1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* SCTP kernel implementation 3 * (C) Copyright IBM Corp. 2001, 2004 4 * Copyright (c) 1999-2000 Cisco, Inc. 5 * Copyright (c) 1999-2001 Motorola, Inc. 6 * Copyright (c) 2001-2002 Intel Corp. 7 * 8 * This file is part of the SCTP kernel implementation 9 * 10 * These functions work with the state functions in sctp_sm_statefuns.c 11 * to implement the state operations. These functions implement the 12 * steps which require modifying existing data structures. 13 * 14 * Please send any bug reports or fixes you make to the 15 * email address(es): 16 * lksctp developers <linux-sctp@vger.kernel.org> 17 * 18 * Written or modified by: 19 * La Monte H.P. Yarroll <piggy@acm.org> 20 * Karl Knutson <karl@athena.chicago.il.us> 21 * C. Robin <chris@hundredacre.ac.uk> 22 * Jon Grimm <jgrimm@us.ibm.com> 23 * Xingang Guo <xingang.guo@intel.com> 24 * Dajiang Zhang <dajiang.zhang@nokia.com> 25 * Sridhar Samudrala <sri@us.ibm.com> 26 * Daisy Chang <daisyc@us.ibm.com> 27 * Ardelle Fan <ardelle.fan@intel.com> 28 * Kevin Gao <kevin.gao@intel.com> 29 */ 30 31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 32 33 #include <crypto/hash.h> 34 #include <linux/types.h> 35 #include <linux/kernel.h> 36 #include <linux/ip.h> 37 #include <linux/ipv6.h> 38 #include <linux/net.h> 39 #include <linux/inet.h> 40 #include <linux/scatterlist.h> 41 #include <linux/slab.h> 42 #include <net/sock.h> 43 44 #include <linux/skbuff.h> 45 #include <linux/random.h> /* for get_random_bytes */ 46 #include <net/sctp/sctp.h> 47 #include <net/sctp/sm.h> 48 49 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 50 __u8 type, __u8 flags, int paylen, 51 gfp_t gfp); 52 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 53 __u8 flags, int paylen, gfp_t gfp); 54 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 55 __u8 type, __u8 flags, int paylen, 56 gfp_t gfp); 57 static struct sctp_cookie_param *sctp_pack_cookie( 58 const struct sctp_endpoint *ep, 59 const struct sctp_association *asoc, 60 const struct sctp_chunk *init_chunk, 61 int *cookie_len, 62 const __u8 *raw_addrs, int addrs_len); 63 static int sctp_process_param(struct sctp_association *asoc, 64 union sctp_params param, 65 const union sctp_addr *peer_addr, 66 gfp_t gfp); 67 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 68 const void *data); 69 70 /* Control chunk destructor */ 71 static void sctp_control_release_owner(struct sk_buff *skb) 72 { 73 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg; 74 75 if (chunk->shkey) { 76 struct sctp_shared_key *shkey = chunk->shkey; 77 struct sctp_association *asoc = chunk->asoc; 78 79 /* refcnt == 2 and !list_empty mean after this release, it's 80 * not being used anywhere, and it's time to notify userland 81 * that this shkey can be freed if it's been deactivated. 82 */ 83 if (shkey->deactivated && !list_empty(&shkey->key_list) && 84 refcount_read(&shkey->refcnt) == 2) { 85 struct sctp_ulpevent *ev; 86 87 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id, 88 SCTP_AUTH_FREE_KEY, 89 GFP_KERNEL); 90 if (ev) 91 asoc->stream.si->enqueue_event(&asoc->ulpq, ev); 92 } 93 sctp_auth_shkey_release(chunk->shkey); 94 } 95 } 96 97 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 98 { 99 struct sctp_association *asoc = chunk->asoc; 100 struct sk_buff *skb = chunk->skb; 101 102 /* TODO: properly account for control chunks. 103 * To do it right we'll need: 104 * 1) endpoint if association isn't known. 105 * 2) proper memory accounting. 106 * 107 * For now don't do anything for now. 108 */ 109 if (chunk->auth) { 110 chunk->shkey = asoc->shkey; 111 sctp_auth_shkey_hold(chunk->shkey); 112 } 113 skb->sk = asoc ? asoc->base.sk : NULL; 114 skb_shinfo(skb)->destructor_arg = chunk; 115 skb->destructor = sctp_control_release_owner; 116 } 117 118 /* What was the inbound interface for this chunk? */ 119 int sctp_chunk_iif(const struct sctp_chunk *chunk) 120 { 121 struct sk_buff *skb = chunk->skb; 122 123 return SCTP_INPUT_CB(skb)->af->skb_iif(skb); 124 } 125 126 /* RFC 2960 3.3.2 Initiation (INIT) (1) 127 * 128 * Note 2: The ECN capable field is reserved for future use of 129 * Explicit Congestion Notification. 130 */ 131 static const struct sctp_paramhdr ecap_param = { 132 SCTP_PARAM_ECN_CAPABLE, 133 cpu_to_be16(sizeof(struct sctp_paramhdr)), 134 }; 135 static const struct sctp_paramhdr prsctp_param = { 136 SCTP_PARAM_FWD_TSN_SUPPORT, 137 cpu_to_be16(sizeof(struct sctp_paramhdr)), 138 }; 139 140 /* A helper to initialize an op error inside a provided chunk, as most 141 * cause codes will be embedded inside an abort chunk. 142 */ 143 int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 144 size_t paylen) 145 { 146 struct sctp_errhdr err; 147 __u16 len; 148 149 /* Cause code constants are now defined in network order. */ 150 err.cause = cause_code; 151 len = sizeof(err) + paylen; 152 err.length = htons(len); 153 154 if (skb_tailroom(chunk->skb) < len) 155 return -ENOSPC; 156 157 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err); 158 159 return 0; 160 } 161 162 /* 3.3.2 Initiation (INIT) (1) 163 * 164 * This chunk is used to initiate a SCTP association between two 165 * endpoints. The format of the INIT chunk is shown below: 166 * 167 * 0 1 2 3 168 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 * | Type = 1 | Chunk Flags | Chunk Length | 171 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 * | Initiate Tag | 173 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 * | Advertised Receiver Window Credit (a_rwnd) | 175 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 * | Number of Outbound Streams | Number of Inbound Streams | 177 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 * | Initial TSN | 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * \ \ 181 * / Optional/Variable-Length Parameters / 182 * \ \ 183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 * 185 * 186 * The INIT chunk contains the following parameters. Unless otherwise 187 * noted, each parameter MUST only be included once in the INIT chunk. 188 * 189 * Fixed Parameters Status 190 * ---------------------------------------------- 191 * Initiate Tag Mandatory 192 * Advertised Receiver Window Credit Mandatory 193 * Number of Outbound Streams Mandatory 194 * Number of Inbound Streams Mandatory 195 * Initial TSN Mandatory 196 * 197 * Variable Parameters Status Type Value 198 * ------------------------------------------------------------- 199 * IPv4 Address (Note 1) Optional 5 200 * IPv6 Address (Note 1) Optional 6 201 * Cookie Preservative Optional 9 202 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 203 * Host Name Address (Note 3) Optional 11 204 * Supported Address Types (Note 4) Optional 12 205 */ 206 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 207 const struct sctp_bind_addr *bp, 208 gfp_t gfp, int vparam_len) 209 { 210 struct sctp_supported_ext_param ext_param; 211 struct sctp_adaptation_ind_param aiparam; 212 struct sctp_paramhdr *auth_chunks = NULL; 213 struct sctp_paramhdr *auth_hmacs = NULL; 214 struct sctp_supported_addrs_param sat; 215 struct sctp_endpoint *ep = asoc->ep; 216 struct sctp_chunk *retval = NULL; 217 int num_types, addrs_len = 0; 218 struct sctp_inithdr init; 219 union sctp_params addrs; 220 struct sctp_sock *sp; 221 __u8 extensions[5]; 222 size_t chunksize; 223 __be16 types[2]; 224 int num_ext = 0; 225 226 /* RFC 2960 3.3.2 Initiation (INIT) (1) 227 * 228 * Note 1: The INIT chunks can contain multiple addresses that 229 * can be IPv4 and/or IPv6 in any combination. 230 */ 231 232 /* Convert the provided bind address list to raw format. */ 233 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 234 235 init.init_tag = htonl(asoc->c.my_vtag); 236 init.a_rwnd = htonl(asoc->rwnd); 237 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 238 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 239 init.initial_tsn = htonl(asoc->c.initial_tsn); 240 241 /* How many address types are needed? */ 242 sp = sctp_sk(asoc->base.sk); 243 num_types = sp->pf->supported_addrs(sp, types); 244 245 chunksize = sizeof(init) + addrs_len; 246 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); 247 chunksize += sizeof(ecap_param); 248 249 if (asoc->ep->prsctp_enable) 250 chunksize += sizeof(prsctp_param); 251 252 /* ADDIP: Section 4.2.7: 253 * An implementation supporting this extension [ADDIP] MUST list 254 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 255 * INIT-ACK parameters. 256 */ 257 if (asoc->ep->asconf_enable) { 258 extensions[num_ext] = SCTP_CID_ASCONF; 259 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 260 num_ext += 2; 261 } 262 263 if (asoc->ep->reconf_enable) { 264 extensions[num_ext] = SCTP_CID_RECONF; 265 num_ext += 1; 266 } 267 268 if (sp->adaptation_ind) 269 chunksize += sizeof(aiparam); 270 271 if (asoc->ep->intl_enable) { 272 extensions[num_ext] = SCTP_CID_I_DATA; 273 num_ext += 1; 274 } 275 276 chunksize += vparam_len; 277 278 /* Account for AUTH related parameters */ 279 if (ep->auth_enable) { 280 /* Add random parameter length*/ 281 chunksize += sizeof(asoc->c.auth_random); 282 283 /* Add HMACS parameter length if any were defined */ 284 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 285 if (auth_hmacs->length) 286 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 287 else 288 auth_hmacs = NULL; 289 290 /* Add CHUNKS parameter length */ 291 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 292 if (auth_chunks->length) 293 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 294 else 295 auth_chunks = NULL; 296 297 extensions[num_ext] = SCTP_CID_AUTH; 298 num_ext += 1; 299 } 300 301 /* If we have any extensions to report, account for that */ 302 if (num_ext) 303 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 304 305 /* RFC 2960 3.3.2 Initiation (INIT) (1) 306 * 307 * Note 3: An INIT chunk MUST NOT contain more than one Host 308 * Name address parameter. Moreover, the sender of the INIT 309 * MUST NOT combine any other address types with the Host Name 310 * address in the INIT. The receiver of INIT MUST ignore any 311 * other address types if the Host Name address parameter is 312 * present in the received INIT chunk. 313 * 314 * PLEASE DO NOT FIXME [This version does not support Host Name.] 315 */ 316 317 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp); 318 if (!retval) 319 goto nodata; 320 321 retval->subh.init_hdr = 322 sctp_addto_chunk(retval, sizeof(init), &init); 323 retval->param_hdr.v = 324 sctp_addto_chunk(retval, addrs_len, addrs.v); 325 326 /* RFC 2960 3.3.2 Initiation (INIT) (1) 327 * 328 * Note 4: This parameter, when present, specifies all the 329 * address types the sending endpoint can support. The absence 330 * of this parameter indicates that the sending endpoint can 331 * support any address type. 332 */ 333 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 334 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 335 sctp_addto_chunk(retval, sizeof(sat), &sat); 336 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 337 338 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 339 340 /* Add the supported extensions parameter. Be nice and add this 341 * fist before addiding the parameters for the extensions themselves 342 */ 343 if (num_ext) { 344 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 345 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 346 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 347 sctp_addto_param(retval, num_ext, extensions); 348 } 349 350 if (asoc->ep->prsctp_enable) 351 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 352 353 if (sp->adaptation_ind) { 354 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 355 aiparam.param_hdr.length = htons(sizeof(aiparam)); 356 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 357 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 358 } 359 360 /* Add SCTP-AUTH chunks to the parameter list */ 361 if (ep->auth_enable) { 362 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 363 asoc->c.auth_random); 364 if (auth_hmacs) 365 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 366 auth_hmacs); 367 if (auth_chunks) 368 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 369 auth_chunks); 370 } 371 nodata: 372 kfree(addrs.v); 373 return retval; 374 } 375 376 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 377 const struct sctp_chunk *chunk, 378 gfp_t gfp, int unkparam_len) 379 { 380 struct sctp_supported_ext_param ext_param; 381 struct sctp_adaptation_ind_param aiparam; 382 struct sctp_paramhdr *auth_chunks = NULL; 383 struct sctp_paramhdr *auth_random = NULL; 384 struct sctp_paramhdr *auth_hmacs = NULL; 385 struct sctp_chunk *retval = NULL; 386 struct sctp_cookie_param *cookie; 387 struct sctp_inithdr initack; 388 union sctp_params addrs; 389 struct sctp_sock *sp; 390 __u8 extensions[5]; 391 size_t chunksize; 392 int num_ext = 0; 393 int cookie_len; 394 int addrs_len; 395 396 /* Note: there may be no addresses to embed. */ 397 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 398 399 initack.init_tag = htonl(asoc->c.my_vtag); 400 initack.a_rwnd = htonl(asoc->rwnd); 401 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 402 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 403 initack.initial_tsn = htonl(asoc->c.initial_tsn); 404 405 /* FIXME: We really ought to build the cookie right 406 * into the packet instead of allocating more fresh memory. 407 */ 408 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 409 addrs.v, addrs_len); 410 if (!cookie) 411 goto nomem_cookie; 412 413 /* Calculate the total size of allocation, include the reserved 414 * space for reporting unknown parameters if it is specified. 415 */ 416 sp = sctp_sk(asoc->base.sk); 417 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 418 419 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 420 if (asoc->peer.ecn_capable) 421 chunksize += sizeof(ecap_param); 422 423 if (asoc->peer.prsctp_capable) 424 chunksize += sizeof(prsctp_param); 425 426 if (asoc->peer.asconf_capable) { 427 extensions[num_ext] = SCTP_CID_ASCONF; 428 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 429 num_ext += 2; 430 } 431 432 if (asoc->peer.reconf_capable) { 433 extensions[num_ext] = SCTP_CID_RECONF; 434 num_ext += 1; 435 } 436 437 if (sp->adaptation_ind) 438 chunksize += sizeof(aiparam); 439 440 if (asoc->peer.intl_capable) { 441 extensions[num_ext] = SCTP_CID_I_DATA; 442 num_ext += 1; 443 } 444 445 if (asoc->peer.auth_capable) { 446 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random; 447 chunksize += ntohs(auth_random->length); 448 449 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 450 if (auth_hmacs->length) 451 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 452 else 453 auth_hmacs = NULL; 454 455 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 456 if (auth_chunks->length) 457 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 458 else 459 auth_chunks = NULL; 460 461 extensions[num_ext] = SCTP_CID_AUTH; 462 num_ext += 1; 463 } 464 465 if (num_ext) 466 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 467 468 /* Now allocate and fill out the chunk. */ 469 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp); 470 if (!retval) 471 goto nomem_chunk; 472 473 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 474 * 475 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 476 * HEARTBEAT ACK, * etc.) to the same destination transport 477 * address from which it received the DATA or control chunk 478 * to which it is replying. 