024 } 2025 2026 /* RFC 3.2.1 & the Implementers Guide 2.2. 2027 * 2028 * The Parameter Types are encoded such that the 2029 * highest-order two bits specify the action that must be 2030 * taken if the processing endpoint does not recognize the 2031 * Parameter Type. 2032 * 2033 * 00 - Stop processing this parameter; do not process any further 2034 * parameters within this chunk 2035 * 2036 * 01 - Stop processing this parameter, do not process any further 2037 * parameters within this chunk, and report the unrecognized 2038 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2039 * 2040 * 10 - Skip this parameter and continue processing. 2041 * 2042 * 11 - Skip this parameter and continue processing but 2043 * report the unrecognized parameter in an 2044 * 'Unrecognized Parameter' ERROR chunk. 2045 * 2046 * Return value: 2047 * SCTP_IERROR_NO_ERROR - continue with the chunk 2048 * SCTP_IERROR_ERROR - stop and report an error. 2049 * SCTP_IERROR_NOMEME - out of memory. 2050 */ 2051 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2052 union sctp_params param, 2053 struct sctp_chunk *chunk, 2054 struct sctp_chunk **errp) 2055 { 2056 int retval = SCTP_IERROR_NO_ERROR; 2057 2058 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2059 case SCTP_PARAM_ACTION_DISCARD: 2060 retval = SCTP_IERROR_ERROR; 2061 break; 2062 case SCTP_PARAM_ACTION_SKIP: 2063 break; 2064 case SCTP_PARAM_ACTION_DISCARD_ERR: 2065 retval = SCTP_IERROR_ERROR; 2066 /* Fall through */ 2067 case SCTP_PARAM_ACTION_SKIP_ERR: 2068 /* Make an ERROR chunk, preparing enough room for 2069 * returning multiple unknown parameters. 2070 */ 2071 if (NULL == *errp) 2072 *errp = sctp_make_op_error_fixed(asoc, chunk); 2073 2074 if (*errp) { 2075 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2076 WORD_ROUND(ntohs(param.p->length)))) 2077 sctp_addto_chunk_fixed(*errp, 2078 WORD_ROUND(ntohs(param.p->length)), 2079 param.v); 2080 } else { 2081 /* If there is no memory for generating the ERROR 2082 * report as specified, an ABORT will be triggered 2083 * to the peer and the association won't be 2084 * established. 2085 */ 2086 retval = SCTP_IERROR_NOMEM; 2087 } 2088 break; 2089 default: 2090 break; 2091 } 2092 2093 return retval; 2094 } 2095 2096 /* Verify variable length parameters 2097 * Return values: 2098 * SCTP_IERROR_ABORT - trigger an ABORT 2099 * SCTP_IERROR_NOMEM - out of memory (abort) 2100 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2101 * SCTP_IERROR_NO_ERROR - continue with the chunk 2102 */ 2103 static sctp_ierror_t sctp_verify_param(struct net *net, 2104 const struct sctp_association *asoc, 2105 union sctp_params param, 2106 sctp_cid_t cid, 2107 struct sctp_chunk *chunk, 2108 struct sctp_chunk **err_chunk) 2109 { 2110 struct sctp_hmac_algo_param *hmacs; 2111 int retval = SCTP_IERROR_NO_ERROR; 2112 __u16 n_elt, id = 0; 2113 int i; 2114 2115 /* FIXME - This routine is not looking at each parameter per the 2116 * chunk type, i.e., unrecognized parameters should be further 2117 * identified based on the chunk id. 2118 */ 2119 2120 switch (param.p->type) { 2121 case SCTP_PARAM_IPV4_ADDRESS: 2122 case SCTP_PARAM_IPV6_ADDRESS: 2123 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2124 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2125 case SCTP_PARAM_STATE_COOKIE: 2126 case SCTP_PARAM_HEARTBEAT_INFO: 2127 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2128 case SCTP_PARAM_ECN_CAPABLE: 2129 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2130 break; 2131 2132 case SCTP_PARAM_SUPPORTED_EXT: 2133 if (!sctp_verify_ext_param(net, param)) 2134 return SCTP_IERROR_ABORT; 2135 break; 2136 2137 case SCTP_PARAM_SET_PRIMARY: 2138 if (net->sctp.addip_enable) 2139 break; 2140 goto fallthrough; 2141 2142 case SCTP_PARAM_HOST_NAME_ADDRESS: 2143 /* Tell the peer, we won't support this param. */ 2144 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2145 retval = SCTP_IERROR_ABORT; 2146 break; 2147 2148 case SCTP_PARAM_FWD_TSN_SUPPORT: 2149 if (net->sctp.prsctp_enable) 2150 break; 2151 goto fallthrough; 2152 2153 case SCTP_PARAM_RANDOM: 2154 if (!net->sctp.auth_enable) 2155 goto fallthrough; 2156 2157 /* SCTP-AUTH: Secion 6.1 2158 * If the random number is not 32 byte long the association 2159 * MUST be aborted. The ABORT chunk SHOULD contain the error 2160 * cause 'Protocol Violation'. 2161 */ 2162 if (SCTP_AUTH_RANDOM_LENGTH != 2163 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2164 sctp_process_inv_paramlength(asoc, param.p, 2165 chunk, err_chunk); 2166 retval = SCTP_IERROR_ABORT; 2167 } 2168 break; 2169 2170 case SCTP_PARAM_CHUNKS: 2171 if (!net->sctp.auth_enable) 2172 goto fallthrough; 2173 2174 /* SCTP-AUTH: Section 3.2 2175 * The CHUNKS parameter MUST be included once in the INIT or 2176 * INIT-ACK chunk if the sender wants to receive authenticated 2177 * chunks. Its maximum length is 260 bytes. 2178 */ 2179 if (260 < ntohs(param.p->length)) { 2180 sctp_process_inv_paramlength(asoc, param.p, 2181 chunk, err_chunk); 2182 retval = SCTP_IERROR_ABORT; 2183 } 2184 break; 2185 2186 case SCTP_PARAM_HMAC_ALGO: 2187 if (!net->sctp.auth_enable) 2188 goto fallthrough; 2189 2190 hmacs = (struct sctp_hmac_algo_param *)param.p; 2191 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2192 2193 /* SCTP-AUTH: Section 6.1 2194 * The HMAC algorithm based on SHA-1 MUST be supported and 2195 * included in the HMAC-ALGO parameter. 