1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, see 27 * <http://www.gnu.org/licenses/>. 28 * 29 * Please send any bug reports or fixes you make to the 30 * email address(es): 31 * lksctp developers <linux-sctp@vger.kernel.org> 32 * 33 * Written or modified by: 34 * La Monte H.P. Yarroll <piggy@acm.org> 35 * Karl Knutson <karl@athena.chicago.il.us> 36 * C. Robin <chris@hundredacre.ac.uk> 37 * Jon Grimm <jgrimm@us.ibm.com> 38 * Xingang Guo <xingang.guo@intel.com> 39 * Dajiang Zhang <dajiang.zhang@nokia.com> 40 * Sridhar Samudrala <sri@us.ibm.com> 41 * Daisy Chang <daisyc@us.ibm.com> 42 * Ardelle Fan <ardelle.fan@intel.com> 43 * Kevin Gao <kevin.gao@intel.com> 44 */ 45 46 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 47 48 #include <crypto/hash.h> 49 #include <linux/types.h> 50 #include <linux/kernel.h> 51 #include <linux/ip.h> 52 #include <linux/ipv6.h> 53 #include <linux/net.h> 54 #include <linux/inet.h> 55 #include <linux/scatterlist.h> 56 #include <linux/slab.h> 57 #include <net/sock.h> 58 59 #include <linux/skbuff.h> 60 #include <linux/random.h> /* for get_random_bytes */ 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 65 __u8 type, __u8 flags, int paylen, 66 gfp_t gfp); 67 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 68 __u8 flags, int paylen, gfp_t gfp); 69 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen, 71 gfp_t gfp); 72 static struct sctp_cookie_param *sctp_pack_cookie( 73 const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 83 const void *data); 84 static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len, 85 const void *data); 86 87 /* Control chunk destructor */ 88 static void sctp_control_release_owner(struct sk_buff *skb) 89 { 90 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg; 91 92 if (chunk->shkey) { 93 struct sctp_shared_key *shkey = chunk->shkey; 94 struct sctp_association *asoc = chunk->asoc; 95 96 /* refcnt == 2 and !list_empty mean after this release, it's 97 * not being used anywhere, and it's time to notify userland 98 * that this shkey can be freed if it's been deactivated. 99 */ 100 if (shkey->deactivated && !list_empty(&shkey->key_list) && 101 refcount_read(&shkey->refcnt) == 2) { 102 struct sctp_ulpevent *ev; 103 104 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id, 105 SCTP_AUTH_FREE_KEY, 106 GFP_KERNEL); 107 if (ev) 108 asoc->stream.si->enqueue_event(&asoc->ulpq, ev); 109 } 110 sctp_auth_shkey_release(chunk->shkey); 111 } 112 } 113 114 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 115 { 116 struct sctp_association *asoc = chunk->asoc; 117 struct sk_buff *skb = chunk->skb; 118 119 /* TODO: properly account for control chunks. 120 * To do it right we'll need: 121 * 1) endpoint if association isn't known. 122 * 2) proper memory accounting. 123 * 124 * For now don't do anything for now. 125 */ 126 if (chunk->auth) { 127 chunk->shkey = asoc->shkey; 128 sctp_auth_shkey_hold(chunk->shkey); 129 } 130 skb->sk = asoc ? asoc->base.sk : NULL; 131 skb_shinfo(skb)->destructor_arg = chunk; 132 skb->destructor = sctp_control_release_owner; 133 } 134 135 /* What was the inbound interface for this chunk? */ 136 int sctp_chunk_iif(const struct sctp_chunk *chunk) 137 { 138 struct sk_buff *skb = chunk->skb; 139 140 return SCTP_INPUT_CB(skb)->af->skb_iif(skb); 141 } 142 143 /* RFC 2960 3.3.2 Initiation (INIT) (1) 144 * 145 * Note 2: The ECN capable field is reserved for future use of 146 * Explicit Congestion Notification. 147 */ 148 static const struct sctp_paramhdr ecap_param = { 149 SCTP_PARAM_ECN_CAPABLE, 150 cpu_to_be16(sizeof(struct sctp_paramhdr)), 151 }; 152 static const struct sctp_paramhdr prsctp_param = { 153 SCTP_PARAM_FWD_TSN_SUPPORT, 154 cpu_to_be16(sizeof(struct sctp_paramhdr)), 155 }; 156 157 /* A helper to initialize an op error inside a 158 * provided chunk, as most cause codes will be embedded inside an 159 * abort chunk. 160 */ 161 int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 162 size_t paylen) 163 { 164 struct sctp_errhdr err; 165 __u16 len; 166 167 /* Cause code constants are now defined in network order. */ 168 err.cause = cause_code; 169 len = sizeof(err) + paylen; 170 err.length = htons(len); 171 172 if (skb_tailroom(chunk->skb) < len) 173 return -ENOSPC; 174 175 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err); 176 177 return 0; 178 } 179 180 /* A helper to initialize an op error inside a 181 * provided chunk, as most cause codes will be embedded inside an 182 * abort chunk. Differs from sctp_init_cause in that it won't oops 183 * if there isn't enough space in the op error chunk 184 */ 185 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 186 size_t paylen) 187 { 188 struct sctp_errhdr err; 189 __u16 len; 190 191 /* Cause code constants are now defined in network order. */ 192 err.cause = cause_code; 193 len = sizeof(err) + paylen; 194 err.length = htons(len); 195 196 if (skb_tailroom(chunk->skb) < len) 197 return -ENOSPC; 198 199 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, sizeof(err), &err); 200 201 return 0; 202 } 203 /* 3.3.2 Initiation (INIT) (1) 204 * 205 * This chunk is used to initiate a SCTP association between two 206 * endpoints. The format of the INIT chunk is shown below: 207 * 208 * 0 1 2 3 209 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 211 * | Type = 1 | Chunk Flags | Chunk Length | 212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 * | Initiate Tag | 214 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 215 * | Advertised Receiver Window Credit (a_rwnd) | 216 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 217 * | Number of Outbound Streams | Number of Inbound Streams | 218 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 219 * | Initial TSN | 220 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 * \ \ 222 * / Optional/Variable-Length Parameters / 223 * \ \ 224 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 * 226 * 227 * The INIT chunk contains the following parameters. Unless otherwise 228 * noted, each parameter MUST only be included once in the INIT chunk. 229 * 230 * Fixed Parameters Status 231 * ---------------------------------------------- 232 * Initiate Tag Mandatory 233 * Advertised Receiver Window Credit Mandatory 234 * Number of Outbound Streams Mandatory 235 * Number of Inbound Streams Mandatory 236 * Initial TSN Mandatory 237 * 238 * Variable Parameters Status Type Value 239 * ------------------------------------------------------------- 240 * IPv4 Address (Note 1) Optional 5 241 * IPv6 Address (Note 1) Optional 6 242 * Cookie Preservative Optional 9 243 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 244 * Host Name Address (Note 3) Optional 11 245 * Supported Address Types (Note 4) Optional 12 246 */ 247 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 248 const struct sctp_bind_addr *bp, 249 gfp_t gfp, int vparam_len) 250 { 251 struct net *net = sock_net(asoc->base.sk); 252 struct sctp_supported_ext_param ext_param; 253 struct sctp_adaptation_ind_param aiparam; 254 struct sctp_paramhdr *auth_chunks = NULL; 255 struct sctp_paramhdr *auth_hmacs = NULL; 256 struct sctp_supported_addrs_param sat; 257 struct sctp_endpoint *ep = asoc->ep; 258 struct sctp_chunk *retval = NULL; 259 int num_types, addrs_len = 0; 260 struct sctp_inithdr init; 261 union sctp_params addrs; 262 struct sctp_sock *sp; 263 __u8 extensions[5]; 264 size_t chunksize; 265 __be16 types[2]; 266 int num_ext = 0; 267 268 /* RFC 2960 3.3.2 Initiation (INIT) (1) 269 * 270 * Note 1: The INIT chunks can contain multiple addresses that 271 * can be IPv4 and/or IPv6 in any combination. 272 */ 273 274 /* Convert the provided bind address list to raw format. */ 275 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 276 277 init.init_tag = htonl(asoc->c.my_vtag); 278 init.a_rwnd = htonl(asoc->rwnd); 279 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 280 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 281 init.initial_tsn = htonl(asoc->c.initial_tsn); 282 283 /* How many address types are needed? */ 284 sp = sctp_sk(asoc->base.sk); 285 num_types = sp->pf->supported_addrs(sp, types); 286 287 chunksize = sizeof(init) + addrs_len; 288 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); 289 chunksize += sizeof(ecap_param); 290 291 if (asoc->prsctp_enable) 292 chunksize += sizeof(prsctp_param); 293 294 /* ADDIP: Section 4.2.7: 295 * An implementation supporting this extension [ADDIP] MUST list 296 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 297 * INIT-ACK parameters. 298 */ 299 if (net->sctp.addip_enable) { 300 extensions[num_ext] = SCTP_CID_ASCONF; 301 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 302 num_ext += 2; 303 } 304 305 if (asoc->reconf_enable) { 306 extensions[num_ext] = SCTP_CID_RECONF; 307 num_ext += 1; 308 } 309 310 if (sp->adaptation_ind) 311 chunksize += sizeof(aiparam); 312 313 if (sp->strm_interleave) { 314 extensions[num_ext] = SCTP_CID_I_DATA; 315 num_ext += 1; 316 } 317 318 chunksize += vparam_len; 319 320 /* Account for AUTH related parameters */ 321 if (ep->auth_enable) { 322 /* Add random parameter length*/ 323 chunksize += sizeof(asoc->c.auth_random); 324 325 /* Add HMACS parameter length if any were defined */ 326 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 327 if (auth_hmacs->length) 328 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 329 else 330 auth_hmacs = NULL; 331 332 /* Add CHUNKS parameter length */ 333 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 334 if (auth_chunks->length) 335 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 336 else 337 auth_chunks = NULL; 338 339 extensions[num_ext] = SCTP_CID_AUTH; 340 num_ext += 1; 341 } 342 343 /* If we have any extensions to report, account for that */ 344 if (num_ext) 345 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 346 347 /* RFC 2960 3.3.2 Initiation (INIT) (1) 348 * 349 * Note 3: An INIT chunk MUST NOT contain more than one Host 350 * Name address parameter. Moreover, the sender of the INIT 351 * MUST NOT combine any other address types with the Host Name 352 * address in the INIT. The receiver of INIT MUST ignore any 353 * other address types if the Host Name address parameter is 354 * present in the received INIT chunk. 355 * 356 * PLEASE DO NOT FIXME [This version does not support Host Name.] 357 */ 358 359 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp); 360 if (!retval) 361 goto nodata; 362 363 retval->subh.init_hdr = 364 sctp_addto_chunk(retval, sizeof(init), &init); 365 retval->param_hdr.v = 366 sctp_addto_chunk(retval, addrs_len, addrs.v); 367 368 /* RFC 2960 3.3.2 Initiation (INIT) (1) 369 * 370 * Note 4: This parameter, when present, specifies all the 371 * address types the sending endpoint can support. The absence 372 * of this parameter indicates that the sending endpoint can 373 * support any address type. 374 */ 375 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 376 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 377 sctp_addto_chunk(retval, sizeof(sat), &sat); 378 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 379 380 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 381 382 /* Add the supported extensions parameter. Be nice and add this 383 * fist before addiding the parameters for the extensions themselves 384 */ 385 if (num_ext) { 386 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 387 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 388 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 389 sctp_addto_param(retval, num_ext, extensions); 390 } 391 392 if (asoc->prsctp_enable) 393 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 394 395 if (sp->adaptation_ind) { 396 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 397 aiparam.param_hdr.length = htons(sizeof(aiparam)); 398 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 399 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 400 } 401 402 /* Add SCTP-AUTH chunks to the parameter list */ 403 if (ep->auth_enable) { 404 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 405 asoc->c.auth_random); 406 if (auth_hmacs) 407 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 408 auth_hmacs); 409 if (auth_chunks) 410 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 411 auth_chunks); 412 } 413 nodata: 414 kfree(addrs.v); 415 return retval; 416 } 417 418 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 419 const struct sctp_chunk *chunk, 420 gfp_t gfp, int unkparam_len) 421 { 422 struct sctp_supported_ext_param ext_param; 423 struct sctp_adaptation_ind_param aiparam; 424 struct sctp_paramhdr *auth_chunks = NULL; 425 struct sctp_paramhdr *auth_random = NULL; 426 struct sctp_paramhdr *auth_hmacs = NULL; 427 struct sctp_chunk *retval = NULL; 428 struct sctp_cookie_param *cookie; 429 struct sctp_inithdr initack; 430 union sctp_params addrs; 431 struct sctp_sock *sp; 432 __u8 extensions[5]; 433 size_t chunksize; 434 int num_ext = 0; 435 int cookie_len; 436 int addrs_len; 437 438 /* Note: there may be no addresses to embed. */ 439 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 440 441 initack.init_tag = htonl(asoc->c.my_vtag); 442 initack.a_rwnd = htonl(asoc->rwnd); 443 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 444 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 445 initack.initial_tsn = htonl(asoc->c.initial_tsn); 446 447 /* FIXME: We really ought to build the cookie right 448 * into the packet instead of allocating more fresh memory. 