479 * 480 * [INIT ACK back to where the INIT came from.] 481 */ 482 if (chunk->transport) 483 retval->transport = 484 sctp_assoc_lookup_paddr(asoc, 485 &chunk->transport->ipaddr); 486 487 retval->subh.init_hdr = 488 sctp_addto_chunk(retval, sizeof(initack), &initack); 489 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 490 sctp_addto_chunk(retval, cookie_len, cookie); 491 if (asoc->peer.ecn_capable) 492 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 493 if (num_ext) { 494 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 495 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 496 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 497 sctp_addto_param(retval, num_ext, extensions); 498 } 499 if (asoc->peer.prsctp_capable) 500 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 501 502 if (sp->adaptation_ind) { 503 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 504 aiparam.param_hdr.length = htons(sizeof(aiparam)); 505 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 506 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 507 } 508 509 if (asoc->peer.auth_capable) { 510 sctp_addto_chunk(retval, ntohs(auth_random->length), 511 auth_random); 512 if (auth_hmacs) 513 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 514 auth_hmacs); 515 if (auth_chunks) 516 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 517 auth_chunks); 518 } 519 520 /* We need to remove the const qualifier at this point. */ 521 retval->asoc = (struct sctp_association *) asoc; 522 523 nomem_chunk: 524 kfree(cookie); 525 nomem_cookie: 526 kfree(addrs.v); 527 return retval; 528 } 529 530 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 531 * 532 * This chunk is used only during the initialization of an association. 533 * It is sent by the initiator of an association to its peer to complete 534 * the initialization process. This chunk MUST precede any DATA chunk 535 * sent within the association, but MAY be bundled with one or more DATA 536 * chunks in the same packet. 537 * 538 * 0 1 2 3 539 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 540 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 * | Type = 10 |Chunk Flags | Length | 542 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 543 * / Cookie / 544 * \ \ 545 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 * 547 * Chunk Flags: 8 bit 548 * 549 * Set to zero on transmit and ignored on receipt. 550 * 551 * Length: 16 bits (unsigned integer) 552 * 553 * Set to the size of the chunk in bytes, including the 4 bytes of 554 * the chunk header and the size of the Cookie. 555 * 556 * Cookie: variable size 557 * 558 * This field must contain the exact cookie received in the 559 * State Cookie parameter from the previous INIT ACK. 560 * 561 * An implementation SHOULD make the cookie as small as possible 562 * to insure interoperability. 563 */ 564 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 565 const struct sctp_chunk *chunk) 566 { 567 struct sctp_chunk *retval; 568 int cookie_len; 569 void *cookie; 570 571 cookie = asoc->peer.cookie; 572 cookie_len = asoc->peer.cookie_len; 573 574 /* Build a cookie echo chunk. */ 575 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, 576 cookie_len, GFP_ATOMIC); 577 if (!retval) 578 goto nodata; 579 retval->subh.cookie_hdr = 580 sctp_addto_chunk(retval, cookie_len, cookie); 581 582 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 583 * 584 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 585 * HEARTBEAT ACK, * etc.) to the same destination transport 586 * address from which it * received the DATA or control chunk 587 * to which it is replying. 588 * 589 * [COOKIE ECHO back to where the INIT ACK came from.] 590 */ 591 if (chunk) 592 retval->transport = chunk->transport; 593 594 nodata: 595 return retval; 596 } 597 598 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 599 * 600 * This chunk is used only during the initialization of an 601 * association. It is used to acknowledge the receipt of a COOKIE 602 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 603 * within the association, but MAY be bundled with one or more DATA 604 * chunks or SACK chunk in the same SCTP packet. 605 * 606 * 0 1 2 3 607 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 608 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 609 * | Type = 11 |Chunk Flags | Length = 4 | 610 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 611 * 612 * Chunk Flags: 8 bits 613 * 614 * Set to zero on transmit and ignored on receipt. 615 */ 616 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 617 const struct sctp_chunk *chunk) 618 { 619 struct sctp_chunk *retval; 620 621 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC); 622 623 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 624 * 625 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 626 * HEARTBEAT ACK, * etc.) to the same destination transport 627 * address from which it * received the DATA or control chunk 628 * to which it is replying. 629 * 630 * [COOKIE ACK back to where the COOKIE ECHO came from.] 631 */ 632 if (retval && chunk && chunk->transport) 633 retval->transport = 634 sctp_assoc_lookup_paddr(asoc, 635 &chunk->transport->ipaddr); 636 637 return retval; 638 } 639 640 /* 641 * Appendix A: Explicit Congestion Notification: 642 * CWR: 643 * 644 * RFC 2481 details a specific bit for a sender to send in the header of 645 * its next outbound TCP segment to indicate to its peer that it has 646 * reduced its congestion window. This is termed the CWR bit. For 647 * SCTP the same indication is made by including the CWR chunk. 648 * This chunk contains one data element, i.e. the TSN number that 649 * was sent in the ECNE chunk. This element represents the lowest 650 * TSN number in the datagram that was originally marked with the 651 * CE bit. 652 * 653 * 0 1 2 3 654 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 655 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 656 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 657 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 658 * | Lowest TSN Number | 659 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 660 * 661 * Note: The CWR is considered a Control chunk. 662 */ 663 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 664 const __u32 lowest_tsn, 665 const struct sctp_chunk *chunk) 666 { 667 struct sctp_chunk *retval; 668 struct sctp_cwrhdr cwr; 669 670 cwr.lowest_tsn = htonl(lowest_tsn); 671 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 672 sizeof(cwr), GFP_ATOMIC); 673 674 if (!retval) 675 goto nodata; 676 677 retval->subh.ecn_cwr_hdr = 678 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 679 680 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 681 * 682 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 683 * HEARTBEAT ACK, * etc.) to the same destination transport 684 * address from which it * received the DATA or control chunk 685 * to which it is replying. 686 * 687 * [Report a reduced congestion window back to where the ECNE 688 * came from.] 689 */ 690 if (chunk) 691 retval->transport = chunk->transport; 692 693 nodata: 694 return retval; 695 } 696 697 /* Make an ECNE chunk. This is a congestion experienced report. */ 698 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 699 const __u32 lowest_tsn) 700 { 701 struct sctp_chunk *retval; 702 struct sctp_ecnehdr ecne; 703 704 ecne.lowest_tsn = htonl(lowest_tsn); 705 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 706 sizeof(ecne), GFP_ATOMIC); 707 if (!retval) 708 goto nodata; 709 retval->subh.ecne_hdr = 710 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 711 712 nodata: 713 return retval; 714 } 715 716 /* Make a DATA chunk for the given association from the provided 717 * parameters. However, do not populate the data payload. 718 */ 719 struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc, 720 const struct sctp_sndrcvinfo *sinfo, 721 int len, __u8 flags, gfp_t gfp) 722 { 723 struct sctp_chunk *retval; 724 struct sctp_datahdr dp; 725 726 /* We assign the TSN as LATE as possible, not here when 727 * creating the chunk. 728 */ 729 memset(&dp, 0, sizeof(dp)); 730 dp.ppid = sinfo->sinfo_ppid; 731 dp.stream = htons(sinfo->sinfo_stream); 732 733 /* Set the flags for an unordered send. */ 734 if (sinfo->sinfo_flags & SCTP_UNORDERED) 735 flags |= SCTP_DATA_UNORDERED; 736 737 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp); 738 if (!retval) 739 return NULL; 740 741 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 742 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 743 744 return retval; 745 } 746 747 /* Create a selective ackowledgement (SACK) for the given 748 * association. This reports on which TSN's we've seen to date, 749 * including duplicates and gaps. 750 */ 751 struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc) 752 { 753 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 754 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 755 __u16 num_gabs, num_dup_tsns; 756 struct sctp_transport *trans; 757 struct sctp_chunk *retval; 758 struct sctp_sackhdr sack; 759 __u32 ctsn; 760 int len; 761 762 memset(gabs, 0, sizeof(gabs)); 763 ctsn = sctp_tsnmap_get_ctsn(map); 764 765 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 766 767 /* How much room is needed in the chunk? */ 768 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 769 num_dup_tsns = sctp_tsnmap_num_dups(map); 770 771 /* Initialize the SACK header. */ 772 sack.cum_tsn_ack = htonl(ctsn); 773 sack.a_rwnd = htonl(asoc->a_rwnd); 774 sack.num_gap_ack_blocks = htons(num_gabs); 775 sack.num_dup_tsns = htons(num_dup_tsns); 776 777 len = sizeof(sack) 778 + sizeof(struct sctp_gap_ack_block) * num_gabs 779 + sizeof(__u32) * num_dup_tsns; 780 781 /* Create the chunk. */ 782 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC); 783 if (!retval) 784 goto nodata; 785 786 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 787 * 788 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 789 * HEARTBEAT ACK, etc.) to the same destination transport 790 * address from which it received the DATA or control chunk to 791 * which it is replying. This rule should also be followed if 792 * the endpoint is bundling DATA chunks together with the 793 * reply chunk. 794 * 795 * However, when acknowledging multiple DATA chunks received 796 * in packets from different source addresses in a single 797 * SACK, the SACK chunk may be transmitted to one of the 798 * destination transport addresses from which the DATA or 799 * control chunks being acknowledged were received. 800 * 801 * [BUG: We do not implement the following paragraph. 802 * Perhaps we should remember the last transport we used for a 803 * SACK and avoid that (if possible) if we have seen any 804 * duplicates. --piggy] 805 * 806 * When a receiver of a duplicate DATA chunk sends a SACK to a 807 * multi- homed endpoint it MAY be beneficial to vary the 808 * destination address and not use the source address of the 809 * DATA chunk. The reason being that receiving a duplicate 810 * from a multi-homed endpoint might indicate that the return 811 * path (as specified in the source address of the DATA chunk) 812 * for the SACK is broken. 813 * 814 * [Send to the address from which we last received a DATA chunk.] 815 */ 816 retval->transport = asoc->peer.last_data_from; 817 818 retval->subh.sack_hdr = 819 sctp_addto_chunk(retval, sizeof(sack), &sack); 820 821 /* Add the gap ack block information. */ 822 if (num_gabs) 823 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 824 gabs); 825 826 /* Add the duplicate TSN information. */ 827 if (num_dup_tsns) { 828 asoc->stats.idupchunks += num_dup_tsns; 829 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 830 sctp_tsnmap_get_dups(map)); 831 } 832 /* Once we have a sack generated, check to see what our sack 833 * generation is, if its 0, reset the transports to 0, and reset 834 * the association generation to 1 835 * 836 * The idea is that zero is never used as a valid generation for the 837 * association so no transport will match after a wrap event like this, 838 * Until the next sack 839 */ 840 if (++asoc->peer.sack_generation == 0) { 841 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 842 transports) 843 trans->sack_generation = 0; 844 asoc->peer.sack_generation = 1; 845 } 846 nodata: 847 return retval; 848 } 849 850 /* Make a SHUTDOWN chunk. */ 851 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 852 const struct sctp_chunk *chunk) 853 { 854 struct sctp_shutdownhdr shut; 855 struct sctp_chunk *retval; 856 __u32 ctsn; 857 858 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 859 shut.cum_tsn_ack = htonl(ctsn); 860 861 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 862 sizeof(shut), GFP_ATOMIC); 863 if (!retval) 864 goto nodata; 865 866 retval->subh.shutdown_hdr = 867 sctp_addto_chunk(retval, sizeof(shut), &shut); 868 869 if (chunk) 870 retval->transport = chunk->transport; 871 nodata: 872 return retval; 873 } 874 875 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 876 const struct sctp_chunk *chunk) 877 { 878 struct sctp_chunk *retval; 879 880 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0, 881 GFP_ATOMIC); 882 883 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 884 * 885 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 886 * HEARTBEAT ACK, * etc.) to the same destination transport 887 * address from which it * received the DATA or control chunk 888 * to which it is replying. 889 * 890 * [ACK back to where the SHUTDOWN came from.] 891 */ 892 if (retval && chunk) 893 retval->transport = chunk->transport; 894 895 return retval; 896 } 897 898 struct sctp_chunk *sctp_make_shutdown_complete( 899 const struct sctp_association *asoc, 900 const struct sctp_chunk *chunk) 901 { 902 struct sctp_chunk *retval; 903 __u8 flags = 0; 904 905 /* Set the T-bit if we have no association (vtag will be 906 * reflected) 907 */ 908 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 909 910 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 911 0, GFP_ATOMIC); 912 913 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 914 * 915 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 916 * HEARTBEAT ACK, * etc.) to the same destination transport 917 * address from which it * received the DATA or control chunk 918 * to which it is replying. 919 * 920 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 921 * came from.] 922 */ 923 if (retval && chunk) 924 retval->transport = chunk->transport; 925 926 return retval; 927 } 928 929 /* Create an ABORT. Note that we set the T bit if we have no 930 * association, except when responding to an INIT (sctpimpguide 2.41). 