2196 */ 2197 for (i = 0; i < n_elt; i++) { 2198 id = ntohs(hmacs->hmac_ids[i]); 2199 2200 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2201 break; 2202 } 2203 2204 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2205 sctp_process_inv_paramlength(asoc, param.p, chunk, 2206 err_chunk); 2207 retval = SCTP_IERROR_ABORT; 2208 } 2209 break; 2210 fallthrough: 2211 default: 2212 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2213 __func__, ntohs(param.p->type), cid); 2214 2215 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2216 break; 2217 } 2218 return retval; 2219 } 2220 2221 /* Verify the INIT packet before we process it. */ 2222 int sctp_verify_init(struct net *net, const struct sctp_association *asoc, 2223 sctp_cid_t cid, 2224 sctp_init_chunk_t *peer_init, 2225 struct sctp_chunk *chunk, 2226 struct sctp_chunk **errp) 2227 { 2228 union sctp_params param; 2229 bool has_cookie = false; 2230 int result; 2231 2232 /* Check for missing mandatory parameters. Note: Initial TSN is 2233 * also mandatory, but is not checked here since the valid range 2234 * is 0..2**32-1. RFC4960, section 3.3.3. 2235 */ 2236 if (peer_init->init_hdr.num_outbound_streams == 0 || 2237 peer_init->init_hdr.num_inbound_streams == 0 || 2238 peer_init->init_hdr.init_tag == 0 || 2239 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2240 return sctp_process_inv_mandatory(asoc, chunk, errp); 2241 2242 sctp_walk_params(param, peer_init, init_hdr.params) { 2243 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2244 has_cookie = true; 2245 } 2246 2247 /* There is a possibility that a parameter length was bad and 2248 * in that case we would have stoped walking the parameters. 2249 * The current param.p would point at the bad one. 2250 * Current consensus on the mailing list is to generate a PROTOCOL 2251 * VIOLATION error. We build the ERROR chunk here and let the normal 2252 * error handling code build and send the packet. 2253 */ 2254 if (param.v != (void*)chunk->chunk_end) 2255 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2256 2257 /* The only missing mandatory param possible today is 2258 * the state cookie for an INIT-ACK chunk. 2259 */ 2260 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2261 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2262 chunk, errp); 2263 2264 /* Verify all the variable length parameters */ 2265 sctp_walk_params(param, peer_init, init_hdr.params) { 2266 2267 result = sctp_verify_param(net, asoc, param, cid, chunk, errp); 2268 switch (result) { 2269 case SCTP_IERROR_ABORT: 2270 case SCTP_IERROR_NOMEM: 2271 return 0; 2272 case SCTP_IERROR_ERROR: 2273 return 1; 2274 case SCTP_IERROR_NO_ERROR: 2275 default: 2276 break; 2277 } 2278 2279 } /* for (loop through all parameters) */ 2280 2281 return 1; 2282 } 2283 2284 /* Unpack the parameters in an INIT packet into an association. 2285 * Returns 0 on failure, else success. 2286 * FIXME: This is an association method. 2287 */ 2288 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2289 const union sctp_addr *peer_addr, 2290 sctp_init_chunk_t *peer_init, gfp_t gfp) 2291 { 2292 struct net *net = sock_net(asoc->base.sk); 2293 union sctp_params param; 2294 struct sctp_transport *transport; 2295 struct list_head *pos, *temp; 2296 struct sctp_af *af; 2297 union sctp_addr addr; 2298 char *cookie; 2299 int src_match = 0; 2300 2301 /* We must include the address that the INIT packet came from. 2302 * This is the only address that matters for an INIT packet. 2303 * When processing a COOKIE ECHO, we retrieve the from address 2304 * of the INIT from the cookie. 2305 */ 2306 2307 /* This implementation defaults to making the first transport 2308 * added as the primary transport. The source address seems to 2309 * be a a better choice than any of the embedded addresses. 2310 */ 2311 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2312 goto nomem; 2313 2314 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2315 src_match = 1; 2316 2317 /* Process the initialization parameters. */ 2318 sctp_walk_params(param, peer_init, init_hdr.params) { 2319 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2320 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2321 af = sctp_get_af_specific(param_type2af(param.p->type)); 2322 af->from_addr_param(&addr, param.addr, 2323 chunk->sctp_hdr->source, 0); 2324 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2325 src_match = 1; 2326 } 2327 2328 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2329 goto clean_up; 2330 } 2331 2332 /* source address of chunk may not match any valid address */ 2333 if (!src_match) 2334 goto clean_up; 2335 2336 /* AUTH: After processing the parameters, make sure that we 2337 * have all the required info to potentially do authentications. 2338 */ 2339 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2340 !asoc->peer.peer_hmacs)) 2341 asoc->peer.auth_capable = 0; 2342 2343 /* In a non-backward compatible mode, if the peer claims 2344 * support for ADD-IP but not AUTH, the ADD-IP spec states 2345 * that we MUST ABORT the association. Section 6. The section 2346 * also give us an option to silently ignore the packet, which 2347 * is what we'll do here. 2348 */ 2349 if (!net->sctp.addip_noauth && 2350 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2351 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2352 SCTP_PARAM_DEL_IP | 2353 SCTP_PARAM_SET_PRIMARY); 2354 asoc->peer.asconf_capable = 0; 2355 goto clean_up; 2356 } 2357 2358 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2359 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2360 transport = list_entry(pos, struct sctp_transport, transports); 2361 if (transport->state == SCTP_UNKNOWN) { 2362 sctp_assoc_rm_peer(asoc, transport); 2363 } 2364 } 2365 2366 /* The fixed INIT headers are always in network byte 2367 * order. 