1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, see 27 * <http://www.gnu.org/licenses/>. 28 * 29 * Please send any bug reports or fixes you make to the 30 * email address(es): 31 * lksctp developers <linux-sctp@vger.kernel.org> 32 * 33 * Written or modified by: 34 * La Monte H.P. Yarroll <piggy@acm.org> 35 * Karl Knutson <karl@athena.chicago.il.us> 36 * C. Robin <chris@hundredacre.ac.uk> 37 * Jon Grimm <jgrimm@us.ibm.com> 38 * Xingang Guo <xingang.guo@intel.com> 39 * Dajiang Zhang <dajiang.zhang@nokia.com> 40 * Sridhar Samudrala <sri@us.ibm.com> 41 * Daisy Chang <daisyc@us.ibm.com> 42 * Ardelle Fan <ardelle.fan@intel.com> 43 * Kevin Gao <kevin.gao@intel.com> 44 */ 45 46 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 47 48 #include <crypto/hash.h> 49 #include <linux/types.h> 50 #include <linux/kernel.h> 51 #include <linux/ip.h> 52 #include <linux/ipv6.h> 53 #include <linux/net.h> 54 #include <linux/inet.h> 55 #include <linux/scatterlist.h> 56 #include <linux/slab.h> 57 #include <net/sock.h> 58 59 #include <linux/skbuff.h> 60 #include <linux/random.h> /* for get_random_bytes */ 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 65 __u8 type, __u8 flags, int paylen); 66 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 67 __u8 flags, int paylen); 68 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 69 __u8 type, __u8 flags, int paylen); 70 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 71 const struct sctp_association *asoc, 72 const struct sctp_chunk *init_chunk, 73 int *cookie_len, 74 const __u8 *raw_addrs, int addrs_len); 75 static int sctp_process_param(struct sctp_association *asoc, 76 union sctp_params param, 77 const union sctp_addr *peer_addr, 78 gfp_t gfp); 79 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 80 const void *data); 81 static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len, 82 const void *data); 83 84 /* Control chunk destructor */ 85 static void sctp_control_release_owner(struct sk_buff *skb) 86 { 87 /*TODO: do memory release */ 88 } 89 90 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 91 { 92 struct sctp_association *asoc = chunk->asoc; 93 struct sk_buff *skb = chunk->skb; 94 95 /* TODO: properly account for control chunks. 96 * To do it right we'll need: 97 * 1) endpoint if association isn't known. 98 * 2) proper memory accounting. 99 * 100 * For now don't do anything for now. 101 */ 102 skb->sk = asoc ? asoc->base.sk : NULL; 103 skb->destructor = sctp_control_release_owner; 104 } 105 106 /* What was the inbound interface for this chunk? */ 107 int sctp_chunk_iif(const struct sctp_chunk *chunk) 108 { 109 struct sctp_af *af; 110 int iif = 0; 111 112 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 113 if (af) 114 iif = af->skb_iif(chunk->skb); 115 116 return iif; 117 } 118 119 /* RFC 2960 3.3.2 Initiation (INIT) (1) 120 * 121 * Note 2: The ECN capable field is reserved for future use of 122 * Explicit Congestion Notification. 123 */ 124 static const struct sctp_paramhdr ecap_param = { 125 SCTP_PARAM_ECN_CAPABLE, 126 cpu_to_be16(sizeof(struct sctp_paramhdr)), 127 }; 128 static const struct sctp_paramhdr prsctp_param = { 129 SCTP_PARAM_FWD_TSN_SUPPORT, 130 cpu_to_be16(sizeof(struct sctp_paramhdr)), 131 }; 132 133 /* A helper to initialize an op error inside a 134 * provided chunk, as most cause codes will be embedded inside an 135 * abort chunk. 136 */ 137 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 138 size_t paylen) 139 { 140 sctp_errhdr_t err; 141 __u16 len; 142 143 /* Cause code constants are now defined in network order. */ 144 err.cause = cause_code; 145 len = sizeof(sctp_errhdr_t) + paylen; 146 err.length = htons(len); 147 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 148 } 149 150 /* A helper to initialize an op error inside a 151 * provided chunk, as most cause codes will be embedded inside an 152 * abort chunk. Differs from sctp_init_cause in that it won't oops 153 * if there isn't enough space in the op error chunk 154 */ 155 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 156 size_t paylen) 157 { 158 sctp_errhdr_t err; 159 __u16 len; 160 161 /* Cause code constants are now defined in network order. */ 162 err.cause = cause_code; 163 len = sizeof(sctp_errhdr_t) + paylen; 164 err.length = htons(len); 165 166 if (skb_tailroom(chunk->skb) < len) 167 return -ENOSPC; 168 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 169 sizeof(sctp_errhdr_t), 170 &err); 171 return 0; 172 } 173 /* 3.3.2 Initiation (INIT) (1) 174 * 175 * This chunk is used to initiate a SCTP association between two 176 * endpoints. The format of the INIT chunk is shown below: 177 * 178 * 0 1 2 3 179 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 180 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 * | Type = 1 | Chunk Flags | Chunk Length | 182 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 * | Initiate Tag | 184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 * | Advertised Receiver Window Credit (a_rwnd) | 186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 * | Number of Outbound Streams | Number of Inbound Streams | 188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 * | Initial TSN | 190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 * \ \ 192 * / Optional/Variable-Length Parameters / 193 * \ \ 194 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 * 196 * 197 * The INIT chunk contains the following parameters. Unless otherwise 198 * noted, each parameter MUST only be included once in the INIT chunk. 199 * 200 * Fixed Parameters Status 201 * ---------------------------------------------- 202 * Initiate Tag Mandatory 203 * Advertised Receiver Window Credit Mandatory 204 * Number of Outbound Streams Mandatory 205 * Number of Inbound Streams Mandatory 206 * Initial TSN Mandatory 207 * 208 * Variable Parameters Status Type Value 209 * ------------------------------------------------------------- 210 * IPv4 Address (Note 1) Optional 5 211 * IPv6 Address (Note 1) Optional 6 212 * Cookie Preservative Optional 9 213 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 214 * Host Name Address (Note 3) Optional 11 215 * Supported Address Types (Note 4) Optional 12 216 */ 217 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 218 const struct sctp_bind_addr *bp, 219 gfp_t gfp, int vparam_len) 220 { 221 struct net *net = sock_net(asoc->base.sk); 222 struct sctp_endpoint *ep = asoc->ep; 223 sctp_inithdr_t init; 224 union sctp_params addrs; 225 size_t chunksize; 226 struct sctp_chunk *retval = NULL; 227 int num_types, addrs_len = 0; 228 struct sctp_sock *sp; 229 sctp_supported_addrs_param_t sat; 230 __be16 types[2]; 231 sctp_adaptation_ind_param_t aiparam; 232 sctp_supported_ext_param_t ext_param; 233 int num_ext = 0; 234 __u8 extensions[3]; 235 sctp_paramhdr_t *auth_chunks = NULL, 236 *auth_hmacs = NULL; 237 238 /* RFC 2960 3.3.2 Initiation (INIT) (1) 239 * 240 * Note 1: The INIT chunks can contain multiple addresses that 241 * can be IPv4 and/or IPv6 in any combination. 242 */ 243 retval = NULL; 244 245 /* Convert the provided bind address list to raw format. */ 246 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 247 248 init.init_tag = htonl(asoc->c.my_vtag); 249 init.a_rwnd = htonl(asoc->rwnd); 250 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 251 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 252 init.initial_tsn = htonl(asoc->c.initial_tsn); 253 254 /* How many address types are needed? */ 255 sp = sctp_sk(asoc->base.sk); 256 num_types = sp->pf->supported_addrs(sp, types); 257 258 chunksize = sizeof(init) + addrs_len; 259 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 260 chunksize += sizeof(ecap_param); 261 262 if (net->sctp.prsctp_enable) 263 chunksize += sizeof(prsctp_param); 264 265 /* ADDIP: Section 4.2.7: 266 * An implementation supporting this extension [ADDIP] MUST list 267 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 268 * INIT-ACK parameters. 269 */ 270 if (net->sctp.addip_enable) { 271 extensions[num_ext] = SCTP_CID_ASCONF; 272 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 273 num_ext += 2; 274 } 275 276 if (sp->adaptation_ind) 277 chunksize += sizeof(aiparam); 278 279 chunksize += vparam_len; 280 281 /* Account for AUTH related parameters */ 282 if (ep->auth_enable) { 283 /* Add random parameter length*/ 284 chunksize += sizeof(asoc->c.auth_random); 285 286 /* Add HMACS parameter length if any were defined */ 287 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 288 if (auth_hmacs->length) 289 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 290 else 291 auth_hmacs = NULL; 292 293 /* Add CHUNKS parameter length */ 294 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 295 if (auth_chunks->length) 296 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 297 else 298 auth_chunks = NULL; 299 300 extensions[num_ext] = SCTP_CID_AUTH; 301 num_ext += 1; 302 } 303 304 /* If we have any extensions to report, account for that */ 305 if (num_ext) 306 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 307 num_ext); 308 309 /* RFC 2960 3.3.2 Initiation (INIT) (1) 310 * 311 * Note 3: An INIT chunk MUST NOT contain more than one Host 312 * Name address parameter. Moreover, the sender of the INIT 313 * MUST NOT combine any other address types with the Host Name 314 * address in the INIT. The receiver of INIT MUST ignore any 315 * other address types if the Host Name address parameter is 316 * present in the received INIT chunk. 317 * 318 * PLEASE DO NOT FIXME [This version does not support Host Name.] 319 */ 320 321 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize); 322 if (!retval) 323 goto nodata; 324 325 retval->subh.init_hdr = 326 sctp_addto_chunk(retval, sizeof(init), &init); 327 retval->param_hdr.v = 328 sctp_addto_chunk(retval, addrs_len, addrs.v); 329 330 /* RFC 2960 3.3.2 Initiation (INIT) (1) 331 * 332 * Note 4: This parameter, when present, specifies all the 333 * address types the sending endpoint can support. The absence 334 * of this parameter indicates that the sending endpoint can 335 * support any address type. 336 */ 337 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 338 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 339 sctp_addto_chunk(retval, sizeof(sat), &sat); 340 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 341 342 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 343 344 /* Add the supported extensions parameter. Be nice and add this 345 * fist before addiding the parameters for the extensions themselves 346 */ 347 if (num_ext) { 348 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 349 ext_param.param_hdr.length = 350 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 351 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 352 &ext_param); 353 sctp_addto_param(retval, num_ext, extensions); 354 } 355 356 if (net->sctp.prsctp_enable) 357 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 358 359 if (sp->adaptation_ind) { 360 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 361 aiparam.param_hdr.length = htons(sizeof(aiparam)); 362 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 363 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 364 } 365 366 /* Add SCTP-AUTH chunks to the parameter list */ 367 if (ep->auth_enable) { 368 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 369 asoc->c.auth_random); 370 if (auth_hmacs) 371 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 372 auth_hmacs); 373 if (auth_chunks) 374 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 375 auth_chunks); 376 } 377 nodata: 378 kfree(addrs.v); 379 return retval; 380 } 381 382 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 383 const struct sctp_chunk *chunk, 384 gfp_t gfp, int unkparam_len) 385 { 386 sctp_inithdr_t initack; 387 struct sctp_chunk *retval; 388 union sctp_params addrs; 389 struct sctp_sock *sp; 390 int addrs_len; 391 sctp_cookie_param_t *cookie; 392 int cookie_len; 393 size_t chunksize; 394 sctp_adaptation_ind_param_t aiparam; 395 sctp_supported_ext_param_t ext_param; 396 int num_ext = 0; 397 __u8 extensions[3]; 398 sctp_paramhdr_t *auth_chunks = NULL, 399 *auth_hmacs = NULL, 400 *auth_random = NULL; 401 402 retval = NULL; 403 404 /* Note: there may be no addresses to embed. */ 405 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 406 407 initack.init_tag = htonl(asoc->c.my_vtag); 408 initack.a_rwnd = htonl(asoc->rwnd); 409 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 410 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 411 initack.initial_tsn = htonl(asoc->c.initial_tsn); 412 413 /* FIXME: We really ought to build the cookie right 414 * into the packet instead of allocating more fresh memory. 415 */ 416 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 417 addrs.v, addrs_len); 418 if (!cookie) 419 goto nomem_cookie; 420 421 /* Calculate the total size of allocation, include the reserved 422 * space for reporting unknown parameters if it is specified. 