931 */ 932 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 933 const struct sctp_chunk *chunk, 934 const size_t hint) 935 { 936 struct sctp_chunk *retval; 937 __u8 flags = 0; 938 939 /* Set the T-bit if we have no association and 'chunk' is not 940 * an INIT (vtag will be reflected). 941 */ 942 if (!asoc) { 943 if (chunk && chunk->chunk_hdr && 944 chunk->chunk_hdr->type == SCTP_CID_INIT) 945 flags = 0; 946 else 947 flags = SCTP_CHUNK_FLAG_T; 948 } 949 950 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint, 951 GFP_ATOMIC); 952 953 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 954 * 955 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 956 * HEARTBEAT ACK, * etc.) to the same destination transport 957 * address from which it * received the DATA or control chunk 958 * to which it is replying. 959 * 960 * [ABORT back to where the offender came from.] 961 */ 962 if (retval && chunk) 963 retval->transport = chunk->transport; 964 965 return retval; 966 } 967 968 /* Helper to create ABORT with a NO_USER_DATA error. */ 969 struct sctp_chunk *sctp_make_abort_no_data( 970 const struct sctp_association *asoc, 971 const struct sctp_chunk *chunk, 972 __u32 tsn) 973 { 974 struct sctp_chunk *retval; 975 __be32 payload; 976 977 retval = sctp_make_abort(asoc, chunk, 978 sizeof(struct sctp_errhdr) + sizeof(tsn)); 979 980 if (!retval) 981 goto no_mem; 982 983 /* Put the tsn back into network byte order. */ 984 payload = htonl(tsn); 985 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 986 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 987 988 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 989 * 990 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 991 * HEARTBEAT ACK, * etc.) to the same destination transport 992 * address from which it * received the DATA or control chunk 993 * to which it is replying. 994 * 995 * [ABORT back to where the offender came from.] 996 */ 997 if (chunk) 998 retval->transport = chunk->transport; 999 1000 no_mem: 1001 return retval; 1002 } 1003 1004 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1005 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1006 struct msghdr *msg, 1007 size_t paylen) 1008 { 1009 struct sctp_chunk *retval; 1010 void *payload = NULL; 1011 int err; 1012 1013 retval = sctp_make_abort(asoc, NULL, 1014 sizeof(struct sctp_errhdr) + paylen); 1015 if (!retval) 1016 goto err_chunk; 1017 1018 if (paylen) { 1019 /* Put the msg_iov together into payload. */ 1020 payload = kmalloc(paylen, GFP_KERNEL); 1021 if (!payload) 1022 goto err_payload; 1023 1024 err = memcpy_from_msg(payload, msg, paylen); 1025 if (err < 0) 1026 goto err_copy; 1027 } 1028 1029 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1030 sctp_addto_chunk(retval, paylen, payload); 1031 1032 if (paylen) 1033 kfree(payload); 1034 1035 return retval; 1036 1037 err_copy: 1038 kfree(payload); 1039 err_payload: 1040 sctp_chunk_free(retval); 1041 retval = NULL; 1042 err_chunk: 1043 return retval; 1044 } 1045 1046 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1047 * enough. 1048 */ 1049 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1050 const void *data) 1051 { 1052 int chunklen = ntohs(chunk->chunk_hdr->length); 1053 void *target; 1054 1055 target = skb_put(chunk->skb, len); 1056 1057 if (data) 1058 memcpy(target, data, len); 1059 else 1060 memset(target, 0, len); 1061 1062 /* Adjust the chunk length field. */ 1063 chunk->chunk_hdr->length = htons(chunklen + len); 1064 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1065 1066 return target; 1067 } 1068 1069 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1070 struct sctp_chunk *sctp_make_abort_violation( 1071 const struct sctp_association *asoc, 1072 const struct sctp_chunk *chunk, 1073 const __u8 *payload, 1074 const size_t paylen) 1075 { 1076 struct sctp_chunk *retval; 1077 struct sctp_paramhdr phdr; 1078 1079 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) + 1080 paylen + sizeof(phdr)); 1081 if (!retval) 1082 goto end; 1083 1084 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen + 1085 sizeof(phdr)); 1086 1087 phdr.type = htons(chunk->chunk_hdr->type); 1088 phdr.length = chunk->chunk_hdr->length; 1089 sctp_addto_chunk(retval, paylen, payload); 1090 sctp_addto_param(retval, sizeof(phdr), &phdr); 1091 1092 end: 1093 return retval; 1094 } 1095 1096 struct sctp_chunk *sctp_make_violation_paramlen( 1097 const struct sctp_association *asoc, 1098 const struct sctp_chunk *chunk, 1099 struct sctp_paramhdr *param) 1100 { 1101 static const char error[] = "The following parameter had invalid length:"; 1102 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) + 1103 sizeof(*param); 1104 struct sctp_chunk *retval; 1105 1106 retval = sctp_make_abort(asoc, chunk, payload_len); 1107 if (!retval) 1108 goto nodata; 1109 1110 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1111 sizeof(error) + sizeof(*param)); 1112 sctp_addto_chunk(retval, sizeof(error), error); 1113 sctp_addto_param(retval, sizeof(*param), param); 1114 1115 nodata: 1116 return retval; 1117 } 1118 1119 struct sctp_chunk *sctp_make_violation_max_retrans( 1120 const struct sctp_association *asoc, 1121 const struct sctp_chunk *chunk) 1122 { 1123 static const char error[] = "Association exceeded its max_retrans count"; 1124 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr); 1125 struct sctp_chunk *retval; 1126 1127 retval = sctp_make_abort(asoc, chunk, payload_len); 1128 if (!retval) 1129 goto nodata; 1130 1131 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1132 sctp_addto_chunk(retval, sizeof(error), error); 1133 1134 nodata: 1135 return retval; 1136 } 1137 1138 /* Make a HEARTBEAT chunk. */ 1139 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1140 const struct sctp_transport *transport) 1141 { 1142 struct sctp_sender_hb_info hbinfo; 1143 struct sctp_chunk *retval; 1144 1145 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, 1146 sizeof(hbinfo), GFP_ATOMIC); 1147 1148 if (!retval) 1149 goto nodata; 1150 1151 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1152 hbinfo.param_hdr.length = htons(sizeof(hbinfo)); 1153 hbinfo.daddr = transport->ipaddr; 1154 hbinfo.sent_at = jiffies; 1155 hbinfo.hb_nonce = transport->hb_nonce; 1156 1157 /* Cast away the 'const', as this is just telling the chunk 1158 * what transport it belongs to. 1159 */ 1160 retval->transport = (struct sctp_transport *) transport; 1161 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1162 &hbinfo); 1163 1164 nodata: 1165 return retval; 1166 } 1167 1168 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1169 const struct sctp_chunk *chunk, 1170 const void *payload, 1171 const size_t paylen) 1172 { 1173 struct sctp_chunk *retval; 1174 1175 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen, 1176 GFP_ATOMIC); 1177 if (!retval) 1178 goto nodata; 1179 1180 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1181 1182 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1183 * 1184 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1185 * HEARTBEAT ACK, * etc.) to the same destination transport 1186 * address from which it * received the DATA or control chunk 1187 * to which it is replying. 1188 * 1189 * [HBACK back to where the HEARTBEAT came from.] 1190 */ 1191 if (chunk) 1192 retval->transport = chunk->transport; 1193 1194 nodata: 1195 return retval; 1196 } 1197 1198 /* Create an Operation Error chunk with the specified space reserved. 1199 * This routine can be used for containing multiple causes in the chunk. 1200 */ 1201 static struct sctp_chunk *sctp_make_op_error_space( 1202 const struct sctp_association *asoc, 1203 const struct sctp_chunk *chunk, 1204 size_t size) 1205 { 1206 struct sctp_chunk *retval; 1207 1208 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1209 sizeof(struct sctp_errhdr) + size, 1210 GFP_ATOMIC); 1211 if (!retval) 1212 goto nodata; 1213 1214 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1215 * 1216 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1217 * HEARTBEAT ACK, etc.) to the same destination transport 1218 * address from which it received the DATA or control chunk 1219 * to which it is replying. 1220 * 1221 */ 1222 if (chunk) 1223 retval->transport = chunk->transport; 1224 1225 nodata: 1226 return retval; 1227 } 1228 1229 /* Create an Operation Error chunk of a fixed size, specifically, 1230 * min(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) - overheads. 1231 * This is a helper function to allocate an error chunk for for those 1232 * invalid parameter codes in which we may not want to report all the 1233 * errors, if the incoming chunk is large. If it can't fit in a single 1234 * packet, we ignore it. 1235 */ 1236 static inline struct sctp_chunk *sctp_make_op_error_limited( 1237 const struct sctp_association *asoc, 1238 const struct sctp_chunk *chunk) 1239 { 1240 size_t size = SCTP_DEFAULT_MAXSEGMENT; 1241 struct sctp_sock *sp = NULL; 1242 1243 if (asoc) { 1244 size = min_t(size_t, size, asoc->pathmtu); 1245 sp = sctp_sk(asoc->base.sk); 1246 } 1247 1248 size = sctp_mtu_payload(sp, size, sizeof(struct sctp_errhdr)); 1249 1250 return sctp_make_op_error_space(asoc, chunk, size); 1251 } 1252 1253 /* Create an Operation Error chunk. */ 1254 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1255 const struct sctp_chunk *chunk, 1256 __be16 cause_code, const void *payload, 1257 size_t paylen, size_t reserve_tail) 1258 { 1259 struct sctp_chunk *retval; 1260 1261 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1262 if (!retval) 1263 goto nodata; 1264 1265 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1266 sctp_addto_chunk(retval, paylen, payload); 1267 if (reserve_tail) 1268 sctp_addto_param(retval, reserve_tail, NULL); 1269 1270 nodata: 1271 return retval; 1272 } 1273 1274 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc, 1275 __u16 key_id) 1276 { 1277 struct sctp_authhdr auth_hdr; 1278 struct sctp_hmac *hmac_desc; 1279 struct sctp_chunk *retval; 1280 1281 /* Get the first hmac that the peer told us to use */ 1282 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1283 if (unlikely(!hmac_desc)) 1284 return NULL; 1285 1286 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1287 hmac_desc->hmac_len + sizeof(auth_hdr), 1288 GFP_ATOMIC); 1289 if (!retval) 1290 return NULL; 1291 1292 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1293 auth_hdr.shkey_id = htons(key_id); 1294 1295 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr), 1296 &auth_hdr); 1297 1298 skb_put_zero(retval->skb, hmac_desc->hmac_len); 1299 1300 /* Adjust the chunk header to include the empty MAC */ 1301 retval->chunk_hdr->length = 1302 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1303 retval->chunk_end = skb_tail_pointer(retval->skb); 1304 1305 return retval; 1306 } 1307 1308 1309 /******************************************************************** 1310 * 2nd Level Abstractions 1311 ********************************************************************/ 1312 1313 /* Turn an skb into a chunk. 1314 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1315 * 1316 * sctpimpguide-05.txt Section 2.8.2 1317 * M1) Each time a new DATA chunk is transmitted 1318 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1319 * 'TSN.Missing.Report' count will be used to determine missing chunks 1320 * and when to fast retransmit. 1321 * 1322 */ 1323 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1324 const struct sctp_association *asoc, 1325 struct sock *sk, gfp_t gfp) 1326 { 1327 struct sctp_chunk *retval; 1328 1329 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp); 1330 1331 if (!retval) 1332 goto nodata; 1333 if (!sk) 1334 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1335 1336 INIT_LIST_HEAD(&retval->list); 1337 retval->skb = skb; 1338 retval->asoc = (struct sctp_association *)asoc; 1339 retval->singleton = 1; 1340 1341 retval->fast_retransmit = SCTP_CAN_FRTX; 1342 1343 /* Polish the bead hole. */ 1344 INIT_LIST_HEAD(&retval->transmitted_list); 1345 INIT_LIST_HEAD(&retval->frag_list); 1346 SCTP_DBG_OBJCNT_INC(chunk); 1347 refcount_set(&retval->refcnt, 1); 1348 1349 nodata: 1350 return retval; 1351 } 1352 1353 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1354 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1355 union sctp_addr *dest) 1356 { 1357 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1358 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1359 } 1360 1361 /* Extract the source address from a chunk. */ 1362 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1363 { 1364 /* If we have a known transport, use that. */ 1365 if (chunk->transport) { 1366 return &chunk->transport->ipaddr; 1367 } else { 1368 /* Otherwise, extract it from the IP header. */ 1369 return &chunk->source; 1370 } 1371 } 1372 1373 /* Create a new chunk, setting the type and flags headers from the 1374 * arguments, reserving enough space for a 'paylen' byte payload. 1375 */ 1376 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1377 __u8 type, __u8 flags, int paylen, 1378 gfp_t gfp) 1379 { 1380 struct sctp_chunkhdr *chunk_hdr; 1381 struct sctp_chunk *retval; 1382 struct sk_buff *skb; 1383 struct sock *sk; 1384 int chunklen; 1385 1386 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen); 1387 if (chunklen > SCTP_MAX_CHUNK_LEN) 1388 goto nodata; 1389 1390 /* No need to allocate LL here, as this is only a chunk. */ 1391 skb = alloc_skb(chunklen, gfp); 1392 if (!skb) 1393 goto nodata; 1394 1395 /* Make room for the chunk header. */ 1396 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr)); 1397 chunk_hdr->type = type; 1398 chunk_hdr->flags = flags; 1399 chunk_hdr->length = htons(sizeof(*chunk_hdr)); 1400 1401 sk = asoc ? asoc->base.sk : NULL; 1402 retval = sctp_chunkify(skb, asoc, sk, gfp); 1403 if (!retval) { 1404 kfree_skb(skb); 1405 goto nodata; 1406 } 1407 1408 retval->chunk_hdr = chunk_hdr; 1409 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr); 1410 1411 /* Determine if the chunk needs to be authenticated */ 1412 if (sctp_auth_send_cid(type, asoc)) 1413 retval->auth = 1; 1414 1415 return retval; 1416 nodata: 1417 return NULL; 1418 } 1419 1420 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1421 __u8 flags, int paylen, gfp_t gfp) 1422 { 1423 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp); 1424 } 1425 1426 struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc, 1427 __u8 flags, int paylen, gfp_t gfp) 1428 { 1429 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp); 1430 } 1431 1432 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1433 __u8 type, __u8 flags, int paylen, 1434 gfp_t gfp) 1435 { 1436 struct sctp_chunk *chunk; 1437 1438 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); 1439 if (chunk) 1440 sctp_control_set_owner_w(chunk); 1441 1442 return chunk; 1443 } 1444 1445 /* Release the memory occupied by a chunk. */ 1446 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1447 { 1448 BUG_ON(!list_empty(&chunk->list)); 1449 list_del_init(&chunk->transmitted_list); 1450 1451 consume_skb(chunk->skb); 1452 consume_skb(chunk->auth_chunk); 1453 1454 SCTP_DBG_OBJCNT_DEC(chunk); 1455 kmem_cache_free(sctp_chunk_cachep, chunk); 1456 } 1457 1458 /* Possibly, free the chunk. */ 1459 void sctp_chunk_free(struct sctp_chunk *chunk) 1460 { 1461 /* Release our reference on the message tracker. */ 1462 if (chunk->msg) 1463 sctp_datamsg_put(chunk->msg); 1464 1465 sctp_chunk_put(chunk); 1466 } 1467 1468 /* Grab a reference to the chunk. */ 1469 void sctp_chunk_hold(struct sctp_chunk *ch) 1470 { 1471 refcount_inc(&ch->refcnt); 1472 } 1473 1474 /* Release a reference to the chunk. */ 1475 void sctp_chunk_put(struct sctp_chunk *ch) 1476 { 1477 if (refcount_dec_and_test(&ch->refcnt)) 1478 sctp_chunk_destroy(ch); 1479 } 1480 1481 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1482 * enough. 