2368 */ 2369 asoc->peer.i.init_tag = 2370 ntohl(peer_init->init_hdr.init_tag); 2371 asoc->peer.i.a_rwnd = 2372 ntohl(peer_init->init_hdr.a_rwnd); 2373 asoc->peer.i.num_outbound_streams = 2374 ntohs(peer_init->init_hdr.num_outbound_streams); 2375 asoc->peer.i.num_inbound_streams = 2376 ntohs(peer_init->init_hdr.num_inbound_streams); 2377 asoc->peer.i.initial_tsn = 2378 ntohl(peer_init->init_hdr.initial_tsn); 2379 2380 /* Apply the upper bounds for output streams based on peer's 2381 * number of inbound streams. 2382 */ 2383 if (asoc->c.sinit_num_ostreams > 2384 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2385 asoc->c.sinit_num_ostreams = 2386 ntohs(peer_init->init_hdr.num_inbound_streams); 2387 } 2388 2389 if (asoc->c.sinit_max_instreams > 2390 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2391 asoc->c.sinit_max_instreams = 2392 ntohs(peer_init->init_hdr.num_outbound_streams); 2393 } 2394 2395 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2396 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2397 2398 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2399 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2400 2401 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2402 cookie = asoc->peer.cookie; 2403 if (cookie) { 2404 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2405 if (!asoc->peer.cookie) 2406 goto clean_up; 2407 } 2408 2409 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2410 * high (for example, implementations MAY use the size of the receiver 2411 * advertised window). 2412 */ 2413 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2414 transports) { 2415 transport->ssthresh = asoc->peer.i.a_rwnd; 2416 } 2417 2418 /* Set up the TSN tracking pieces. */ 2419 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2420 asoc->peer.i.initial_tsn, gfp)) 2421 goto clean_up; 2422 2423 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2424 * 2425 * The stream sequence number in all the streams shall start 2426 * from 0 when the association is established. Also, when the 2427 * stream sequence number reaches the value 65535 the next 2428 * stream sequence number shall be set to 0. 2429 */ 2430 2431 /* Allocate storage for the negotiated streams if it is not a temporary 2432 * association. 2433 */ 2434 if (!asoc->temp) { 2435 int error; 2436 2437 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2438 asoc->c.sinit_num_ostreams, gfp); 2439 if (!asoc->ssnmap) 2440 goto clean_up; 2441 2442 error = sctp_assoc_set_id(asoc, gfp); 2443 if (error) 2444 goto clean_up; 2445 } 2446 2447 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2448 * 2449 * When an endpoint has an ASCONF signaled change to be sent to the 2450 * remote endpoint it should do the following: 2451 * ... 2452 * A2) A serial number should be assigned to the Chunk. The serial 2453 * number should be a monotonically increasing number. All serial 2454 * numbers are defined to be initialized at the start of the 2455 * association to the same value as the Initial TSN. 2456 */ 2457 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2458 return 1; 2459 2460 clean_up: 2461 /* Release the transport structures. */ 2462 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2463 transport = list_entry(pos, struct sctp_transport, transports); 2464 if (transport->state != SCTP_ACTIVE) 2465 sctp_assoc_rm_peer(asoc, transport); 2466 } 2467 2468 nomem: 2469 return 0; 2470 } 2471 2472 2473 /* Update asoc with the option described in param. 2474 * 2475 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2476 * 2477 * asoc is the association to update. 2478 * param is the variable length parameter to use for update. 2479 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2480 * If the current packet is an INIT we want to minimize the amount of 2481 * work we do. In particular, we should not build transport 2482 * structures for the addresses. 2483 */ 2484 static int sctp_process_param(struct sctp_association *asoc, 2485 union sctp_params param, 2486 const union sctp_addr *peer_addr, 2487 gfp_t gfp) 2488 { 2489 struct net *net = sock_net(asoc->base.sk); 2490 union sctp_addr addr; 2491 int i; 2492 __u16 sat; 2493 int retval = 1; 2494 sctp_scope_t scope; 2495 time_t stale; 2496 struct sctp_af *af; 2497 union sctp_addr_param *addr_param; 2498 struct sctp_transport *t; 2499 2500 /* We maintain all INIT parameters in network byte order all the 2501 * time. This allows us to not worry about whether the parameters 2502 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2503 */ 2504 switch (param.p->type) { 2505 case SCTP_PARAM_IPV6_ADDRESS: 2506 if (PF_INET6 != asoc->base.sk->sk_family) 2507 break; 2508 goto do_addr_param; 2509 2510 case SCTP_PARAM_IPV4_ADDRESS: 2511 /* v4 addresses are not allowed on v6-only socket */ 2512 if (ipv6_only_sock(asoc->base.sk)) 2513 break; 2514 do_addr_param: 2515 af = sctp_get_af_specific(param_type2af(param.p->type)); 2516 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2517 scope = sctp_scope(peer_addr); 2518 if (sctp_in_scope(net, &addr, scope)) 2519 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2520 return 0; 2521 break; 2522 2523 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2524 if (!net->sctp.cookie_preserve_enable) 2525 break; 2526 2527 stale = ntohl(param.life->lifespan_increment); 2528 2529 /* Suggested Cookie Life span increment's unit is msec, 2530 * (1/1000sec). 2531 */ 2532 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2533 break; 2534 2535 case SCTP_PARAM_HOST_NAME_ADDRESS: 2536 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2537 break; 2538 2539 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2540 /* Turn off the default values first so we'll know which 2541 * ones are really set by the peer. 2542 */ 2543 asoc->peer.ipv4_address = 0; 2544 asoc->peer.ipv6_address = 0; 2545 2546 /* Assume that peer supports the address family 2547 * by which it sends a packet. 