449 */ 450 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 451 addrs.v, addrs_len); 452 if (!cookie) 453 goto nomem_cookie; 454 455 /* Calculate the total size of allocation, include the reserved 456 * space for reporting unknown parameters if it is specified. 457 */ 458 sp = sctp_sk(asoc->base.sk); 459 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 460 461 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 462 if (asoc->peer.ecn_capable) 463 chunksize += sizeof(ecap_param); 464 465 if (asoc->peer.prsctp_capable) 466 chunksize += sizeof(prsctp_param); 467 468 if (asoc->peer.asconf_capable) { 469 extensions[num_ext] = SCTP_CID_ASCONF; 470 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 471 num_ext += 2; 472 } 473 474 if (asoc->peer.reconf_capable) { 475 extensions[num_ext] = SCTP_CID_RECONF; 476 num_ext += 1; 477 } 478 479 if (sp->adaptation_ind) 480 chunksize += sizeof(aiparam); 481 482 if (asoc->intl_enable) { 483 extensions[num_ext] = SCTP_CID_I_DATA; 484 num_ext += 1; 485 } 486 487 if (asoc->peer.auth_capable) { 488 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random; 489 chunksize += ntohs(auth_random->length); 490 491 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 492 if (auth_hmacs->length) 493 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 494 else 495 auth_hmacs = NULL; 496 497 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 498 if (auth_chunks->length) 499 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 500 else 501 auth_chunks = NULL; 502 503 extensions[num_ext] = SCTP_CID_AUTH; 504 num_ext += 1; 505 } 506 507 if (num_ext) 508 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 509 510 /* Now allocate and fill out the chunk. */ 511 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp); 512 if (!retval) 513 goto nomem_chunk; 514 515 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 516 * 517 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 518 * HEARTBEAT ACK, * etc.) to the same destination transport 519 * address from which it received the DATA or control chunk 520 * to which it is replying. 521 * 522 * [INIT ACK back to where the INIT came from.] 523 */ 524 retval->transport = chunk->transport; 525 526 retval->subh.init_hdr = 527 sctp_addto_chunk(retval, sizeof(initack), &initack); 528 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 529 sctp_addto_chunk(retval, cookie_len, cookie); 530 if (asoc->peer.ecn_capable) 531 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 532 if (num_ext) { 533 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 534 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 535 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 536 sctp_addto_param(retval, num_ext, extensions); 537 } 538 if (asoc->peer.prsctp_capable) 539 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 540 541 if (sp->adaptation_ind) { 542 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 543 aiparam.param_hdr.length = htons(sizeof(aiparam)); 544 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 545 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 546 } 547 548 if (asoc->peer.auth_capable) { 549 sctp_addto_chunk(retval, ntohs(auth_random->length), 550 auth_random); 551 if (auth_hmacs) 552 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 553 auth_hmacs); 554 if (auth_chunks) 555 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 556 auth_chunks); 557 } 558 559 /* We need to remove the const qualifier at this point. */ 560 retval->asoc = (struct sctp_association *) asoc; 561 562 nomem_chunk: 563 kfree(cookie); 564 nomem_cookie: 565 kfree(addrs.v); 566 return retval; 567 } 568 569 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 570 * 571 * This chunk is used only during the initialization of an association. 572 * It is sent by the initiator of an association to its peer to complete 573 * the initialization process. This chunk MUST precede any DATA chunk 574 * sent within the association, but MAY be bundled with one or more DATA 575 * chunks in the same packet. 576 * 577 * 0 1 2 3 578 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 579 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 580 * | Type = 10 |Chunk Flags | Length | 581 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 582 * / Cookie / 583 * \ \ 584 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 585 * 586 * Chunk Flags: 8 bit 587 * 588 * Set to zero on transmit and ignored on receipt. 589 * 590 * Length: 16 bits (unsigned integer) 591 * 592 * Set to the size of the chunk in bytes, including the 4 bytes of 593 * the chunk header and the size of the Cookie. 594 * 595 * Cookie: variable size 596 * 597 * This field must contain the exact cookie received in the 598 * State Cookie parameter from the previous INIT ACK. 599 * 600 * An implementation SHOULD make the cookie as small as possible 601 * to insure interoperability. 602 */ 603 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 604 const struct sctp_chunk *chunk) 605 { 606 struct sctp_chunk *retval; 607 int cookie_len; 608 void *cookie; 609 610 cookie = asoc->peer.cookie; 611 cookie_len = asoc->peer.cookie_len; 612 613 /* Build a cookie echo chunk. */ 614 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, 615 cookie_len, GFP_ATOMIC); 616 if (!retval) 617 goto nodata; 618 retval->subh.cookie_hdr = 619 sctp_addto_chunk(retval, cookie_len, cookie); 620 621 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 622 * 623 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 624 * HEARTBEAT ACK, * etc.) to the same destination transport 625 * address from which it * received the DATA or control chunk 626 * to which it is replying. 627 * 628 * [COOKIE ECHO back to where the INIT ACK came from.] 629 */ 630 if (chunk) 631 retval->transport = chunk->transport; 632 633 nodata: 634 return retval; 635 } 636 637 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 638 * 639 * This chunk is used only during the initialization of an 640 * association. It is used to acknowledge the receipt of a COOKIE 641 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 642 * within the association, but MAY be bundled with one or more DATA 643 * chunks or SACK chunk in the same SCTP packet. 644 * 645 * 0 1 2 3 646 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 647 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 648 * | Type = 11 |Chunk Flags | Length = 4 | 649 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 650 * 651 * Chunk Flags: 8 bits 652 * 653 * Set to zero on transmit and ignored on receipt. 654 */ 655 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 656 const struct sctp_chunk *chunk) 657 { 658 struct sctp_chunk *retval; 659 660 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC); 661 662 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 663 * 664 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 665 * HEARTBEAT ACK, * etc.) to the same destination transport 666 * address from which it * received the DATA or control chunk 667 * to which it is replying. 668 * 669 * [COOKIE ACK back to where the COOKIE ECHO came from.] 670 */ 671 if (retval && chunk) 672 retval->transport = chunk->transport; 673 674 return retval; 675 } 676 677 /* 678 * Appendix A: Explicit Congestion Notification: 679 * CWR: 680 * 681 * RFC 2481 details a specific bit for a sender to send in the header of 682 * its next outbound TCP segment to indicate to its peer that it has 683 * reduced its congestion window. This is termed the CWR bit. For 684 * SCTP the same indication is made by including the CWR chunk. 685 * This chunk contains one data element, i.e. the TSN number that 686 * was sent in the ECNE chunk. This element represents the lowest 687 * TSN number in the datagram that was originally marked with the 688 * CE bit. 689 * 690 * 0 1 2 3 691 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 692 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 693 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 694 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 695 * | Lowest TSN Number | 696 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 697 * 698 * Note: The CWR is considered a Control chunk. 699 */ 700 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 701 const __u32 lowest_tsn, 702 const struct sctp_chunk *chunk) 703 { 704 struct sctp_chunk *retval; 705 struct sctp_cwrhdr cwr; 706 707 cwr.lowest_tsn = htonl(lowest_tsn); 708 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 709 sizeof(cwr), GFP_ATOMIC); 710 711 if (!retval) 712 goto nodata; 713 714 retval->subh.ecn_cwr_hdr = 715 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 716 717 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 718 * 719 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 720 * HEARTBEAT ACK, * etc.) to the same destination transport 721 * address from which it * received the DATA or control chunk 722 * to which it is replying. 723 * 724 * [Report a reduced congestion window back to where the ECNE 725 * came from.] 726 */ 727 if (chunk) 728 retval->transport = chunk->transport; 729 730 nodata: 731 return retval; 732 } 733 734 /* Make an ECNE chunk. This is a congestion experienced report. */ 735 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 736 const __u32 lowest_tsn) 737 { 738 struct sctp_chunk *retval; 739 struct sctp_ecnehdr ecne; 740 741 ecne.lowest_tsn = htonl(lowest_tsn); 742 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 743 sizeof(ecne), GFP_ATOMIC); 744 if (!retval) 745 goto nodata; 746 retval->subh.ecne_hdr = 747 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 748 749 nodata: 750 return retval; 751 } 752 753 /* Make a DATA chunk for the given association from the provided 754 * parameters. However, do not populate the data payload. 755 */ 756 struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc, 757 const struct sctp_sndrcvinfo *sinfo, 758 int len, __u8 flags, gfp_t gfp) 759 { 760 struct sctp_chunk *retval; 761 struct sctp_datahdr dp; 762 763 /* We assign the TSN as LATE as possible, not here when 764 * creating the chunk. 765 */ 766 memset(&dp, 0, sizeof(dp)); 767 dp.ppid = sinfo->sinfo_ppid; 768 dp.stream = htons(sinfo->sinfo_stream); 769 770 /* Set the flags for an unordered send. */ 771 if (sinfo->sinfo_flags & SCTP_UNORDERED) 772 flags |= SCTP_DATA_UNORDERED; 773 774 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp); 775 if (!retval) 776 return NULL; 777 778 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 779 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 780 781 return retval; 782 } 783 784 /* Create a selective ackowledgement (SACK) for the given 785 * association. This reports on which TSN's we've seen to date, 786 * including duplicates and gaps. 787 */ 788 struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc) 789 { 790 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 791 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 792 __u16 num_gabs, num_dup_tsns; 793 struct sctp_transport *trans; 794 struct sctp_chunk *retval; 795 struct sctp_sackhdr sack; 796 __u32 ctsn; 797 int len; 798 799 memset(gabs, 0, sizeof(gabs)); 800 ctsn = sctp_tsnmap_get_ctsn(map); 801 802 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 803 804 /* How much room is needed in the chunk? */ 805 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 806 num_dup_tsns = sctp_tsnmap_num_dups(map); 807 808 /* Initialize the SACK header. */ 809 sack.cum_tsn_ack = htonl(ctsn); 810 sack.a_rwnd = htonl(asoc->a_rwnd); 811 sack.num_gap_ack_blocks = htons(num_gabs); 812 sack.num_dup_tsns = htons(num_dup_tsns); 813 814 len = sizeof(sack) 815 + sizeof(struct sctp_gap_ack_block) * num_gabs 816 + sizeof(__u32) * num_dup_tsns; 817 818 /* Create the chunk. */ 819 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC); 820 if (!retval) 821 goto nodata; 822 823 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 824 * 825 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 826 * HEARTBEAT ACK, etc.) to the same destination transport 827 * address from which it received the DATA or control chunk to 828 * which it is replying. This rule should also be followed if 829 * the endpoint is bundling DATA chunks together with the 830 * reply chunk. 