1483 */ 1484 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1485 { 1486 int chunklen = ntohs(chunk->chunk_hdr->length); 1487 int padlen = SCTP_PAD4(chunklen) - chunklen; 1488 void *target; 1489 1490 skb_put_zero(chunk->skb, padlen); 1491 target = skb_put_data(chunk->skb, data, len); 1492 1493 /* Adjust the chunk length field. */ 1494 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1495 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1496 1497 return target; 1498 } 1499 1500 /* Append bytes from user space to the end of a chunk. Will panic if 1501 * chunk is not big enough. 1502 * Returns a kernel err value. 1503 */ 1504 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1505 struct iov_iter *from) 1506 { 1507 void *target; 1508 1509 /* Make room in chunk for data. */ 1510 target = skb_put(chunk->skb, len); 1511 1512 /* Copy data (whole iovec) into chunk */ 1513 if (!copy_from_iter_full(target, len, from)) 1514 return -EFAULT; 1515 1516 /* Adjust the chunk length field. */ 1517 chunk->chunk_hdr->length = 1518 htons(ntohs(chunk->chunk_hdr->length) + len); 1519 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1520 1521 return 0; 1522 } 1523 1524 /* Helper function to assign a TSN if needed. This assumes that both 1525 * the data_hdr and association have already been assigned. 1526 */ 1527 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1528 { 1529 struct sctp_stream *stream; 1530 struct sctp_chunk *lchunk; 1531 struct sctp_datamsg *msg; 1532 __u16 ssn, sid; 1533 1534 if (chunk->has_ssn) 1535 return; 1536 1537 /* All fragments will be on the same stream */ 1538 sid = ntohs(chunk->subh.data_hdr->stream); 1539 stream = &chunk->asoc->stream; 1540 1541 /* Now assign the sequence number to the entire message. 1542 * All fragments must have the same stream sequence number. 1543 */ 1544 msg = chunk->msg; 1545 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1546 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1547 ssn = 0; 1548 } else { 1549 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1550 ssn = sctp_ssn_next(stream, out, sid); 1551 else 1552 ssn = sctp_ssn_peek(stream, out, sid); 1553 } 1554 1555 lchunk->subh.data_hdr->ssn = htons(ssn); 1556 lchunk->has_ssn = 1; 1557 } 1558 } 1559 1560 /* Helper function to assign a TSN if needed. This assumes that both 1561 * the data_hdr and association have already been assigned. 1562 */ 1563 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1564 { 1565 if (!chunk->has_tsn) { 1566 /* This is the last possible instant to 1567 * assign a TSN. 1568 */ 1569 chunk->subh.data_hdr->tsn = 1570 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1571 chunk->has_tsn = 1; 1572 } 1573 } 1574 1575 /* Create a CLOSED association to use with an incoming packet. */ 1576 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1577 struct sctp_chunk *chunk, 1578 gfp_t gfp) 1579 { 1580 struct sctp_association *asoc; 1581 enum sctp_scope scope; 1582 struct sk_buff *skb; 1583 1584 /* Create the bare association. */ 1585 scope = sctp_scope(sctp_source(chunk)); 1586 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1587 if (!asoc) 1588 goto nodata; 1589 asoc->temp = 1; 1590 skb = chunk->skb; 1591 /* Create an entry for the source address of the packet. */ 1592 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); 1593 1594 nodata: 1595 return asoc; 1596 } 1597 1598 /* Build a cookie representing asoc. 1599 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1600 */ 1601 static struct sctp_cookie_param *sctp_pack_cookie( 1602 const struct sctp_endpoint *ep, 1603 const struct sctp_association *asoc, 1604 const struct sctp_chunk *init_chunk, 1605 int *cookie_len, const __u8 *raw_addrs, 1606 int addrs_len) 1607 { 1608 struct sctp_signed_cookie *cookie; 1609 struct sctp_cookie_param *retval; 1610 int headersize, bodysize; 1611 1612 /* Header size is static data prior to the actual cookie, including 1613 * any padding. 1614 */ 1615 headersize = sizeof(struct sctp_paramhdr) + 1616 (sizeof(struct sctp_signed_cookie) - 1617 sizeof(struct sctp_cookie)); 1618 bodysize = sizeof(struct sctp_cookie) 1619 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1620 1621 /* Pad out the cookie to a multiple to make the signature 1622 * functions simpler to write. 1623 */ 1624 if (bodysize % SCTP_COOKIE_MULTIPLE) 1625 bodysize += SCTP_COOKIE_MULTIPLE 1626 - (bodysize % SCTP_COOKIE_MULTIPLE); 1627 *cookie_len = headersize + bodysize; 1628 1629 /* Clear this memory since we are sending this data structure 1630 * out on the network. 1631 */ 1632 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1633 if (!retval) 1634 goto nodata; 1635 1636 cookie = (struct sctp_signed_cookie *) retval->body; 1637 1638 /* Set up the parameter header. */ 1639 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1640 retval->p.length = htons(*cookie_len); 1641 1642 /* Copy the cookie part of the association itself. */ 1643 cookie->c = asoc->c; 1644 /* Save the raw address list length in the cookie. */ 1645 cookie->c.raw_addr_list_len = addrs_len; 1646 1647 /* Remember PR-SCTP capability. */ 1648 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1649 1650 /* Save adaptation indication in the cookie. */ 1651 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1652 1653 /* Set an expiration time for the cookie. */ 1654 cookie->c.expiration = ktime_add(asoc->cookie_life, 1655 ktime_get_real()); 1656 1657 /* Copy the peer's init packet. */ 1658 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1659 ntohs(init_chunk->chunk_hdr->length)); 1660 1661 /* Copy the raw local address list of the association. */ 1662 memcpy((__u8 *)&cookie->c.peer_init[0] + 1663 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1664 1665 if (sctp_sk(ep->base.sk)->hmac) { 1666 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1667 int err; 1668 1669 /* Sign the message. */ 1670 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1671 1672 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1673 sizeof(ep->secret_key)) ?: 1674 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize, 1675 cookie->signature); 1676 shash_desc_zero(desc); 1677 if (err) 1678 goto free_cookie; 1679 } 1680 1681 return retval; 1682 1683 free_cookie: 1684 kfree(retval); 1685 nodata: 1686 *cookie_len = 0; 1687 return NULL; 1688 } 1689 1690 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1691 struct sctp_association *sctp_unpack_cookie( 1692 const struct sctp_endpoint *ep, 1693 const struct sctp_association *asoc, 1694 struct sctp_chunk *chunk, gfp_t gfp, 1695 int *error, struct sctp_chunk **errp) 1696 { 1697 struct sctp_association *retval = NULL; 1698 int headersize, bodysize, fixed_size; 1699 struct sctp_signed_cookie *cookie; 1700 struct sk_buff *skb = chunk->skb; 1701 struct sctp_cookie *bear_cookie; 1702 __u8 *digest = ep->digest; 1703 enum sctp_scope scope; 1704 unsigned int len; 1705 ktime_t kt; 1706 1707 /* Header size is static data prior to the actual cookie, including 1708 * any padding. 1709 */ 1710 headersize = sizeof(struct sctp_chunkhdr) + 1711 (sizeof(struct sctp_signed_cookie) - 1712 sizeof(struct sctp_cookie)); 1713 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1714 fixed_size = headersize + sizeof(struct sctp_cookie); 1715 1716 /* Verify that the chunk looks like it even has a cookie. 1717 * There must be enough room for our cookie and our peer's 1718 * INIT chunk. 1719 */ 1720 len = ntohs(chunk->chunk_hdr->length); 1721 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1722 goto malformed; 1723 1724 /* Verify that the cookie has been padded out. */ 1725 if (bodysize % SCTP_COOKIE_MULTIPLE) 1726 goto malformed; 1727 1728 /* Process the cookie. */ 1729 cookie = chunk->subh.cookie_hdr; 1730 bear_cookie = &cookie->c; 1731 1732 if (!sctp_sk(ep->base.sk)->hmac) 1733 goto no_hmac; 1734 1735 /* Check the signature. */ 1736 { 1737 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1738 int err; 1739 1740 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1741 1742 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1743 sizeof(ep->secret_key)) ?: 1744 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize, 1745 digest); 1746 shash_desc_zero(desc); 1747 1748 if (err) { 1749 *error = -SCTP_IERROR_NOMEM; 1750 goto fail; 1751 } 1752 } 1753 1754 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1755 *error = -SCTP_IERROR_BAD_SIG; 1756 goto fail; 1757 } 1758 1759 no_hmac: 1760 /* IG Section 2.35.2: 1761 * 3) Compare the port numbers and the verification tag contained 1762 * within the COOKIE ECHO chunk to the actual port numbers and the 1763 * verification tag within the SCTP common header of the received 1764 * packet. If these values do not match the packet MUST be silently 1765 * discarded, 1766 */ 1767 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1768 *error = -SCTP_IERROR_BAD_TAG; 1769 goto fail; 1770 } 1771 1772 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1773 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1774 *error = -SCTP_IERROR_BAD_PORTS; 1775 goto fail; 1776 } 1777 1778 /* Check to see if the cookie is stale. If there is already 1779 * an association, there is no need to check cookie's expiration 1780 * for init collision case of lost COOKIE ACK. 1781 * If skb has been timestamped, then use the stamp, otherwise 1782 * use current time. This introduces a small possibility that 1783 * that a cookie may be considered expired, but his would only slow 1784 * down the new association establishment instead of every packet. 1785 */ 1786 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1787 kt = skb_get_ktime(skb); 1788 else 1789 kt = ktime_get_real(); 1790 1791 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1792 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1793 __be32 n = htonl(usecs); 1794 1795 /* 1796 * Section 3.3.10.3 Stale Cookie Error (3) 1797 * 1798 * Cause of error 1799 * --------------- 1800 * Stale Cookie Error: Indicates the receipt of a valid State 1801 * Cookie that has expired. 1802 */ 1803 *errp = sctp_make_op_error(asoc, chunk, 1804 SCTP_ERROR_STALE_COOKIE, &n, 1805 sizeof(n), 0); 1806 if (*errp) 1807 *error = -SCTP_IERROR_STALE_COOKIE; 1808 else 1809 *error = -SCTP_IERROR_NOMEM; 1810 1811 goto fail; 1812 } 1813 1814 /* Make a new base association. */ 1815 scope = sctp_scope(sctp_source(chunk)); 1816 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1817 if (!retval) { 1818 *error = -SCTP_IERROR_NOMEM; 1819 goto fail; 1820 } 1821 1822 /* Set up our peer's port number. */ 1823 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1824 1825 /* Populate the association from the cookie. */ 1826 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1827 1828 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1829 GFP_ATOMIC) < 0) { 1830 *error = -SCTP_IERROR_NOMEM; 1831 goto fail; 1832 } 1833 1834 /* Also, add the destination address. */ 1835 if (list_empty(&retval->base.bind_addr.address_list)) { 1836 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1837 sizeof(chunk->dest), SCTP_ADDR_SRC, 1838 GFP_ATOMIC); 1839 } 1840 1841 retval->next_tsn = retval->c.initial_tsn; 1842 retval->ctsn_ack_point = retval->next_tsn - 1; 1843 retval->addip_serial = retval->c.initial_tsn; 1844 retval->strreset_outseq = retval->c.initial_tsn; 1845 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1846 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1847 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1848 1849 /* The INIT stuff will be done by the side effects. */ 1850 return retval; 1851 1852 fail: 1853 if (retval) 1854 sctp_association_free(retval); 1855 1856 return NULL; 1857 1858 malformed: 1859 /* Yikes! The packet is either corrupt or deliberately 1860 * malformed. 1861 */ 1862 *error = -SCTP_IERROR_MALFORMED; 1863 goto fail; 1864 } 1865 1866 /******************************************************************** 1867 * 3rd Level Abstractions 1868 ********************************************************************/ 1869 1870 struct __sctp_missing { 1871 __be32 num_missing; 1872 __be16 type; 1873 } __packed; 1874 1875 /* 1876 * Report a missing mandatory parameter. 1877 */ 1878 static int sctp_process_missing_param(const struct sctp_association *asoc, 1879 enum sctp_param paramtype, 1880 struct sctp_chunk *chunk, 1881 struct sctp_chunk **errp) 1882 { 1883 struct __sctp_missing report; 1884 __u16 len; 1885 1886 len = SCTP_PAD4(sizeof(report)); 1887 1888 /* Make an ERROR chunk, preparing enough room for 1889 * returning multiple unknown parameters. 1890 */ 1891 if (!*errp) 1892 *errp = sctp_make_op_error_space(asoc, chunk, len); 1893 1894 if (*errp) { 1895 report.num_missing = htonl(1); 1896 report.type = paramtype; 1897 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1898 sizeof(report)); 1899 sctp_addto_chunk(*errp, sizeof(report), &report); 1900 } 1901 1902 /* Stop processing this chunk. */ 1903 return 0; 1904 } 1905 1906 /* Report an Invalid Mandatory Parameter. */ 1907 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1908 struct sctp_chunk *chunk, 1909 struct sctp_chunk **errp) 1910 { 1911 /* Invalid Mandatory Parameter Error has no payload. */ 1912 1913 if (!*errp) 1914 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1915 1916 if (*errp) 1917 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1918 1919 /* Stop processing this chunk. */ 1920 return 0; 1921 } 1922 1923 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1924 struct sctp_paramhdr *param, 1925 const struct sctp_chunk *chunk, 1926 struct sctp_chunk **errp) 1927 { 1928 /* This is a fatal error. Any accumulated non-fatal errors are 1929 * not reported. 1930 */ 1931 if (*errp) 1932 sctp_chunk_free(*errp); 1933 1934 /* Create an error chunk and fill it in with our payload. */ 1935 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1936 1937 return 0; 1938 } 1939 1940 1941 /* Do not attempt to handle the HOST_NAME parm. However, do 1942 * send back an indicator to the peer. 1943 */ 1944 static int sctp_process_hn_param(const struct sctp_association *asoc, 1945 union sctp_params param, 1946 struct sctp_chunk *chunk, 1947 struct sctp_chunk **errp) 1948 { 1949 __u16 len = ntohs(param.p->length); 1950 1951 /* Processing of the HOST_NAME parameter will generate an 1952 * ABORT. If we've accumulated any non-fatal errors, they 1953 * would be unrecognized parameters and we should not include 1954 * them in the ABORT. 