2548 */ 2549 if (peer_addr->sa.sa_family == AF_INET6) 2550 asoc->peer.ipv6_address = 1; 2551 else if (peer_addr->sa.sa_family == AF_INET) 2552 asoc->peer.ipv4_address = 1; 2553 2554 /* Cycle through address types; avoid divide by 0. */ 2555 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2556 if (sat) 2557 sat /= sizeof(__u16); 2558 2559 for (i = 0; i < sat; ++i) { 2560 switch (param.sat->types[i]) { 2561 case SCTP_PARAM_IPV4_ADDRESS: 2562 asoc->peer.ipv4_address = 1; 2563 break; 2564 2565 case SCTP_PARAM_IPV6_ADDRESS: 2566 if (PF_INET6 == asoc->base.sk->sk_family) 2567 asoc->peer.ipv6_address = 1; 2568 break; 2569 2570 case SCTP_PARAM_HOST_NAME_ADDRESS: 2571 asoc->peer.hostname_address = 1; 2572 break; 2573 2574 default: /* Just ignore anything else. */ 2575 break; 2576 } 2577 } 2578 break; 2579 2580 case SCTP_PARAM_STATE_COOKIE: 2581 asoc->peer.cookie_len = 2582 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2583 asoc->peer.cookie = param.cookie->body; 2584 break; 2585 2586 case SCTP_PARAM_HEARTBEAT_INFO: 2587 /* Would be odd to receive, but it causes no problems. */ 2588 break; 2589 2590 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2591 /* Rejected during verify stage. */ 2592 break; 2593 2594 case SCTP_PARAM_ECN_CAPABLE: 2595 asoc->peer.ecn_capable = 1; 2596 break; 2597 2598 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2599 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2600 break; 2601 2602 case SCTP_PARAM_SET_PRIMARY: 2603 if (!net->sctp.addip_enable) 2604 goto fall_through; 2605 2606 addr_param = param.v + sizeof(sctp_addip_param_t); 2607 2608 af = sctp_get_af_specific(param_type2af(param.p->type)); 2609 af->from_addr_param(&addr, addr_param, 2610 htons(asoc->peer.port), 0); 2611 2612 /* if the address is invalid, we can't process it. 2613 * XXX: see spec for what to do. 2614 */ 2615 if (!af->addr_valid(&addr, NULL, NULL)) 2616 break; 2617 2618 t = sctp_assoc_lookup_paddr(asoc, &addr); 2619 if (!t) 2620 break; 2621 2622 sctp_assoc_set_primary(asoc, t); 2623 break; 2624 2625 case SCTP_PARAM_SUPPORTED_EXT: 2626 sctp_process_ext_param(asoc, param); 2627 break; 2628 2629 case SCTP_PARAM_FWD_TSN_SUPPORT: 2630 if (net->sctp.prsctp_enable) { 2631 asoc->peer.prsctp_capable = 1; 2632 break; 2633 } 2634 /* Fall Through */ 2635 goto fall_through; 2636 2637 case SCTP_PARAM_RANDOM: 2638 if (!net->sctp.auth_enable) 2639 goto fall_through; 2640 2641 /* Save peer's random parameter */ 2642 asoc->peer.peer_random = kmemdup(param.p, 2643 ntohs(param.p->length), gfp); 2644 if (!asoc->peer.peer_random) { 2645 retval = 0; 2646 break; 2647 } 2648 break; 2649 2650 case SCTP_PARAM_HMAC_ALGO: 2651 if (!net->sctp.auth_enable) 2652 goto fall_through; 2653 2654 /* Save peer's HMAC list */ 2655 asoc->peer.peer_hmacs = kmemdup(param.p, 2656 ntohs(param.p->length), gfp); 2657 if (!asoc->peer.peer_hmacs) { 2658 retval = 0; 2659 break; 2660 } 2661 2662 /* Set the default HMAC the peer requested*/ 2663 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2664 break; 2665 2666 case SCTP_PARAM_CHUNKS: 2667 if (!net->sctp.auth_enable) 2668 goto fall_through; 2669 2670 asoc->peer.peer_chunks = kmemdup(param.p, 2671 ntohs(param.p->length), gfp); 2672 if (!asoc->peer.peer_chunks) 2673 retval = 0; 2674 break; 2675 fall_through: 2676 default: 2677 /* Any unrecognized parameters should have been caught 2678 * and handled by sctp_verify_param() which should be 2679 * called prior to this routine. Simply log the error 2680 * here. 2681 */ 2682 pr_debug("%s: ignoring param:%d for association:%p.\n", 2683 __func__, ntohs(param.p->type), asoc); 2684 break; 2685 } 2686 2687 return retval; 2688 } 2689 2690 /* Select a new verification tag. */ 2691 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2692 { 2693 /* I believe that this random number generator complies with RFC1750. 2694 * A tag of 0 is reserved for special cases (e.g. INIT). 2695 */ 2696 __u32 x; 2697 2698 do { 2699 get_random_bytes(&x, sizeof(__u32)); 2700 } while (x == 0); 2701 2702 return x; 2703 } 2704 2705 /* Select an initial TSN to send during startup. */ 2706 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2707 { 2708 __u32 retval; 2709 2710 get_random_bytes(&retval, sizeof(__u32)); 2711 return retval; 2712 } 2713 2714 /* 2715 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2716 * 0 1 2 3 2717 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2718 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2719 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2720 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2721 * | Serial Number | 2722 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2723 * | Address Parameter | 2724 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2725 * | ASCONF Parameter #1 | 2726 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2727 * \ \ 2728 * / .... / 2729 * \ \ 2730 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2731 * | ASCONF Parameter #N | 2732 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2733 * 2734 * Address Parameter and other parameter will not be wrapped in this function 2735 */ 2736 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2737 union sctp_addr *addr, 2738 int vparam_len) 2739 { 2740 sctp_addiphdr_t asconf; 2741 struct sctp_chunk *retval; 2742 int length = sizeof(asconf) + vparam_len; 2743 union sctp_addr_param addrparam; 2744 int addrlen; 2745 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2746 2747 addrlen = af->to_addr_param(addr, &addrparam); 2748 if (!addrlen) 2749 return NULL; 2750 length += addrlen; 2751 2752 /* Create the chunk. */ 2753 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length); 2754 if (!retval) 2755 return NULL; 2756 2757 asconf.serial = htonl(asoc->addip_serial++); 2758 