423 */ 424 sp = sctp_sk(asoc->base.sk); 425 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 426 427 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 428 if (asoc->peer.ecn_capable) 429 chunksize += sizeof(ecap_param); 430 431 if (asoc->peer.prsctp_capable) 432 chunksize += sizeof(prsctp_param); 433 434 if (asoc->peer.asconf_capable) { 435 extensions[num_ext] = SCTP_CID_ASCONF; 436 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 437 num_ext += 2; 438 } 439 440 if (sp->adaptation_ind) 441 chunksize += sizeof(aiparam); 442 443 if (asoc->peer.auth_capable) { 444 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 445 chunksize += ntohs(auth_random->length); 446 447 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 448 if (auth_hmacs->length) 449 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 450 else 451 auth_hmacs = NULL; 452 453 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 454 if (auth_chunks->length) 455 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 456 else 457 auth_chunks = NULL; 458 459 extensions[num_ext] = SCTP_CID_AUTH; 460 num_ext += 1; 461 } 462 463 if (num_ext) 464 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 465 num_ext); 466 467 /* Now allocate and fill out the chunk. */ 468 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 469 if (!retval) 470 goto nomem_chunk; 471 472 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 473 * 474 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 475 * HEARTBEAT ACK, * etc.) to the same destination transport 476 * address from which it received the DATA or control chunk 477 * to which it is replying. 478 * 479 * [INIT ACK back to where the INIT came from.] 480 */ 481 retval->transport = chunk->transport; 482 483 retval->subh.init_hdr = 484 sctp_addto_chunk(retval, sizeof(initack), &initack); 485 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 486 sctp_addto_chunk(retval, cookie_len, cookie); 487 if (asoc->peer.ecn_capable) 488 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 489 if (num_ext) { 490 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 491 ext_param.param_hdr.length = 492 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 493 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 494 &ext_param); 495 sctp_addto_param(retval, num_ext, extensions); 496 } 497 if (asoc->peer.prsctp_capable) 498 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 499 500 if (sp->adaptation_ind) { 501 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 502 aiparam.param_hdr.length = htons(sizeof(aiparam)); 503 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 504 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 505 } 506 507 if (asoc->peer.auth_capable) { 508 sctp_addto_chunk(retval, ntohs(auth_random->length), 509 auth_random); 510 if (auth_hmacs) 511 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 512 auth_hmacs); 513 if (auth_chunks) 514 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 515 auth_chunks); 516 } 517 518 /* We need to remove the const qualifier at this point. */ 519 retval->asoc = (struct sctp_association *) asoc; 520 521 nomem_chunk: 522 kfree(cookie); 523 nomem_cookie: 524 kfree(addrs.v); 525 return retval; 526 } 527 528 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 529 * 530 * This chunk is used only during the initialization of an association. 531 * It is sent by the initiator of an association to its peer to complete 532 * the initialization process. This chunk MUST precede any DATA chunk 533 * sent within the association, but MAY be bundled with one or more DATA 534 * chunks in the same packet. 535 * 536 * 0 1 2 3 537 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 538 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 539 * | Type = 10 |Chunk Flags | Length | 540 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 541 * / Cookie / 542 * \ \ 543 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 * 545 * Chunk Flags: 8 bit 546 * 547 * Set to zero on transmit and ignored on receipt. 548 * 549 * Length: 16 bits (unsigned integer) 550 * 551 * Set to the size of the chunk in bytes, including the 4 bytes of 552 * the chunk header and the size of the Cookie. 553 * 554 * Cookie: variable size 555 * 556 * This field must contain the exact cookie received in the 557 * State Cookie parameter from the previous INIT ACK. 558 * 559 * An implementation SHOULD make the cookie as small as possible 560 * to insure interoperability. 561 */ 562 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 563 const struct sctp_chunk *chunk) 564 { 565 struct sctp_chunk *retval; 566 void *cookie; 567 int cookie_len; 568 569 cookie = asoc->peer.cookie; 570 cookie_len = asoc->peer.cookie_len; 571 572 /* Build a cookie echo chunk. */ 573 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 574 if (!retval) 575 goto nodata; 576 retval->subh.cookie_hdr = 577 sctp_addto_chunk(retval, cookie_len, cookie); 578 579 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 580 * 581 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 582 * HEARTBEAT ACK, * etc.) to the same destination transport 583 * address from which it * received the DATA or control chunk 584 * to which it is replying. 585 * 586 * [COOKIE ECHO back to where the INIT ACK came from.] 587 */ 588 if (chunk) 589 retval->transport = chunk->transport; 590 591 nodata: 592 return retval; 593 } 594 595 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 596 * 597 * This chunk is used only during the initialization of an 598 * association. It is used to acknowledge the receipt of a COOKIE 599 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 600 * within the association, but MAY be bundled with one or more DATA 601 * chunks or SACK chunk in the same SCTP packet. 602 * 603 * 0 1 2 3 604 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 606 * | Type = 11 |Chunk Flags | Length = 4 | 607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 608 * 609 * Chunk Flags: 8 bits 610 * 611 * Set to zero on transmit and ignored on receipt. 612 */ 613 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 614 const struct sctp_chunk *chunk) 615 { 616 struct sctp_chunk *retval; 617 618 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 619 620 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 621 * 622 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 623 * HEARTBEAT ACK, * etc.) to the same destination transport 624 * address from which it * received the DATA or control chunk 625 * to which it is replying. 626 * 627 * [COOKIE ACK back to where the COOKIE ECHO came from.] 628 */ 629 if (retval && chunk) 630 retval->transport = chunk->transport; 631 632 return retval; 633 } 634 635 /* 636 * Appendix A: Explicit Congestion Notification: 637 * CWR: 638 * 639 * RFC 2481 details a specific bit for a sender to send in the header of 640 * its next outbound TCP segment to indicate to its peer that it has 641 * reduced its congestion window. This is termed the CWR bit. For 642 * SCTP the same indication is made by including the CWR chunk. 643 * This chunk contains one data element, i.e. the TSN number that 644 * was sent in the ECNE chunk. This element represents the lowest 645 * TSN number in the datagram that was originally marked with the 646 * CE bit. 647 * 648 * 0 1 2 3 649 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 651 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 * | Lowest TSN Number | 654 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 655 * 656 * Note: The CWR is considered a Control chunk. 657 */ 658 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 659 const __u32 lowest_tsn, 660 const struct sctp_chunk *chunk) 661 { 662 struct sctp_chunk *retval; 663 sctp_cwrhdr_t cwr; 664 665 cwr.lowest_tsn = htonl(lowest_tsn); 666 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 667 sizeof(sctp_cwrhdr_t)); 668 669 if (!retval) 670 goto nodata; 671 672 retval->subh.ecn_cwr_hdr = 673 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 674 675 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 676 * 677 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 678 * HEARTBEAT ACK, * etc.) to the same destination transport 679 * address from which it * received the DATA or control chunk 680 * to which it is replying. 681 * 682 * [Report a reduced congestion window back to where the ECNE 683 * came from.] 684 */ 685 if (chunk) 686 retval->transport = chunk->transport; 687 688 nodata: 689 return retval; 690 } 691 692 /* Make an ECNE chunk. This is a congestion experienced report. */ 693 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 694 const __u32 lowest_tsn) 695 { 696 struct sctp_chunk *retval; 697 sctp_ecnehdr_t ecne; 698 699 ecne.lowest_tsn = htonl(lowest_tsn); 700 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 701 sizeof(sctp_ecnehdr_t)); 702 if (!retval) 703 goto nodata; 704 retval->subh.ecne_hdr = 705 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 706 707 nodata: 708 return retval; 709 } 710 711 /* Make a DATA chunk for the given association from the provided 712 * parameters. However, do not populate the data payload. 713 */ 714 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 715 const struct sctp_sndrcvinfo *sinfo, 716 int data_len, __u8 flags, __u16 ssn) 717 { 718 struct sctp_chunk *retval; 719 struct sctp_datahdr dp; 720 int chunk_len; 721 722 /* We assign the TSN as LATE as possible, not here when 723 * creating the chunk. 724 */ 725 dp.tsn = 0; 726 dp.stream = htons(sinfo->sinfo_stream); 727 dp.ppid = sinfo->sinfo_ppid; 728 729 /* Set the flags for an unordered send. */ 730 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 731 flags |= SCTP_DATA_UNORDERED; 732 dp.ssn = 0; 733 } else 734 dp.ssn = htons(ssn); 735 736 chunk_len = sizeof(dp) + data_len; 737 retval = sctp_make_data(asoc, flags, chunk_len); 738 if (!retval) 739 goto nodata; 740 741 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 742 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 743 744 nodata: 745 return retval; 746 } 747 748 /* Create a selective ackowledgement (SACK) for the given 749 * association. This reports on which TSN's we've seen to date, 750 * including duplicates and gaps. 751 */ 752 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 753 { 754 struct sctp_chunk *retval; 755 struct sctp_sackhdr sack; 756 int len; 757 __u32 ctsn; 758 __u16 num_gabs, num_dup_tsns; 759 struct sctp_association *aptr = (struct sctp_association *)asoc; 760 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 761 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 762 struct sctp_transport *trans; 763 764 memset(gabs, 0, sizeof(gabs)); 765 ctsn = sctp_tsnmap_get_ctsn(map); 766 767 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 768 769 /* How much room is needed in the chunk? */ 770 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 771 num_dup_tsns = sctp_tsnmap_num_dups(map); 772 773 /* Initialize the SACK header. */ 774 sack.cum_tsn_ack = htonl(ctsn); 775 sack.a_rwnd = htonl(asoc->a_rwnd); 776 sack.num_gap_ack_blocks = htons(num_gabs); 777 sack.num_dup_tsns = htons(num_dup_tsns); 778 779 len = sizeof(sack) 780 + sizeof(struct sctp_gap_ack_block) * num_gabs 781 + sizeof(__u32) * num_dup_tsns; 782 783 /* Create the chunk. */ 784 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len); 785 if (!retval) 786 goto nodata; 787 788 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 789 * 790 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 791 * HEARTBEAT ACK, etc.) to the same destination transport 792 * address from which it received the DATA or control chunk to 793 * which it is replying. This rule should also be followed if 794 * the endpoint is bundling DATA chunks together with the 795 * reply chunk. 796 * 797 * However, when acknowledging multiple DATA chunks received 798 * in packets from different source addresses in a single 799 * SACK, the SACK chunk may be transmitted to one of the 800 * destination transport addresses from which the DATA or 801 * control chunks being acknowledged were received. 802 * 803 * [BUG: We do not implement the following paragraph. 804 * Perhaps we should remember the last transport we used for a 805 * SACK and avoid that (if possible) if we have seen any 806 * duplicates. --piggy] 807 * 808 * When a receiver of a duplicate DATA chunk sends a SACK to a 809 * multi- homed endpoint it MAY be beneficial to vary the 810 * destination address and not use the source address of the 811 * DATA chunk. The reason being that receiving a duplicate 812 * from a multi-homed endpoint might indicate that the return 813 * path (as specified in the source address of the DATA chunk) 814 * for the SACK is broken. 815 * 816 * [Send to the address from which we last received a DATA chunk.] 817 */ 818 retval->transport = asoc->peer.last_data_from; 819 820 retval->subh.sack_hdr = 821 sctp_addto_chunk(retval, sizeof(sack), &sack); 822 823 /* Add the gap ack block information. */ 824 if (num_gabs) 825 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 826 gabs); 827 828 /* Add the duplicate TSN information. */ 829 if (num_dup_tsns) { 830 aptr->stats.idupchunks += num_dup_tsns; 831 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 832 sctp_tsnmap_get_dups(map)); 833 } 834 /* Once we have a sack generated, check to see what our sack 835 * generation is, if its 0, reset the transports to 0, and reset 836 * the association generation to 1 837 * 838 * The idea is that zero is never used as a valid generation for the 839 * association so no transport will match after a wrap event like this, 840 * Until the next sack 841 */ 842 if (++aptr->peer.sack_generation == 0) { 843 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 844 transports) 845 trans->sack_generation = 0; 846 aptr->peer.sack_generation = 1; 847 } 848 nodata: 849 return retval; 850 } 851 852 /* Make a SHUTDOWN chunk. */ 853 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 854 const struct sctp_chunk *chunk) 855 { 856 struct sctp_chunk *retval; 857 sctp_shutdownhdr_t shut; 858 __u32 ctsn; 859 860 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 861 shut.cum_tsn_ack = htonl(ctsn); 862 863 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 864 sizeof(sctp_shutdownhdr_t)); 865 if (!retval) 866 goto nodata; 867 868 retval->subh.shutdown_hdr = 869 sctp_addto_chunk(retval, sizeof(shut), &shut); 870 871 if (chunk) 872 retval->transport = chunk->transport; 873 nodata: 874 return retval; 875 } 876 877 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 878 const struct sctp_chunk *chunk) 879 { 880 struct sctp_chunk *retval; 881 882 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 883 884 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 885 * 886 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 887 * HEARTBEAT ACK, * etc.) to the same destination transport 888 * address from which it * received the DATA or control chunk 889 * to which it is replying. 