831 * 832 * However, when acknowledging multiple DATA chunks received 833 * in packets from different source addresses in a single 834 * SACK, the SACK chunk may be transmitted to one of the 835 * destination transport addresses from which the DATA or 836 * control chunks being acknowledged were received. 837 * 838 * [BUG: We do not implement the following paragraph. 839 * Perhaps we should remember the last transport we used for a 840 * SACK and avoid that (if possible) if we have seen any 841 * duplicates. --piggy] 842 * 843 * When a receiver of a duplicate DATA chunk sends a SACK to a 844 * multi- homed endpoint it MAY be beneficial to vary the 845 * destination address and not use the source address of the 846 * DATA chunk. The reason being that receiving a duplicate 847 * from a multi-homed endpoint might indicate that the return 848 * path (as specified in the source address of the DATA chunk) 849 * for the SACK is broken. 850 * 851 * [Send to the address from which we last received a DATA chunk.] 852 */ 853 retval->transport = asoc->peer.last_data_from; 854 855 retval->subh.sack_hdr = 856 sctp_addto_chunk(retval, sizeof(sack), &sack); 857 858 /* Add the gap ack block information. */ 859 if (num_gabs) 860 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 861 gabs); 862 863 /* Add the duplicate TSN information. */ 864 if (num_dup_tsns) { 865 asoc->stats.idupchunks += num_dup_tsns; 866 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 867 sctp_tsnmap_get_dups(map)); 868 } 869 /* Once we have a sack generated, check to see what our sack 870 * generation is, if its 0, reset the transports to 0, and reset 871 * the association generation to 1 872 * 873 * The idea is that zero is never used as a valid generation for the 874 * association so no transport will match after a wrap event like this, 875 * Until the next sack 876 */ 877 if (++asoc->peer.sack_generation == 0) { 878 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 879 transports) 880 trans->sack_generation = 0; 881 asoc->peer.sack_generation = 1; 882 } 883 nodata: 884 return retval; 885 } 886 887 /* Make a SHUTDOWN chunk. */ 888 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 889 const struct sctp_chunk *chunk) 890 { 891 struct sctp_shutdownhdr shut; 892 struct sctp_chunk *retval; 893 __u32 ctsn; 894 895 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 896 shut.cum_tsn_ack = htonl(ctsn); 897 898 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 899 sizeof(shut), GFP_ATOMIC); 900 if (!retval) 901 goto nodata; 902 903 retval->subh.shutdown_hdr = 904 sctp_addto_chunk(retval, sizeof(shut), &shut); 905 906 if (chunk) 907 retval->transport = chunk->transport; 908 nodata: 909 return retval; 910 } 911 912 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 913 const struct sctp_chunk *chunk) 914 { 915 struct sctp_chunk *retval; 916 917 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0, 918 GFP_ATOMIC); 919 920 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 921 * 922 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 923 * HEARTBEAT ACK, * etc.) to the same destination transport 924 * address from which it * received the DATA or control chunk 925 * to which it is replying. 926 * 927 * [ACK back to where the SHUTDOWN came from.] 928 */ 929 if (retval && chunk) 930 retval->transport = chunk->transport; 931 932 return retval; 933 } 934 935 struct sctp_chunk *sctp_make_shutdown_complete( 936 const struct sctp_association *asoc, 937 const struct sctp_chunk *chunk) 938 { 939 struct sctp_chunk *retval; 940 __u8 flags = 0; 941 942 /* Set the T-bit if we have no association (vtag will be 943 * reflected) 944 */ 945 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 946 947 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 948 0, GFP_ATOMIC); 949 950 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 951 * 952 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 953 * HEARTBEAT ACK, * etc.) to the same destination transport 954 * address from which it * received the DATA or control chunk 955 * to which it is replying. 956 * 957 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 958 * came from.] 959 */ 960 if (retval && chunk) 961 retval->transport = chunk->transport; 962 963 return retval; 964 } 965 966 /* Create an ABORT. Note that we set the T bit if we have no 967 * association, except when responding to an INIT (sctpimpguide 2.41). 968 */ 969 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 970 const struct sctp_chunk *chunk, 971 const size_t hint) 972 { 973 struct sctp_chunk *retval; 974 __u8 flags = 0; 975 976 /* Set the T-bit if we have no association and 'chunk' is not 977 * an INIT (vtag will be reflected). 978 */ 979 if (!asoc) { 980 if (chunk && chunk->chunk_hdr && 981 chunk->chunk_hdr->type == SCTP_CID_INIT) 982 flags = 0; 983 else 984 flags = SCTP_CHUNK_FLAG_T; 985 } 986 987 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint, 988 GFP_ATOMIC); 989 990 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 991 * 992 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 993 * HEARTBEAT ACK, * etc.) to the same destination transport 994 * address from which it * received the DATA or control chunk 995 * to which it is replying. 996 * 997 * [ABORT back to where the offender came from.] 998 */ 999 if (retval && chunk) 1000 retval->transport = chunk->transport; 1001 1002 return retval; 1003 } 1004 1005 /* Helper to create ABORT with a NO_USER_DATA error. */ 1006 struct sctp_chunk *sctp_make_abort_no_data( 1007 const struct sctp_association *asoc, 1008 const struct sctp_chunk *chunk, 1009 __u32 tsn) 1010 { 1011 struct sctp_chunk *retval; 1012 __be32 payload; 1013 1014 retval = sctp_make_abort(asoc, chunk, 1015 sizeof(struct sctp_errhdr) + sizeof(tsn)); 1016 1017 if (!retval) 1018 goto no_mem; 1019 1020 /* Put the tsn back into network byte order. */ 1021 payload = htonl(tsn); 1022 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 1023 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 1024 1025 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1026 * 1027 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1028 * HEARTBEAT ACK, * etc.) to the same destination transport 1029 * address from which it * received the DATA or control chunk 1030 * to which it is replying. 1031 * 1032 * [ABORT back to where the offender came from.] 1033 */ 1034 if (chunk) 1035 retval->transport = chunk->transport; 1036 1037 no_mem: 1038 return retval; 1039 } 1040 1041 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1042 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1043 struct msghdr *msg, 1044 size_t paylen) 1045 { 1046 struct sctp_chunk *retval; 1047 void *payload = NULL; 1048 int err; 1049 1050 retval = sctp_make_abort(asoc, NULL, 1051 sizeof(struct sctp_errhdr) + paylen); 1052 if (!retval) 1053 goto err_chunk; 1054 1055 if (paylen) { 1056 /* Put the msg_iov together into payload. */ 1057 payload = kmalloc(paylen, GFP_KERNEL); 1058 if (!payload) 1059 goto err_payload; 1060 1061 err = memcpy_from_msg(payload, msg, paylen); 1062 if (err < 0) 1063 goto err_copy; 1064 } 1065 1066 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1067 sctp_addto_chunk(retval, paylen, payload); 1068 1069 if (paylen) 1070 kfree(payload); 1071 1072 return retval; 1073 1074 err_copy: 1075 kfree(payload); 1076 err_payload: 1077 sctp_chunk_free(retval); 1078 retval = NULL; 1079 err_chunk: 1080 return retval; 1081 } 1082 1083 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1084 * enough. 1085 */ 1086 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1087 const void *data) 1088 { 1089 int chunklen = ntohs(chunk->chunk_hdr->length); 1090 void *target; 1091 1092 target = skb_put(chunk->skb, len); 1093 1094 if (data) 1095 memcpy(target, data, len); 1096 else 1097 memset(target, 0, len); 1098 1099 /* Adjust the chunk length field. */ 1100 chunk->chunk_hdr->length = htons(chunklen + len); 1101 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1102 1103 return target; 1104 } 1105 1106 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1107 struct sctp_chunk *sctp_make_abort_violation( 1108 const struct sctp_association *asoc, 1109 const struct sctp_chunk *chunk, 1110 const __u8 *payload, 1111 const size_t paylen) 1112 { 1113 struct sctp_chunk *retval; 1114 struct sctp_paramhdr phdr; 1115 1116 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) + 1117 paylen + sizeof(phdr)); 1118 if (!retval) 1119 goto end; 1120 1121 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen + 1122 sizeof(phdr)); 1123 1124 phdr.type = htons(chunk->chunk_hdr->type); 1125 phdr.length = chunk->chunk_hdr->length; 1126 sctp_addto_chunk(retval, paylen, payload); 1127 sctp_addto_param(retval, sizeof(phdr), &phdr); 1128 1129 end: 1130 return retval; 1131 } 1132 1133 struct sctp_chunk *sctp_make_violation_paramlen( 1134 const struct sctp_association *asoc, 1135 const struct sctp_chunk *chunk, 1136 struct sctp_paramhdr *param) 1137 { 1138 static const char error[] = "The following parameter had invalid length:"; 1139 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) + 1140 sizeof(*param); 1141 struct sctp_chunk *retval; 1142 1143 retval = sctp_make_abort(asoc, chunk, payload_len); 1144 if (!retval) 1145 goto nodata; 1146 1147 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1148 sizeof(error) + sizeof(*param)); 1149 sctp_addto_chunk(retval, sizeof(error), error); 1150 sctp_addto_param(retval, sizeof(*param), param); 1151 1152 nodata: 1153 return retval; 1154 } 1155 1156 struct sctp_chunk *sctp_make_violation_max_retrans( 1157 const struct sctp_association *asoc, 1158 const struct sctp_chunk *chunk) 1159 { 1160 static const char error[] = "Association exceeded its max_retans count"; 1161 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr); 1162 struct sctp_chunk *retval; 1163 1164 retval = sctp_make_abort(asoc, chunk, payload_len); 1165 if (!retval) 1166 goto nodata; 1167 1168 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1169 sctp_addto_chunk(retval, sizeof(error), error); 1170 1171 nodata: 1172 return retval; 1173 } 1174 1175 /* Make a HEARTBEAT chunk. */ 1176 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1177 const struct sctp_transport *transport) 1178 { 1179 struct sctp_sender_hb_info hbinfo; 1180 struct sctp_chunk *retval; 1181 1182 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, 1183 sizeof(hbinfo), GFP_ATOMIC); 1184 1185 if (!retval) 1186 goto nodata; 1187 1188 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1189 hbinfo.param_hdr.length = htons(sizeof(hbinfo)); 1190 hbinfo.daddr = transport->ipaddr; 1191 hbinfo.sent_at = jiffies; 1192 hbinfo.hb_nonce = transport->hb_nonce; 1193 1194 /* Cast away the 'const', as this is just telling the chunk 1195 * what transport it belongs to. 1196 */ 1197 retval->transport = (struct sctp_transport *) transport; 1198 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1199 &hbinfo); 1200 1201 nodata: 1202 return retval; 1203 } 1204 1205 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1206 const struct sctp_chunk *chunk, 1207 const void *payload, 1208 const size_t paylen) 1209 { 1210 struct sctp_chunk *retval; 1211 1212 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen, 1213 GFP_ATOMIC); 1214 if (!retval) 1215 goto nodata; 1216 1217 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1218 1219 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1220 * 1221 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1222 * HEARTBEAT ACK, * etc.) to the same destination transport 1223 * address from which it * received the DATA or control chunk 1224 * to which it is replying. 1225 * 1226 * [HBACK back to where the HEARTBEAT came from.] 1227 */ 1228 if (chunk) 1229 retval->transport = chunk->transport; 1230 1231 nodata: 1232 return retval; 1233 } 1234 1235 /* Create an Operation Error chunk with the specified space reserved. 1236 * This routine can be used for containing multiple causes in the chunk. 1237 */ 1238 static struct sctp_chunk *sctp_make_op_error_space( 1239 const struct sctp_association *asoc, 1240 const struct sctp_chunk *chunk, 1241 size_t size) 1242 { 1243 struct sctp_chunk *retval; 1244 1245 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1246 sizeof(struct sctp_errhdr) + size, 1247 GFP_ATOMIC); 1248 if (!retval) 1249 goto nodata; 1250 1251 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1252 * 1253 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1254 * HEARTBEAT ACK, etc.) to the same destination transport 1255 * address from which it received the DATA or control chunk 1256 * to which it is replying. 