2759 retval->subh.addip_hdr = 2760 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2761 retval->param_hdr.v = 2762 sctp_addto_chunk(retval, addrlen, &addrparam); 2763 2764 return retval; 2765 } 2766 2767 /* ADDIP 2768 * 3.2.1 Add IP Address 2769 * 0 1 2 3 2770 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2771 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2772 * | Type = 0xC001 | Length = Variable | 2773 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2774 * | ASCONF-Request Correlation ID | 2775 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2776 * | Address Parameter | 2777 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2778 * 2779 * 3.2.2 Delete IP Address 2780 * 0 1 2 3 2781 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2782 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2783 * | Type = 0xC002 | Length = Variable | 2784 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2785 * | ASCONF-Request Correlation ID | 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * | Address Parameter | 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * 2790 */ 2791 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2792 union sctp_addr *laddr, 2793 struct sockaddr *addrs, 2794 int addrcnt, 2795 __be16 flags) 2796 { 2797 sctp_addip_param_t param; 2798 struct sctp_chunk *retval; 2799 union sctp_addr_param addr_param; 2800 union sctp_addr *addr; 2801 void *addr_buf; 2802 struct sctp_af *af; 2803 int paramlen = sizeof(param); 2804 int addr_param_len = 0; 2805 int totallen = 0; 2806 int i; 2807 int del_pickup = 0; 2808 2809 /* Get total length of all the address parameters. */ 2810 addr_buf = addrs; 2811 for (i = 0; i < addrcnt; i++) { 2812 addr = addr_buf; 2813 af = sctp_get_af_specific(addr->v4.sin_family); 2814 addr_param_len = af->to_addr_param(addr, &addr_param); 2815 2816 totallen += paramlen; 2817 totallen += addr_param_len; 2818 2819 addr_buf += af->sockaddr_len; 2820 if (asoc->asconf_addr_del_pending && !del_pickup) { 2821 /* reuse the parameter length from the same scope one */ 2822 totallen += paramlen; 2823 totallen += addr_param_len; 2824 del_pickup = 1; 2825 2826 pr_debug("%s: picked same-scope del_pending addr, " 2827 "totallen for all addresses is %d\n", 2828 __func__, totallen); 2829 } 2830 } 2831 2832 /* Create an asconf chunk with the required length. */ 2833 retval = sctp_make_asconf(asoc, laddr, totallen); 2834 if (!retval) 2835 return NULL; 2836 2837 /* Add the address parameters to the asconf chunk. */ 2838 addr_buf = addrs; 2839 for (i = 0; i < addrcnt; i++) { 2840 addr = addr_buf; 2841 af = sctp_get_af_specific(addr->v4.sin_family); 2842 addr_param_len = af->to_addr_param(addr, &addr_param); 2843 param.param_hdr.type = flags; 2844 param.param_hdr.length = htons(paramlen + addr_param_len); 2845 param.crr_id = i; 2846 2847 sctp_addto_chunk(retval, paramlen, ¶m); 2848 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2849 2850 addr_buf += af->sockaddr_len; 2851 } 2852 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2853 addr = asoc->asconf_addr_del_pending; 2854 af = sctp_get_af_specific(addr->v4.sin_family); 2855 addr_param_len = af->to_addr_param(addr, &addr_param); 2856 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2857 param.param_hdr.length = htons(paramlen + addr_param_len); 2858 param.crr_id = i; 2859 2860 sctp_addto_chunk(retval, paramlen, ¶m); 2861 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2862 } 2863 return retval; 2864 } 2865 2866 /* ADDIP 2867 * 3.2.4 Set Primary IP Address 2868 * 0 1 2 3 2869 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2870 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2871 * | Type =0xC004 | Length = Variable | 2872 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2873 * | ASCONF-Request Correlation ID | 2874 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2875 * | Address Parameter | 2876 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2877 * 2878 * Create an ASCONF chunk with Set Primary IP address parameter. 2879 */ 2880 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2881 union sctp_addr *addr) 2882 { 2883 sctp_addip_param_t param; 2884 struct sctp_chunk *retval; 2885 int len = sizeof(param); 2886 union sctp_addr_param addrparam; 2887 int addrlen; 2888 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2889 2890 addrlen = af->to_addr_param(addr, &addrparam); 2891 if (!addrlen) 2892 return NULL; 2893 len += addrlen; 2894 2895 /* Create the chunk and make asconf header. */ 2896 retval = sctp_make_asconf(asoc, addr, len); 2897 if (!retval) 2898 return NULL; 2899 2900 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2901 param.param_hdr.length = htons(len); 2902 param.crr_id = 0; 2903 2904 sctp_addto_chunk(retval, sizeof(param), ¶m); 2905 sctp_addto_chunk(retval, addrlen, &addrparam); 2906 2907 return retval; 2908 } 2909 2910 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2911 * 0 1 2 3 2912 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2913 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2914 * | Type = 0x80 | Chunk Flags | Chunk Length | 2915 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2916 * | Serial Number | 2917 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2918 * | ASCONF Parameter Response#1 | 2919 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2920 * \ \ 2921 * / .... / 2922 * \ \ 2923 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2924 * | ASCONF Parameter Response#N | 2925 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2926 * 2927 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2928 */ 2929 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2930 __u32 serial, int vparam_len) 2931 { 2932 sctp_addiphdr_t