890 * 891 * [ACK back to where the SHUTDOWN came from.] 892 */ 893 if (retval && chunk) 894 retval->transport = chunk->transport; 895 896 return retval; 897 } 898 899 struct sctp_chunk *sctp_make_shutdown_complete( 900 const struct sctp_association *asoc, 901 const struct sctp_chunk *chunk) 902 { 903 struct sctp_chunk *retval; 904 __u8 flags = 0; 905 906 /* Set the T-bit if we have no association (vtag will be 907 * reflected) 908 */ 909 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 910 911 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 912 913 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 914 * 915 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 916 * HEARTBEAT ACK, * etc.) to the same destination transport 917 * address from which it * received the DATA or control chunk 918 * to which it is replying. 919 * 920 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 921 * came from.] 922 */ 923 if (retval && chunk) 924 retval->transport = chunk->transport; 925 926 return retval; 927 } 928 929 /* Create an ABORT. Note that we set the T bit if we have no 930 * association, except when responding to an INIT (sctpimpguide 2.41). 931 */ 932 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 933 const struct sctp_chunk *chunk, 934 const size_t hint) 935 { 936 struct sctp_chunk *retval; 937 __u8 flags = 0; 938 939 /* Set the T-bit if we have no association and 'chunk' is not 940 * an INIT (vtag will be reflected). 941 */ 942 if (!asoc) { 943 if (chunk && chunk->chunk_hdr && 944 chunk->chunk_hdr->type == SCTP_CID_INIT) 945 flags = 0; 946 else 947 flags = SCTP_CHUNK_FLAG_T; 948 } 949 950 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint); 951 952 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 953 * 954 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 955 * HEARTBEAT ACK, * etc.) to the same destination transport 956 * address from which it * received the DATA or control chunk 957 * to which it is replying. 958 * 959 * [ABORT back to where the offender came from.] 960 */ 961 if (retval && chunk) 962 retval->transport = chunk->transport; 963 964 return retval; 965 } 966 967 /* Helper to create ABORT with a NO_USER_DATA error. */ 968 struct sctp_chunk *sctp_make_abort_no_data( 969 const struct sctp_association *asoc, 970 const struct sctp_chunk *chunk, __u32 tsn) 971 { 972 struct sctp_chunk *retval; 973 __be32 payload; 974 975 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 976 + sizeof(tsn)); 977 978 if (!retval) 979 goto no_mem; 980 981 /* Put the tsn back into network byte order. */ 982 payload = htonl(tsn); 983 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 984 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 985 986 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 987 * 988 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 989 * HEARTBEAT ACK, * etc.) to the same destination transport 990 * address from which it * received the DATA or control chunk 991 * to which it is replying. 992 * 993 * [ABORT back to where the offender came from.] 994 */ 995 if (chunk) 996 retval->transport = chunk->transport; 997 998 no_mem: 999 return retval; 1000 } 1001 1002 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1003 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1004 struct msghdr *msg, 1005 size_t paylen) 1006 { 1007 struct sctp_chunk *retval; 1008 void *payload = NULL; 1009 int err; 1010 1011 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 1012 if (!retval) 1013 goto err_chunk; 1014 1015 if (paylen) { 1016 /* Put the msg_iov together into payload. */ 1017 payload = kmalloc(paylen, GFP_KERNEL); 1018 if (!payload) 1019 goto err_payload; 1020 1021 err = memcpy_from_msg(payload, msg, paylen); 1022 if (err < 0) 1023 goto err_copy; 1024 } 1025 1026 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1027 sctp_addto_chunk(retval, paylen, payload); 1028 1029 if (paylen) 1030 kfree(payload); 1031 1032 return retval; 1033 1034 err_copy: 1035 kfree(payload); 1036 err_payload: 1037 sctp_chunk_free(retval); 1038 retval = NULL; 1039 err_chunk: 1040 return retval; 1041 } 1042 1043 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1044 * enough. 1045 */ 1046 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1047 const void *data) 1048 { 1049 void *target; 1050 int chunklen = ntohs(chunk->chunk_hdr->length); 1051 1052 target = skb_put(chunk->skb, len); 1053 1054 if (data) 1055 memcpy(target, data, len); 1056 else 1057 memset(target, 0, len); 1058 1059 /* Adjust the chunk length field. */ 1060 chunk->chunk_hdr->length = htons(chunklen + len); 1061 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1062 1063 return target; 1064 } 1065 1066 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1067 struct sctp_chunk *sctp_make_abort_violation( 1068 const struct sctp_association *asoc, 1069 const struct sctp_chunk *chunk, 1070 const __u8 *payload, 1071 const size_t paylen) 1072 { 1073 struct sctp_chunk *retval; 1074 struct sctp_paramhdr phdr; 1075 1076 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1077 + sizeof(sctp_paramhdr_t)); 1078 if (!retval) 1079 goto end; 1080 1081 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1082 + sizeof(sctp_paramhdr_t)); 1083 1084 phdr.type = htons(chunk->chunk_hdr->type); 1085 phdr.length = chunk->chunk_hdr->length; 1086 sctp_addto_chunk(retval, paylen, payload); 1087 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1088 1089 end: 1090 return retval; 1091 } 1092 1093 struct sctp_chunk *sctp_make_violation_paramlen( 1094 const struct sctp_association *asoc, 1095 const struct sctp_chunk *chunk, 1096 struct sctp_paramhdr *param) 1097 { 1098 struct sctp_chunk *retval; 1099 static const char error[] = "The following parameter had invalid length:"; 1100 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1101 sizeof(sctp_paramhdr_t); 1102 1103 retval = sctp_make_abort(asoc, chunk, payload_len); 1104 if (!retval) 1105 goto nodata; 1106 1107 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1108 sizeof(error) + sizeof(sctp_paramhdr_t)); 1109 sctp_addto_chunk(retval, sizeof(error), error); 1110 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1111 1112 nodata: 1113 return retval; 1114 } 1115 1116 struct sctp_chunk *sctp_make_violation_max_retrans( 1117 const struct sctp_association *asoc, 1118 const struct sctp_chunk *chunk) 1119 { 1120 struct sctp_chunk *retval; 1121 static const char error[] = "Association exceeded its max_retans count"; 1122 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1123 1124 retval = sctp_make_abort(asoc, chunk, payload_len); 1125 if (!retval) 1126 goto nodata; 1127 1128 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1129 sctp_addto_chunk(retval, sizeof(error), error); 1130 1131 nodata: 1132 return retval; 1133 } 1134 1135 /* Make a HEARTBEAT chunk. */ 1136 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1137 const struct sctp_transport *transport) 1138 { 1139 struct sctp_chunk *retval; 1140 sctp_sender_hb_info_t hbinfo; 1141 1142 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo)); 1143 1144 if (!retval) 1145 goto nodata; 1146 1147 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1148 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1149 hbinfo.daddr = transport->ipaddr; 1150 hbinfo.sent_at = jiffies; 1151 hbinfo.hb_nonce = transport->hb_nonce; 1152 1153 /* Cast away the 'const', as this is just telling the chunk 1154 * what transport it belongs to. 1155 */ 1156 retval->transport = (struct sctp_transport *) transport; 1157 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1158 &hbinfo); 1159 1160 nodata: 1161 return retval; 1162 } 1163 1164 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1165 const struct sctp_chunk *chunk, 1166 const void *payload, const size_t paylen) 1167 { 1168 struct sctp_chunk *retval; 1169 1170 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1171 if (!retval) 1172 goto nodata; 1173 1174 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1175 1176 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1177 * 1178 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1179 * HEARTBEAT ACK, * etc.) to the same destination transport 1180 * address from which it * received the DATA or control chunk 1181 * to which it is replying. 1182 * 1183 * [HBACK back to where the HEARTBEAT came from.] 1184 */ 1185 if (chunk) 1186 retval->transport = chunk->transport; 1187 1188 nodata: 1189 return retval; 1190 } 1191 1192 /* Create an Operation Error chunk with the specified space reserved. 1193 * This routine can be used for containing multiple causes in the chunk. 1194 */ 1195 static struct sctp_chunk *sctp_make_op_error_space( 1196 const struct sctp_association *asoc, 1197 const struct sctp_chunk *chunk, 1198 size_t size) 1199 { 1200 struct sctp_chunk *retval; 1201 1202 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1203 sizeof(sctp_errhdr_t) + size); 1204 if (!retval) 1205 goto nodata; 1206 1207 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1208 * 1209 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1210 * HEARTBEAT ACK, etc.) to the same destination transport 1211 * address from which it received the DATA or control chunk 1212 * to which it is replying. 1213 * 1214 */ 1215 if (chunk) 1216 retval->transport = chunk->transport; 1217 1218 nodata: 1219 return retval; 1220 } 1221 1222 /* Create an Operation Error chunk of a fixed size, 1223 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1224 * This is a helper function to allocate an error chunk for 1225 * for those invalid parameter codes in which we may not want 1226 * to report all the errors, if the incoming chunk is large 1227 */ 1228 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1229 const struct sctp_association *asoc, 1230 const struct sctp_chunk *chunk) 1231 { 1232 size_t size = asoc ? asoc->pathmtu : 0; 1233 1234 if (!size) 1235 size = SCTP_DEFAULT_MAXSEGMENT; 1236 1237 return sctp_make_op_error_space(asoc, chunk, size); 1238 } 1239 1240 /* Create an Operation Error chunk. */ 1241 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1242 const struct sctp_chunk *chunk, 1243 __be16 cause_code, const void *payload, 1244 size_t paylen, size_t reserve_tail) 1245 { 1246 struct sctp_chunk *retval; 1247 1248 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1249 if (!retval) 1250 goto nodata; 1251 1252 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1253 sctp_addto_chunk(retval, paylen, payload); 1254 if (reserve_tail) 1255 sctp_addto_param(retval, reserve_tail, NULL); 1256 1257 nodata: 1258 return retval; 1259 } 1260 1261 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1262 { 1263 struct sctp_chunk *retval; 1264 struct sctp_hmac *hmac_desc; 1265 struct sctp_authhdr auth_hdr; 1266 __u8 *hmac; 1267 1268 /* Get the first hmac that the peer told us to use */ 1269 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1270 if (unlikely(!hmac_desc)) 1271 return NULL; 1272 1273 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1274 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1275 if (!retval) 1276 return NULL; 1277 1278 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1279 auth_hdr.shkey_id = htons(asoc->active_key_id); 1280 1281 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1282 &auth_hdr); 1283 1284 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1285 memset(hmac, 0, hmac_desc->hmac_len); 1286 1287 /* Adjust the chunk header to include the empty MAC */ 1288 retval->chunk_hdr->length = 1289 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1290 retval->chunk_end = skb_tail_pointer(retval->skb); 1291 1292 return retval; 1293 } 1294 1295 1296 /******************************************************************** 1297 * 2nd Level Abstractions 1298 ********************************************************************/ 1299 1300 /* Turn an skb into a chunk. 1301 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1302 * 1303 * sctpimpguide-05.txt Section 2.8.2 1304 * M1) Each time a new DATA chunk is transmitted 1305 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1306 * 'TSN.Missing.Report' count will be used to determine missing chunks 1307 * and when to fast retransmit. 