1257 * 1258 */ 1259 if (chunk) 1260 retval->transport = chunk->transport; 1261 1262 nodata: 1263 return retval; 1264 } 1265 1266 /* Create an Operation Error chunk of a fixed size, 1267 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1268 * This is a helper function to allocate an error chunk for 1269 * for those invalid parameter codes in which we may not want 1270 * to report all the errors, if the incoming chunk is large 1271 */ 1272 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1273 const struct sctp_association *asoc, 1274 const struct sctp_chunk *chunk) 1275 { 1276 size_t size = asoc ? asoc->pathmtu : 0; 1277 1278 if (!size) 1279 size = SCTP_DEFAULT_MAXSEGMENT; 1280 1281 return sctp_make_op_error_space(asoc, chunk, size); 1282 } 1283 1284 /* Create an Operation Error chunk. */ 1285 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1286 const struct sctp_chunk *chunk, 1287 __be16 cause_code, const void *payload, 1288 size_t paylen, size_t reserve_tail) 1289 { 1290 struct sctp_chunk *retval; 1291 1292 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1293 if (!retval) 1294 goto nodata; 1295 1296 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1297 sctp_addto_chunk(retval, paylen, payload); 1298 if (reserve_tail) 1299 sctp_addto_param(retval, reserve_tail, NULL); 1300 1301 nodata: 1302 return retval; 1303 } 1304 1305 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc, 1306 __u16 key_id) 1307 { 1308 struct sctp_authhdr auth_hdr; 1309 struct sctp_hmac *hmac_desc; 1310 struct sctp_chunk *retval; 1311 1312 /* Get the first hmac that the peer told us to use */ 1313 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1314 if (unlikely(!hmac_desc)) 1315 return NULL; 1316 1317 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1318 hmac_desc->hmac_len + sizeof(auth_hdr), 1319 GFP_ATOMIC); 1320 if (!retval) 1321 return NULL; 1322 1323 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1324 auth_hdr.shkey_id = htons(key_id); 1325 1326 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr), 1327 &auth_hdr); 1328 1329 skb_put_zero(retval->skb, hmac_desc->hmac_len); 1330 1331 /* Adjust the chunk header to include the empty MAC */ 1332 retval->chunk_hdr->length = 1333 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1334 retval->chunk_end = skb_tail_pointer(retval->skb); 1335 1336 return retval; 1337 } 1338 1339 1340 /******************************************************************** 1341 * 2nd Level Abstractions 1342 ********************************************************************/ 1343 1344 /* Turn an skb into a chunk. 1345 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1346 * 1347 * sctpimpguide-05.txt Section 2.8.2 1348 * M1) Each time a new DATA chunk is transmitted 1349 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1350 * 'TSN.Missing.Report' count will be used to determine missing chunks 1351 * and when to fast retransmit. 1352 * 1353 */ 1354 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1355 const struct sctp_association *asoc, 1356 struct sock *sk, gfp_t gfp) 1357 { 1358 struct sctp_chunk *retval; 1359 1360 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp); 1361 1362 if (!retval) 1363 goto nodata; 1364 if (!sk) 1365 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1366 1367 INIT_LIST_HEAD(&retval->list); 1368 retval->skb = skb; 1369 retval->asoc = (struct sctp_association *)asoc; 1370 retval->singleton = 1; 1371 1372 retval->fast_retransmit = SCTP_CAN_FRTX; 1373 1374 /* Polish the bead hole. */ 1375 INIT_LIST_HEAD(&retval->transmitted_list); 1376 INIT_LIST_HEAD(&retval->frag_list); 1377 SCTP_DBG_OBJCNT_INC(chunk); 1378 refcount_set(&retval->refcnt, 1); 1379 1380 nodata: 1381 return retval; 1382 } 1383 1384 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1385 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1386 union sctp_addr *dest) 1387 { 1388 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1389 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1390 } 1391 1392 /* Extract the source address from a chunk. */ 1393 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1394 { 1395 /* If we have a known transport, use that. */ 1396 if (chunk->transport) { 1397 return &chunk->transport->ipaddr; 1398 } else { 1399 /* Otherwise, extract it from the IP header. */ 1400 return &chunk->source; 1401 } 1402 } 1403 1404 /* Create a new chunk, setting the type and flags headers from the 1405 * arguments, reserving enough space for a 'paylen' byte payload. 1406 */ 1407 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1408 __u8 type, __u8 flags, int paylen, 1409 gfp_t gfp) 1410 { 1411 struct sctp_chunkhdr *chunk_hdr; 1412 struct sctp_chunk *retval; 1413 struct sk_buff *skb; 1414 struct sock *sk; 1415 int chunklen; 1416 1417 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen); 1418 if (chunklen > SCTP_MAX_CHUNK_LEN) 1419 goto nodata; 1420 1421 /* No need to allocate LL here, as this is only a chunk. */ 1422 skb = alloc_skb(chunklen, gfp); 1423 if (!skb) 1424 goto nodata; 1425 1426 /* Make room for the chunk header. */ 1427 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr)); 1428 chunk_hdr->type = type; 1429 chunk_hdr->flags = flags; 1430 chunk_hdr->length = htons(sizeof(*chunk_hdr)); 1431 1432 sk = asoc ? asoc->base.sk : NULL; 1433 retval = sctp_chunkify(skb, asoc, sk, gfp); 1434 if (!retval) { 1435 kfree_skb(skb); 1436 goto nodata; 1437 } 1438 1439 retval->chunk_hdr = chunk_hdr; 1440 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr); 1441 1442 /* Determine if the chunk needs to be authenticated */ 1443 if (sctp_auth_send_cid(type, asoc)) 1444 retval->auth = 1; 1445 1446 return retval; 1447 nodata: 1448 return NULL; 1449 } 1450 1451 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1452 __u8 flags, int paylen, gfp_t gfp) 1453 { 1454 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp); 1455 } 1456 1457 struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc, 1458 __u8 flags, int paylen, gfp_t gfp) 1459 { 1460 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp); 1461 } 1462 1463 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1464 __u8 type, __u8 flags, int paylen, 1465 gfp_t gfp) 1466 { 1467 struct sctp_chunk *chunk; 1468 1469 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); 1470 if (chunk) 1471 sctp_control_set_owner_w(chunk); 1472 1473 return chunk; 1474 } 1475 1476 /* Release the memory occupied by a chunk. */ 1477 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1478 { 1479 BUG_ON(!list_empty(&chunk->list)); 1480 list_del_init(&chunk->transmitted_list); 1481 1482 consume_skb(chunk->skb); 1483 consume_skb(chunk->auth_chunk); 1484 1485 SCTP_DBG_OBJCNT_DEC(chunk); 1486 kmem_cache_free(sctp_chunk_cachep, chunk); 1487 } 1488 1489 /* Possibly, free the chunk. */ 1490 void sctp_chunk_free(struct sctp_chunk *chunk) 1491 { 1492 /* Release our reference on the message tracker. */ 1493 if (chunk->msg) 1494 sctp_datamsg_put(chunk->msg); 1495 1496 sctp_chunk_put(chunk); 1497 } 1498 1499 /* Grab a reference to the chunk. */ 1500 void sctp_chunk_hold(struct sctp_chunk *ch) 1501 { 1502 refcount_inc(&ch->refcnt); 1503 } 1504 1505 /* Release a reference to the chunk. */ 1506 void sctp_chunk_put(struct sctp_chunk *ch) 1507 { 1508 if (refcount_dec_and_test(&ch->refcnt)) 1509 sctp_chunk_destroy(ch); 1510 } 1511 1512 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1513 * enough. 1514 */ 1515 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1516 { 1517 int chunklen = ntohs(chunk->chunk_hdr->length); 1518 int padlen = SCTP_PAD4(chunklen) - chunklen; 1519 void *target; 1520 1521 skb_put_zero(chunk->skb, padlen); 1522 target = skb_put_data(chunk->skb, data, len); 1523 1524 /* Adjust the chunk length field. */ 1525 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1526 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1527 1528 return target; 1529 } 1530 1531 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1532 * space in the chunk 1533 */ 1534 static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1535 int len, const void *data) 1536 { 1537 if (skb_tailroom(chunk->skb) >= len) 1538 return sctp_addto_chunk(chunk, len, data); 1539 else 1540 return NULL; 1541 } 1542 1543 /* Append bytes from user space to the end of a chunk. Will panic if 1544 * chunk is not big enough. 1545 * Returns a kernel err value. 1546 */ 1547 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1548 struct iov_iter *from) 1549 { 1550 void *target; 1551 1552 /* Make room in chunk for data. */ 1553 target = skb_put(chunk->skb, len); 1554 1555 /* Copy data (whole iovec) into chunk */ 1556 if (!copy_from_iter_full(target, len, from)) 1557 return -EFAULT; 1558 1559 /* Adjust the chunk length field. */ 1560 chunk->chunk_hdr->length = 1561 htons(ntohs(chunk->chunk_hdr->length) + len); 1562 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1563 1564 return 0; 1565 } 1566 1567 /* Helper function to assign a TSN if needed. This assumes that both 1568 * the data_hdr and association have already been assigned. 1569 */ 1570 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1571 { 1572 struct sctp_stream *stream; 1573 struct sctp_chunk *lchunk; 1574 struct sctp_datamsg *msg; 1575 __u16 ssn, sid; 1576 1577 if (chunk->has_ssn) 1578 return; 1579 1580 /* All fragments will be on the same stream */ 1581 sid = ntohs(chunk->subh.data_hdr->stream); 1582 stream = &chunk->asoc->stream; 1583 1584 /* Now assign the sequence number to the entire message. 1585 * All fragments must have the same stream sequence number. 1586 */ 1587 msg = chunk->msg; 1588 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1589 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1590 ssn = 0; 1591 } else { 1592 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1593 ssn = sctp_ssn_next(stream, out, sid); 1594 else 1595 ssn = sctp_ssn_peek(stream, out, sid); 1596 } 1597 1598 lchunk->subh.data_hdr->ssn = htons(ssn); 1599 lchunk->has_ssn = 1; 1600 } 1601 } 1602 1603 /* Helper function to assign a TSN if needed. This assumes that both 1604 * the data_hdr and association have already been assigned. 1605 */ 1606 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1607 { 1608 if (!chunk->has_tsn) { 1609 /* This is the last possible instant to 1610 * assign a TSN. 1611 */ 1612 chunk->subh.data_hdr->tsn = 1613 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1614 chunk->has_tsn = 1; 1615 } 1616 } 1617 1618 /* Create a CLOSED association to use with an incoming packet. */ 1619 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1620 struct sctp_chunk *chunk, 1621 gfp_t gfp) 1622 { 1623 struct sctp_association *asoc; 1624 enum sctp_scope scope; 1625 struct sk_buff *skb; 1626 1627 /* Create the bare association. */ 1628 scope = sctp_scope(sctp_source(chunk)); 1629 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1630 if (!asoc) 1631 goto nodata; 1632 asoc->temp = 1; 1633 skb = chunk->skb; 1634 /* Create an entry for the source address of the packet. */ 1635 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); 1636 1637 nodata: 1638 return asoc; 1639 } 1640 1641 /* Build a cookie representing asoc. 1642 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1643 */ 1644 static struct sctp_cookie_param *sctp_pack_cookie( 1645 const struct sctp_endpoint *ep, 1646 const struct sctp_association *asoc, 1647 const struct sctp_chunk *init_chunk, 1648 int *cookie_len, const __u8 *raw_addrs, 1649 int addrs_len) 1650 { 1651 struct sctp_signed_cookie *cookie; 1652 struct sctp_cookie_param *retval; 1653 int headersize, bodysize; 1654 1655 /* Header size is static data prior to the actual cookie, including 1656 * any padding. 1657 */ 1658 headersize = sizeof(struct sctp_paramhdr) + 1659 (sizeof(struct sctp_signed_cookie) - 1660 sizeof(struct sctp_cookie)); 1661 bodysize = sizeof(struct sctp_cookie) 1662 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1663 1664 /* Pad out the cookie to a multiple to make the signature 1665 * functions simpler to write. 1666 */ 1667 if (bodysize % SCTP_COOKIE_MULTIPLE) 1668 bodysize += SCTP_COOKIE_MULTIPLE 1669 - (bodysize % SCTP_COOKIE_MULTIPLE); 1670 *cookie_len = headersize + bodysize; 1671 1672 /* Clear this memory since we are sending this data structure 1673 * out on the network. 