asconf; 2933 struct sctp_chunk *retval; 2934 int length = sizeof(asconf) + vparam_len; 2935 2936 /* Create the chunk. */ 2937 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2938 if (!retval) 2939 return NULL; 2940 2941 asconf.serial = htonl(serial); 2942 2943 retval->subh.addip_hdr = 2944 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2945 2946 return retval; 2947 } 2948 2949 /* Add response parameters to an ASCONF_ACK chunk. */ 2950 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2951 __be16 err_code, sctp_addip_param_t *asconf_param) 2952 { 2953 sctp_addip_param_t ack_param; 2954 sctp_errhdr_t err_param; 2955 int asconf_param_len = 0; 2956 int err_param_len = 0; 2957 __be16 response_type; 2958 2959 if (SCTP_ERROR_NO_ERROR == err_code) { 2960 response_type = SCTP_PARAM_SUCCESS_REPORT; 2961 } else { 2962 response_type = SCTP_PARAM_ERR_CAUSE; 2963 err_param_len = sizeof(err_param); 2964 if (asconf_param) 2965 asconf_param_len = 2966 ntohs(asconf_param->param_hdr.length); 2967 } 2968 2969 /* Add Success Indication or Error Cause Indication parameter. */ 2970 ack_param.param_hdr.type = response_type; 2971 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2972 err_param_len + 2973 asconf_param_len); 2974 ack_param.crr_id = crr_id; 2975 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2976 2977 if (SCTP_ERROR_NO_ERROR == err_code) 2978 return; 2979 2980 /* Add Error Cause parameter. */ 2981 err_param.cause = err_code; 2982 err_param.length = htons(err_param_len + asconf_param_len); 2983 sctp_addto_chunk(chunk, err_param_len, &err_param); 2984 2985 /* Add the failed TLV copied from ASCONF chunk. */ 2986 if (asconf_param) 2987 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2988 } 2989 2990 /* Process a asconf parameter. */ 2991 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2992 struct sctp_chunk *asconf, 2993 sctp_addip_param_t *asconf_param) 2994 { 2995 struct sctp_transport *peer; 2996 struct sctp_af *af; 2997 union sctp_addr addr; 2998 union sctp_addr_param *addr_param; 2999 3000 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3001 3002 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3003 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3004 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3005 return SCTP_ERROR_UNKNOWN_PARAM; 3006 3007 switch (addr_param->p.type) { 3008 case SCTP_PARAM_IPV6_ADDRESS: 3009 if (!asoc->peer.ipv6_address) 3010 return SCTP_ERROR_DNS_FAILED; 3011 break; 3012 case SCTP_PARAM_IPV4_ADDRESS: 3013 if (!asoc->peer.ipv4_address) 3014 return SCTP_ERROR_DNS_FAILED; 3015 break; 3016 default: 3017 return SCTP_ERROR_DNS_FAILED; 3018 } 3019 3020 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3021 if (unlikely(!af)) 3022 return SCTP_ERROR_DNS_FAILED; 3023 3024 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3025 3026 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3027 * or multicast address. 3028 * (note: wildcard is permitted and requires special handling so 3029 * make sure we check for that) 3030 */ 3031 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3032 return SCTP_ERROR_DNS_FAILED; 3033 3034 switch (asconf_param->param_hdr.type) { 3035 case SCTP_PARAM_ADD_IP: 3036 /* Section 4.2.1: 3037 * If the address 0.0.0.0 or ::0 is provided, the source 3038 * address of the packet MUST be added. 3039 */ 3040 if (af->is_any(&addr)) 3041 memcpy(&addr, &asconf->source, sizeof(addr)); 3042 3043 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3044 * request and does not have the local resources to add this 3045 * new address to the association, it MUST return an Error 3046 * Cause TLV set to the new error code 'Operation Refused 3047 * Due to Resource Shortage'. 3048 */ 3049 3050 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3051 if (!peer) 3052 return SCTP_ERROR_RSRC_LOW; 3053 3054 /* Start the heartbeat timer. */ 3055 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3056 sctp_transport_hold(peer); 3057 asoc->new_transport = peer; 3058 break; 3059 case SCTP_PARAM_DEL_IP: 3060 /* ADDIP 4.3 D7) If a request is received to delete the 3061 * last remaining IP address of a peer endpoint, the receiver 3062 * MUST send an Error Cause TLV with the error cause set to the 3063 * new error code 'Request to Delete Last Remaining IP Address'. 3064 */ 3065 if (asoc->peer.transport_count == 1) 3066 return SCTP_ERROR_DEL_LAST_IP; 3067 3068 /* ADDIP 4.3 D8) If a request is received to delete an IP 3069 * address which is also the source address of the IP packet 3070 * which contained the ASCONF chunk, the receiver MUST reject 3071 * this request. To reject the request the receiver MUST send 3072 * an Error Cause TLV set to the new error code 'Request to 3073 * Delete Source IP Address' 3074 */ 3075 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3076 return SCTP_ERROR_DEL_SRC_IP; 3077 3078 /* Section 4.2.2 3079 * If the address 0.0.0.0 or ::0 is provided, all 3080 * addresses of the peer except the source address of the 3081 * packet MUST be deleted. 3082 */ 3083 if (af->is_any(&addr)) { 3084 sctp_assoc_set_primary(asoc, asconf->transport); 3085 sctp_assoc_del_nonprimary_peers(asoc, 3086 asconf->transport); 3087 } else 3088 sctp_assoc_del_peer(asoc, &addr); 3089 break; 3090 case SCTP_PARAM_SET_PRIMARY: 3091 /* ADDIP Section 4.2.4 3092 * If the address 0.0.0.0 or ::0 is provided, the receiver 3093 * MAY mark the source address of the packet as its 3094 * primary. 