1308 * 1309 */ 1310 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1311 const struct sctp_association *asoc, 1312 struct sock *sk) 1313 { 1314 struct sctp_chunk *retval; 1315 1316 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1317 1318 if (!retval) 1319 goto nodata; 1320 if (!sk) 1321 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1322 1323 INIT_LIST_HEAD(&retval->list); 1324 retval->skb = skb; 1325 retval->asoc = (struct sctp_association *)asoc; 1326 retval->singleton = 1; 1327 1328 retval->fast_retransmit = SCTP_CAN_FRTX; 1329 1330 /* Polish the bead hole. */ 1331 INIT_LIST_HEAD(&retval->transmitted_list); 1332 INIT_LIST_HEAD(&retval->frag_list); 1333 SCTP_DBG_OBJCNT_INC(chunk); 1334 atomic_set(&retval->refcnt, 1); 1335 1336 nodata: 1337 return retval; 1338 } 1339 1340 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1341 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1342 union sctp_addr *dest) 1343 { 1344 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1345 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1346 } 1347 1348 /* Extract the source address from a chunk. */ 1349 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1350 { 1351 /* If we have a known transport, use that. */ 1352 if (chunk->transport) { 1353 return &chunk->transport->ipaddr; 1354 } else { 1355 /* Otherwise, extract it from the IP header. */ 1356 return &chunk->source; 1357 } 1358 } 1359 1360 /* Create a new chunk, setting the type and flags headers from the 1361 * arguments, reserving enough space for a 'paylen' byte payload. 1362 */ 1363 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1364 __u8 type, __u8 flags, int paylen) 1365 { 1366 struct sctp_chunk *retval; 1367 sctp_chunkhdr_t *chunk_hdr; 1368 struct sk_buff *skb; 1369 struct sock *sk; 1370 1371 /* No need to allocate LL here, as this is only a chunk. */ 1372 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1373 GFP_ATOMIC); 1374 if (!skb) 1375 goto nodata; 1376 1377 /* Make room for the chunk header. */ 1378 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1379 chunk_hdr->type = type; 1380 chunk_hdr->flags = flags; 1381 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1382 1383 sk = asoc ? asoc->base.sk : NULL; 1384 retval = sctp_chunkify(skb, asoc, sk); 1385 if (!retval) { 1386 kfree_skb(skb); 1387 goto nodata; 1388 } 1389 1390 retval->chunk_hdr = chunk_hdr; 1391 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1392 1393 /* Determine if the chunk needs to be authenticated */ 1394 if (sctp_auth_send_cid(type, asoc)) 1395 retval->auth = 1; 1396 1397 return retval; 1398 nodata: 1399 return NULL; 1400 } 1401 1402 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1403 __u8 flags, int paylen) 1404 { 1405 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen); 1406 } 1407 1408 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1409 __u8 type, __u8 flags, int paylen) 1410 { 1411 struct sctp_chunk *chunk = _sctp_make_chunk(asoc, type, flags, paylen); 1412 1413 if (chunk) 1414 sctp_control_set_owner_w(chunk); 1415 1416 return chunk; 1417 } 1418 1419 /* Release the memory occupied by a chunk. */ 1420 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1421 { 1422 BUG_ON(!list_empty(&chunk->list)); 1423 list_del_init(&chunk->transmitted_list); 1424 1425 consume_skb(chunk->skb); 1426 consume_skb(chunk->auth_chunk); 1427 1428 SCTP_DBG_OBJCNT_DEC(chunk); 1429 kmem_cache_free(sctp_chunk_cachep, chunk); 1430 } 1431 1432 /* Possibly, free the chunk. */ 1433 void sctp_chunk_free(struct sctp_chunk *chunk) 1434 { 1435 /* Release our reference on the message tracker. */ 1436 if (chunk->msg) 1437 sctp_datamsg_put(chunk->msg); 1438 1439 sctp_chunk_put(chunk); 1440 } 1441 1442 /* Grab a reference to the chunk. */ 1443 void sctp_chunk_hold(struct sctp_chunk *ch) 1444 { 1445 atomic_inc(&ch->refcnt); 1446 } 1447 1448 /* Release a reference to the chunk. */ 1449 void sctp_chunk_put(struct sctp_chunk *ch) 1450 { 1451 if (atomic_dec_and_test(&ch->refcnt)) 1452 sctp_chunk_destroy(ch); 1453 } 1454 1455 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1456 * enough. 1457 */ 1458 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1459 { 1460 void *target; 1461 void *padding; 1462 int chunklen = ntohs(chunk->chunk_hdr->length); 1463 int padlen = WORD_ROUND(chunklen) - chunklen; 1464 1465 padding = skb_put(chunk->skb, padlen); 1466 target = skb_put(chunk->skb, len); 1467 1468 memset(padding, 0, padlen); 1469 memcpy(target, data, len); 1470 1471 /* Adjust the chunk length field. */ 1472 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1473 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1474 1475 return target; 1476 } 1477 1478 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1479 * space in the chunk 1480 */ 1481 static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1482 int len, const void *data) 1483 { 1484 if (skb_tailroom(chunk->skb) >= len) 1485 return sctp_addto_chunk(chunk, len, data); 1486 else 1487 return NULL; 1488 } 1489 1490 /* Append bytes from user space to the end of a chunk. Will panic if 1491 * chunk is not big enough. 1492 * Returns a kernel err value. 1493 */ 1494 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1495 struct iov_iter *from) 1496 { 1497 void *target; 1498 ssize_t copied; 1499 1500 /* Make room in chunk for data. */ 1501 target = skb_put(chunk->skb, len); 1502 1503 /* Copy data (whole iovec) into chunk */ 1504 copied = copy_from_iter(target, len, from); 1505 if (copied != len) 1506 return -EFAULT; 1507 1508 /* Adjust the chunk length field. */ 1509 chunk->chunk_hdr->length = 1510 htons(ntohs(chunk->chunk_hdr->length) + len); 1511 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1512 1513 return 0; 1514 } 1515 1516 /* Helper function to assign a TSN if needed. This assumes that both 1517 * the data_hdr and association have already been assigned. 1518 */ 1519 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1520 { 1521 struct sctp_datamsg *msg; 1522 struct sctp_chunk *lchunk; 1523 struct sctp_stream *stream; 1524 __u16 ssn; 1525 __u16 sid; 1526 1527 if (chunk->has_ssn) 1528 return; 1529 1530 /* All fragments will be on the same stream */ 1531 sid = ntohs(chunk->subh.data_hdr->stream); 1532 stream = &chunk->asoc->ssnmap->out; 1533 1534 /* Now assign the sequence number to the entire message. 1535 * All fragments must have the same stream sequence number. 1536 */ 1537 msg = chunk->msg; 1538 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1539 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1540 ssn = 0; 1541 } else { 1542 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1543 ssn = sctp_ssn_next(stream, sid); 1544 else 1545 ssn = sctp_ssn_peek(stream, sid); 1546 } 1547 1548 lchunk->subh.data_hdr->ssn = htons(ssn); 1549 lchunk->has_ssn = 1; 1550 } 1551 } 1552 1553 /* Helper function to assign a TSN if needed. This assumes that both 1554 * the data_hdr and association have already been assigned. 1555 */ 1556 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1557 { 1558 if (!chunk->has_tsn) { 1559 /* This is the last possible instant to 1560 * assign a TSN. 1561 */ 1562 chunk->subh.data_hdr->tsn = 1563 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1564 chunk->has_tsn = 1; 1565 } 1566 } 1567 1568 /* Create a CLOSED association to use with an incoming packet. */ 1569 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1570 struct sctp_chunk *chunk, 1571 gfp_t gfp) 1572 { 1573 struct sctp_association *asoc; 1574 struct sk_buff *skb; 1575 sctp_scope_t scope; 1576 struct sctp_af *af; 1577 1578 /* Create the bare association. */ 1579 scope = sctp_scope(sctp_source(chunk)); 1580 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1581 if (!asoc) 1582 goto nodata; 1583 asoc->temp = 1; 1584 skb = chunk->skb; 1585 /* Create an entry for the source address of the packet. */ 1586 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1587 if (unlikely(!af)) 1588 goto fail; 1589 af->from_skb(&asoc->c.peer_addr, skb, 1); 1590 nodata: 1591 return asoc; 1592 1593 fail: 1594 sctp_association_free(asoc); 1595 return NULL; 1596 } 1597 1598 /* Build a cookie representing asoc. 1599 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1600 */ 1601 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1602 const struct sctp_association *asoc, 1603 const struct sctp_chunk *init_chunk, 1604 int *cookie_len, 1605 const __u8 *raw_addrs, int addrs_len) 1606 { 1607 sctp_cookie_param_t *retval; 1608 struct sctp_signed_cookie *cookie; 1609 int headersize, bodysize; 1610 1611 /* Header size is static data prior to the actual cookie, including 1612 * any padding. 1613 */ 1614 headersize = sizeof(sctp_paramhdr_t) + 1615 (sizeof(struct sctp_signed_cookie) - 1616 sizeof(struct sctp_cookie)); 1617 bodysize = sizeof(struct sctp_cookie) 1618 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1619 1620 /* Pad out the cookie to a multiple to make the signature 1621 * functions simpler to write. 1622 */ 1623 if (bodysize % SCTP_COOKIE_MULTIPLE) 1624 bodysize += SCTP_COOKIE_MULTIPLE 1625 - (bodysize % SCTP_COOKIE_MULTIPLE); 1626 *cookie_len = headersize + bodysize; 1627 1628 /* Clear this memory since we are sending this data structure 1629 * out on the network. 1630 */ 1631 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1632 if (!retval) 1633 goto nodata; 1634 1635 cookie = (struct sctp_signed_cookie *) retval->body; 1636 1637 /* Set up the parameter header. */ 1638 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1639 retval->p.length = htons(*cookie_len); 1640 1641 /* Copy the cookie part of the association itself. */ 1642 cookie->c = asoc->c; 1643 /* Save the raw address list length in the cookie. */ 1644 cookie->c.raw_addr_list_len = addrs_len; 1645 1646 /* Remember PR-SCTP capability. */ 1647 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1648 1649 /* Save adaptation indication in the cookie. */ 1650 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1651 1652 /* Set an expiration time for the cookie. */ 1653 cookie->c.expiration = ktime_add(asoc->cookie_life, 1654 ktime_get_real()); 1655 1656 /* Copy the peer's init packet. */ 1657 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1658 ntohs(init_chunk->chunk_hdr->length)); 1659 1660 /* Copy the raw local address list of the association. */ 1661 memcpy((__u8 *)&cookie->c.peer_init[0] + 1662 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1663 1664 if (sctp_sk(ep->base.sk)->hmac) { 1665 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1666 int err; 1667 1668 /* Sign the message. */ 1669 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1670 desc->flags = 0; 1671 1672 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1673 sizeof(ep->secret_key)) ?: 1674 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize, 1675 cookie->signature); 1676 shash_desc_zero(desc); 1677 if (err) 1678 goto free_cookie; 1679 } 1680 1681 return retval; 1682 1683 free_cookie: 1684 kfree(retval); 1685 nodata: 1686 *cookie_len = 0; 1687 return NULL; 1688 } 1689 1690 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1691 struct sctp_association *sctp_unpack_cookie( 1692 const struct sctp_endpoint *ep, 1693 const struct sctp_association *asoc, 1694 struct sctp_chunk *chunk, gfp_t gfp, 1695 int *error, struct sctp_chunk **errp) 1696 { 1697 struct sctp_association *retval = NULL; 1698 struct sctp_signed_cookie *cookie; 1699 struct sctp_cookie *bear_cookie; 1700 int headersize, bodysize, fixed_size; 1701 __u8 *digest = ep->digest; 1702 unsigned int len; 1703 sctp_scope_t scope; 1704 struct sk_buff *skb = chunk->skb; 1705 ktime_t kt; 1706 1707 /* Header size is static data prior to the actual cookie, including 1708 * any padding. 1709 */ 1710 headersize = sizeof(sctp_chunkhdr_t) + 1711 (sizeof(struct sctp_signed_cookie) - 1712 sizeof(struct sctp_cookie)); 1713 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1714 fixed_size = headersize + sizeof(struct sctp_cookie); 1715 1716 /* Verify that the chunk looks like it even has a cookie. 1717 * There must be enough room for our cookie and our peer's 1718 * INIT chunk. 1719 */ 1720 len = ntohs(chunk->chunk_hdr->length); 1721 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1722 goto malformed; 1723 1724 /* Verify that the cookie has been padded out. */ 1725 if (bodysize % SCTP_COOKIE_MULTIPLE) 1726 goto malformed; 1727 1728 /* Process the cookie. */ 1729 cookie = chunk->subh.cookie_hdr; 1730 bear_cookie = &cookie->c; 1731 1732 if (!sctp_sk(ep->base.sk)->hmac) 1733 goto no_hmac; 1734 1735 /* Check the signature. */ 1736 { 1737 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1738 int err; 1739 1740 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1741 desc->flags = 0; 1742 1743 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1744 sizeof(ep->secret_key)) ?: 1745 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize, 1746 digest); 1747 shash_desc_zero(desc); 1748 1749 if (err) { 1750 *error = -SCTP_IERROR_NOMEM; 1751 goto fail; 1752 } 1753 } 1754 1755 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1756 *error = -SCTP_IERROR_BAD_SIG; 1757 goto fail; 1758 } 1759 1760 no_hmac: 1761 /* IG Section 2.35.2: 1762 * 3) Compare the port numbers and the verification tag contained 1763 * within the COOKIE ECHO chunk to the actual port numbers and the 1764 * verification tag within the SCTP common header of the received 1765 * packet. If these values do not match the packet MUST be silently 1766 * discarded, 1767 */ 1768 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1769 *error = -SCTP_IERROR_BAD_TAG; 1770 goto fail; 1771 } 1772 1773 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1774 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1775 *error = -SCTP_IERROR_BAD_PORTS; 1776 goto fail; 1777 } 1778 1779 /* Check to see if the cookie is stale. If there is already 1780 * an association, there is no need to check cookie's expiration 1781 * for init collision case of lost COOKIE ACK. 1782 * If skb has been timestamped, then use the stamp, otherwise 1783 * use current time. This introduces a small possibility that 1784 * that a cookie may be considered expired, but his would only slow 1785 * down the new association establishment instead of every packet. 