1955 */ 1956 if (*errp) 1957 sctp_chunk_free(*errp); 1958 1959 *errp = sctp_make_op_error(asoc, chunk, SCTP_ERROR_DNS_FAILED, 1960 param.v, len, 0); 1961 1962 /* Stop processing this chunk. */ 1963 return 0; 1964 } 1965 1966 static int sctp_verify_ext_param(struct net *net, 1967 const struct sctp_endpoint *ep, 1968 union sctp_params param) 1969 { 1970 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 1971 int have_asconf = 0; 1972 int have_auth = 0; 1973 int i; 1974 1975 for (i = 0; i < num_ext; i++) { 1976 switch (param.ext->chunks[i]) { 1977 case SCTP_CID_AUTH: 1978 have_auth = 1; 1979 break; 1980 case SCTP_CID_ASCONF: 1981 case SCTP_CID_ASCONF_ACK: 1982 have_asconf = 1; 1983 break; 1984 } 1985 } 1986 1987 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1988 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1989 * only if ADD-IP is turned on and we are not backward-compatible 1990 * mode. 1991 */ 1992 if (net->sctp.addip_noauth) 1993 return 1; 1994 1995 if (ep->asconf_enable && !have_auth && have_asconf) 1996 return 0; 1997 1998 return 1; 1999 } 2000 2001 static void sctp_process_ext_param(struct sctp_association *asoc, 2002 union sctp_params param) 2003 { 2004 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2005 int i; 2006 2007 for (i = 0; i < num_ext; i++) { 2008 switch (param.ext->chunks[i]) { 2009 case SCTP_CID_RECONF: 2010 if (asoc->ep->reconf_enable) 2011 asoc->peer.reconf_capable = 1; 2012 break; 2013 case SCTP_CID_FWD_TSN: 2014 if (asoc->ep->prsctp_enable) 2015 asoc->peer.prsctp_capable = 1; 2016 break; 2017 case SCTP_CID_AUTH: 2018 /* if the peer reports AUTH, assume that he 2019 * supports AUTH. 2020 */ 2021 if (asoc->ep->auth_enable) 2022 asoc->peer.auth_capable = 1; 2023 break; 2024 case SCTP_CID_ASCONF: 2025 case SCTP_CID_ASCONF_ACK: 2026 if (asoc->ep->asconf_enable) 2027 asoc->peer.asconf_capable = 1; 2028 break; 2029 case SCTP_CID_I_DATA: 2030 if (asoc->ep->intl_enable) 2031 asoc->peer.intl_capable = 1; 2032 break; 2033 default: 2034 break; 2035 } 2036 } 2037 } 2038 2039 /* RFC 3.2.1 & the Implementers Guide 2.2. 2040 * 2041 * The Parameter Types are encoded such that the 2042 * highest-order two bits specify the action that must be 2043 * taken if the processing endpoint does not recognize the 2044 * Parameter Type. 2045 * 2046 * 00 - Stop processing this parameter; do not process any further 2047 * parameters within this chunk 2048 * 2049 * 01 - Stop processing this parameter, do not process any further 2050 * parameters within this chunk, and report the unrecognized 2051 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2052 * 2053 * 10 - Skip this parameter and continue processing. 2054 * 2055 * 11 - Skip this parameter and continue processing but 2056 * report the unrecognized parameter in an 2057 * 'Unrecognized Parameter' ERROR chunk. 2058 * 2059 * Return value: 2060 * SCTP_IERROR_NO_ERROR - continue with the chunk 2061 * SCTP_IERROR_ERROR - stop and report an error. 2062 * SCTP_IERROR_NOMEME - out of memory. 2063 */ 2064 static enum sctp_ierror sctp_process_unk_param( 2065 const struct sctp_association *asoc, 2066 union sctp_params param, 2067 struct sctp_chunk *chunk, 2068 struct sctp_chunk **errp) 2069 { 2070 int retval = SCTP_IERROR_NO_ERROR; 2071 2072 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2073 case SCTP_PARAM_ACTION_DISCARD: 2074 retval = SCTP_IERROR_ERROR; 2075 break; 2076 case SCTP_PARAM_ACTION_SKIP: 2077 break; 2078 case SCTP_PARAM_ACTION_DISCARD_ERR: 2079 retval = SCTP_IERROR_ERROR; 2080 /* Fall through */ 2081 case SCTP_PARAM_ACTION_SKIP_ERR: 2082 /* Make an ERROR chunk, preparing enough room for 2083 * returning multiple unknown parameters. 2084 */ 2085 if (!*errp) { 2086 *errp = sctp_make_op_error_limited(asoc, chunk); 2087 if (!*errp) { 2088 /* If there is no memory for generating the 2089 * ERROR report as specified, an ABORT will be 2090 * triggered to the peer and the association 2091 * won't be established. 2092 */ 2093 retval = SCTP_IERROR_NOMEM; 2094 break; 2095 } 2096 } 2097 2098 if (!sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2099 ntohs(param.p->length))) 2100 sctp_addto_chunk(*errp, ntohs(param.p->length), 2101 param.v); 2102 break; 2103 default: 2104 break; 2105 } 2106 2107 return retval; 2108 } 2109 2110 /* Verify variable length parameters 2111 * Return values: 2112 * SCTP_IERROR_ABORT - trigger an ABORT 2113 * SCTP_IERROR_NOMEM - out of memory (abort) 2114 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2115 * SCTP_IERROR_NO_ERROR - continue with the chunk 2116 */ 2117 static enum sctp_ierror sctp_verify_param(struct net *net, 2118 const struct sctp_endpoint *ep, 2119 const struct sctp_association *asoc, 2120 union sctp_params param, 2121 enum sctp_cid cid, 2122 struct sctp_chunk *chunk, 2123 struct sctp_chunk **err_chunk) 2124 { 2125 struct sctp_hmac_algo_param *hmacs; 2126 int retval = SCTP_IERROR_NO_ERROR; 2127 __u16 n_elt, id = 0; 2128 int i; 2129 2130 /* FIXME - This routine is not looking at each parameter per the 2131 * chunk type, i.e., unrecognized parameters should be further 2132 * identified based on the chunk id. 2133 */ 2134 2135 switch (param.p->type) { 2136 case SCTP_PARAM_IPV4_ADDRESS: 2137 case SCTP_PARAM_IPV6_ADDRESS: 2138 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2139 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2140 case SCTP_PARAM_STATE_COOKIE: 2141 case SCTP_PARAM_HEARTBEAT_INFO: 2142 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2143 case SCTP_PARAM_ECN_CAPABLE: 2144 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2145 break; 2146 2147 case SCTP_PARAM_SUPPORTED_EXT: 2148 if (!sctp_verify_ext_param(net, ep, param)) 2149 return SCTP_IERROR_ABORT; 2150 break; 2151 2152 case SCTP_PARAM_SET_PRIMARY: 2153 if (ep->asconf_enable) 2154 break; 2155 goto fallthrough; 2156 2157 case SCTP_PARAM_HOST_NAME_ADDRESS: 2158 /* Tell the peer, we won't support this param. */ 2159 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2160 retval = SCTP_IERROR_ABORT; 2161 break; 2162 2163 case SCTP_PARAM_FWD_TSN_SUPPORT: 2164 if (ep->prsctp_enable) 2165 break; 2166 goto fallthrough; 2167 2168 case SCTP_PARAM_RANDOM: 2169 if (!ep->auth_enable) 2170 goto fallthrough; 2171 2172 /* SCTP-AUTH: Secion 6.1 2173 * If the random number is not 32 byte long the association 2174 * MUST be aborted. The ABORT chunk SHOULD contain the error 2175 * cause 'Protocol Violation'. 2176 */ 2177 if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) - 2178 sizeof(struct sctp_paramhdr)) { 2179 sctp_process_inv_paramlength(asoc, param.p, 2180 chunk, err_chunk); 2181 retval = SCTP_IERROR_ABORT; 2182 } 2183 break; 2184 2185 case SCTP_PARAM_CHUNKS: 2186 if (!ep->auth_enable) 2187 goto fallthrough; 2188 2189 /* SCTP-AUTH: Section 3.2 2190 * The CHUNKS parameter MUST be included once in the INIT or 2191 * INIT-ACK chunk if the sender wants to receive authenticated 2192 * chunks. Its maximum length is 260 bytes. 2193 */ 2194 if (260 < ntohs(param.p->length)) { 2195 sctp_process_inv_paramlength(asoc, param.p, 2196 chunk, err_chunk); 2197 retval = SCTP_IERROR_ABORT; 2198 } 2199 break; 2200 2201 case SCTP_PARAM_HMAC_ALGO: 2202 if (!ep->auth_enable) 2203 goto fallthrough; 2204 2205 hmacs = (struct sctp_hmac_algo_param *)param.p; 2206 n_elt = (ntohs(param.p->length) - 2207 sizeof(struct sctp_paramhdr)) >> 1; 2208 2209 /* SCTP-AUTH: Section 6.1 2210 * The HMAC algorithm based on SHA-1 MUST be supported and 2211 * included in the HMAC-ALGO parameter. 2212 */ 2213 for (i = 0; i < n_elt; i++) { 2214 id = ntohs(hmacs->hmac_ids[i]); 2215 2216 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2217 break; 2218 } 2219 2220 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2221 sctp_process_inv_paramlength(asoc, param.p, chunk, 2222 err_chunk); 2223 retval = SCTP_IERROR_ABORT; 2224 } 2225 break; 2226 fallthrough: 2227 default: 2228 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2229 __func__, ntohs(param.p->type), cid); 2230 2231 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2232 break; 2233 } 2234 return retval; 2235 } 2236 2237 /* Verify the INIT packet before we process it. */ 2238 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2239 const struct sctp_association *asoc, enum sctp_cid cid, 2240 struct sctp_init_chunk *peer_init, 2241 struct sctp_chunk *chunk, struct sctp_chunk **errp) 2242 { 2243 union sctp_params param; 2244 bool has_cookie = false; 2245 int result; 2246 2247 /* Check for missing mandatory parameters. Note: Initial TSN is 2248 * also mandatory, but is not checked here since the valid range 2249 * is 0..2**32-1. RFC4960, section 3.3.3. 2250 */ 2251 if (peer_init->init_hdr.num_outbound_streams == 0 || 2252 peer_init->init_hdr.num_inbound_streams == 0 || 2253 peer_init->init_hdr.init_tag == 0 || 2254 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2255 return sctp_process_inv_mandatory(asoc, chunk, errp); 2256 2257 sctp_walk_params(param, peer_init, init_hdr.params) { 2258 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2259 has_cookie = true; 2260 } 2261 2262 /* There is a possibility that a parameter length was bad and 2263 * in that case we would have stoped walking the parameters. 2264 * The current param.p would point at the bad one. 2265 * Current consensus on the mailing list is to generate a PROTOCOL 2266 * VIOLATION error. We build the ERROR chunk here and let the normal 2267 * error handling code build and send the packet. 2268 */ 2269 if (param.v != (void *)chunk->chunk_end) 2270 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2271 2272 /* The only missing mandatory param possible today is 2273 * the state cookie for an INIT-ACK chunk. 2274 */ 2275 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2276 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2277 chunk, errp); 2278 2279 /* Verify all the variable length parameters */ 2280 sctp_walk_params(param, peer_init, init_hdr.params) { 2281 result = sctp_verify_param(net, ep, asoc, param, cid, 2282 chunk, errp); 2283 switch (result) { 2284 case SCTP_IERROR_ABORT: 2285 case SCTP_IERROR_NOMEM: 2286 return 0; 2287 case SCTP_IERROR_ERROR: 2288 return 1; 2289 case SCTP_IERROR_NO_ERROR: 2290 default: 2291 break; 2292 } 2293 2294 } /* for (loop through all parameters) */ 2295 2296 return 1; 2297 } 2298 2299 /* Unpack the parameters in an INIT packet into an association. 2300 * Returns 0 on failure, else success. 2301 * FIXME: This is an association method. 2302 */ 2303 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2304 const union sctp_addr *peer_addr, 2305 struct sctp_init_chunk *peer_init, gfp_t gfp) 2306 { 2307 struct net *net = sock_net(asoc->base.sk); 2308 struct sctp_transport *transport; 2309 struct list_head *pos, *temp; 2310 union sctp_params param; 2311 union sctp_addr addr; 2312 struct sctp_af *af; 2313 int src_match = 0; 2314 2315 /* We must include the address that the INIT packet came from. 2316 * This is the only address that matters for an INIT packet. 2317 * When processing a COOKIE ECHO, we retrieve the from address 2318 * of the INIT from the cookie. 2319 */ 2320 2321 /* This implementation defaults to making the first transport 2322 * added as the primary transport. The source address seems to 2323 * be a a better choice than any of the embedded addresses. 2324 */ 2325 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2326 goto nomem; 2327 2328 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2329 src_match = 1; 2330 2331 /* Process the initialization parameters. */ 2332 sctp_walk_params(param, peer_init, init_hdr.params) { 2333 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2334 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2335 af = sctp_get_af_specific(param_type2af(param.p->type)); 2336 af->from_addr_param(&addr, param.addr, 2337 chunk->sctp_hdr->source, 0); 2338 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2339 src_match = 1; 2340 } 2341 2342 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2343 goto clean_up; 2344 } 2345 2346 /* source address of chunk may not match any valid address */ 2347 if (!src_match) 2348 goto clean_up; 2349 2350 /* AUTH: After processing the parameters, make sure that we 2351 * have all the required info to potentially do authentications. 2352 */ 2353 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2354 !asoc->peer.peer_hmacs)) 2355 asoc->peer.auth_capable = 0; 2356 2357 /* In a non-backward compatible mode, if the peer claims 2358 * support for ADD-IP but not AUTH, the ADD-IP spec states 2359 * that we MUST ABORT the association. Section 6. The section 2360 * also give us an option to silently ignore the packet, which 2361 * is what we'll do here. 2362 */ 2363 if (!net->sctp.addip_noauth && 2364 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2365 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2366 SCTP_PARAM_DEL_IP | 2367 SCTP_PARAM_SET_PRIMARY); 2368 asoc->peer.asconf_capable = 0; 2369 goto clean_up; 2370 } 2371 2372 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2373 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2374 transport = list_entry(pos, struct sctp_transport, transports); 2375 if (transport->state == SCTP_UNKNOWN) { 2376 sctp_assoc_rm_peer(asoc, transport); 2377 } 2378 } 2379 2380 /* The fixed INIT headers are always in network byte 2381 * order. 2382 */ 2383 asoc->peer.i.init_tag = 2384 ntohl(peer_init->init_hdr.init_tag); 2385 asoc->peer.i.a_rwnd = 2386 ntohl(peer_init->init_hdr.a_rwnd); 2387 asoc->peer.i.num_outbound_streams = 2388 ntohs(peer_init->init_hdr.num_outbound_streams); 2389 asoc->peer.i.num_inbound_streams = 2390 ntohs(peer_init->init_hdr.num_inbound_streams); 2391 asoc->peer.i.initial_tsn = 2392 ntohl(peer_init->init_hdr.initial_tsn); 2393 2394 asoc->strreset_inseq = asoc->peer.i.initial_tsn; 2395 2396 /* Apply the upper bounds for output streams based on peer's 2397 * number of inbound streams. 2398 */ 2399 if (asoc->c.sinit_num_ostreams > 2400 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2401 asoc->c.sinit_num_ostreams = 2402 ntohs(peer_init->init_hdr.num_inbound_streams); 2403 } 2404 2405 if (asoc->c.sinit_max_instreams > 2406 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2407 asoc->c.sinit_max_instreams = 2408 ntohs(peer_init->init_hdr.num_outbound_streams); 2409 } 2410 2411 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2412 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2413 2414 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2415 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2416 2417 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2418 * high (for example, implementations MAY use the size of the receiver 2419 * advertised window). 2420 */ 2421 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2422 transports) { 2423 transport->ssthresh = asoc->peer.i.a_rwnd; 2424 } 2425 2426 /* Set up the TSN tracking pieces. */ 2427 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2428 asoc->peer.i.initial_tsn, gfp)) 2429 goto clean_up; 2430 2431 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2432 * 2433 * The stream sequence number in all the streams shall start 2434 * from 0 when the association is established. Also, when the 2435 * stream sequence number reaches the value 65535 the next 2436 * stream sequence number shall be set to 0. 