3095 */ 3096 if (af->is_any(&addr)) 3097 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3098 3099 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3100 if (!peer) 3101 return SCTP_ERROR_DNS_FAILED; 3102 3103 sctp_assoc_set_primary(asoc, peer); 3104 break; 3105 } 3106 3107 return SCTP_ERROR_NO_ERROR; 3108 } 3109 3110 /* Verify the ASCONF packet before we process it. */ 3111 int sctp_verify_asconf(const struct sctp_association *asoc, 3112 struct sctp_paramhdr *param_hdr, void *chunk_end, 3113 struct sctp_paramhdr **errp) { 3114 sctp_addip_param_t *asconf_param; 3115 union sctp_params param; 3116 int length, plen; 3117 3118 param.v = (sctp_paramhdr_t *) param_hdr; 3119 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3120 length = ntohs(param.p->length); 3121 *errp = param.p; 3122 3123 if (param.v > chunk_end - length || 3124 length < sizeof(sctp_paramhdr_t)) 3125 return 0; 3126 3127 switch (param.p->type) { 3128 case SCTP_PARAM_ADD_IP: 3129 case SCTP_PARAM_DEL_IP: 3130 case SCTP_PARAM_SET_PRIMARY: 3131 asconf_param = (sctp_addip_param_t *)param.v; 3132 plen = ntohs(asconf_param->param_hdr.length); 3133 if (plen < sizeof(sctp_addip_param_t) + 3134 sizeof(sctp_paramhdr_t)) 3135 return 0; 3136 break; 3137 case SCTP_PARAM_SUCCESS_REPORT: 3138 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3139 if (length != sizeof(sctp_addip_param_t)) 3140 return 0; 3141 3142 break; 3143 default: 3144 break; 3145 } 3146 3147 param.v += WORD_ROUND(length); 3148 } 3149 3150 if (param.v != chunk_end) 3151 return 0; 3152 3153 return 1; 3154 } 3155 3156 /* Process an incoming ASCONF chunk with the next expected serial no. and 3157 * return an ASCONF_ACK chunk to be sent in response. 3158 */ 3159 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3160 struct sctp_chunk *asconf) 3161 { 3162 sctp_addiphdr_t *hdr; 3163 union sctp_addr_param *addr_param; 3164 sctp_addip_param_t *asconf_param; 3165 struct sctp_chunk *asconf_ack; 3166 3167 __be16 err_code; 3168 int length = 0; 3169 int chunk_len; 3170 __u32 serial; 3171 int all_param_pass = 1; 3172 3173 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3174 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3175 serial = ntohl(hdr->serial); 3176 3177 /* Skip the addiphdr and store a pointer to address parameter. */ 3178 length = sizeof(sctp_addiphdr_t); 3179 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3180 chunk_len -= length; 3181 3182 /* Skip the address parameter and store a pointer to the first 3183 * asconf parameter. 3184 */ 3185 length = ntohs(addr_param->p.length); 3186 asconf_param = (void *)addr_param + length; 3187 chunk_len -= length; 3188 3189 /* create an ASCONF_ACK chunk. 3190 * Based on the definitions of parameters, we know that the size of 3191 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3192 * parameters. 3193 */ 3194 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3195 if (!asconf_ack) 3196 goto done; 3197 3198 /* Process the TLVs contained within the ASCONF chunk. */ 3199 while (chunk_len > 0) { 3200 err_code = sctp_process_asconf_param(asoc, asconf, 3201 asconf_param); 3202 /* ADDIP 4.1 A7) 3203 * If an error response is received for a TLV parameter, 3204 * all TLVs with no response before the failed TLV are 3205 * considered successful if not reported. All TLVs after 3206 * the failed response are considered unsuccessful unless 3207 * a specific success indication is present for the parameter. 3208 */ 3209 if (SCTP_ERROR_NO_ERROR != err_code) 3210 all_param_pass = 0; 3211 3212 if (!all_param_pass) 3213 sctp_add_asconf_response(asconf_ack, 3214 asconf_param->crr_id, err_code, 3215 asconf_param); 3216 3217 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3218 * an IP address sends an 'Out of Resource' in its response, it 3219 * MUST also fail any subsequent add or delete requests bundled 3220 * in the ASCONF. 3221 */ 3222 if (SCTP_ERROR_RSRC_LOW == err_code) 3223 goto done; 3224 3225 /* Move to the next ASCONF param. */ 3226 length = ntohs(asconf_param->param_hdr.length); 3227 asconf_param = (void *)asconf_param + length; 3228 chunk_len -= length; 3229 } 3230 3231 done: 3232 asoc->peer.addip_serial++; 3233 3234 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3235 * after freeing the reference to old asconf ack if any. 3236 */ 3237 if (asconf_ack) { 3238 sctp_chunk_hold(asconf_ack); 3239 list_add_tail(&asconf_ack->transmitted_list, 3240 &asoc->asconf_ack_list); 3241 } 3242 3243 return asconf_ack; 3244 } 3245 3246 /* Process a asconf parameter that is successfully acked. */ 3247 static void sctp_asconf_param_success(struct sctp_association *asoc, 3248 sctp_addip_param_t *asconf_param) 3249 { 3250 struct sctp_af *af; 3251 union sctp_addr addr; 3252 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3253 union sctp_addr_param *addr_param; 3254 struct sctp_transport *transport; 3255 struct sctp_sockaddr_entry *saddr; 3256 3257 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3258 3259 /* We have checked the packet before, so we do not check again. */ 3260 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3261 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3262 3263 switch (asconf_param->param_hdr.type) { 3264 case SCTP_PARAM_ADD_IP: 3265 /* This is always done in BH context with a socket lock 3266 * held, so the list can not change. 3267 */ 3268 local_bh_disable(); 3269 list_for_each_entry(saddr, &bp->address_list, list) { 3270 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3271 saddr->state = SCTP_ADDR_SRC; 3272 } 3273 local_bh_enable(); 3274 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3275 transports) { 3276 dst_release(transport->dst); 3277 transport->dst = NULL; 3278 } 3279 break; 3280 case SCTP_PARAM_DEL_IP: 3281 local_bh_disable(); 3282 sctp_del_bind_addr(bp, &addr); 3283 if (asoc->asconf_addr_del_pending != NULL && 3284 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3285 kfree(asoc->asconf_addr_del_pending); 3286 asoc->asconf_addr_del_pending = NULL; 3287 } 3288 local_bh_enable(); 3289 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3290 transports) { 3291 dst_release(transport->dst); 3292 transport->dst = NULL; 3293 } 3294 break; 3295 default: 3296 break; 3297 } 3298 } 3299 3300 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3301 * for the given asconf parameter. If there is no response for this parameter, 3302 * return the error code based on the third argument 'no_err'. 