1786 */ 1787 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1788 kt = skb_get_ktime(skb); 1789 else 1790 kt = ktime_get_real(); 1791 1792 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1793 /* 1794 * Section 3.3.10.3 Stale Cookie Error (3) 1795 * 1796 * Cause of error 1797 * --------------- 1798 * Stale Cookie Error: Indicates the receipt of a valid State 1799 * Cookie that has expired. 1800 */ 1801 len = ntohs(chunk->chunk_hdr->length); 1802 *errp = sctp_make_op_error_space(asoc, chunk, len); 1803 if (*errp) { 1804 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1805 __be32 n = htonl(usecs); 1806 1807 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1808 sizeof(n)); 1809 sctp_addto_chunk(*errp, sizeof(n), &n); 1810 *error = -SCTP_IERROR_STALE_COOKIE; 1811 } else 1812 *error = -SCTP_IERROR_NOMEM; 1813 1814 goto fail; 1815 } 1816 1817 /* Make a new base association. */ 1818 scope = sctp_scope(sctp_source(chunk)); 1819 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1820 if (!retval) { 1821 *error = -SCTP_IERROR_NOMEM; 1822 goto fail; 1823 } 1824 1825 /* Set up our peer's port number. */ 1826 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1827 1828 /* Populate the association from the cookie. */ 1829 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1830 1831 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1832 GFP_ATOMIC) < 0) { 1833 *error = -SCTP_IERROR_NOMEM; 1834 goto fail; 1835 } 1836 1837 /* Also, add the destination address. */ 1838 if (list_empty(&retval->base.bind_addr.address_list)) { 1839 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1840 SCTP_ADDR_SRC, GFP_ATOMIC); 1841 } 1842 1843 retval->next_tsn = retval->c.initial_tsn; 1844 retval->ctsn_ack_point = retval->next_tsn - 1; 1845 retval->addip_serial = retval->c.initial_tsn; 1846 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1847 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1848 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1849 1850 /* The INIT stuff will be done by the side effects. */ 1851 return retval; 1852 1853 fail: 1854 if (retval) 1855 sctp_association_free(retval); 1856 1857 return NULL; 1858 1859 malformed: 1860 /* Yikes! The packet is either corrupt or deliberately 1861 * malformed. 1862 */ 1863 *error = -SCTP_IERROR_MALFORMED; 1864 goto fail; 1865 } 1866 1867 /******************************************************************** 1868 * 3rd Level Abstractions 1869 ********************************************************************/ 1870 1871 struct __sctp_missing { 1872 __be32 num_missing; 1873 __be16 type; 1874 } __packed; 1875 1876 /* 1877 * Report a missing mandatory parameter. 1878 */ 1879 static int sctp_process_missing_param(const struct sctp_association *asoc, 1880 sctp_param_t paramtype, 1881 struct sctp_chunk *chunk, 1882 struct sctp_chunk **errp) 1883 { 1884 struct __sctp_missing report; 1885 __u16 len; 1886 1887 len = WORD_ROUND(sizeof(report)); 1888 1889 /* Make an ERROR chunk, preparing enough room for 1890 * returning multiple unknown parameters. 1891 */ 1892 if (!*errp) 1893 *errp = sctp_make_op_error_space(asoc, chunk, len); 1894 1895 if (*errp) { 1896 report.num_missing = htonl(1); 1897 report.type = paramtype; 1898 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1899 sizeof(report)); 1900 sctp_addto_chunk(*errp, sizeof(report), &report); 1901 } 1902 1903 /* Stop processing this chunk. */ 1904 return 0; 1905 } 1906 1907 /* Report an Invalid Mandatory Parameter. */ 1908 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1909 struct sctp_chunk *chunk, 1910 struct sctp_chunk **errp) 1911 { 1912 /* Invalid Mandatory Parameter Error has no payload. */ 1913 1914 if (!*errp) 1915 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1916 1917 if (*errp) 1918 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1919 1920 /* Stop processing this chunk. */ 1921 return 0; 1922 } 1923 1924 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1925 struct sctp_paramhdr *param, 1926 const struct sctp_chunk *chunk, 1927 struct sctp_chunk **errp) 1928 { 1929 /* This is a fatal error. Any accumulated non-fatal errors are 1930 * not reported. 1931 */ 1932 if (*errp) 1933 sctp_chunk_free(*errp); 1934 1935 /* Create an error chunk and fill it in with our payload. */ 1936 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1937 1938 return 0; 1939 } 1940 1941 1942 /* Do not attempt to handle the HOST_NAME parm. However, do 1943 * send back an indicator to the peer. 1944 */ 1945 static int sctp_process_hn_param(const struct sctp_association *asoc, 1946 union sctp_params param, 1947 struct sctp_chunk *chunk, 1948 struct sctp_chunk **errp) 1949 { 1950 __u16 len = ntohs(param.p->length); 1951 1952 /* Processing of the HOST_NAME parameter will generate an 1953 * ABORT. If we've accumulated any non-fatal errors, they 1954 * would be unrecognized parameters and we should not include 1955 * them in the ABORT. 1956 */ 1957 if (*errp) 1958 sctp_chunk_free(*errp); 1959 1960 *errp = sctp_make_op_error_space(asoc, chunk, len); 1961 1962 if (*errp) { 1963 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1964 sctp_addto_chunk(*errp, len, param.v); 1965 } 1966 1967 /* Stop processing this chunk. */ 1968 return 0; 1969 } 1970 1971 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1972 { 1973 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1974 int have_auth = 0; 1975 int have_asconf = 0; 1976 int i; 1977 1978 for (i = 0; i < num_ext; i++) { 1979 switch (param.ext->chunks[i]) { 1980 case SCTP_CID_AUTH: 1981 have_auth = 1; 1982 break; 1983 case SCTP_CID_ASCONF: 1984 case SCTP_CID_ASCONF_ACK: 1985 have_asconf = 1; 1986 break; 1987 } 1988 } 1989 1990 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1991 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1992 * only if ADD-IP is turned on and we are not backward-compatible 1993 * mode. 1994 */ 1995 if (net->sctp.addip_noauth) 1996 return 1; 1997 1998 if (net->sctp.addip_enable && !have_auth && have_asconf) 1999 return 0; 2000 2001 return 1; 2002 } 2003 2004 static void sctp_process_ext_param(struct sctp_association *asoc, 2005 union sctp_params param) 2006 { 2007 struct net *net = sock_net(asoc->base.sk); 2008 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2009 int i; 2010 2011 for (i = 0; i < num_ext; i++) { 2012 switch (param.ext->chunks[i]) { 2013 case SCTP_CID_FWD_TSN: 2014 if (net->sctp.prsctp_enable && !asoc->peer.prsctp_capable) 2015 asoc->peer.prsctp_capable = 1; 2016 break; 2017 case SCTP_CID_AUTH: 2018 /* if the peer reports AUTH, assume that he 2019 * supports AUTH. 2020 */ 2021 if (asoc->ep->auth_enable) 2022 asoc->peer.auth_capable = 1; 2023 break; 2024 case SCTP_CID_ASCONF: 2025 case SCTP_CID_ASCONF_ACK: 2026 if (net->sctp.addip_enable) 2027 asoc->peer.asconf_capable = 1; 2028 break; 2029 default: 2030 break; 2031 } 2032 } 2033 } 2034 2035 /* RFC 3.2.1 & the Implementers Guide 2.2. 2036 * 2037 * The Parameter Types are encoded such that the 2038 * highest-order two bits specify the action that must be 2039 * taken if the processing endpoint does not recognize the 2040 * Parameter Type. 2041 * 2042 * 00 - Stop processing this parameter; do not process any further 2043 * parameters within this chunk 2044 * 2045 * 01 - Stop processing this parameter, do not process any further 2046 * parameters within this chunk, and report the unrecognized 2047 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2048 * 2049 * 10 - Skip this parameter and continue processing. 2050 * 2051 * 11 - Skip this parameter and continue processing but 2052 * report the unrecognized parameter in an 2053 * 'Unrecognized Parameter' ERROR chunk. 2054 * 2055 * Return value: 2056 * SCTP_IERROR_NO_ERROR - continue with the chunk 2057 * SCTP_IERROR_ERROR - stop and report an error. 2058 * SCTP_IERROR_NOMEME - out of memory. 2059 */ 2060 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2061 union sctp_params param, 2062 struct sctp_chunk *chunk, 2063 struct sctp_chunk **errp) 2064 { 2065 int retval = SCTP_IERROR_NO_ERROR; 2066 2067 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2068 case SCTP_PARAM_ACTION_DISCARD: 2069 retval = SCTP_IERROR_ERROR; 2070 break; 2071 case SCTP_PARAM_ACTION_SKIP: 2072 break; 2073 case SCTP_PARAM_ACTION_DISCARD_ERR: 2074 retval = SCTP_IERROR_ERROR; 2075 /* Fall through */ 2076 case SCTP_PARAM_ACTION_SKIP_ERR: 2077 /* Make an ERROR chunk, preparing enough room for 2078 * returning multiple unknown parameters. 2079 */ 2080 if (NULL == *errp) 2081 *errp = sctp_make_op_error_fixed(asoc, chunk); 2082 2083 if (*errp) { 2084 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2085 WORD_ROUND(ntohs(param.p->length)))) 2086 sctp_addto_chunk_fixed(*errp, 2087 WORD_ROUND(ntohs(param.p->length)), 2088 param.v); 2089 } else { 2090 /* If there is no memory for generating the ERROR 2091 * report as specified, an ABORT will be triggered 2092 * to the peer and the association won't be 2093 * established. 2094 */ 2095 retval = SCTP_IERROR_NOMEM; 2096 } 2097 break; 2098 default: 2099 break; 2100 } 2101 2102 return retval; 2103 } 2104 2105 /* Verify variable length parameters 2106 * Return values: 2107 * SCTP_IERROR_ABORT - trigger an ABORT 2108 * SCTP_IERROR_NOMEM - out of memory (abort) 2109 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2110 * SCTP_IERROR_NO_ERROR - continue with the chunk 2111 */ 2112 static sctp_ierror_t sctp_verify_param(struct net *net, 2113 const struct sctp_endpoint *ep, 2114 const struct sctp_association *asoc, 2115 union sctp_params param, 2116 sctp_cid_t cid, 2117 struct sctp_chunk *chunk, 2118 struct sctp_chunk **err_chunk) 2119 { 2120 struct sctp_hmac_algo_param *hmacs; 2121 int retval = SCTP_IERROR_NO_ERROR; 2122 __u16 n_elt, id = 0; 2123 int i; 2124 2125 /* FIXME - This routine is not looking at each parameter per the 2126 * chunk type, i.e., unrecognized parameters should be further 2127 * identified based on the chunk id. 2128 */ 2129 2130 switch (param.p->type) { 2131 case SCTP_PARAM_IPV4_ADDRESS: 2132 case SCTP_PARAM_IPV6_ADDRESS: 2133 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2134 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2135 case SCTP_PARAM_STATE_COOKIE: 2136 case SCTP_PARAM_HEARTBEAT_INFO: 2137 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2138 case SCTP_PARAM_ECN_CAPABLE: 2139 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2140 break; 2141 2142 case SCTP_PARAM_SUPPORTED_EXT: 2143 if (!sctp_verify_ext_param(net, param)) 2144 return SCTP_IERROR_ABORT; 2145 break; 2146 2147 case SCTP_PARAM_SET_PRIMARY: 2148 if (net->sctp.addip_enable) 2149 break; 2150 goto fallthrough; 2151 2152 case SCTP_PARAM_HOST_NAME_ADDRESS: 2153 /* Tell the peer, we won't support this param. */ 2154 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2155 retval = SCTP_IERROR_ABORT; 2156 break; 2157 2158 case SCTP_PARAM_FWD_TSN_SUPPORT: 2159 if (net->sctp.prsctp_enable) 2160 break; 2161 goto fallthrough; 2162 2163 case SCTP_PARAM_RANDOM: 2164 if (!ep->auth_enable) 2165 goto fallthrough; 2166 2167 /* SCTP-AUTH: Secion 6.1 2168 * If the random number is not 32 byte long the association 2169 * MUST be aborted. The ABORT chunk SHOULD contain the error 2170 * cause 'Protocol Violation'. 2171 */ 2172 if (SCTP_AUTH_RANDOM_LENGTH != 2173 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2174 sctp_process_inv_paramlength(asoc, param.p, 2175 chunk, err_chunk); 2176 retval = SCTP_IERROR_ABORT; 2177 } 2178 break; 2179 2180 case SCTP_PARAM_CHUNKS: 2181 if (!ep->auth_enable) 2182 goto fallthrough; 2183 2184 /* SCTP-AUTH: Section 3.2 2185 * The CHUNKS parameter MUST be included once in the INIT or 2186 * INIT-ACK chunk if the sender wants to receive authenticated 2187 * chunks. Its maximum length is 260 bytes. 2188 */ 2189 if (260 < ntohs(param.p->length)) { 2190 sctp_process_inv_paramlength(asoc, param.p, 2191 chunk, err_chunk); 2192 retval = SCTP_IERROR_ABORT; 2193 } 2194 break; 2195 2196 case SCTP_PARAM_HMAC_ALGO: 2197 if (!ep->auth_enable) 2198 goto fallthrough; 2199 2200 hmacs = (struct sctp_hmac_algo_param *)param.p; 2201 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2202 2203 /* SCTP-AUTH: Section 6.1 2204 * The HMAC algorithm based on SHA-1 MUST be supported and 2205 * included in the HMAC-ALGO parameter. 2206 */ 2207 for (i = 0; i < n_elt; i++) { 2208 id = ntohs(hmacs->hmac_ids[i]); 2209 2210 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2211 break; 2212 } 2213 2214 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2215 sctp_process_inv_paramlength(asoc, param.p, chunk, 2216 err_chunk); 2217 retval = SCTP_IERROR_ABORT; 2218 } 2219 break; 2220 fallthrough: 2221 default: 2222 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2223 __func__, ntohs(param.p->type), cid); 2224 2225 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2226 break; 2227 } 2228 return retval; 2229 } 2230 2231 /* Verify the INIT packet before we process it. */ 2232 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2233 const struct sctp_association *asoc, sctp_cid_t cid, 2234 sctp_init_chunk_t *peer_init, struct sctp_chunk *chunk, 2235 struct sctp_chunk **errp) 2236 { 2237 union sctp_params param; 2238 bool has_cookie = false; 2239 int result; 2240 2241 /* Check for missing mandatory parameters. Note: Initial TSN is 2242 * also mandatory, but is not checked here since the valid range 2243 * is 0..2**32-1. RFC4960, section 3.3.3. 