2437 */ 2438 2439 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 2440 asoc->c.sinit_max_instreams, gfp)) 2441 goto clean_up; 2442 2443 /* Update frag_point when stream_interleave may get changed. */ 2444 sctp_assoc_update_frag_point(asoc); 2445 2446 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp)) 2447 goto clean_up; 2448 2449 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2450 * 2451 * When an endpoint has an ASCONF signaled change to be sent to the 2452 * remote endpoint it should do the following: 2453 * ... 2454 * A2) A serial number should be assigned to the Chunk. The serial 2455 * number should be a monotonically increasing number. All serial 2456 * numbers are defined to be initialized at the start of the 2457 * association to the same value as the Initial TSN. 2458 */ 2459 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2460 return 1; 2461 2462 clean_up: 2463 /* Release the transport structures. */ 2464 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2465 transport = list_entry(pos, struct sctp_transport, transports); 2466 if (transport->state != SCTP_ACTIVE) 2467 sctp_assoc_rm_peer(asoc, transport); 2468 } 2469 2470 nomem: 2471 return 0; 2472 } 2473 2474 2475 /* Update asoc with the option described in param. 2476 * 2477 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2478 * 2479 * asoc is the association to update. 2480 * param is the variable length parameter to use for update. 2481 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2482 * If the current packet is an INIT we want to minimize the amount of 2483 * work we do. In particular, we should not build transport 2484 * structures for the addresses. 2485 */ 2486 static int sctp_process_param(struct sctp_association *asoc, 2487 union sctp_params param, 2488 const union sctp_addr *peer_addr, 2489 gfp_t gfp) 2490 { 2491 struct net *net = sock_net(asoc->base.sk); 2492 struct sctp_endpoint *ep = asoc->ep; 2493 union sctp_addr_param *addr_param; 2494 struct sctp_transport *t; 2495 enum sctp_scope scope; 2496 union sctp_addr addr; 2497 struct sctp_af *af; 2498 int retval = 1, i; 2499 u32 stale; 2500 __u16 sat; 2501 2502 /* We maintain all INIT parameters in network byte order all the 2503 * time. This allows us to not worry about whether the parameters 2504 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2505 */ 2506 switch (param.p->type) { 2507 case SCTP_PARAM_IPV6_ADDRESS: 2508 if (PF_INET6 != asoc->base.sk->sk_family) 2509 break; 2510 goto do_addr_param; 2511 2512 case SCTP_PARAM_IPV4_ADDRESS: 2513 /* v4 addresses are not allowed on v6-only socket */ 2514 if (ipv6_only_sock(asoc->base.sk)) 2515 break; 2516 do_addr_param: 2517 af = sctp_get_af_specific(param_type2af(param.p->type)); 2518 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2519 scope = sctp_scope(peer_addr); 2520 if (sctp_in_scope(net, &addr, scope)) 2521 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2522 return 0; 2523 break; 2524 2525 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2526 if (!net->sctp.cookie_preserve_enable) 2527 break; 2528 2529 stale = ntohl(param.life->lifespan_increment); 2530 2531 /* Suggested Cookie Life span increment's unit is msec, 2532 * (1/1000sec). 2533 */ 2534 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2535 break; 2536 2537 case SCTP_PARAM_HOST_NAME_ADDRESS: 2538 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2539 break; 2540 2541 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2542 /* Turn off the default values first so we'll know which 2543 * ones are really set by the peer. 2544 */ 2545 asoc->peer.ipv4_address = 0; 2546 asoc->peer.ipv6_address = 0; 2547 2548 /* Assume that peer supports the address family 2549 * by which it sends a packet. 2550 */ 2551 if (peer_addr->sa.sa_family == AF_INET6) 2552 asoc->peer.ipv6_address = 1; 2553 else if (peer_addr->sa.sa_family == AF_INET) 2554 asoc->peer.ipv4_address = 1; 2555 2556 /* Cycle through address types; avoid divide by 0. */ 2557 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2558 if (sat) 2559 sat /= sizeof(__u16); 2560 2561 for (i = 0; i < sat; ++i) { 2562 switch (param.sat->types[i]) { 2563 case SCTP_PARAM_IPV4_ADDRESS: 2564 asoc->peer.ipv4_address = 1; 2565 break; 2566 2567 case SCTP_PARAM_IPV6_ADDRESS: 2568 if (PF_INET6 == asoc->base.sk->sk_family) 2569 asoc->peer.ipv6_address = 1; 2570 break; 2571 2572 case SCTP_PARAM_HOST_NAME_ADDRESS: 2573 asoc->peer.hostname_address = 1; 2574 break; 2575 2576 default: /* Just ignore anything else. */ 2577 break; 2578 } 2579 } 2580 break; 2581 2582 case SCTP_PARAM_STATE_COOKIE: 2583 asoc->peer.cookie_len = 2584 ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2585 kfree(asoc->peer.cookie); 2586 asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp); 2587 if (!asoc->peer.cookie) 2588 retval = 0; 2589 break; 2590 2591 case SCTP_PARAM_HEARTBEAT_INFO: 2592 /* Would be odd to receive, but it causes no problems. */ 2593 break; 2594 2595 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2596 /* Rejected during verify stage. */ 2597 break; 2598 2599 case SCTP_PARAM_ECN_CAPABLE: 2600 asoc->peer.ecn_capable = 1; 2601 break; 2602 2603 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2604 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2605 break; 2606 2607 case SCTP_PARAM_SET_PRIMARY: 2608 if (!ep->asconf_enable) 2609 goto fall_through; 2610 2611 addr_param = param.v + sizeof(struct sctp_addip_param); 2612 2613 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2614 if (af == NULL) 2615 break; 2616 2617 af->from_addr_param(&addr, addr_param, 2618 htons(asoc->peer.port), 0); 2619 2620 /* if the address is invalid, we can't process it. 2621 * XXX: see spec for what to do. 2622 */ 2623 if (!af->addr_valid(&addr, NULL, NULL)) 2624 break; 2625 2626 t = sctp_assoc_lookup_paddr(asoc, &addr); 2627 if (!t) 2628 break; 2629 2630 sctp_assoc_set_primary(asoc, t); 2631 break; 2632 2633 case SCTP_PARAM_SUPPORTED_EXT: 2634 sctp_process_ext_param(asoc, param); 2635 break; 2636 2637 case SCTP_PARAM_FWD_TSN_SUPPORT: 2638 if (asoc->ep->prsctp_enable) { 2639 asoc->peer.prsctp_capable = 1; 2640 break; 2641 } 2642 /* Fall Through */ 2643 goto fall_through; 2644 2645 case SCTP_PARAM_RANDOM: 2646 if (!ep->auth_enable) 2647 goto fall_through; 2648 2649 /* Save peer's random parameter */ 2650 kfree(asoc->peer.peer_random); 2651 asoc->peer.peer_random = kmemdup(param.p, 2652 ntohs(param.p->length), gfp); 2653 if (!asoc->peer.peer_random) { 2654 retval = 0; 2655 break; 2656 } 2657 break; 2658 2659 case SCTP_PARAM_HMAC_ALGO: 2660 if (!ep->auth_enable) 2661 goto fall_through; 2662 2663 /* Save peer's HMAC list */ 2664 kfree(asoc->peer.peer_hmacs); 2665 asoc->peer.peer_hmacs = kmemdup(param.p, 2666 ntohs(param.p->length), gfp); 2667 if (!asoc->peer.peer_hmacs) { 2668 retval = 0; 2669 break; 2670 } 2671 2672 /* Set the default HMAC the peer requested*/ 2673 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2674 break; 2675 2676 case SCTP_PARAM_CHUNKS: 2677 if (!ep->auth_enable) 2678 goto fall_through; 2679 2680 kfree(asoc->peer.peer_chunks); 2681 asoc->peer.peer_chunks = kmemdup(param.p, 2682 ntohs(param.p->length), gfp); 2683 if (!asoc->peer.peer_chunks) 2684 retval = 0; 2685 break; 2686 fall_through: 2687 default: 2688 /* Any unrecognized parameters should have been caught 2689 * and handled by sctp_verify_param() which should be 2690 * called prior to this routine. Simply log the error 2691 * here. 2692 */ 2693 pr_debug("%s: ignoring param:%d for association:%p.\n", 2694 __func__, ntohs(param.p->type), asoc); 2695 break; 2696 } 2697 2698 return retval; 2699 } 2700 2701 /* Select a new verification tag. */ 2702 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2703 { 2704 /* I believe that this random number generator complies with RFC1750. 2705 * A tag of 0 is reserved for special cases (e.g. INIT). 2706 */ 2707 __u32 x; 2708 2709 do { 2710 get_random_bytes(&x, sizeof(__u32)); 2711 } while (x == 0); 2712 2713 return x; 2714 } 2715 2716 /* Select an initial TSN to send during startup. */ 2717 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2718 { 2719 __u32 retval; 2720 2721 get_random_bytes(&retval, sizeof(__u32)); 2722 return retval; 2723 } 2724 2725 /* 2726 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2727 * 0 1 2 3 2728 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2729 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2730 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2731 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2732 * | Serial Number | 2733 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2734 * | Address Parameter | 2735 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2736 * | ASCONF Parameter #1 | 2737 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2738 * \ \ 2739 * / .... / 2740 * \ \ 2741 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2742 * | ASCONF Parameter #N | 2743 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2744 * 2745 * Address Parameter and other parameter will not be wrapped in this function 2746 */ 2747 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2748 union sctp_addr *addr, 2749 int vparam_len) 2750 { 2751 struct sctp_addiphdr asconf; 2752 struct sctp_chunk *retval; 2753 int length = sizeof(asconf) + vparam_len; 2754 union sctp_addr_param addrparam; 2755 int addrlen; 2756 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2757 2758 addrlen = af->to_addr_param(addr, &addrparam); 2759 if (!addrlen) 2760 return NULL; 2761 length += addrlen; 2762 2763 /* Create the chunk. */ 2764 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length, 2765 GFP_ATOMIC); 2766 if (!retval) 2767 return NULL; 2768 2769 asconf.serial = htonl(asoc->addip_serial++); 2770 2771 retval->subh.addip_hdr = 2772 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2773 retval->param_hdr.v = 2774 sctp_addto_chunk(retval, addrlen, &addrparam); 2775 2776 return retval; 2777 } 2778 2779 /* ADDIP 2780 * 3.2.1 Add IP Address 2781 * 0 1 2 3 2782 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2783 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2784 * | Type = 0xC001 | Length = Variable | 2785 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2786 * | ASCONF-Request Correlation ID | 2787 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2788 * | Address Parameter | 2789 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2790 * 2791 * 3.2.2 Delete IP Address 2792 * 0 1 2 3 2793 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2794 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2795 * | Type = 0xC002 | Length = Variable | 2796 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2797 * | ASCONF-Request Correlation ID | 2798 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2799 * | Address Parameter | 2800 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2801 * 2802 */ 2803 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2804 union sctp_addr *laddr, 2805 struct sockaddr *addrs, 2806 int addrcnt, __be16 flags) 2807 { 2808 union sctp_addr_param addr_param; 2809 struct sctp_addip_param param; 2810 int paramlen = sizeof(param); 2811 struct sctp_chunk *retval; 2812 int addr_param_len = 0; 2813 union sctp_addr *addr; 2814 int totallen = 0, i; 2815 int del_pickup = 0; 2816 struct sctp_af *af; 2817 void *addr_buf; 2818 2819 /* Get total length of all the address parameters. */ 2820 addr_buf = addrs; 2821 for (i = 0; i < addrcnt; i++) { 2822 addr = addr_buf; 2823 af = sctp_get_af_specific(addr->v4.sin_family); 2824 addr_param_len = af->to_addr_param(addr, &addr_param); 2825 2826 totallen += paramlen; 2827 totallen += addr_param_len; 2828 2829 addr_buf += af->sockaddr_len; 2830 if (asoc->asconf_addr_del_pending && !del_pickup) { 2831 /* reuse the parameter length from the same scope one */ 2832 totallen += paramlen; 2833 totallen += addr_param_len; 2834 del_pickup = 1; 2835 2836 pr_debug("%s: picked same-scope del_pending addr, " 2837 "totallen for all addresses is %d\n", 2838 __func__, totallen); 2839 } 2840 } 2841 2842 /* Create an asconf chunk with the required length. */ 2843 retval = sctp_make_asconf(asoc, laddr, totallen); 2844 if (!retval) 2845 return NULL; 2846 2847 /* Add the address parameters to the asconf chunk. */ 2848 addr_buf = addrs; 2849 for (i = 0; i < addrcnt; i++) { 2850 addr = addr_buf; 2851 af = sctp_get_af_specific(addr->v4.sin_family); 2852 addr_param_len = af->to_addr_param(addr, &addr_param); 2853 param.param_hdr.type = flags; 2854 param.param_hdr.length = htons(paramlen + addr_param_len); 2855 param.crr_id = htonl(i); 2856 2857 sctp_addto_chunk(retval, paramlen, ¶m); 2858 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2859 2860 addr_buf += af->sockaddr_len; 2861 } 2862 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2863 addr = asoc->asconf_addr_del_pending; 2864 af = sctp_get_af_specific(addr->v4.sin_family); 2865 addr_param_len = af->to_addr_param(addr, &addr_param); 2866 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2867 param.param_hdr.length = htons(paramlen + addr_param_len); 2868 param.crr_id = htonl(i); 2869 2870 sctp_addto_chunk(retval, paramlen, ¶m); 2871 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2872 } 2873 return retval; 2874 } 2875 2876 /* ADDIP 2877 * 3.2.4 Set Primary IP Address 2878 * 0 1 2 3 2879 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2880 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2881 * | Type =0xC004 | Length = Variable | 2882 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2883 * | ASCONF-Request Correlation ID | 2884 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2885 * | Address Parameter | 2886 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2887 * 2888 * Create an ASCONF chunk with Set Primary IP address parameter. 