1674 */ 1675 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1676 if (!retval) 1677 goto nodata; 1678 1679 cookie = (struct sctp_signed_cookie *) retval->body; 1680 1681 /* Set up the parameter header. */ 1682 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1683 retval->p.length = htons(*cookie_len); 1684 1685 /* Copy the cookie part of the association itself. */ 1686 cookie->c = asoc->c; 1687 /* Save the raw address list length in the cookie. */ 1688 cookie->c.raw_addr_list_len = addrs_len; 1689 1690 /* Remember PR-SCTP capability. */ 1691 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1692 1693 /* Save adaptation indication in the cookie. */ 1694 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1695 1696 /* Set an expiration time for the cookie. */ 1697 cookie->c.expiration = ktime_add(asoc->cookie_life, 1698 ktime_get_real()); 1699 1700 /* Copy the peer's init packet. */ 1701 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1702 ntohs(init_chunk->chunk_hdr->length)); 1703 1704 /* Copy the raw local address list of the association. */ 1705 memcpy((__u8 *)&cookie->c.peer_init[0] + 1706 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1707 1708 if (sctp_sk(ep->base.sk)->hmac) { 1709 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1710 int err; 1711 1712 /* Sign the message. */ 1713 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1714 desc->flags = 0; 1715 1716 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1717 sizeof(ep->secret_key)) ?: 1718 crypto_shash_digest(desc, (u8 *)&cookie->c, bodysize, 1719 cookie->signature); 1720 shash_desc_zero(desc); 1721 if (err) 1722 goto free_cookie; 1723 } 1724 1725 return retval; 1726 1727 free_cookie: 1728 kfree(retval); 1729 nodata: 1730 *cookie_len = 0; 1731 return NULL; 1732 } 1733 1734 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1735 struct sctp_association *sctp_unpack_cookie( 1736 const struct sctp_endpoint *ep, 1737 const struct sctp_association *asoc, 1738 struct sctp_chunk *chunk, gfp_t gfp, 1739 int *error, struct sctp_chunk **errp) 1740 { 1741 struct sctp_association *retval = NULL; 1742 int headersize, bodysize, fixed_size; 1743 struct sctp_signed_cookie *cookie; 1744 struct sk_buff *skb = chunk->skb; 1745 struct sctp_cookie *bear_cookie; 1746 __u8 *digest = ep->digest; 1747 enum sctp_scope scope; 1748 unsigned int len; 1749 ktime_t kt; 1750 1751 /* Header size is static data prior to the actual cookie, including 1752 * any padding. 1753 */ 1754 headersize = sizeof(struct sctp_chunkhdr) + 1755 (sizeof(struct sctp_signed_cookie) - 1756 sizeof(struct sctp_cookie)); 1757 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1758 fixed_size = headersize + sizeof(struct sctp_cookie); 1759 1760 /* Verify that the chunk looks like it even has a cookie. 1761 * There must be enough room for our cookie and our peer's 1762 * INIT chunk. 1763 */ 1764 len = ntohs(chunk->chunk_hdr->length); 1765 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1766 goto malformed; 1767 1768 /* Verify that the cookie has been padded out. */ 1769 if (bodysize % SCTP_COOKIE_MULTIPLE) 1770 goto malformed; 1771 1772 /* Process the cookie. */ 1773 cookie = chunk->subh.cookie_hdr; 1774 bear_cookie = &cookie->c; 1775 1776 if (!sctp_sk(ep->base.sk)->hmac) 1777 goto no_hmac; 1778 1779 /* Check the signature. */ 1780 { 1781 SHASH_DESC_ON_STACK(desc, sctp_sk(ep->base.sk)->hmac); 1782 int err; 1783 1784 desc->tfm = sctp_sk(ep->base.sk)->hmac; 1785 desc->flags = 0; 1786 1787 err = crypto_shash_setkey(desc->tfm, ep->secret_key, 1788 sizeof(ep->secret_key)) ?: 1789 crypto_shash_digest(desc, (u8 *)bear_cookie, bodysize, 1790 digest); 1791 shash_desc_zero(desc); 1792 1793 if (err) { 1794 *error = -SCTP_IERROR_NOMEM; 1795 goto fail; 1796 } 1797 } 1798 1799 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1800 *error = -SCTP_IERROR_BAD_SIG; 1801 goto fail; 1802 } 1803 1804 no_hmac: 1805 /* IG Section 2.35.2: 1806 * 3) Compare the port numbers and the verification tag contained 1807 * within the COOKIE ECHO chunk to the actual port numbers and the 1808 * verification tag within the SCTP common header of the received 1809 * packet. If these values do not match the packet MUST be silently 1810 * discarded, 1811 */ 1812 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1813 *error = -SCTP_IERROR_BAD_TAG; 1814 goto fail; 1815 } 1816 1817 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1818 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1819 *error = -SCTP_IERROR_BAD_PORTS; 1820 goto fail; 1821 } 1822 1823 /* Check to see if the cookie is stale. If there is already 1824 * an association, there is no need to check cookie's expiration 1825 * for init collision case of lost COOKIE ACK. 1826 * If skb has been timestamped, then use the stamp, otherwise 1827 * use current time. This introduces a small possibility that 1828 * that a cookie may be considered expired, but his would only slow 1829 * down the new association establishment instead of every packet. 1830 */ 1831 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1832 kt = skb_get_ktime(skb); 1833 else 1834 kt = ktime_get_real(); 1835 1836 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1837 /* 1838 * Section 3.3.10.3 Stale Cookie Error (3) 1839 * 1840 * Cause of error 1841 * --------------- 1842 * Stale Cookie Error: Indicates the receipt of a valid State 1843 * Cookie that has expired. 1844 */ 1845 len = ntohs(chunk->chunk_hdr->length); 1846 *errp = sctp_make_op_error_space(asoc, chunk, len); 1847 if (*errp) { 1848 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1849 __be32 n = htonl(usecs); 1850 1851 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1852 sizeof(n)); 1853 sctp_addto_chunk(*errp, sizeof(n), &n); 1854 *error = -SCTP_IERROR_STALE_COOKIE; 1855 } else 1856 *error = -SCTP_IERROR_NOMEM; 1857 1858 goto fail; 1859 } 1860 1861 /* Make a new base association. */ 1862 scope = sctp_scope(sctp_source(chunk)); 1863 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1864 if (!retval) { 1865 *error = -SCTP_IERROR_NOMEM; 1866 goto fail; 1867 } 1868 1869 /* Set up our peer's port number. */ 1870 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1871 1872 /* Populate the association from the cookie. */ 1873 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1874 1875 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1876 GFP_ATOMIC) < 0) { 1877 *error = -SCTP_IERROR_NOMEM; 1878 goto fail; 1879 } 1880 1881 /* Also, add the destination address. */ 1882 if (list_empty(&retval->base.bind_addr.address_list)) { 1883 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1884 sizeof(chunk->dest), SCTP_ADDR_SRC, 1885 GFP_ATOMIC); 1886 } 1887 1888 retval->next_tsn = retval->c.initial_tsn; 1889 retval->ctsn_ack_point = retval->next_tsn - 1; 1890 retval->addip_serial = retval->c.initial_tsn; 1891 retval->strreset_outseq = retval->c.initial_tsn; 1892 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1893 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1894 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1895 1896 /* The INIT stuff will be done by the side effects. */ 1897 return retval; 1898 1899 fail: 1900 if (retval) 1901 sctp_association_free(retval); 1902 1903 return NULL; 1904 1905 malformed: 1906 /* Yikes! The packet is either corrupt or deliberately 1907 * malformed. 1908 */ 1909 *error = -SCTP_IERROR_MALFORMED; 1910 goto fail; 1911 } 1912 1913 /******************************************************************** 1914 * 3rd Level Abstractions 1915 ********************************************************************/ 1916 1917 struct __sctp_missing { 1918 __be32 num_missing; 1919 __be16 type; 1920 } __packed; 1921 1922 /* 1923 * Report a missing mandatory parameter. 1924 */ 1925 static int sctp_process_missing_param(const struct sctp_association *asoc, 1926 enum sctp_param paramtype, 1927 struct sctp_chunk *chunk, 1928 struct sctp_chunk **errp) 1929 { 1930 struct __sctp_missing report; 1931 __u16 len; 1932 1933 len = SCTP_PAD4(sizeof(report)); 1934 1935 /* Make an ERROR chunk, preparing enough room for 1936 * returning multiple unknown parameters. 1937 */ 1938 if (!*errp) 1939 *errp = sctp_make_op_error_space(asoc, chunk, len); 1940 1941 if (*errp) { 1942 report.num_missing = htonl(1); 1943 report.type = paramtype; 1944 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1945 sizeof(report)); 1946 sctp_addto_chunk(*errp, sizeof(report), &report); 1947 } 1948 1949 /* Stop processing this chunk. */ 1950 return 0; 1951 } 1952 1953 /* Report an Invalid Mandatory Parameter. */ 1954 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1955 struct sctp_chunk *chunk, 1956 struct sctp_chunk **errp) 1957 { 1958 /* Invalid Mandatory Parameter Error has no payload. */ 1959 1960 if (!*errp) 1961 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1962 1963 if (*errp) 1964 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1965 1966 /* Stop processing this chunk. */ 1967 return 0; 1968 } 1969 1970 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1971 struct sctp_paramhdr *param, 1972 const struct sctp_chunk *chunk, 1973 struct sctp_chunk **errp) 1974 { 1975 /* This is a fatal error. Any accumulated non-fatal errors are 1976 * not reported. 1977 */ 1978 if (*errp) 1979 sctp_chunk_free(*errp); 1980 1981 /* Create an error chunk and fill it in with our payload. */ 1982 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1983 1984 return 0; 1985 } 1986 1987 1988 /* Do not attempt to handle the HOST_NAME parm. However, do 1989 * send back an indicator to the peer. 1990 */ 1991 static int sctp_process_hn_param(const struct sctp_association *asoc, 1992 union sctp_params param, 1993 struct sctp_chunk *chunk, 1994 struct sctp_chunk **errp) 1995 { 1996 __u16 len = ntohs(param.p->length); 1997 1998 /* Processing of the HOST_NAME parameter will generate an 1999 * ABORT. If we've accumulated any non-fatal errors, they 2000 * would be unrecognized parameters and we should not include 2001 * them in the ABORT. 2002 */ 2003 if (*errp) 2004 sctp_chunk_free(*errp); 2005 2006 *errp = sctp_make_op_error_space(asoc, chunk, len); 2007 2008 if (*errp) { 2009 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 2010 sctp_addto_chunk(*errp, len, param.v); 2011 } 2012 2013 /* Stop processing this chunk. */ 2014 return 0; 2015 } 2016 2017 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 2018 { 2019 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2020 int have_asconf = 0; 2021 int have_auth = 0; 2022 int i; 2023 2024 for (i = 0; i < num_ext; i++) { 2025 switch (param.ext->chunks[i]) { 2026 case SCTP_CID_AUTH: 2027 have_auth = 1; 2028 break; 2029 case SCTP_CID_ASCONF: 2030 case SCTP_CID_ASCONF_ACK: 2031 have_asconf = 1; 2032 break; 2033 } 2034 } 2035 2036 /* ADD-IP Security: The draft requires us to ABORT or ignore the 2037 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 2038 * only if ADD-IP is turned on and we are not backward-compatible 2039 * mode. 2040 */ 2041 if (net->sctp.addip_noauth) 2042 return 1; 2043 2044 if (net->sctp.addip_enable && !have_auth && have_asconf) 2045 return 0; 2046 2047 return 1; 2048 } 2049 2050 static void sctp_process_ext_param(struct sctp_association *asoc, 2051 union sctp_params param) 2052 { 2053 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2054 struct net *net = sock_net(asoc->base.sk); 2055 int i; 2056 2057 for (i = 0; i < num_ext; i++) { 2058 switch (param.ext->chunks[i]) { 2059 case SCTP_CID_RECONF: 2060 if (asoc->reconf_enable && 2061 !asoc->peer.reconf_capable) 2062 asoc->peer.reconf_capable = 1; 2063 break; 2064 case SCTP_CID_FWD_TSN: 2065 if (asoc->prsctp_enable && !asoc->peer.prsctp_capable) 2066 asoc->peer.prsctp_capable = 1; 2067 break; 2068 case SCTP_CID_AUTH: 2069 /* if the peer reports AUTH, assume that he 2070 * supports AUTH. 2071 */ 2072 if (asoc->ep->auth_enable) 2073 asoc->peer.auth_capable = 1; 2074 break; 2075 case SCTP_CID_ASCONF: 2076 case SCTP_CID_ASCONF_ACK: 2077 if (net->sctp.addip_enable) 2078 asoc->peer.asconf_capable = 1; 2079 break; 2080 case SCTP_CID_I_DATA: 2081 if (sctp_sk(asoc->base.sk)->strm_interleave) 2082 asoc->intl_enable = 1; 2083 break; 2084 default: 2085 break; 2086 } 2087 } 2088 } 2089 2090 /* RFC 3.2.1 & the Implementers Guide 2.2. 2091 * 2092 * The Parameter Types are encoded such that the 2093 * highest-order two bits specify the action that must be 2094 * taken if the processing endpoint does not recognize the 2095 * Parameter Type. 2096 * 2097 * 00 - Stop processing this parameter; do not process any further 2098 * parameters within this chunk 2099 * 2100 * 01 - Stop processing this parameter, do not process any further 2101 * parameters within this chunk, and report the unrecognized 2102 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2103 * 2104 * 10 - Skip this parameter and continue processing. 2105 * 2106 * 11 - Skip this parameter and continue processing but 2107 * report the unrecognized parameter in an 2108 * 'Unrecognized Parameter' ERROR chunk. 2109 * 2110 * Return value: 2111 * SCTP_IERROR_NO_ERROR - continue with the chunk 2112 * SCTP_IERROR_ERROR - stop and report an error. 2113 * SCTP_IERROR_NOMEME - out of memory. 2114 */ 2115 static enum sctp_ierror sctp_process_unk_param( 2116 const struct sctp_association *asoc, 2117 union sctp_params param, 2118 struct sctp_chunk *chunk, 2119 struct sctp_chunk **errp) 2120 { 2121 int retval = SCTP_IERROR_NO_ERROR; 2122 2123 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2124 case SCTP_PARAM_ACTION_DISCARD: 2125 retval = SCTP_IERROR_ERROR; 2126 break; 2127 case SCTP_PARAM_ACTION_SKIP: 2128 break; 2129 case SCTP_PARAM_ACTION_DISCARD_ERR: 2130 retval = SCTP_IERROR_ERROR; 2131 /* Fall through */ 2132 case SCTP_PARAM_ACTION_SKIP_ERR: 2133 /* Make an ERROR chunk, preparing enough room for 2134 * returning multiple unknown parameters. 