3303 * ADDIP 4.1 3304 * A7) If an error response is received for a TLV parameter, all TLVs with no 3305 * response before the failed TLV are considered successful if not reported. 3306 * All TLVs after the failed response are considered unsuccessful unless a 3307 * specific success indication is present for the parameter. 3308 */ 3309 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3310 sctp_addip_param_t *asconf_param, 3311 int no_err) 3312 { 3313 sctp_addip_param_t *asconf_ack_param; 3314 sctp_errhdr_t *err_param; 3315 int length; 3316 int asconf_ack_len; 3317 __be16 err_code; 3318 3319 if (no_err) 3320 err_code = SCTP_ERROR_NO_ERROR; 3321 else 3322 err_code = SCTP_ERROR_REQ_REFUSED; 3323 3324 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3325 sizeof(sctp_chunkhdr_t); 3326 3327 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3328 * the first asconf_ack parameter. 3329 */ 3330 length = sizeof(sctp_addiphdr_t); 3331 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3332 length); 3333 asconf_ack_len -= length; 3334 3335 while (asconf_ack_len > 0) { 3336 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3337 switch(asconf_ack_param->param_hdr.type) { 3338 case SCTP_PARAM_SUCCESS_REPORT: 3339 return SCTP_ERROR_NO_ERROR; 3340 case SCTP_PARAM_ERR_CAUSE: 3341 length = sizeof(sctp_addip_param_t); 3342 err_param = (void *)asconf_ack_param + length; 3343 asconf_ack_len -= length; 3344 if (asconf_ack_len > 0) 3345 return err_param->cause; 3346 else 3347 return SCTP_ERROR_INV_PARAM; 3348 break; 3349 default: 3350 return SCTP_ERROR_INV_PARAM; 3351 } 3352 } 3353 3354 length = ntohs(asconf_ack_param->param_hdr.length); 3355 asconf_ack_param = (void *)asconf_ack_param + length; 3356 asconf_ack_len -= length; 3357 } 3358 3359 return err_code; 3360 } 3361 3362 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3363 int sctp_process_asconf_ack(struct sctp_association *asoc, 3364 struct sctp_chunk *asconf_ack) 3365 { 3366 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3367 union sctp_addr_param *addr_param; 3368 sctp_addip_param_t *asconf_param; 3369 int length = 0; 3370 int asconf_len = asconf->skb->len; 3371 int all_param_pass = 0; 3372 int no_err = 1; 3373 int retval = 0; 3374 __be16 err_code = SCTP_ERROR_NO_ERROR; 3375 3376 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3377 * a pointer to address parameter. 3378 */ 3379 length = sizeof(sctp_addip_chunk_t); 3380 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3381 asconf_len -= length; 3382 3383 /* Skip the address parameter in the last asconf sent and store a 3384 * pointer to the first asconf parameter. 3385 */ 3386 length = ntohs(addr_param->p.length); 3387 asconf_param = (void *)addr_param + length; 3388 asconf_len -= length; 3389 3390 /* ADDIP 4.1 3391 * A8) If there is no response(s) to specific TLV parameter(s), and no 3392 * failures are indicated, then all request(s) are considered 3393 * successful. 3394 */ 3395 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3396 all_param_pass = 1; 3397 3398 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3399 while (asconf_len > 0) { 3400 if (all_param_pass) 3401 err_code = SCTP_ERROR_NO_ERROR; 3402 else { 3403 err_code = sctp_get_asconf_response(asconf_ack, 3404 asconf_param, 3405 no_err); 3406 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3407 no_err = 0; 3408 } 3409 3410 switch (err_code) { 3411 case SCTP_ERROR_NO_ERROR: 3412 sctp_asconf_param_success(asoc, asconf_param); 3413 break; 3414 3415 case SCTP_ERROR_RSRC_LOW: 3416 retval = 1; 3417 break; 3418 3419 case SCTP_ERROR_UNKNOWN_PARAM: 3420 /* Disable sending this type of asconf parameter in 3421 * future. 3422 */ 3423 asoc->peer.addip_disabled_mask |= 3424 asconf_param->param_hdr.type; 3425 break; 3426 3427 case SCTP_ERROR_REQ_REFUSED: 3428 case SCTP_ERROR_DEL_LAST_IP: 3429 case SCTP_ERROR_DEL_SRC_IP: 3430 default: 3431 break; 3432 } 3433 3434 /* Skip the processed asconf parameter and move to the next 3435 * one. 3436 */ 3437 length = ntohs(asconf_param->param_hdr.length); 3438 asconf_param = (void *)asconf_param + length; 3439 asconf_len -= length; 3440 } 3441 3442 if (no_err && asoc->src_out_of_asoc_ok) { 3443 asoc->src_out_of_asoc_ok = 0; 3444 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3445 } 3446 3447 /* Free the cached last sent asconf chunk. */ 3448 list_del_init(&asconf->transmitted_list); 3449 sctp_chunk_free(asconf); 3450 asoc->addip_last_asconf = NULL; 3451 3452 return retval; 3453 } 3454 3455 /* Make a FWD TSN chunk. */ 3456 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3457 __u32 new_cum_tsn, size_t nstreams, 3458 struct sctp_fwdtsn_skip *skiplist) 3459 { 3460 struct sctp_chunk *retval = NULL; 3461 struct sctp_fwdtsn_hdr ftsn_hdr; 3462 struct sctp_fwdtsn_skip skip; 3463 size_t hint; 3464 int i; 3465 3466 hint = (nstreams + 1) * sizeof(__u32); 3467 3468 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint); 3469 3470 if (!retval) 3471 return NULL; 3472 3473 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3474 retval->subh.fwdtsn_hdr = 3475 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3476 3477 for (i = 0; i < nstreams; i++) { 3478 skip.stream = skiplist[i].stream; 3479 skip.ssn = skiplist[i].ssn; 3480 sctp_addto_chunk(retval, sizeof(skip), &skip); 3481 } 3482 3483 return retval; 3484 } 3485