2889 */ 2890 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2891 union sctp_addr *addr) 2892 { 2893 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2894 union sctp_addr_param addrparam; 2895 struct sctp_addip_param param; 2896 struct sctp_chunk *retval; 2897 int len = sizeof(param); 2898 int addrlen; 2899 2900 addrlen = af->to_addr_param(addr, &addrparam); 2901 if (!addrlen) 2902 return NULL; 2903 len += addrlen; 2904 2905 /* Create the chunk and make asconf header. */ 2906 retval = sctp_make_asconf(asoc, addr, len); 2907 if (!retval) 2908 return NULL; 2909 2910 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2911 param.param_hdr.length = htons(len); 2912 param.crr_id = 0; 2913 2914 sctp_addto_chunk(retval, sizeof(param), ¶m); 2915 sctp_addto_chunk(retval, addrlen, &addrparam); 2916 2917 return retval; 2918 } 2919 2920 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2921 * 0 1 2 3 2922 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2923 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2924 * | Type = 0x80 | Chunk Flags | Chunk Length | 2925 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2926 * | Serial Number | 2927 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2928 * | ASCONF Parameter Response#1 | 2929 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2930 * \ \ 2931 * / .... / 2932 * \ \ 2933 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2934 * | ASCONF Parameter Response#N | 2935 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2936 * 2937 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2938 */ 2939 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2940 __u32 serial, int vparam_len) 2941 { 2942 struct sctp_addiphdr asconf; 2943 struct sctp_chunk *retval; 2944 int length = sizeof(asconf) + vparam_len; 2945 2946 /* Create the chunk. */ 2947 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length, 2948 GFP_ATOMIC); 2949 if (!retval) 2950 return NULL; 2951 2952 asconf.serial = htonl(serial); 2953 2954 retval->subh.addip_hdr = 2955 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2956 2957 return retval; 2958 } 2959 2960 /* Add response parameters to an ASCONF_ACK chunk. */ 2961 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2962 __be16 err_code, 2963 struct sctp_addip_param *asconf_param) 2964 { 2965 struct sctp_addip_param ack_param; 2966 struct sctp_errhdr err_param; 2967 int asconf_param_len = 0; 2968 int err_param_len = 0; 2969 __be16 response_type; 2970 2971 if (SCTP_ERROR_NO_ERROR == err_code) { 2972 response_type = SCTP_PARAM_SUCCESS_REPORT; 2973 } else { 2974 response_type = SCTP_PARAM_ERR_CAUSE; 2975 err_param_len = sizeof(err_param); 2976 if (asconf_param) 2977 asconf_param_len = 2978 ntohs(asconf_param->param_hdr.length); 2979 } 2980 2981 /* Add Success Indication or Error Cause Indication parameter. */ 2982 ack_param.param_hdr.type = response_type; 2983 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2984 err_param_len + 2985 asconf_param_len); 2986 ack_param.crr_id = crr_id; 2987 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2988 2989 if (SCTP_ERROR_NO_ERROR == err_code) 2990 return; 2991 2992 /* Add Error Cause parameter. */ 2993 err_param.cause = err_code; 2994 err_param.length = htons(err_param_len + asconf_param_len); 2995 sctp_addto_chunk(chunk, err_param_len, &err_param); 2996 2997 /* Add the failed TLV copied from ASCONF chunk. */ 2998 if (asconf_param) 2999 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3000 } 3001 3002 /* Process a asconf parameter. */ 3003 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3004 struct sctp_chunk *asconf, 3005 struct sctp_addip_param *asconf_param) 3006 { 3007 union sctp_addr_param *addr_param; 3008 struct sctp_transport *peer; 3009 union sctp_addr addr; 3010 struct sctp_af *af; 3011 3012 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3013 3014 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3015 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3016 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3017 return SCTP_ERROR_UNKNOWN_PARAM; 3018 3019 switch (addr_param->p.type) { 3020 case SCTP_PARAM_IPV6_ADDRESS: 3021 if (!asoc->peer.ipv6_address) 3022 return SCTP_ERROR_DNS_FAILED; 3023 break; 3024 case SCTP_PARAM_IPV4_ADDRESS: 3025 if (!asoc->peer.ipv4_address) 3026 return SCTP_ERROR_DNS_FAILED; 3027 break; 3028 default: 3029 return SCTP_ERROR_DNS_FAILED; 3030 } 3031 3032 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3033 if (unlikely(!af)) 3034 return SCTP_ERROR_DNS_FAILED; 3035 3036 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3037 3038 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3039 * or multicast address. 3040 * (note: wildcard is permitted and requires special handling so 3041 * make sure we check for that) 3042 */ 3043 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3044 return SCTP_ERROR_DNS_FAILED; 3045 3046 switch (asconf_param->param_hdr.type) { 3047 case SCTP_PARAM_ADD_IP: 3048 /* Section 4.2.1: 3049 * If the address 0.0.0.0 or ::0 is provided, the source 3050 * address of the packet MUST be added. 3051 */ 3052 if (af->is_any(&addr)) 3053 memcpy(&addr, &asconf->source, sizeof(addr)); 3054 3055 if (security_sctp_bind_connect(asoc->ep->base.sk, 3056 SCTP_PARAM_ADD_IP, 3057 (struct sockaddr *)&addr, 3058 af->sockaddr_len)) 3059 return SCTP_ERROR_REQ_REFUSED; 3060 3061 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3062 * request and does not have the local resources to add this 3063 * new address to the association, it MUST return an Error 3064 * Cause TLV set to the new error code 'Operation Refused 3065 * Due to Resource Shortage'. 3066 */ 3067 3068 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3069 if (!peer) 3070 return SCTP_ERROR_RSRC_LOW; 3071 3072 /* Start the heartbeat timer. */ 3073 sctp_transport_reset_hb_timer(peer); 3074 asoc->new_transport = peer; 3075 break; 3076 case SCTP_PARAM_DEL_IP: 3077 /* ADDIP 4.3 D7) If a request is received to delete the 3078 * last remaining IP address of a peer endpoint, the receiver 3079 * MUST send an Error Cause TLV with the error cause set to the 3080 * new error code 'Request to Delete Last Remaining IP Address'. 3081 */ 3082 if (asoc->peer.transport_count == 1) 3083 return SCTP_ERROR_DEL_LAST_IP; 3084 3085 /* ADDIP 4.3 D8) If a request is received to delete an IP 3086 * address which is also the source address of the IP packet 3087 * which contained the ASCONF chunk, the receiver MUST reject 3088 * this request. To reject the request the receiver MUST send 3089 * an Error Cause TLV set to the new error code 'Request to 3090 * Delete Source IP Address' 3091 */ 3092 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3093 return SCTP_ERROR_DEL_SRC_IP; 3094 3095 /* Section 4.2.2 3096 * If the address 0.0.0.0 or ::0 is provided, all 3097 * addresses of the peer except the source address of the 3098 * packet MUST be deleted. 3099 */ 3100 if (af->is_any(&addr)) { 3101 sctp_assoc_set_primary(asoc, asconf->transport); 3102 sctp_assoc_del_nonprimary_peers(asoc, 3103 asconf->transport); 3104 return SCTP_ERROR_NO_ERROR; 3105 } 3106 3107 /* If the address is not part of the association, the 3108 * ASCONF-ACK with Error Cause Indication Parameter 3109 * which including cause of Unresolvable Address should 3110 * be sent. 3111 */ 3112 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3113 if (!peer) 3114 return SCTP_ERROR_DNS_FAILED; 3115 3116 sctp_assoc_rm_peer(asoc, peer); 3117 break; 3118 case SCTP_PARAM_SET_PRIMARY: 3119 /* ADDIP Section 4.2.4 3120 * If the address 0.0.0.0 or ::0 is provided, the receiver 3121 * MAY mark the source address of the packet as its 3122 * primary. 3123 */ 3124 if (af->is_any(&addr)) 3125 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3126 3127 if (security_sctp_bind_connect(asoc->ep->base.sk, 3128 SCTP_PARAM_SET_PRIMARY, 3129 (struct sockaddr *)&addr, 3130 af->sockaddr_len)) 3131 return SCTP_ERROR_REQ_REFUSED; 3132 3133 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3134 if (!peer) 3135 return SCTP_ERROR_DNS_FAILED; 3136 3137 sctp_assoc_set_primary(asoc, peer); 3138 break; 3139 } 3140 3141 return SCTP_ERROR_NO_ERROR; 3142 } 3143 3144 /* Verify the ASCONF packet before we process it. */ 3145 bool sctp_verify_asconf(const struct sctp_association *asoc, 3146 struct sctp_chunk *chunk, bool addr_param_needed, 3147 struct sctp_paramhdr **errp) 3148 { 3149 struct sctp_addip_chunk *addip; 3150 bool addr_param_seen = false; 3151 union sctp_params param; 3152 3153 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr; 3154 sctp_walk_params(param, addip, addip_hdr.params) { 3155 size_t length = ntohs(param.p->length); 3156 3157 *errp = param.p; 3158 switch (param.p->type) { 3159 case SCTP_PARAM_ERR_CAUSE: 3160 break; 3161 case SCTP_PARAM_IPV4_ADDRESS: 3162 if (length != sizeof(struct sctp_ipv4addr_param)) 3163 return false; 3164 /* ensure there is only one addr param and it's in the 3165 * beginning of addip_hdr params, or we reject it. 3166 */ 3167 if (param.v != addip->addip_hdr.params) 3168 return false; 3169 addr_param_seen = true; 3170 break; 3171 case SCTP_PARAM_IPV6_ADDRESS: 3172 if (length != sizeof(struct sctp_ipv6addr_param)) 3173 return false; 3174 if (param.v != addip->addip_hdr.params) 3175 return false; 3176 addr_param_seen = true; 3177 break; 3178 case SCTP_PARAM_ADD_IP: 3179 case SCTP_PARAM_DEL_IP: 3180 case SCTP_PARAM_SET_PRIMARY: 3181 /* In ASCONF chunks, these need to be first. */ 3182 if (addr_param_needed && !addr_param_seen) 3183 return false; 3184 length = ntohs(param.addip->param_hdr.length); 3185 if (length < sizeof(struct sctp_addip_param) + 3186 sizeof(**errp)) 3187 return false; 3188 break; 3189 case SCTP_PARAM_SUCCESS_REPORT: 3190 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3191 if (length != sizeof(struct sctp_addip_param)) 3192 return false; 3193 break; 3194 default: 3195 /* This is unkown to us, reject! */ 3196 return false; 3197 } 3198 } 3199 3200 /* Remaining sanity checks. */ 3201 if (addr_param_needed && !addr_param_seen) 3202 return false; 3203 if (!addr_param_needed && addr_param_seen) 3204 return false; 3205 if (param.v != chunk->chunk_end) 3206 return false; 3207 3208 return true; 3209 } 3210 3211 /* Process an incoming ASCONF chunk with the next expected serial no. and 3212 * return an ASCONF_ACK chunk to be sent in response. 3213 */ 3214 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3215 struct sctp_chunk *asconf) 3216 { 3217 union sctp_addr_param *addr_param; 3218 struct sctp_addip_chunk *addip; 3219 struct sctp_chunk *asconf_ack; 3220 bool all_param_pass = true; 3221 struct sctp_addiphdr *hdr; 3222 int length = 0, chunk_len; 3223 union sctp_params param; 3224 __be16 err_code; 3225 __u32 serial; 3226 3227 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr; 3228 chunk_len = ntohs(asconf->chunk_hdr->length) - 3229 sizeof(struct sctp_chunkhdr); 3230 hdr = (struct sctp_addiphdr *)asconf->skb->data; 3231 serial = ntohl(hdr->serial); 3232 3233 /* Skip the addiphdr and store a pointer to address parameter. */ 3234 length = sizeof(*hdr); 3235 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3236 chunk_len -= length; 3237 3238 /* Skip the address parameter and store a pointer to the first 3239 * asconf parameter. 3240 */ 3241 length = ntohs(addr_param->p.length); 3242 chunk_len -= length; 3243 3244 /* create an ASCONF_ACK chunk. 3245 * Based on the definitions of parameters, we know that the size of 3246 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3247 * parameters. 3248 */ 3249 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3250 if (!asconf_ack) 3251 goto done; 3252 3253 /* Process the TLVs contained within the ASCONF chunk. */ 3254 sctp_walk_params(param, addip, addip_hdr.params) { 3255 /* Skip preceeding address parameters. */ 3256 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3257 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3258 continue; 3259 3260 err_code = sctp_process_asconf_param(asoc, asconf, 3261 param.addip); 3262 /* ADDIP 4.1 A7) 3263 * If an error response is received for a TLV parameter, 3264 * all TLVs with no response before the failed TLV are 3265 * considered successful if not reported. All TLVs after 3266 * the failed response are considered unsuccessful unless 3267 * a specific success indication is present for the parameter. 3268 */ 3269 if (err_code != SCTP_ERROR_NO_ERROR) 3270 all_param_pass = false; 3271 if (!all_param_pass) 3272 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3273 err_code, param.addip); 3274 3275 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3276 * an IP address sends an 'Out of Resource' in its response, it 3277 * MUST also fail any subsequent add or delete requests bundled 3278 * in the ASCONF. 3279 */ 3280 if (err_code == SCTP_ERROR_RSRC_LOW) 3281 goto done; 3282 } 3283 done: 3284 asoc->peer.addip_serial++; 3285 3286 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3287 * after freeing the reference to old asconf ack if any. 3288 */ 3289 if (asconf_ack) { 3290 sctp_chunk_hold(asconf_ack); 3291 list_add_tail(&asconf_ack->transmitted_list, 3292 &asoc->asconf_ack_list); 3293 } 3294 3295 return asconf_ack; 3296 } 3297 3298 /* Process a asconf parameter that is successfully acked. */ 3299 static void sctp_asconf_param_success(struct sctp_association *asoc, 3300 struct sctp_addip_param *asconf_param) 3301 { 3302 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3303 union sctp_addr_param *addr_param; 3304 struct sctp_sockaddr_entry *saddr; 3305 struct sctp_transport *transport; 3306 union sctp_addr addr; 3307 struct sctp_af *af; 3308 3309 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3310 3311 /* We have checked the packet before, so we do not check again. */ 3312 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3313 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3314 3315 switch (asconf_param->param_hdr.type) { 3316 case SCTP_PARAM_ADD_IP: 3317 /* This is always done in BH context with a socket lock 3318 * held, so the list can not change. 3319 */ 3320 local_bh_disable(); 3321 list_for_each_entry(saddr, &bp->address_list, list) { 3322 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3323 saddr->state = SCTP_ADDR_SRC; 3324 } 3325 local_bh_enable(); 3326 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3327 transports) { 3328 sctp_transport_dst_release(transport); 3329 } 3330 break; 3331 case SCTP_PARAM_DEL_IP: 3332 local_bh_disable(); 3333 sctp_del_bind_addr(bp, &addr); 3334 if (asoc->asconf_addr_del_pending != NULL && 3335 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3336 kfree(asoc->asconf_addr_del_pending); 3337 asoc->asconf_addr_del_pending = NULL; 3338 } 3339 local_bh_enable(); 3340 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3341 transports) { 3342 sctp_transport_dst_release(transport); 3343 } 3344 break; 3345 default: 3346 break; 3347 } 3348 } 3349 3350 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3351 * for the given asconf parameter. If there is no response for this parameter, 3352 * return the error code based on the third argument 'no_err'. 3353 * ADDIP 4.1 3354 * A7) If an error response is received for a TLV parameter, all TLVs with no 3355 * response before the failed TLV are considered successful if not reported. 3356 * All TLVs after the failed response are considered unsuccessful unless a 3357 * specific success indication is present for the parameter. 3358 */ 3359 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3360 struct sctp_addip_param *asconf_param, 3361 int no_err) 3362 { 3363 struct sctp_addip_param *asconf_ack_param; 3364 struct sctp_errhdr *err_param; 3365 int asconf_ack_len; 3366 __be16 err_code; 3367 int length; 3368 3369 if (no_err) 3370 err_code = SCTP_ERROR_NO_ERROR; 3371 else 3372 err_code = SCTP_ERROR_REQ_REFUSED; 3373 3374 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3375 sizeof(struct sctp_chunkhdr); 3376 3377 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3378 * the first asconf_ack parameter. 