2135 */ 2136 if (NULL == *errp) 2137 *errp = sctp_make_op_error_fixed(asoc, chunk); 2138 2139 if (*errp) { 2140 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2141 SCTP_PAD4(ntohs(param.p->length)))) 2142 sctp_addto_chunk_fixed(*errp, 2143 SCTP_PAD4(ntohs(param.p->length)), 2144 param.v); 2145 } else { 2146 /* If there is no memory for generating the ERROR 2147 * report as specified, an ABORT will be triggered 2148 * to the peer and the association won't be 2149 * established. 2150 */ 2151 retval = SCTP_IERROR_NOMEM; 2152 } 2153 break; 2154 default: 2155 break; 2156 } 2157 2158 return retval; 2159 } 2160 2161 /* Verify variable length parameters 2162 * Return values: 2163 * SCTP_IERROR_ABORT - trigger an ABORT 2164 * SCTP_IERROR_NOMEM - out of memory (abort) 2165 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2166 * SCTP_IERROR_NO_ERROR - continue with the chunk 2167 */ 2168 static enum sctp_ierror sctp_verify_param(struct net *net, 2169 const struct sctp_endpoint *ep, 2170 const struct sctp_association *asoc, 2171 union sctp_params param, 2172 enum sctp_cid cid, 2173 struct sctp_chunk *chunk, 2174 struct sctp_chunk **err_chunk) 2175 { 2176 struct sctp_hmac_algo_param *hmacs; 2177 int retval = SCTP_IERROR_NO_ERROR; 2178 __u16 n_elt, id = 0; 2179 int i; 2180 2181 /* FIXME - This routine is not looking at each parameter per the 2182 * chunk type, i.e., unrecognized parameters should be further 2183 * identified based on the chunk id. 2184 */ 2185 2186 switch (param.p->type) { 2187 case SCTP_PARAM_IPV4_ADDRESS: 2188 case SCTP_PARAM_IPV6_ADDRESS: 2189 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2190 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2191 case SCTP_PARAM_STATE_COOKIE: 2192 case SCTP_PARAM_HEARTBEAT_INFO: 2193 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2194 case SCTP_PARAM_ECN_CAPABLE: 2195 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2196 break; 2197 2198 case SCTP_PARAM_SUPPORTED_EXT: 2199 if (!sctp_verify_ext_param(net, param)) 2200 return SCTP_IERROR_ABORT; 2201 break; 2202 2203 case SCTP_PARAM_SET_PRIMARY: 2204 if (net->sctp.addip_enable) 2205 break; 2206 goto fallthrough; 2207 2208 case SCTP_PARAM_HOST_NAME_ADDRESS: 2209 /* Tell the peer, we won't support this param. */ 2210 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2211 retval = SCTP_IERROR_ABORT; 2212 break; 2213 2214 case SCTP_PARAM_FWD_TSN_SUPPORT: 2215 if (ep->prsctp_enable) 2216 break; 2217 goto fallthrough; 2218 2219 case SCTP_PARAM_RANDOM: 2220 if (!ep->auth_enable) 2221 goto fallthrough; 2222 2223 /* SCTP-AUTH: Secion 6.1 2224 * If the random number is not 32 byte long the association 2225 * MUST be aborted. The ABORT chunk SHOULD contain the error 2226 * cause 'Protocol Violation'. 2227 */ 2228 if (SCTP_AUTH_RANDOM_LENGTH != 2229 ntohs(param.p->length) - sizeof(struct sctp_paramhdr)) { 2230 sctp_process_inv_paramlength(asoc, param.p, 2231 chunk, err_chunk); 2232 retval = SCTP_IERROR_ABORT; 2233 } 2234 break; 2235 2236 case SCTP_PARAM_CHUNKS: 2237 if (!ep->auth_enable) 2238 goto fallthrough; 2239 2240 /* SCTP-AUTH: Section 3.2 2241 * The CHUNKS parameter MUST be included once in the INIT or 2242 * INIT-ACK chunk if the sender wants to receive authenticated 2243 * chunks. Its maximum length is 260 bytes. 2244 */ 2245 if (260 < ntohs(param.p->length)) { 2246 sctp_process_inv_paramlength(asoc, param.p, 2247 chunk, err_chunk); 2248 retval = SCTP_IERROR_ABORT; 2249 } 2250 break; 2251 2252 case SCTP_PARAM_HMAC_ALGO: 2253 if (!ep->auth_enable) 2254 goto fallthrough; 2255 2256 hmacs = (struct sctp_hmac_algo_param *)param.p; 2257 n_elt = (ntohs(param.p->length) - 2258 sizeof(struct sctp_paramhdr)) >> 1; 2259 2260 /* SCTP-AUTH: Section 6.1 2261 * The HMAC algorithm based on SHA-1 MUST be supported and 2262 * included in the HMAC-ALGO parameter. 2263 */ 2264 for (i = 0; i < n_elt; i++) { 2265 id = ntohs(hmacs->hmac_ids[i]); 2266 2267 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2268 break; 2269 } 2270 2271 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2272 sctp_process_inv_paramlength(asoc, param.p, chunk, 2273 err_chunk); 2274 retval = SCTP_IERROR_ABORT; 2275 } 2276 break; 2277 fallthrough: 2278 default: 2279 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2280 __func__, ntohs(param.p->type), cid); 2281 2282 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2283 break; 2284 } 2285 return retval; 2286 } 2287 2288 /* Verify the INIT packet before we process it. */ 2289 int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2290 const struct sctp_association *asoc, enum sctp_cid cid, 2291 struct sctp_init_chunk *peer_init, 2292 struct sctp_chunk *chunk, struct sctp_chunk **errp) 2293 { 2294 union sctp_params param; 2295 bool has_cookie = false; 2296 int result; 2297 2298 /* Check for missing mandatory parameters. Note: Initial TSN is 2299 * also mandatory, but is not checked here since the valid range 2300 * is 0..2**32-1. RFC4960, section 3.3.3. 2301 */ 2302 if (peer_init->init_hdr.num_outbound_streams == 0 || 2303 peer_init->init_hdr.num_inbound_streams == 0 || 2304 peer_init->init_hdr.init_tag == 0 || 2305 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2306 return sctp_process_inv_mandatory(asoc, chunk, errp); 2307 2308 sctp_walk_params(param, peer_init, init_hdr.params) { 2309 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2310 has_cookie = true; 2311 } 2312 2313 /* There is a possibility that a parameter length was bad and 2314 * in that case we would have stoped walking the parameters. 2315 * The current param.p would point at the bad one. 2316 * Current consensus on the mailing list is to generate a PROTOCOL 2317 * VIOLATION error. We build the ERROR chunk here and let the normal 2318 * error handling code build and send the packet. 2319 */ 2320 if (param.v != (void *)chunk->chunk_end) 2321 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2322 2323 /* The only missing mandatory param possible today is 2324 * the state cookie for an INIT-ACK chunk. 2325 */ 2326 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2327 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2328 chunk, errp); 2329 2330 /* Verify all the variable length parameters */ 2331 sctp_walk_params(param, peer_init, init_hdr.params) { 2332 result = sctp_verify_param(net, ep, asoc, param, cid, 2333 chunk, errp); 2334 switch (result) { 2335 case SCTP_IERROR_ABORT: 2336 case SCTP_IERROR_NOMEM: 2337 return 0; 2338 case SCTP_IERROR_ERROR: 2339 return 1; 2340 case SCTP_IERROR_NO_ERROR: 2341 default: 2342 break; 2343 } 2344 2345 } /* for (loop through all parameters) */ 2346 2347 return 1; 2348 } 2349 2350 /* Unpack the parameters in an INIT packet into an association. 2351 * Returns 0 on failure, else success. 2352 * FIXME: This is an association method. 2353 */ 2354 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2355 const union sctp_addr *peer_addr, 2356 struct sctp_init_chunk *peer_init, gfp_t gfp) 2357 { 2358 struct net *net = sock_net(asoc->base.sk); 2359 struct sctp_transport *transport; 2360 struct list_head *pos, *temp; 2361 union sctp_params param; 2362 union sctp_addr addr; 2363 struct sctp_af *af; 2364 int src_match = 0; 2365 char *cookie; 2366 2367 /* We must include the address that the INIT packet came from. 2368 * This is the only address that matters for an INIT packet. 2369 * When processing a COOKIE ECHO, we retrieve the from address 2370 * of the INIT from the cookie. 2371 */ 2372 2373 /* This implementation defaults to making the first transport 2374 * added as the primary transport. The source address seems to 2375 * be a a better choice than any of the embedded addresses. 2376 */ 2377 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2378 goto nomem; 2379 2380 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2381 src_match = 1; 2382 2383 /* Process the initialization parameters. */ 2384 sctp_walk_params(param, peer_init, init_hdr.params) { 2385 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2386 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2387 af = sctp_get_af_specific(param_type2af(param.p->type)); 2388 af->from_addr_param(&addr, param.addr, 2389 chunk->sctp_hdr->source, 0); 2390 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2391 src_match = 1; 2392 } 2393 2394 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2395 goto clean_up; 2396 } 2397 2398 /* source address of chunk may not match any valid address */ 2399 if (!src_match) 2400 goto clean_up; 2401 2402 /* AUTH: After processing the parameters, make sure that we 2403 * have all the required info to potentially do authentications. 2404 */ 2405 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2406 !asoc->peer.peer_hmacs)) 2407 asoc->peer.auth_capable = 0; 2408 2409 /* In a non-backward compatible mode, if the peer claims 2410 * support for ADD-IP but not AUTH, the ADD-IP spec states 2411 * that we MUST ABORT the association. Section 6. The section 2412 * also give us an option to silently ignore the packet, which 2413 * is what we'll do here. 2414 */ 2415 if (!net->sctp.addip_noauth && 2416 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2417 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2418 SCTP_PARAM_DEL_IP | 2419 SCTP_PARAM_SET_PRIMARY); 2420 asoc->peer.asconf_capable = 0; 2421 goto clean_up; 2422 } 2423 2424 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2425 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2426 transport = list_entry(pos, struct sctp_transport, transports); 2427 if (transport->state == SCTP_UNKNOWN) { 2428 sctp_assoc_rm_peer(asoc, transport); 2429 } 2430 } 2431 2432 /* The fixed INIT headers are always in network byte 2433 * order. 2434 */ 2435 asoc->peer.i.init_tag = 2436 ntohl(peer_init->init_hdr.init_tag); 2437 asoc->peer.i.a_rwnd = 2438 ntohl(peer_init->init_hdr.a_rwnd); 2439 asoc->peer.i.num_outbound_streams = 2440 ntohs(peer_init->init_hdr.num_outbound_streams); 2441 asoc->peer.i.num_inbound_streams = 2442 ntohs(peer_init->init_hdr.num_inbound_streams); 2443 asoc->peer.i.initial_tsn = 2444 ntohl(peer_init->init_hdr.initial_tsn); 2445 2446 asoc->strreset_inseq = asoc->peer.i.initial_tsn; 2447 2448 /* Apply the upper bounds for output streams based on peer's 2449 * number of inbound streams. 2450 */ 2451 if (asoc->c.sinit_num_ostreams > 2452 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2453 asoc->c.sinit_num_ostreams = 2454 ntohs(peer_init->init_hdr.num_inbound_streams); 2455 } 2456 2457 if (asoc->c.sinit_max_instreams > 2458 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2459 asoc->c.sinit_max_instreams = 2460 ntohs(peer_init->init_hdr.num_outbound_streams); 2461 } 2462 2463 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2464 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2465 2466 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2467 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2468 2469 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2470 cookie = asoc->peer.cookie; 2471 if (cookie) { 2472 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2473 if (!asoc->peer.cookie) 2474 goto clean_up; 2475 } 2476 2477 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2478 * high (for example, implementations MAY use the size of the receiver 2479 * advertised window). 2480 */ 2481 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2482 transports) { 2483 transport->ssthresh = asoc->peer.i.a_rwnd; 2484 } 2485 2486 /* Set up the TSN tracking pieces. */ 2487 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2488 asoc->peer.i.initial_tsn, gfp)) 2489 goto clean_up; 2490 2491 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2492 * 2493 * The stream sequence number in all the streams shall start 2494 * from 0 when the association is established. Also, when the 2495 * stream sequence number reaches the value 65535 the next 2496 * stream sequence number shall be set to 0. 2497 */ 2498 2499 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 2500 asoc->c.sinit_max_instreams, gfp)) 2501 goto clean_up; 2502 2503 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp)) 2504 goto clean_up; 2505 2506 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2507 * 2508 * When an endpoint has an ASCONF signaled change to be sent to the 2509 * remote endpoint it should do the following: 2510 * ... 2511 * A2) A serial number should be assigned to the Chunk. The serial 2512 * number should be a monotonically increasing number. All serial 2513 * numbers are defined to be initialized at the start of the 2514 * association to the same value as the Initial TSN. 2515 */ 2516 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2517 return 1; 2518 2519 clean_up: 2520 /* Release the transport structures. */ 2521 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2522 transport = list_entry(pos, struct sctp_transport, transports); 2523 if (transport->state != SCTP_ACTIVE) 2524 sctp_assoc_rm_peer(asoc, transport); 2525 } 2526 2527 nomem: 2528 return 0; 2529 } 2530 2531 2532 /* Update asoc with the option described in param. 