2244 */ 2245 if (peer_init->init_hdr.num_outbound_streams == 0 || 2246 peer_init->init_hdr.num_inbound_streams == 0 || 2247 peer_init->init_hdr.init_tag == 0 || 2248 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2249 return sctp_process_inv_mandatory(asoc, chunk, errp); 2250 2251 sctp_walk_params(param, peer_init, init_hdr.params) { 2252 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2253 has_cookie = true; 2254 } 2255 2256 /* There is a possibility that a parameter length was bad and 2257 * in that case we would have stoped walking the parameters. 2258 * The current param.p would point at the bad one. 2259 * Current consensus on the mailing list is to generate a PROTOCOL 2260 * VIOLATION error. We build the ERROR chunk here and let the normal 2261 * error handling code build and send the packet. 2262 */ 2263 if (param.v != (void *)chunk->chunk_end) 2264 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2265 2266 /* The only missing mandatory param possible today is 2267 * the state cookie for an INIT-ACK chunk. 2268 */ 2269 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2270 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2271 chunk, errp); 2272 2273 /* Verify all the variable length parameters */ 2274 sctp_walk_params(param, peer_init, init_hdr.params) { 2275 result = sctp_verify_param(net, ep, asoc, param, cid, 2276 chunk, errp); 2277 switch (result) { 2278 case SCTP_IERROR_ABORT: 2279 case SCTP_IERROR_NOMEM: 2280 return 0; 2281 case SCTP_IERROR_ERROR: 2282 return 1; 2283 case SCTP_IERROR_NO_ERROR: 2284 default: 2285 break; 2286 } 2287 2288 } /* for (loop through all parameters) */ 2289 2290 return 1; 2291 } 2292 2293 /* Unpack the parameters in an INIT packet into an association. 2294 * Returns 0 on failure, else success. 2295 * FIXME: This is an association method. 2296 */ 2297 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2298 const union sctp_addr *peer_addr, 2299 sctp_init_chunk_t *peer_init, gfp_t gfp) 2300 { 2301 struct net *net = sock_net(asoc->base.sk); 2302 union sctp_params param; 2303 struct sctp_transport *transport; 2304 struct list_head *pos, *temp; 2305 struct sctp_af *af; 2306 union sctp_addr addr; 2307 char *cookie; 2308 int src_match = 0; 2309 2310 /* We must include the address that the INIT packet came from. 2311 * This is the only address that matters for an INIT packet. 2312 * When processing a COOKIE ECHO, we retrieve the from address 2313 * of the INIT from the cookie. 2314 */ 2315 2316 /* This implementation defaults to making the first transport 2317 * added as the primary transport. The source address seems to 2318 * be a a better choice than any of the embedded addresses. 2319 */ 2320 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2321 goto nomem; 2322 2323 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2324 src_match = 1; 2325 2326 /* Process the initialization parameters. */ 2327 sctp_walk_params(param, peer_init, init_hdr.params) { 2328 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2329 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2330 af = sctp_get_af_specific(param_type2af(param.p->type)); 2331 af->from_addr_param(&addr, param.addr, 2332 chunk->sctp_hdr->source, 0); 2333 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2334 src_match = 1; 2335 } 2336 2337 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2338 goto clean_up; 2339 } 2340 2341 /* source address of chunk may not match any valid address */ 2342 if (!src_match) 2343 goto clean_up; 2344 2345 /* AUTH: After processing the parameters, make sure that we 2346 * have all the required info to potentially do authentications. 2347 */ 2348 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2349 !asoc->peer.peer_hmacs)) 2350 asoc->peer.auth_capable = 0; 2351 2352 /* In a non-backward compatible mode, if the peer claims 2353 * support for ADD-IP but not AUTH, the ADD-IP spec states 2354 * that we MUST ABORT the association. Section 6. The section 2355 * also give us an option to silently ignore the packet, which 2356 * is what we'll do here. 2357 */ 2358 if (!net->sctp.addip_noauth && 2359 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2360 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2361 SCTP_PARAM_DEL_IP | 2362 SCTP_PARAM_SET_PRIMARY); 2363 asoc->peer.asconf_capable = 0; 2364 goto clean_up; 2365 } 2366 2367 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2368 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2369 transport = list_entry(pos, struct sctp_transport, transports); 2370 if (transport->state == SCTP_UNKNOWN) { 2371 sctp_assoc_rm_peer(asoc, transport); 2372 } 2373 } 2374 2375 /* The fixed INIT headers are always in network byte 2376 * order. 2377 */ 2378 asoc->peer.i.init_tag = 2379 ntohl(peer_init->init_hdr.init_tag); 2380 asoc->peer.i.a_rwnd = 2381 ntohl(peer_init->init_hdr.a_rwnd); 2382 asoc->peer.i.num_outbound_streams = 2383 ntohs(peer_init->init_hdr.num_outbound_streams); 2384 asoc->peer.i.num_inbound_streams = 2385 ntohs(peer_init->init_hdr.num_inbound_streams); 2386 asoc->peer.i.initial_tsn = 2387 ntohl(peer_init->init_hdr.initial_tsn); 2388 2389 /* Apply the upper bounds for output streams based on peer's 2390 * number of inbound streams. 2391 */ 2392 if (asoc->c.sinit_num_ostreams > 2393 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2394 asoc->c.sinit_num_ostreams = 2395 ntohs(peer_init->init_hdr.num_inbound_streams); 2396 } 2397 2398 if (asoc->c.sinit_max_instreams > 2399 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2400 asoc->c.sinit_max_instreams = 2401 ntohs(peer_init->init_hdr.num_outbound_streams); 2402 } 2403 2404 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2405 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2406 2407 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2408 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2409 2410 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2411 cookie = asoc->peer.cookie; 2412 if (cookie) { 2413 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2414 if (!asoc->peer.cookie) 2415 goto clean_up; 2416 } 2417 2418 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2419 * high (for example, implementations MAY use the size of the receiver 2420 * advertised window). 2421 */ 2422 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2423 transports) { 2424 transport->ssthresh = asoc->peer.i.a_rwnd; 2425 } 2426 2427 /* Set up the TSN tracking pieces. */ 2428 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2429 asoc->peer.i.initial_tsn, gfp)) 2430 goto clean_up; 2431 2432 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2433 * 2434 * The stream sequence number in all the streams shall start 2435 * from 0 when the association is established. Also, when the 2436 * stream sequence number reaches the value 65535 the next 2437 * stream sequence number shall be set to 0. 2438 */ 2439 2440 /* Allocate storage for the negotiated streams if it is not a temporary 2441 * association. 2442 */ 2443 if (!asoc->temp) { 2444 int error; 2445 2446 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2447 asoc->c.sinit_num_ostreams, gfp); 2448 if (!asoc->ssnmap) 2449 goto clean_up; 2450 2451 error = sctp_assoc_set_id(asoc, gfp); 2452 if (error) 2453 goto clean_up; 2454 } 2455 2456 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2457 * 2458 * When an endpoint has an ASCONF signaled change to be sent to the 2459 * remote endpoint it should do the following: 2460 * ... 2461 * A2) A serial number should be assigned to the Chunk. The serial 2462 * number should be a monotonically increasing number. All serial 2463 * numbers are defined to be initialized at the start of the 2464 * association to the same value as the Initial TSN. 2465 */ 2466 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2467 return 1; 2468 2469 clean_up: 2470 /* Release the transport structures. */ 2471 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2472 transport = list_entry(pos, struct sctp_transport, transports); 2473 if (transport->state != SCTP_ACTIVE) 2474 sctp_assoc_rm_peer(asoc, transport); 2475 } 2476 2477 nomem: 2478 return 0; 2479 } 2480 2481 2482 /* Update asoc with the option described in param. 2483 * 2484 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2485 * 2486 * asoc is the association to update. 2487 * param is the variable length parameter to use for update. 2488 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2489 * If the current packet is an INIT we want to minimize the amount of 2490 * work we do. In particular, we should not build transport 2491 * structures for the addresses. 2492 */ 2493 static int sctp_process_param(struct sctp_association *asoc, 2494 union sctp_params param, 2495 const union sctp_addr *peer_addr, 2496 gfp_t gfp) 2497 { 2498 struct net *net = sock_net(asoc->base.sk); 2499 union sctp_addr addr; 2500 int i; 2501 __u16 sat; 2502 int retval = 1; 2503 sctp_scope_t scope; 2504 u32 stale; 2505 struct sctp_af *af; 2506 union sctp_addr_param *addr_param; 2507 struct sctp_transport *t; 2508 struct sctp_endpoint *ep = asoc->ep; 2509 2510 /* We maintain all INIT parameters in network byte order all the 2511 * time. This allows us to not worry about whether the parameters 2512 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2513 */ 2514 switch (param.p->type) { 2515 case SCTP_PARAM_IPV6_ADDRESS: 2516 if (PF_INET6 != asoc->base.sk->sk_family) 2517 break; 2518 goto do_addr_param; 2519 2520 case SCTP_PARAM_IPV4_ADDRESS: 2521 /* v4 addresses are not allowed on v6-only socket */ 2522 if (ipv6_only_sock(asoc->base.sk)) 2523 break; 2524 do_addr_param: 2525 af = sctp_get_af_specific(param_type2af(param.p->type)); 2526 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2527 scope = sctp_scope(peer_addr); 2528 if (sctp_in_scope(net, &addr, scope)) 2529 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2530 return 0; 2531 break; 2532 2533 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2534 if (!net->sctp.cookie_preserve_enable) 2535 break; 2536 2537 stale = ntohl(param.life->lifespan_increment); 2538 2539 /* Suggested Cookie Life span increment's unit is msec, 2540 * (1/1000sec). 2541 */ 2542 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2543 break; 2544 2545 case SCTP_PARAM_HOST_NAME_ADDRESS: 2546 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2547 break; 2548 2549 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2550 /* Turn off the default values first so we'll know which 2551 * ones are really set by the peer. 2552 */ 2553 asoc->peer.ipv4_address = 0; 2554 asoc->peer.ipv6_address = 0; 2555 2556 /* Assume that peer supports the address family 2557 * by which it sends a packet. 2558 */ 2559 if (peer_addr->sa.sa_family == AF_INET6) 2560 asoc->peer.ipv6_address = 1; 2561 else if (peer_addr->sa.sa_family == AF_INET) 2562 asoc->peer.ipv4_address = 1; 2563 2564 /* Cycle through address types; avoid divide by 0. */ 2565 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2566 if (sat) 2567 sat /= sizeof(__u16); 2568 2569 for (i = 0; i < sat; ++i) { 2570 switch (param.sat->types[i]) { 2571 case SCTP_PARAM_IPV4_ADDRESS: 2572 asoc->peer.ipv4_address = 1; 2573 break; 2574 2575 case SCTP_PARAM_IPV6_ADDRESS: 2576 if (PF_INET6 == asoc->base.sk->sk_family) 2577 asoc->peer.ipv6_address = 1; 2578 break; 2579 2580 case SCTP_PARAM_HOST_NAME_ADDRESS: 2581 asoc->peer.hostname_address = 1; 2582 break; 2583 2584 default: /* Just ignore anything else. */ 2585 break; 2586 } 2587 } 2588 break; 2589 2590 case SCTP_PARAM_STATE_COOKIE: 2591 asoc->peer.cookie_len = 2592 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2593 asoc->peer.cookie = param.cookie->body; 2594 break; 2595 2596 case SCTP_PARAM_HEARTBEAT_INFO: 2597 /* Would be odd to receive, but it causes no problems. */ 2598 break; 2599 2600 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2601 /* Rejected during verify stage. */ 2602 break; 2603 2604 case SCTP_PARAM_ECN_CAPABLE: 2605 asoc->peer.ecn_capable = 1; 2606 break; 2607 2608 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2609 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2610 break; 2611 2612 case SCTP_PARAM_SET_PRIMARY: 2613 if (!net->sctp.addip_enable) 2614 goto fall_through; 2615 2616 addr_param = param.v + sizeof(sctp_addip_param_t); 2617 2618 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2619 if (af == NULL) 2620 break; 2621 2622 af->from_addr_param(&addr, addr_param, 2623 htons(asoc->peer.port), 0); 2624 2625 /* if the address is invalid, we can't process it. 2626 * XXX: see spec for what to do. 2627 */ 2628 if (!af->addr_valid(&addr, NULL, NULL)) 2629 break; 2630 2631 t = sctp_assoc_lookup_paddr(asoc, &addr); 2632 if (!t) 2633 break; 2634 2635 sctp_assoc_set_primary(asoc, t); 2636 break; 2637 2638 case SCTP_PARAM_SUPPORTED_EXT: 2639 sctp_process_ext_param(asoc, param); 2640 break; 2641 2642 case SCTP_PARAM_FWD_TSN_SUPPORT: 2643 if (net->sctp.prsctp_enable) { 2644 asoc->peer.prsctp_capable = 1; 2645 break; 2646 } 2647 /* Fall Through */ 2648 goto fall_through; 2649 2650 case SCTP_PARAM_RANDOM: 2651 if (!ep->auth_enable) 2652 goto fall_through; 2653 2654 /* Save peer's random parameter */ 2655 asoc->peer.peer_random = kmemdup(param.p, 2656 ntohs(param.p->length), gfp); 2657 if (!asoc->peer.peer_random) { 2658 retval = 0; 2659 break; 2660 } 2661 break; 2662 2663 case SCTP_PARAM_HMAC_ALGO: 2664 if (!ep->auth_enable) 2665 goto fall_through; 2666 2667 /* Save peer's HMAC list */ 2668 asoc->peer.peer_hmacs = kmemdup(param.p, 2669 ntohs(param.p->length), gfp); 2670 if (!asoc->peer.peer_hmacs) { 2671 retval = 0; 2672 break; 2673 } 2674 2675 /* Set the default HMAC the peer requested*/ 2676 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2677 break; 2678 2679 case SCTP_PARAM_CHUNKS: 2680 if (!ep->auth_enable) 2681 goto fall_through; 2682 2683 asoc->peer.peer_chunks = kmemdup(param.p, 2684 ntohs(param.p->length), gfp); 2685 if (!asoc->peer.peer_chunks) 2686 retval = 0; 2687 break; 2688 fall_through: 2689 default: 2690 /* Any unrecognized parameters should have been caught 2691 * and handled by sctp_verify_param() which should be 2692 * called prior to this routine. Simply log the error 2693 * here. 2694 */ 2695 pr_debug("%s: ignoring param:%d for association:%p.