3379 */ 3380 length = sizeof(struct sctp_addiphdr); 3381 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data + 3382 length); 3383 asconf_ack_len -= length; 3384 3385 while (asconf_ack_len > 0) { 3386 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3387 switch (asconf_ack_param->param_hdr.type) { 3388 case SCTP_PARAM_SUCCESS_REPORT: 3389 return SCTP_ERROR_NO_ERROR; 3390 case SCTP_PARAM_ERR_CAUSE: 3391 length = sizeof(*asconf_ack_param); 3392 err_param = (void *)asconf_ack_param + length; 3393 asconf_ack_len -= length; 3394 if (asconf_ack_len > 0) 3395 return err_param->cause; 3396 else 3397 return SCTP_ERROR_INV_PARAM; 3398 break; 3399 default: 3400 return SCTP_ERROR_INV_PARAM; 3401 } 3402 } 3403 3404 length = ntohs(asconf_ack_param->param_hdr.length); 3405 asconf_ack_param = (void *)asconf_ack_param + length; 3406 asconf_ack_len -= length; 3407 } 3408 3409 return err_code; 3410 } 3411 3412 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3413 int sctp_process_asconf_ack(struct sctp_association *asoc, 3414 struct sctp_chunk *asconf_ack) 3415 { 3416 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3417 struct sctp_addip_param *asconf_param; 3418 __be16 err_code = SCTP_ERROR_NO_ERROR; 3419 union sctp_addr_param *addr_param; 3420 int asconf_len = asconf->skb->len; 3421 int all_param_pass = 0; 3422 int length = 0; 3423 int no_err = 1; 3424 int retval = 0; 3425 3426 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3427 * a pointer to address parameter. 3428 */ 3429 length = sizeof(struct sctp_addip_chunk); 3430 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3431 asconf_len -= length; 3432 3433 /* Skip the address parameter in the last asconf sent and store a 3434 * pointer to the first asconf parameter. 3435 */ 3436 length = ntohs(addr_param->p.length); 3437 asconf_param = (void *)addr_param + length; 3438 asconf_len -= length; 3439 3440 /* ADDIP 4.1 3441 * A8) If there is no response(s) to specific TLV parameter(s), and no 3442 * failures are indicated, then all request(s) are considered 3443 * successful. 3444 */ 3445 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr)) 3446 all_param_pass = 1; 3447 3448 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3449 while (asconf_len > 0) { 3450 if (all_param_pass) 3451 err_code = SCTP_ERROR_NO_ERROR; 3452 else { 3453 err_code = sctp_get_asconf_response(asconf_ack, 3454 asconf_param, 3455 no_err); 3456 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3457 no_err = 0; 3458 } 3459 3460 switch (err_code) { 3461 case SCTP_ERROR_NO_ERROR: 3462 sctp_asconf_param_success(asoc, asconf_param); 3463 break; 3464 3465 case SCTP_ERROR_RSRC_LOW: 3466 retval = 1; 3467 break; 3468 3469 case SCTP_ERROR_UNKNOWN_PARAM: 3470 /* Disable sending this type of asconf parameter in 3471 * future. 3472 */ 3473 asoc->peer.addip_disabled_mask |= 3474 asconf_param->param_hdr.type; 3475 break; 3476 3477 case SCTP_ERROR_REQ_REFUSED: 3478 case SCTP_ERROR_DEL_LAST_IP: 3479 case SCTP_ERROR_DEL_SRC_IP: 3480 default: 3481 break; 3482 } 3483 3484 /* Skip the processed asconf parameter and move to the next 3485 * one. 3486 */ 3487 length = ntohs(asconf_param->param_hdr.length); 3488 asconf_param = (void *)asconf_param + length; 3489 asconf_len -= length; 3490 } 3491 3492 if (no_err && asoc->src_out_of_asoc_ok) { 3493 asoc->src_out_of_asoc_ok = 0; 3494 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3495 } 3496 3497 /* Free the cached last sent asconf chunk. */ 3498 list_del_init(&asconf->transmitted_list); 3499 sctp_chunk_free(asconf); 3500 asoc->addip_last_asconf = NULL; 3501 3502 return retval; 3503 } 3504 3505 /* Make a FWD TSN chunk. */ 3506 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3507 __u32 new_cum_tsn, size_t nstreams, 3508 struct sctp_fwdtsn_skip *skiplist) 3509 { 3510 struct sctp_chunk *retval = NULL; 3511 struct sctp_fwdtsn_hdr ftsn_hdr; 3512 struct sctp_fwdtsn_skip skip; 3513 size_t hint; 3514 int i; 3515 3516 hint = (nstreams + 1) * sizeof(__u32); 3517 3518 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC); 3519 3520 if (!retval) 3521 return NULL; 3522 3523 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3524 retval->subh.fwdtsn_hdr = 3525 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3526 3527 for (i = 0; i < nstreams; i++) { 3528 skip.stream = skiplist[i].stream; 3529 skip.ssn = skiplist[i].ssn; 3530 sctp_addto_chunk(retval, sizeof(skip), &skip); 3531 } 3532 3533 return retval; 3534 } 3535 3536 struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc, 3537 __u32 new_cum_tsn, size_t nstreams, 3538 struct sctp_ifwdtsn_skip *skiplist) 3539 { 3540 struct sctp_chunk *retval = NULL; 3541 struct sctp_ifwdtsn_hdr ftsn_hdr; 3542 size_t hint; 3543 3544 hint = (nstreams + 1) * sizeof(__u32); 3545 3546 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint, 3547 GFP_ATOMIC); 3548 if (!retval) 3549 return NULL; 3550 3551 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3552 retval->subh.ifwdtsn_hdr = 3553 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3554 3555 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist); 3556 3557 return retval; 3558 } 3559 3560 /* RE-CONFIG 3.1 (RE-CONFIG chunk) 3561 * 0 1 2 3 3562 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3563 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3564 * | Type = 130 | Chunk Flags | Chunk Length | 3565 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3566 * \ \ 3567 * / Re-configuration Parameter / 3568 * \ \ 3569 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3570 * \ \ 3571 * / Re-configuration Parameter (optional) / 3572 * \ \ 3573 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3574 */ 3575 static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc, 3576 int length) 3577 { 3578 struct sctp_reconf_chunk *reconf; 3579 struct sctp_chunk *retval; 3580 3581 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length, 3582 GFP_ATOMIC); 3583 if (!retval) 3584 return NULL; 3585 3586 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr; 3587 retval->param_hdr.v = reconf->params; 3588 3589 return retval; 3590 } 3591 3592 /* RE-CONFIG 4.1 (STREAM OUT RESET) 3593 * 0 1 2 3 3594 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3595 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3596 * | Parameter Type = 13 | Parameter Length = 16 + 2 * N | 3597 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3598 * | Re-configuration Request Sequence Number | 3599 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3600 * | Re-configuration Response Sequence Number | 3601 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3602 * | Sender's Last Assigned TSN | 3603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3604 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3606 * / ...... / 3607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3608 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3609 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3610 * 3611 * RE-CONFIG 4.2 (STREAM IN RESET) 3612 * 0 1 2 3 3613 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3614 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3615 * | Parameter Type = 14 | Parameter Length = 8 + 2 * N | 3616 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3617 * | Re-configuration Request Sequence Number | 3618 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3619 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3620 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3621 * / ...... / 3622 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3623 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3624 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3625 */ 3626 struct sctp_chunk *sctp_make_strreset_req( 3627 const struct sctp_association *asoc, 3628 __u16 stream_num, __be16 *stream_list, 3629 bool out, bool in) 3630 { 3631 __u16 stream_len = stream_num * sizeof(__u16); 3632 struct sctp_strreset_outreq outreq; 3633 struct sctp_strreset_inreq inreq; 3634 struct sctp_chunk *retval; 3635 __u16 outlen, inlen; 3636 3637 outlen = (sizeof(outreq) + stream_len) * out; 3638 inlen = (sizeof(inreq) + stream_len) * in; 3639 3640 retval = sctp_make_reconf(asoc, outlen + inlen); 3641 if (!retval) 3642 return NULL; 3643 3644 if (outlen) { 3645 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST; 3646 outreq.param_hdr.length = htons(outlen); 3647 outreq.request_seq = htonl(asoc->strreset_outseq); 3648 outreq.response_seq = htonl(asoc->strreset_inseq - 1); 3649 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1); 3650 3651 sctp_addto_chunk(retval, sizeof(outreq), &outreq); 3652 3653 if (stream_len) 3654 sctp_addto_chunk(retval, stream_len, stream_list); 3655 } 3656 3657 if (inlen) { 3658 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST; 3659 inreq.param_hdr.length = htons(inlen); 3660 inreq.request_seq = htonl(asoc->strreset_outseq + out); 3661 3662 sctp_addto_chunk(retval, sizeof(inreq), &inreq); 3663 3664 if (stream_len) 3665 sctp_addto_chunk(retval, stream_len, stream_list); 3666 } 3667 3668 return retval; 3669 } 3670 3671 /* RE-CONFIG 4.3 (SSN/TSN RESET ALL) 3672 * 0 1 2 3 3673 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3674 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3675 * | Parameter Type = 15 | Parameter Length = 8 | 3676 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3677 * | Re-configuration Request Sequence Number | 3678 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3679 */ 3680 struct sctp_chunk *sctp_make_strreset_tsnreq( 3681 const struct sctp_association *asoc) 3682 { 3683 struct sctp_strreset_tsnreq tsnreq; 3684 __u16 length = sizeof(tsnreq); 3685 struct sctp_chunk *retval; 3686 3687 retval = sctp_make_reconf(asoc, length); 3688 if (!retval) 3689 return NULL; 3690 3691 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST; 3692 tsnreq.param_hdr.length = htons(length); 3693 tsnreq.request_seq = htonl(asoc->strreset_outseq); 3694 3695 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq); 3696 3697 return retval; 3698 } 3699 3700 /* RE-CONFIG 4.5/4.6 (ADD STREAM) 3701 * 0 1 2 3 3702 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3703 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3704 * | Parameter Type = 17 | Parameter Length = 12 | 3705 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3706 * | Re-configuration Request Sequence Number | 3707 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3708 * | Number of new streams | Reserved | 3709 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3710 */ 3711 struct sctp_chunk *sctp_make_strreset_addstrm( 3712 const struct sctp_association *asoc, 3713 __u16 out, __u16 in) 3714 { 3715 struct sctp_strreset_addstrm addstrm; 3716 __u16 size = sizeof(addstrm); 3717 struct sctp_chunk *retval; 3718 3719 retval = sctp_make_reconf(asoc, (!!out + !!in) * size); 3720 if (!retval) 3721 return NULL; 3722 3723 if (out) { 3724 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS; 3725 addstrm.param_hdr.length = htons(size); 3726 addstrm.number_of_streams = htons(out); 3727 addstrm.request_seq = htonl(asoc->strreset_outseq); 3728 addstrm.reserved = 0; 3729 3730 sctp_addto_chunk(retval, size, &addstrm); 3731 } 3732 3733 if (in) { 3734 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS; 3735 addstrm.param_hdr.length = htons(size); 3736 addstrm.number_of_streams = htons(in); 3737 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out); 3738 addstrm.reserved = 0; 3739 3740 sctp_addto_chunk(retval, size, &addstrm); 3741 } 3742 3743 return retval; 3744 } 3745 3746 /* RE-CONFIG 4.4 (RESP) 3747 * 0 1 2 3 3748 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3749 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3750 * | Parameter Type = 16 | Parameter Length | 3751 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3752 * | Re-configuration Response Sequence Number | 3753 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3754 * | Result | 3755 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3756 */ 3757 struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc, 3758 __u32 result, __u32 sn) 3759 { 3760 struct sctp_strreset_resp resp; 3761 __u16 length = sizeof(resp); 3762 struct sctp_chunk *retval; 3763 3764 retval = sctp_make_reconf(asoc, length); 3765 if (!retval) 3766 return NULL; 3767 3768 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3769 resp.param_hdr.length = htons(length); 3770 resp.response_seq = htonl(sn); 3771 resp.result = htonl(result); 3772 3773 sctp_addto_chunk(retval, sizeof(resp), &resp); 3774 3775 return retval; 3776 } 3777 3778 /* RE-CONFIG 4.4 OPTIONAL (TSNRESP) 3779 * 0 1 2 3 3780 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3781 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3782 * | Parameter Type = 16 | Parameter Length | 3783 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3784 * | Re-configuration Response Sequence Number | 3785 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3786 * | Result | 3787 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3788 * | Sender's Next TSN (optional) | 3789 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3790 * | Receiver's Next TSN (optional) | 3791 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3792 */ 3793 struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc, 3794 __u32 result, __u32 sn, 3795 __u32 sender_tsn, 3796 __u32 receiver_tsn) 3797 { 3798 struct sctp_strreset_resptsn tsnresp; 3799 __u16 length = sizeof(tsnresp); 3800 struct sctp_chunk *retval; 3801 3802 retval = sctp_make_reconf(asoc, length); 3803 if (!retval) 3804 return NULL; 3805 3806 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3807 tsnresp.param_hdr.length = htons(length); 3808 3809 tsnresp.response_seq = htonl(sn); 3810 tsnresp.result = htonl(result); 3811 tsnresp.senders_next_tsn = htonl(sender_tsn); 3812 tsnresp.receivers_next_tsn = htonl(receiver_tsn); 3813 3814 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp); 3815 3816 return retval; 3817 } 3818 3819 bool sctp_verify_reconf(const struct sctp_association *asoc, 3820 struct sctp_chunk *chunk, 3821 struct sctp_paramhdr **errp) 3822 { 3823 struct sctp_reconf_chunk *hdr; 3824 union sctp_params param; 3825 __be16 last = 0; 3826 __u16 cnt = 0; 3827 3828 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; 3829 sctp_walk_params(param, hdr, params) { 3830 __u16 length = ntohs(param.p->length); 3831 3832 *errp = param.p; 3833 if (cnt++ > 2) 3834 return false; 3835 switch (param.p->type) { 3836 case SCTP_PARAM_RESET_OUT_REQUEST: 3837 if (length < sizeof(struct sctp_strreset_outreq) || 3838 (last && last != SCTP_PARAM_RESET_RESPONSE && 3839 last != SCTP_PARAM_RESET_IN_REQUEST)) 3840 return false; 3841 break; 3842 case SCTP_PARAM_RESET_IN_REQUEST: 3843 if (length < sizeof(struct sctp_strreset_inreq) || 3844 (last && last != SCTP_PARAM_RESET_OUT_REQUEST)) 3845 return false; 3846 break; 3847 case SCTP_PARAM_RESET_RESPONSE: 3848 if ((length != sizeof(struct sctp_strreset_resp) && 3849 length != sizeof(struct sctp_strreset_resptsn)) || 3850 (last && last != SCTP_PARAM_RESET_RESPONSE && 3851 last != SCTP_PARAM_RESET_OUT_REQUEST)) 3852 return false; 3853 break; 3854 case SCTP_PARAM_RESET_TSN_REQUEST: 3855 if (length != 3856 sizeof(struct sctp_strreset_tsnreq) || last) 3857 return false; 3858 break; 3859 case SCTP_PARAM_RESET_ADD_IN_STREAMS: 3860 if (length != sizeof(struct sctp_strreset_addstrm) || 3861 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS)) 3862 return false; 3863 break; 3864 case SCTP_PARAM_RESET_ADD_OUT_STREAMS: 3865 if (length != sizeof(struct sctp_strreset_addstrm) || 3866 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS)) 3867 return false; 3868 break; 3869 default: 3870 return false; 3871 } 3872 3873 last = param.p->type; 3874 } 3875 3876 return true; 3877 } 3878