2533 * 2534 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2535 * 2536 * asoc is the association to update. 2537 * param is the variable length parameter to use for update. 2538 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2539 * If the current packet is an INIT we want to minimize the amount of 2540 * work we do. In particular, we should not build transport 2541 * structures for the addresses. 2542 */ 2543 static int sctp_process_param(struct sctp_association *asoc, 2544 union sctp_params param, 2545 const union sctp_addr *peer_addr, 2546 gfp_t gfp) 2547 { 2548 struct net *net = sock_net(asoc->base.sk); 2549 struct sctp_endpoint *ep = asoc->ep; 2550 union sctp_addr_param *addr_param; 2551 struct sctp_transport *t; 2552 enum sctp_scope scope; 2553 union sctp_addr addr; 2554 struct sctp_af *af; 2555 int retval = 1, i; 2556 u32 stale; 2557 __u16 sat; 2558 2559 /* We maintain all INIT parameters in network byte order all the 2560 * time. This allows us to not worry about whether the parameters 2561 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2562 */ 2563 switch (param.p->type) { 2564 case SCTP_PARAM_IPV6_ADDRESS: 2565 if (PF_INET6 != asoc->base.sk->sk_family) 2566 break; 2567 goto do_addr_param; 2568 2569 case SCTP_PARAM_IPV4_ADDRESS: 2570 /* v4 addresses are not allowed on v6-only socket */ 2571 if (ipv6_only_sock(asoc->base.sk)) 2572 break; 2573 do_addr_param: 2574 af = sctp_get_af_specific(param_type2af(param.p->type)); 2575 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2576 scope = sctp_scope(peer_addr); 2577 if (sctp_in_scope(net, &addr, scope)) 2578 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2579 return 0; 2580 break; 2581 2582 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2583 if (!net->sctp.cookie_preserve_enable) 2584 break; 2585 2586 stale = ntohl(param.life->lifespan_increment); 2587 2588 /* Suggested Cookie Life span increment's unit is msec, 2589 * (1/1000sec). 2590 */ 2591 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2592 break; 2593 2594 case SCTP_PARAM_HOST_NAME_ADDRESS: 2595 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2596 break; 2597 2598 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2599 /* Turn off the default values first so we'll know which 2600 * ones are really set by the peer. 2601 */ 2602 asoc->peer.ipv4_address = 0; 2603 asoc->peer.ipv6_address = 0; 2604 2605 /* Assume that peer supports the address family 2606 * by which it sends a packet. 2607 */ 2608 if (peer_addr->sa.sa_family == AF_INET6) 2609 asoc->peer.ipv6_address = 1; 2610 else if (peer_addr->sa.sa_family == AF_INET) 2611 asoc->peer.ipv4_address = 1; 2612 2613 /* Cycle through address types; avoid divide by 0. */ 2614 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2615 if (sat) 2616 sat /= sizeof(__u16); 2617 2618 for (i = 0; i < sat; ++i) { 2619 switch (param.sat->types[i]) { 2620 case SCTP_PARAM_IPV4_ADDRESS: 2621 asoc->peer.ipv4_address = 1; 2622 break; 2623 2624 case SCTP_PARAM_IPV6_ADDRESS: 2625 if (PF_INET6 == asoc->base.sk->sk_family) 2626 asoc->peer.ipv6_address = 1; 2627 break; 2628 2629 case SCTP_PARAM_HOST_NAME_ADDRESS: 2630 asoc->peer.hostname_address = 1; 2631 break; 2632 2633 default: /* Just ignore anything else. */ 2634 break; 2635 } 2636 } 2637 break; 2638 2639 case SCTP_PARAM_STATE_COOKIE: 2640 asoc->peer.cookie_len = 2641 ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2642 asoc->peer.cookie = param.cookie->body; 2643 break; 2644 2645 case SCTP_PARAM_HEARTBEAT_INFO: 2646 /* Would be odd to receive, but it causes no problems. */ 2647 break; 2648 2649 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2650 /* Rejected during verify stage. */ 2651 break; 2652 2653 case SCTP_PARAM_ECN_CAPABLE: 2654 asoc->peer.ecn_capable = 1; 2655 break; 2656 2657 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2658 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2659 break; 2660 2661 case SCTP_PARAM_SET_PRIMARY: 2662 if (!net->sctp.addip_enable) 2663 goto fall_through; 2664 2665 addr_param = param.v + sizeof(struct sctp_addip_param); 2666 2667 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2668 if (af == NULL) 2669 break; 2670 2671 af->from_addr_param(&addr, addr_param, 2672 htons(asoc->peer.port), 0); 2673 2674 /* if the address is invalid, we can't process it. 2675 * XXX: see spec for what to do. 2676 */ 2677 if (!af->addr_valid(&addr, NULL, NULL)) 2678 break; 2679 2680 t = sctp_assoc_lookup_paddr(asoc, &addr); 2681 if (!t) 2682 break; 2683 2684 sctp_assoc_set_primary(asoc, t); 2685 break; 2686 2687 case SCTP_PARAM_SUPPORTED_EXT: 2688 sctp_process_ext_param(asoc, param); 2689 break; 2690 2691 case SCTP_PARAM_FWD_TSN_SUPPORT: 2692 if (asoc->prsctp_enable) { 2693 asoc->peer.prsctp_capable = 1; 2694 break; 2695 } 2696 /* Fall Through */ 2697 goto fall_through; 2698 2699 case SCTP_PARAM_RANDOM: 2700 if (!ep->auth_enable) 2701 goto fall_through; 2702 2703 /* Save peer's random parameter */ 2704 asoc->peer.peer_random = kmemdup(param.p, 2705 ntohs(param.p->length), gfp); 2706 if (!asoc->peer.peer_random) { 2707 retval = 0; 2708 break; 2709 } 2710 break; 2711 2712 case SCTP_PARAM_HMAC_ALGO: 2713 if (!ep->auth_enable) 2714 goto fall_through; 2715 2716 /* Save peer's HMAC list */ 2717 asoc->peer.peer_hmacs = kmemdup(param.p, 2718 ntohs(param.p->length), gfp); 2719 if (!asoc->peer.peer_hmacs) { 2720 retval = 0; 2721 break; 2722 } 2723 2724 /* Set the default HMAC the peer requested*/ 2725 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2726 break; 2727 2728 case SCTP_PARAM_CHUNKS: 2729 if (!ep->auth_enable) 2730 goto fall_through; 2731 2732 asoc->peer.peer_chunks = kmemdup(param.p, 2733 ntohs(param.p->length), gfp); 2734 if (!asoc->peer.peer_chunks) 2735 retval = 0; 2736 break; 2737 fall_through: 2738 default: 2739 /* Any unrecognized parameters should have been caught 2740 * and handled by sctp_verify_param() which should be 2741 * called prior to this routine. Simply log the error 2742 * here. 2743 */ 2744 pr_debug("%s: ignoring param:%d for association:%p.\n", 2745 __func__, ntohs(param.p->type), asoc); 2746 break; 2747 } 2748 2749 return retval; 2750 } 2751 2752 /* Select a new verification tag. */ 2753 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2754 { 2755 /* I believe that this random number generator complies with RFC1750. 2756 * A tag of 0 is reserved for special cases (e.g. INIT). 2757 */ 2758 __u32 x; 2759 2760 do { 2761 get_random_bytes(&x, sizeof(__u32)); 2762 } while (x == 0); 2763 2764 return x; 2765 } 2766 2767 /* Select an initial TSN to send during startup. */ 2768 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2769 { 2770 __u32 retval; 2771 2772 get_random_bytes(&retval, sizeof(__u32)); 2773 return retval; 2774 } 2775 2776 /* 2777 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2778 * 0 1 2 3 2779 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2780 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2781 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2782 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2783 * | Serial Number | 2784 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2785 * | Address Parameter | 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * | ASCONF Parameter #1 | 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * \ \ 2790 * / .... / 2791 * \ \ 2792 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2793 * | ASCONF Parameter #N | 2794 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2795 * 2796 * Address Parameter and other parameter will not be wrapped in this function 2797 */ 2798 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2799 union sctp_addr *addr, 2800 int vparam_len) 2801 { 2802 struct sctp_addiphdr asconf; 2803 struct sctp_chunk *retval; 2804 int length = sizeof(asconf) + vparam_len; 2805 union sctp_addr_param addrparam; 2806 int addrlen; 2807 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2808 2809 addrlen = af->to_addr_param(addr, &addrparam); 2810 if (!addrlen) 2811 return NULL; 2812 length += addrlen; 2813 2814 /* Create the chunk. */ 2815 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length, 2816 GFP_ATOMIC); 2817 if (!retval) 2818 return NULL; 2819 2820 asconf.serial = htonl(asoc->addip_serial++); 2821 2822 retval->subh.addip_hdr = 2823 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2824 retval->param_hdr.v = 2825 sctp_addto_chunk(retval, addrlen, &addrparam); 2826 2827 return retval; 2828 } 2829 2830 /* ADDIP 2831 * 3.2.1 Add IP Address 2832 * 0 1 2 3 2833 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2834 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2835 * | Type = 0xC001 | Length = Variable | 2836 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2837 * | ASCONF-Request Correlation ID | 2838 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2839 * | Address Parameter | 2840 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2841 * 2842 * 3.2.2 Delete IP Address 2843 * 0 1 2 3 2844 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2845 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2846 * | Type = 0xC002 | Length = Variable | 2847 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2848 * | ASCONF-Request Correlation ID | 2849 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2850 * | Address Parameter | 2851 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2852 * 2853 */ 2854 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2855 union sctp_addr *laddr, 2856 struct sockaddr *addrs, 2857 int addrcnt, __be16 flags) 2858 { 2859 union sctp_addr_param addr_param; 2860 struct sctp_addip_param param; 2861 int paramlen = sizeof(param); 2862 struct sctp_chunk *retval; 2863 int addr_param_len = 0; 2864 union sctp_addr *addr; 2865 int totallen = 0, i; 2866 int del_pickup = 0; 2867 struct sctp_af *af; 2868 void *addr_buf; 2869 2870 /* Get total length of all the address parameters. */ 2871 addr_buf = addrs; 2872 for (i = 0; i < addrcnt; i++) { 2873 addr = addr_buf; 2874 af = sctp_get_af_specific(addr->v4.sin_family); 2875 addr_param_len = af->to_addr_param(addr, &addr_param); 2876 2877 totallen += paramlen; 2878 totallen += addr_param_len; 2879 2880 addr_buf += af->sockaddr_len; 2881 if (asoc->asconf_addr_del_pending && !del_pickup) { 2882 /* reuse the parameter length from the same scope one */ 2883 totallen += paramlen; 2884 totallen += addr_param_len; 2885 del_pickup = 1; 2886 2887 pr_debug("%s: picked same-scope del_pending addr, " 2888 "totallen for all addresses is %d\n", 2889 __func__, totallen); 2890 } 2891 } 2892 2893 /* Create an asconf chunk with the required length. */ 2894 retval = sctp_make_asconf(asoc, laddr, totallen); 2895 if (!retval) 2896 return NULL; 2897 2898 /* Add the address parameters to the asconf chunk. */ 2899 addr_buf = addrs; 2900 for (i = 0; i < addrcnt; i++) { 2901 addr = addr_buf; 2902 af = sctp_get_af_specific(addr->v4.sin_family); 2903 addr_param_len = af->to_addr_param(addr, &addr_param); 2904 param.param_hdr.type = flags; 2905 param.param_hdr.length = htons(paramlen + addr_param_len); 2906 param.crr_id = htonl(i); 2907 2908 sctp_addto_chunk(retval, paramlen, ¶m); 2909 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2910 2911 addr_buf += af->sockaddr_len; 2912 } 2913 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2914 addr = asoc->asconf_addr_del_pending; 2915 af = sctp_get_af_specific(addr->v4.sin_family); 2916 addr_param_len = af->to_addr_param(addr, &addr_param); 2917 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2918 param.param_hdr.length = htons(paramlen + addr_param_len); 2919 param.crr_id = htonl(i); 2920 2921 sctp_addto_chunk(retval, paramlen, ¶m); 2922 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2923 } 2924 return retval; 2925 } 2926 2927 /* ADDIP 2928 * 3.2.4 Set Primary IP Address 2929 * 0 1 2 3 2930 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2931 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2932 * | Type =0xC004 | Length = Variable | 2933 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2934 * | ASCONF-Request Correlation ID | 2935 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2936 * | Address Parameter | 2937 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2938 * 2939 * Create an ASCONF chunk with Set Primary IP address parameter. 