\n", 2696 __func__, ntohs(param.p->type), asoc); 2697 break; 2698 } 2699 2700 return retval; 2701 } 2702 2703 /* Select a new verification tag. */ 2704 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2705 { 2706 /* I believe that this random number generator complies with RFC1750. 2707 * A tag of 0 is reserved for special cases (e.g. INIT). 2708 */ 2709 __u32 x; 2710 2711 do { 2712 get_random_bytes(&x, sizeof(__u32)); 2713 } while (x == 0); 2714 2715 return x; 2716 } 2717 2718 /* Select an initial TSN to send during startup. */ 2719 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2720 { 2721 __u32 retval; 2722 2723 get_random_bytes(&retval, sizeof(__u32)); 2724 return retval; 2725 } 2726 2727 /* 2728 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2729 * 0 1 2 3 2730 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2731 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2732 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2733 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2734 * | Serial Number | 2735 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2736 * | Address Parameter | 2737 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2738 * | ASCONF Parameter #1 | 2739 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2740 * \ \ 2741 * / .... / 2742 * \ \ 2743 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2744 * | ASCONF Parameter #N | 2745 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2746 * 2747 * Address Parameter and other parameter will not be wrapped in this function 2748 */ 2749 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2750 union sctp_addr *addr, 2751 int vparam_len) 2752 { 2753 sctp_addiphdr_t asconf; 2754 struct sctp_chunk *retval; 2755 int length = sizeof(asconf) + vparam_len; 2756 union sctp_addr_param addrparam; 2757 int addrlen; 2758 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2759 2760 addrlen = af->to_addr_param(addr, &addrparam); 2761 if (!addrlen) 2762 return NULL; 2763 length += addrlen; 2764 2765 /* Create the chunk. */ 2766 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length); 2767 if (!retval) 2768 return NULL; 2769 2770 asconf.serial = htonl(asoc->addip_serial++); 2771 2772 retval->subh.addip_hdr = 2773 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2774 retval->param_hdr.v = 2775 sctp_addto_chunk(retval, addrlen, &addrparam); 2776 2777 return retval; 2778 } 2779 2780 /* ADDIP 2781 * 3.2.1 Add IP Address 2782 * 0 1 2 3 2783 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2784 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2785 * | Type = 0xC001 | Length = Variable | 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * | ASCONF-Request Correlation ID | 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * | Address Parameter | 2790 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2791 * 2792 * 3.2.2 Delete IP Address 2793 * 0 1 2 3 2794 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2795 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2796 * | Type = 0xC002 | Length = Variable | 2797 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2798 * | ASCONF-Request Correlation ID | 2799 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2800 * | Address Parameter | 2801 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2802 * 2803 */ 2804 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2805 union sctp_addr *laddr, 2806 struct sockaddr *addrs, 2807 int addrcnt, 2808 __be16 flags) 2809 { 2810 sctp_addip_param_t param; 2811 struct sctp_chunk *retval; 2812 union sctp_addr_param addr_param; 2813 union sctp_addr *addr; 2814 void *addr_buf; 2815 struct sctp_af *af; 2816 int paramlen = sizeof(param); 2817 int addr_param_len = 0; 2818 int totallen = 0; 2819 int i; 2820 int del_pickup = 0; 2821 2822 /* Get total length of all the address parameters. */ 2823 addr_buf = addrs; 2824 for (i = 0; i < addrcnt; i++) { 2825 addr = addr_buf; 2826 af = sctp_get_af_specific(addr->v4.sin_family); 2827 addr_param_len = af->to_addr_param(addr, &addr_param); 2828 2829 totallen += paramlen; 2830 totallen += addr_param_len; 2831 2832 addr_buf += af->sockaddr_len; 2833 if (asoc->asconf_addr_del_pending && !del_pickup) { 2834 /* reuse the parameter length from the same scope one */ 2835 totallen += paramlen; 2836 totallen += addr_param_len; 2837 del_pickup = 1; 2838 2839 pr_debug("%s: picked same-scope del_pending addr, " 2840 "totallen for all addresses is %d\n", 2841 __func__, totallen); 2842 } 2843 } 2844 2845 /* Create an asconf chunk with the required length. */ 2846 retval = sctp_make_asconf(asoc, laddr, totallen); 2847 if (!retval) 2848 return NULL; 2849 2850 /* Add the address parameters to the asconf chunk. */ 2851 addr_buf = addrs; 2852 for (i = 0; i < addrcnt; i++) { 2853 addr = addr_buf; 2854 af = sctp_get_af_specific(addr->v4.sin_family); 2855 addr_param_len = af->to_addr_param(addr, &addr_param); 2856 param.param_hdr.type = flags; 2857 param.param_hdr.length = htons(paramlen + addr_param_len); 2858 param.crr_id = i; 2859 2860 sctp_addto_chunk(retval, paramlen, ¶m); 2861 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2862 2863 addr_buf += af->sockaddr_len; 2864 } 2865 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2866 addr = asoc->asconf_addr_del_pending; 2867 af = sctp_get_af_specific(addr->v4.sin_family); 2868 addr_param_len = af->to_addr_param(addr, &addr_param); 2869 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2870 param.param_hdr.length = htons(paramlen + addr_param_len); 2871 param.crr_id = i; 2872 2873 sctp_addto_chunk(retval, paramlen, ¶m); 2874 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2875 } 2876 return retval; 2877 } 2878 2879 /* ADDIP 2880 * 3.2.4 Set Primary IP Address 2881 * 0 1 2 3 2882 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2883 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2884 * | Type =0xC004 | Length = Variable | 2885 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2886 * | ASCONF-Request Correlation ID | 2887 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2888 * | Address Parameter | 2889 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2890 * 2891 * Create an ASCONF chunk with Set Primary IP address parameter. 2892 */ 2893 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2894 union sctp_addr *addr) 2895 { 2896 sctp_addip_param_t param; 2897 struct sctp_chunk *retval; 2898 int len = sizeof(param); 2899 union sctp_addr_param addrparam; 2900 int addrlen; 2901 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2902 2903 addrlen = af->to_addr_param(addr, &addrparam); 2904 if (!addrlen) 2905 return NULL; 2906 len += addrlen; 2907 2908 /* Create the chunk and make asconf header. */ 2909 retval = sctp_make_asconf(asoc, addr, len); 2910 if (!retval) 2911 return NULL; 2912 2913 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2914 param.param_hdr.length = htons(len); 2915 param.crr_id = 0; 2916 2917 sctp_addto_chunk(retval, sizeof(param), ¶m); 2918 sctp_addto_chunk(retval, addrlen, &addrparam); 2919 2920 return retval; 2921 } 2922 2923 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2924 * 0 1 2 3 2925 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2926 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2927 * | Type = 0x80 | Chunk Flags | Chunk Length | 2928 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2929 * | Serial Number | 2930 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2931 * | ASCONF Parameter Response#1 | 2932 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2933 * \ \ 2934 * / .... / 2935 * \ \ 2936 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2937 * | ASCONF Parameter Response#N | 2938 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2939 * 2940 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2941 */ 2942 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2943 __u32 serial, int vparam_len) 2944 { 2945 sctp_addiphdr_t asconf; 2946 struct sctp_chunk *retval; 2947 int length = sizeof(asconf) + vparam_len; 2948 2949 /* Create the chunk. */ 2950 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2951 if (!retval) 2952 return NULL; 2953 2954 asconf.serial = htonl(serial); 2955 2956 retval->subh.addip_hdr = 2957 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2958 2959 return retval; 2960 } 2961 2962 /* Add response parameters to an ASCONF_ACK chunk. */ 2963 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2964 __be16 err_code, sctp_addip_param_t *asconf_param) 2965 { 2966 sctp_addip_param_t ack_param; 2967 sctp_errhdr_t err_param; 2968 int asconf_param_len = 0; 2969 int err_param_len = 0; 2970 __be16 response_type; 2971 2972 if (SCTP_ERROR_NO_ERROR == err_code) { 2973 response_type = SCTP_PARAM_SUCCESS_REPORT; 2974 } else { 2975 response_type = SCTP_PARAM_ERR_CAUSE; 2976 err_param_len = sizeof(err_param); 2977 if (asconf_param) 2978 asconf_param_len = 2979 ntohs(asconf_param->param_hdr.length); 2980 } 2981 2982 /* Add Success Indication or Error Cause Indication parameter. */ 2983 ack_param.param_hdr.type = response_type; 2984 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2985 err_param_len + 2986 asconf_param_len); 2987 ack_param.crr_id = crr_id; 2988 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2989 2990 if (SCTP_ERROR_NO_ERROR == err_code) 2991 return; 2992 2993 /* Add Error Cause parameter. */ 2994 err_param.cause = err_code; 2995 err_param.length = htons(err_param_len + asconf_param_len); 2996 sctp_addto_chunk(chunk, err_param_len, &err_param); 2997 2998 /* Add the failed TLV copied from ASCONF chunk. */ 2999 if (asconf_param) 3000 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3001 } 3002 3003 /* Process a asconf parameter. */ 3004 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3005 struct sctp_chunk *asconf, 3006 sctp_addip_param_t *asconf_param) 3007 { 3008 struct sctp_transport *peer; 3009 struct sctp_af *af; 3010 union sctp_addr addr; 3011 union sctp_addr_param *addr_param; 3012 3013 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3014 3015 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3016 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3017 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3018 return SCTP_ERROR_UNKNOWN_PARAM; 3019 3020 switch (addr_param->p.type) { 3021 case SCTP_PARAM_IPV6_ADDRESS: 3022 if (!asoc->peer.ipv6_address) 3023 return SCTP_ERROR_DNS_FAILED; 3024 break; 3025 case SCTP_PARAM_IPV4_ADDRESS: 3026 if (!asoc->peer.ipv4_address) 3027 return SCTP_ERROR_DNS_FAILED; 3028 break; 3029 default: 3030 return SCTP_ERROR_DNS_FAILED; 3031 } 3032 3033 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3034 if (unlikely(!af)) 3035 return SCTP_ERROR_DNS_FAILED; 3036 3037 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3038 3039 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3040 * or multicast address. 3041 * (note: wildcard is permitted and requires special handling so 3042 * make sure we check for that) 3043 */ 3044 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3045 return SCTP_ERROR_DNS_FAILED; 3046 3047 switch (asconf_param->param_hdr.type) { 3048 case SCTP_PARAM_ADD_IP: 3049 /* Section 4.2.1: 3050 * If the address 0.0.0.0 or ::0 is provided, the source 3051 * address of the packet MUST be added. 3052 */ 3053 if (af->is_any(&addr)) 3054 memcpy(&addr, &asconf->source, sizeof(addr)); 3055 3056 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3057 * request and does not have the local resources to add this 3058 * new address to the association, it MUST return an Error 3059 * Cause TLV set to the new error code 'Operation Refused 3060 * Due to Resource Shortage'. 3061 */ 3062 3063 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3064 if (!peer) 3065 return SCTP_ERROR_RSRC_LOW; 3066 3067 /* Start the heartbeat timer. */ 3068 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3069 sctp_transport_hold(peer); 3070 asoc->new_transport = peer; 3071 break; 3072 case SCTP_PARAM_DEL_IP: 3073 /* ADDIP 4.3 D7) If a request is received to delete the 3074 * last remaining IP address of a peer endpoint, the receiver 3075 * MUST send an Error Cause TLV with the error cause set to the 3076 * new error code 'Request to Delete Last Remaining IP Address'. 3077 */ 3078 if (asoc->peer.transport_count == 1) 3079 return SCTP_ERROR_DEL_LAST_IP; 3080 3081 /* ADDIP 4.3 D8) If a request is received to delete an IP 3082 * address which is also the source address of the IP packet 3083 * which contained the ASCONF chunk, the receiver MUST reject 3084 * this request. To reject the request the receiver MUST send 3085 * an Error Cause TLV set to the new error code 'Request to 3086 * Delete Source IP Address' 3087 */ 3088 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3089 return SCTP_ERROR_DEL_SRC_IP; 3090 3091 /* Section 4.2.2 3092 * If the address 0.0.0.0 or ::0 is provided, all 3093 * addresses of the peer except the source address of the 3094 * packet MUST be deleted. 3095 */ 3096 if (af->is_any(&addr)) { 3097 sctp_assoc_set_primary(asoc, asconf->transport); 3098 sctp_assoc_del_nonprimary_peers(asoc, 3099 asconf->transport); 3100 return SCTP_ERROR_NO_ERROR; 3101 } 3102 3103 /* If the address is not part of the association, the 3104 * ASCONF-ACK with Error Cause Indication Parameter 3105 * which including cause of Unresolvable Address should 3106 * be sent. 3107 */ 3108 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3109 if (!peer) 3110 return SCTP_ERROR_DNS_FAILED; 3111 3112 sctp_assoc_rm_peer(asoc, peer); 3113 break; 3114 case SCTP_PARAM_SET_PRIMARY: 3115 /* ADDIP Section 4.2.4 3116 * If the address 0.0.0.0 or ::0 is provided, the receiver 3117 * MAY mark the source address of the packet as its 3118 * primary. 3119 */ 3120 if (af->is_any(&addr)) 3121 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3122 3123 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3124 if (!peer) 3125 return SCTP_ERROR_DNS_FAILED; 3126 3127 sctp_assoc_set_primary(asoc, peer); 3128 break; 3129 } 3130 3131 return SCTP_ERROR_NO_ERROR; 3132 } 3133 3134 /* Verify the ASCONF packet before we process it. */ 3135 bool sctp_verify_asconf(const struct sctp_association *asoc, 3136 struct sctp_chunk *chunk, bool addr_param_needed, 3137 struct sctp_paramhdr **errp) 3138 { 3139 sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) chunk->chunk_hdr; 3140 union sctp_params param; 3141 bool addr_param_seen = false; 3142 3143 sctp_walk_params(param, addip, addip_hdr.params) { 3144 size_t length = ntohs(param.p->length); 3145 3146 *errp = param.p; 3147 switch (param.p->type) { 3148 case SCTP_PARAM_ERR_CAUSE: 3149 break; 3150 case SCTP_PARAM_IPV4_ADDRESS: 3151 if (length != sizeof(sctp_ipv4addr_param_t)) 3152 return false; 3153 /* ensure there is only one addr param and it's in the 3154 * beginning of addip_hdr params, or we reject it. 3155 */ 3156 if (param.v != addip->addip_hdr.params) 3157 return false; 3158 addr_param_seen = true; 3159 break; 3160 case SCTP_PARAM_IPV6_ADDRESS: 3161 if (length != sizeof(sctp_ipv6addr_param_t)) 3162 return false; 3163 if (param.v != addip->addip_hdr.params) 3164 return false; 3165 addr_param_seen = true; 3166 break; 3167 case SCTP_PARAM_ADD_IP: 3168 case SCTP_PARAM_DEL_IP: 3169 case SCTP_PARAM_SET_PRIMARY: 3170 /* In ASCONF chunks, these need to be first. */ 3171 if (addr_param_needed && !addr_param_seen) 3172 return false; 3173 length = ntohs(param.addip->param_hdr.length); 3174 if (length < sizeof(sctp_addip_param_t) + 3175 sizeof(sctp_paramhdr_t)) 3176 return false; 3177 break; 3178 case SCTP_PARAM_SUCCESS_REPORT: 3179 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3180 if (length != sizeof(sctp_addip_param_t)) 3181 return false; 3182 break; 3183 default: 3184 /* This is unkown to us, reject! */ 3185 return false; 3186 } 3187 } 3188 3189 /* Remaining sanity checks. */ 3190 if (addr_param_needed && !addr_param_seen) 3191 return false; 3192 if (!addr_param_needed && addr_param_seen) 3193 return false; 3194 if (param.v != chunk->chunk_end) 3195 return false; 3196 3197 return true; 3198 } 3199 3200 /* Process an incoming ASCONF chunk with the next expected serial no. and 3201 * return an ASCONF_ACK chunk to be sent in response. 3202 */ 3203 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3204 struct sctp_chunk *asconf) 3205 { 3206 sctp_addip_chunk_t *addip = (sctp_addip_chunk_t *) asconf->chunk_hdr; 3207 bool all_param_pass = true; 3208 union sctp_params param; 3209 sctp_addiphdr_t *hdr; 3210 union sctp_addr_param *addr_param; 3211 sctp_addip_param_t *asconf_param; 3212 struct sctp_chunk *asconf_ack; 3213 __be16 err_code; 3214 int length = 0; 3215 int chunk_len; 3216 __u32 serial; 3217 3218 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3219 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3220 serial = ntohl(hdr->serial); 3221 3222 /* Skip the addiphdr and store a pointer to address parameter. */ 3223 length = sizeof(sctp_addiphdr_t); 3224 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3225 chunk_len -= length; 3226 3227 /* Skip the address parameter and store a pointer to the first 3228 * asconf parameter. 3229 */ 3230 length = ntohs(addr_param->p.length); 3231 asconf_param = (void *)addr_param + length; 3232 chunk_len -= length; 3233 3234 /* create an ASCONF_ACK chunk. 3235 * Based on the definitions of parameters, we know that the size of 3236 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3237 * parameters. 3238 */ 3239 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3240 if (!asconf_ack) 3241 goto done; 3242 3243 /* Process the TLVs contained within the ASCONF chunk. */ 3244 sctp_walk_params(param, addip, addip_hdr.params) { 3245 /* Skip preceeding address parameters. */ 3246 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3247 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3248 continue; 3249 3250 err_code = sctp_process_asconf_param(asoc, asconf, 3251 param.addip); 3252 /* ADDIP 4.1 A7) 3253 * If an error response is received for a TLV parameter, 3254 * all TLVs with no response before the failed TLV are 3255 * considered successful if not reported. All TLVs after 3256 * the failed response are considered unsuccessful unless 3257 * a specific success indication is present for the parameter. 3258 */ 3259 if (err_code != SCTP_ERROR_NO_ERROR) 3260 all_param_pass = false; 3261 if (!all_param_pass) 3262 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3263 err_code, param.addip); 3264 3265 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3266 * an IP address sends an 'Out of Resource' in its response, it 3267 * MUST also fail any subsequent add or delete requests bundled 3268 * in the ASCONF. 3269 */ 3270 if (err_code == SCTP_ERROR_RSRC_LOW) 3271 goto done; 3272 } 3273 done: 3274 asoc->peer.addip_serial++; 3275 3276 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3277 * after freeing the reference to old asconf ack if any. 3278 */ 3279 if (asconf_ack) { 3280 sctp_chunk_hold(asconf_ack); 3281 list_add_tail(&asconf_ack->transmitted_list, 3282 &asoc->asconf_ack_list); 3283 } 3284 3285 return asconf_ack; 3286 } 3287 3288 /* Process a asconf parameter that is successfully acked. */ 3289 static void sctp_asconf_param_success(struct sctp_association *asoc, 3290 sctp_addip_param_t *asconf_param) 3291 { 3292 struct sctp_af *af; 3293 union sctp_addr addr; 3294 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3295 union sctp_addr_param *addr_param; 3296 struct sctp_transport *transport; 3297 struct sctp_sockaddr_entry *saddr; 3298 3299 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3300 3301 /* We have checked the packet before, so we do not check again. */ 3302 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3303 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3304 3305 switch (asconf_param->param_hdr.type) { 3306 case SCTP_PARAM_ADD_IP: 3307 /* This is always done in BH context with a socket lock 3308 * held, so the list can not change. 3309 */ 3310 local_bh_disable(); 3311 list_for_each_entry(saddr, &bp->address_list, list) { 3312 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3313 saddr->state = SCTP_ADDR_SRC; 3314 } 3315 local_bh_enable(); 3316 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3317 transports) { 3318 dst_release(transport->dst); 3319 transport->dst = NULL; 3320 } 3321 break; 3322 case SCTP_PARAM_DEL_IP: 3323 local_bh_disable(); 3324 sctp_del_bind_addr(bp, &addr); 3325 if (asoc->asconf_addr_del_pending != NULL && 3326 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3327 kfree(asoc->asconf_addr_del_pending); 3328 asoc->asconf_addr_del_pending = NULL; 3329 } 3330 local_bh_enable(); 3331 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3332 transports) { 3333 dst_release(transport->dst); 3334 transport->dst = NULL; 3335 } 3336 break; 3337 default: 3338 break; 3339 } 3340 } 3341 3342 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3343 * for the given asconf parameter. If there is no response for this parameter, 3344 * return the error code based on the third argument 'no_err'. 3345 * ADDIP 4.1 3346 * A7) If an error response is received for a TLV parameter, all TLVs with no 3347 * response before the failed TLV are considered successful if not reported. 3348 * All TLVs after the failed response are considered unsuccessful unless a 3349 * specific success indication is present for the parameter. 3350 */ 3351 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3352 sctp_addip_param_t *asconf_param, 3353 int no_err) 3354 { 3355 sctp_addip_param_t *asconf_ack_param; 3356 sctp_errhdr_t *err_param; 3357 int length; 3358 int asconf_ack_len; 3359 __be16 err_code; 3360 3361 if (no_err) 3362 err_code = SCTP_ERROR_NO_ERROR; 3363 else 3364 err_code = SCTP_ERROR_REQ_REFUSED; 3365 3366 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3367 sizeof(sctp_chunkhdr_t); 3368 3369 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3370 * the first asconf_ack parameter. 3371 */ 3372 length = sizeof(sctp_addiphdr_t); 3373 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3374 length); 3375 asconf_ack_len -= length; 3376 3377 while (asconf_ack_len > 0) { 3378 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3379 switch (asconf_ack_param->param_hdr.type) { 3380 case SCTP_PARAM_SUCCESS_REPORT: 3381 return SCTP_ERROR_NO_ERROR; 3382 case SCTP_PARAM_ERR_CAUSE: 3383 length = sizeof(sctp_addip_param_t); 3384 err_param = (void *)asconf_ack_param + length; 3385 asconf_ack_len -= length; 3386 if (asconf_ack_len > 0) 3387 return err_param->cause; 3388 else 3389 return SCTP_ERROR_INV_PARAM; 3390 break; 3391 default: 3392 return SCTP_ERROR_INV_PARAM; 3393 } 3394 } 3395 3396 length = ntohs(asconf_ack_param->param_hdr.length); 3397 asconf_ack_param = (void *)asconf_ack_param + length; 3398 asconf_ack_len -= length; 3399 } 3400 3401 return err_code; 3402 } 3403 3404 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3405 int sctp_process_asconf_ack(struct sctp_association *asoc, 3406 struct sctp_chunk *asconf_ack) 3407 { 3408 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3409 union sctp_addr_param *addr_param; 3410 sctp_addip_param_t *asconf_param; 3411 int length = 0; 3412 int asconf_len = asconf->skb->len; 3413 int all_param_pass = 0; 3414 int no_err = 1; 3415 int retval = 0; 3416 __be16 err_code = SCTP_ERROR_NO_ERROR; 3417 3418 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3419 * a pointer to address parameter. 3420 */ 3421 length = sizeof(sctp_addip_chunk_t); 3422 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3423 asconf_len -= length; 3424 3425 /* Skip the address parameter in the last asconf sent and store a 3426 * pointer to the first asconf parameter. 3427 */ 3428 length = ntohs(addr_param->p.length); 3429 asconf_param = (void *)addr_param + length; 3430 asconf_len -= length; 3431 3432 /* ADDIP 4.1 3433 * A8) If there is no response(s) to specific TLV parameter(s), and no 3434 * failures are indicated, then all request(s) are considered 3435 * successful. 3436 */ 3437 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3438 all_param_pass = 1; 3439 3440 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3441 while (asconf_len > 0) { 3442 if (all_param_pass) 3443 err_code = SCTP_ERROR_NO_ERROR; 3444 else { 3445 err_code = sctp_get_asconf_response(asconf_ack, 3446 asconf_param, 3447 no_err); 3448 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3449 no_err = 0; 3450 } 3451 3452 switch (err_code) { 3453 case SCTP_ERROR_NO_ERROR: 3454 sctp_asconf_param_success(asoc, asconf_param); 3455 break; 3456 3457 case SCTP_ERROR_RSRC_LOW: 3458 retval = 1; 3459 break; 3460 3461 case SCTP_ERROR_UNKNOWN_PARAM: 3462 /* Disable sending this type of asconf parameter in 3463 * future. 3464 */ 3465 asoc->peer.addip_disabled_mask |= 3466 asconf_param->param_hdr.type; 3467 break; 3468 3469 case SCTP_ERROR_REQ_REFUSED: 3470 case SCTP_ERROR_DEL_LAST_IP: 3471 case SCTP_ERROR_DEL_SRC_IP: 3472 default: 3473 break; 3474 } 3475 3476 /* Skip the processed asconf parameter and move to the next 3477 * one. 3478 */ 3479 length = ntohs(asconf_param->param_hdr.length); 3480 asconf_param = (void *)asconf_param + length; 3481 asconf_len -= length; 3482 } 3483 3484 if (no_err && asoc->src_out_of_asoc_ok) { 3485 asoc->src_out_of_asoc_ok = 0; 3486 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3487 } 3488 3489 /* Free the cached last sent asconf chunk. */ 3490 list_del_init(&asconf->transmitted_list); 3491 sctp_chunk_free(asconf); 3492 asoc->addip_last_asconf = NULL; 3493 3494 return retval; 3495 } 3496 3497 /* Make a FWD TSN chunk. */ 3498 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3499 __u32 new_cum_tsn, size_t nstreams, 3500 struct sctp_fwdtsn_skip *skiplist) 3501 { 3502 struct sctp_chunk *retval = NULL; 3503 struct sctp_fwdtsn_hdr ftsn_hdr; 3504 struct sctp_fwdtsn_skip skip; 3505 size_t hint; 3506 int i; 3507 3508 hint = (nstreams + 1) * sizeof(__u32); 3509 3510 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint); 3511 3512 if (!retval) 3513 return NULL; 3514 3515 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3516 retval->subh.fwdtsn_hdr = 3517 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3518 3519 for (i = 0; i < nstreams; i++) { 3520 skip.stream = skiplist[i].stream; 3521 skip.ssn = skiplist[i].ssn; 3522 sctp_addto_chunk(retval, sizeof(skip), &skip); 3523 } 3524 3525 return retval; 3526 } 3527