2940 */ 2941 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2942 union sctp_addr *addr) 2943 { 2944 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2945 union sctp_addr_param addrparam; 2946 struct sctp_addip_param param; 2947 struct sctp_chunk *retval; 2948 int len = sizeof(param); 2949 int addrlen; 2950 2951 addrlen = af->to_addr_param(addr, &addrparam); 2952 if (!addrlen) 2953 return NULL; 2954 len += addrlen; 2955 2956 /* Create the chunk and make asconf header. */ 2957 retval = sctp_make_asconf(asoc, addr, len); 2958 if (!retval) 2959 return NULL; 2960 2961 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2962 param.param_hdr.length = htons(len); 2963 param.crr_id = 0; 2964 2965 sctp_addto_chunk(retval, sizeof(param), ¶m); 2966 sctp_addto_chunk(retval, addrlen, &addrparam); 2967 2968 return retval; 2969 } 2970 2971 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2972 * 0 1 2 3 2973 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2974 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2975 * | Type = 0x80 | Chunk Flags | Chunk Length | 2976 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2977 * | Serial Number | 2978 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2979 * | ASCONF Parameter Response#1 | 2980 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2981 * \ \ 2982 * / .... / 2983 * \ \ 2984 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2985 * | ASCONF Parameter Response#N | 2986 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2987 * 2988 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2989 */ 2990 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2991 __u32 serial, int vparam_len) 2992 { 2993 struct sctp_addiphdr asconf; 2994 struct sctp_chunk *retval; 2995 int length = sizeof(asconf) + vparam_len; 2996 2997 /* Create the chunk. */ 2998 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length, 2999 GFP_ATOMIC); 3000 if (!retval) 3001 return NULL; 3002 3003 asconf.serial = htonl(serial); 3004 3005 retval->subh.addip_hdr = 3006 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 3007 3008 return retval; 3009 } 3010 3011 /* Add response parameters to an ASCONF_ACK chunk. */ 3012 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 3013 __be16 err_code, 3014 struct sctp_addip_param *asconf_param) 3015 { 3016 struct sctp_addip_param ack_param; 3017 struct sctp_errhdr err_param; 3018 int asconf_param_len = 0; 3019 int err_param_len = 0; 3020 __be16 response_type; 3021 3022 if (SCTP_ERROR_NO_ERROR == err_code) { 3023 response_type = SCTP_PARAM_SUCCESS_REPORT; 3024 } else { 3025 response_type = SCTP_PARAM_ERR_CAUSE; 3026 err_param_len = sizeof(err_param); 3027 if (asconf_param) 3028 asconf_param_len = 3029 ntohs(asconf_param->param_hdr.length); 3030 } 3031 3032 /* Add Success Indication or Error Cause Indication parameter. */ 3033 ack_param.param_hdr.type = response_type; 3034 ack_param.param_hdr.length = htons(sizeof(ack_param) + 3035 err_param_len + 3036 asconf_param_len); 3037 ack_param.crr_id = crr_id; 3038 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 3039 3040 if (SCTP_ERROR_NO_ERROR == err_code) 3041 return; 3042 3043 /* Add Error Cause parameter. */ 3044 err_param.cause = err_code; 3045 err_param.length = htons(err_param_len + asconf_param_len); 3046 sctp_addto_chunk(chunk, err_param_len, &err_param); 3047 3048 /* Add the failed TLV copied from ASCONF chunk. */ 3049 if (asconf_param) 3050 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3051 } 3052 3053 /* Process a asconf parameter. */ 3054 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3055 struct sctp_chunk *asconf, 3056 struct sctp_addip_param *asconf_param) 3057 { 3058 union sctp_addr_param *addr_param; 3059 struct sctp_transport *peer; 3060 union sctp_addr addr; 3061 struct sctp_af *af; 3062 3063 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3064 3065 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3066 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3067 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3068 return SCTP_ERROR_UNKNOWN_PARAM; 3069 3070 switch (addr_param->p.type) { 3071 case SCTP_PARAM_IPV6_ADDRESS: 3072 if (!asoc->peer.ipv6_address) 3073 return SCTP_ERROR_DNS_FAILED; 3074 break; 3075 case SCTP_PARAM_IPV4_ADDRESS: 3076 if (!asoc->peer.ipv4_address) 3077 return SCTP_ERROR_DNS_FAILED; 3078 break; 3079 default: 3080 return SCTP_ERROR_DNS_FAILED; 3081 } 3082 3083 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3084 if (unlikely(!af)) 3085 return SCTP_ERROR_DNS_FAILED; 3086 3087 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3088 3089 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3090 * or multicast address. 3091 * (note: wildcard is permitted and requires special handling so 3092 * make sure we check for that) 3093 */ 3094 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3095 return SCTP_ERROR_DNS_FAILED; 3096 3097 switch (asconf_param->param_hdr.type) { 3098 case SCTP_PARAM_ADD_IP: 3099 /* Section 4.2.1: 3100 * If the address 0.0.0.0 or ::0 is provided, the source 3101 * address of the packet MUST be added. 3102 */ 3103 if (af->is_any(&addr)) 3104 memcpy(&addr, &asconf->source, sizeof(addr)); 3105 3106 if (security_sctp_bind_connect(asoc->ep->base.sk, 3107 SCTP_PARAM_ADD_IP, 3108 (struct sockaddr *)&addr, 3109 af->sockaddr_len)) 3110 return SCTP_ERROR_REQ_REFUSED; 3111 3112 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3113 * request and does not have the local resources to add this 3114 * new address to the association, it MUST return an Error 3115 * Cause TLV set to the new error code 'Operation Refused 3116 * Due to Resource Shortage'. 3117 */ 3118 3119 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3120 if (!peer) 3121 return SCTP_ERROR_RSRC_LOW; 3122 3123 /* Start the heartbeat timer. */ 3124 sctp_transport_reset_hb_timer(peer); 3125 asoc->new_transport = peer; 3126 break; 3127 case SCTP_PARAM_DEL_IP: 3128 /* ADDIP 4.3 D7) If a request is received to delete the 3129 * last remaining IP address of a peer endpoint, the receiver 3130 * MUST send an Error Cause TLV with the error cause set to the 3131 * new error code 'Request to Delete Last Remaining IP Address'. 3132 */ 3133 if (asoc->peer.transport_count == 1) 3134 return SCTP_ERROR_DEL_LAST_IP; 3135 3136 /* ADDIP 4.3 D8) If a request is received to delete an IP 3137 * address which is also the source address of the IP packet 3138 * which contained the ASCONF chunk, the receiver MUST reject 3139 * this request. To reject the request the receiver MUST send 3140 * an Error Cause TLV set to the new error code 'Request to 3141 * Delete Source IP Address' 3142 */ 3143 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3144 return SCTP_ERROR_DEL_SRC_IP; 3145 3146 /* Section 4.2.2 3147 * If the address 0.0.0.0 or ::0 is provided, all 3148 * addresses of the peer except the source address of the 3149 * packet MUST be deleted. 3150 */ 3151 if (af->is_any(&addr)) { 3152 sctp_assoc_set_primary(asoc, asconf->transport); 3153 sctp_assoc_del_nonprimary_peers(asoc, 3154 asconf->transport); 3155 return SCTP_ERROR_NO_ERROR; 3156 } 3157 3158 /* If the address is not part of the association, the 3159 * ASCONF-ACK with Error Cause Indication Parameter 3160 * which including cause of Unresolvable Address should 3161 * be sent. 3162 */ 3163 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3164 if (!peer) 3165 return SCTP_ERROR_DNS_FAILED; 3166 3167 sctp_assoc_rm_peer(asoc, peer); 3168 break; 3169 case SCTP_PARAM_SET_PRIMARY: 3170 /* ADDIP Section 4.2.4 3171 * If the address 0.0.0.0 or ::0 is provided, the receiver 3172 * MAY mark the source address of the packet as its 3173 * primary. 3174 */ 3175 if (af->is_any(&addr)) 3176 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3177 3178 if (security_sctp_bind_connect(asoc->ep->base.sk, 3179 SCTP_PARAM_SET_PRIMARY, 3180 (struct sockaddr *)&addr, 3181 af->sockaddr_len)) 3182 return SCTP_ERROR_REQ_REFUSED; 3183 3184 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3185 if (!peer) 3186 return SCTP_ERROR_DNS_FAILED; 3187 3188 sctp_assoc_set_primary(asoc, peer); 3189 break; 3190 } 3191 3192 return SCTP_ERROR_NO_ERROR; 3193 } 3194 3195 /* Verify the ASCONF packet before we process it. */ 3196 bool sctp_verify_asconf(const struct sctp_association *asoc, 3197 struct sctp_chunk *chunk, bool addr_param_needed, 3198 struct sctp_paramhdr **errp) 3199 { 3200 struct sctp_addip_chunk *addip; 3201 bool addr_param_seen = false; 3202 union sctp_params param; 3203 3204 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr; 3205 sctp_walk_params(param, addip, addip_hdr.params) { 3206 size_t length = ntohs(param.p->length); 3207 3208 *errp = param.p; 3209 switch (param.p->type) { 3210 case SCTP_PARAM_ERR_CAUSE: 3211 break; 3212 case SCTP_PARAM_IPV4_ADDRESS: 3213 if (length != sizeof(struct sctp_ipv4addr_param)) 3214 return false; 3215 /* ensure there is only one addr param and it's in the 3216 * beginning of addip_hdr params, or we reject it. 3217 */ 3218 if (param.v != addip->addip_hdr.params) 3219 return false; 3220 addr_param_seen = true; 3221 break; 3222 case SCTP_PARAM_IPV6_ADDRESS: 3223 if (length != sizeof(struct sctp_ipv6addr_param)) 3224 return false; 3225 if (param.v != addip->addip_hdr.params) 3226 return false; 3227 addr_param_seen = true; 3228 break; 3229 case SCTP_PARAM_ADD_IP: 3230 case SCTP_PARAM_DEL_IP: 3231 case SCTP_PARAM_SET_PRIMARY: 3232 /* In ASCONF chunks, these need to be first. */ 3233 if (addr_param_needed && !addr_param_seen) 3234 return false; 3235 length = ntohs(param.addip->param_hdr.length); 3236 if (length < sizeof(struct sctp_addip_param) + 3237 sizeof(**errp)) 3238 return false; 3239 break; 3240 case SCTP_PARAM_SUCCESS_REPORT: 3241 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3242 if (length != sizeof(struct sctp_addip_param)) 3243 return false; 3244 break; 3245 default: 3246 /* This is unkown to us, reject! */ 3247 return false; 3248 } 3249 } 3250 3251 /* Remaining sanity checks. */ 3252 if (addr_param_needed && !addr_param_seen) 3253 return false; 3254 if (!addr_param_needed && addr_param_seen) 3255 return false; 3256 if (param.v != chunk->chunk_end) 3257 return false; 3258 3259 return true; 3260 } 3261 3262 /* Process an incoming ASCONF chunk with the next expected serial no. and 3263 * return an ASCONF_ACK chunk to be sent in response. 3264 */ 3265 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3266 struct sctp_chunk *asconf) 3267 { 3268 union sctp_addr_param *addr_param; 3269 struct sctp_addip_chunk *addip; 3270 struct sctp_chunk *asconf_ack; 3271 bool all_param_pass = true; 3272 struct sctp_addiphdr *hdr; 3273 int length = 0, chunk_len; 3274 union sctp_params param; 3275 __be16 err_code; 3276 __u32 serial; 3277 3278 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr; 3279 chunk_len = ntohs(asconf->chunk_hdr->length) - 3280 sizeof(struct sctp_chunkhdr); 3281 hdr = (struct sctp_addiphdr *)asconf->skb->data; 3282 serial = ntohl(hdr->serial); 3283 3284 /* Skip the addiphdr and store a pointer to address parameter. */ 3285 length = sizeof(*hdr); 3286 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3287 chunk_len -= length; 3288 3289 /* Skip the address parameter and store a pointer to the first 3290 * asconf parameter. 3291 */ 3292 length = ntohs(addr_param->p.length); 3293 chunk_len -= length; 3294 3295 /* create an ASCONF_ACK chunk. 3296 * Based on the definitions of parameters, we know that the size of 3297 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3298 * parameters. 3299 */ 3300 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3301 if (!asconf_ack) 3302 goto done; 3303 3304 /* Process the TLVs contained within the ASCONF chunk. */ 3305 sctp_walk_params(param, addip, addip_hdr.params) { 3306 /* Skip preceeding address parameters. */ 3307 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3308 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3309 continue; 3310 3311 err_code = sctp_process_asconf_param(asoc, asconf, 3312 param.addip); 3313 /* ADDIP 4.1 A7) 3314 * If an error response is received for a TLV parameter, 3315 * all TLVs with no response before the failed TLV are 3316 * considered successful if not reported. All TLVs after 3317 * the failed response are considered unsuccessful unless 3318 * a specific success indication is present for the parameter. 3319 */ 3320 if (err_code != SCTP_ERROR_NO_ERROR) 3321 all_param_pass = false; 3322 if (!all_param_pass) 3323 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3324 err_code, param.addip); 3325 3326 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3327 * an IP address sends an 'Out of Resource' in its response, it 3328 * MUST also fail any subsequent add or delete requests bundled 3329 * in the ASCONF. 3330 */ 3331 if (err_code == SCTP_ERROR_RSRC_LOW) 3332 goto done; 3333 } 3334 done: 3335 asoc->peer.addip_serial++; 3336 3337 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3338 * after freeing the reference to old asconf ack if any. 3339 */ 3340 if (asconf_ack) { 3341 sctp_chunk_hold(asconf_ack); 3342 list_add_tail(&asconf_ack->transmitted_list, 3343 &asoc->asconf_ack_list); 3344 } 3345 3346 return asconf_ack; 3347 } 3348 3349 /* Process a asconf parameter that is successfully acked. */ 3350 static void sctp_asconf_param_success(struct sctp_association *asoc, 3351 struct sctp_addip_param *asconf_param) 3352 { 3353 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3354 union sctp_addr_param *addr_param; 3355 struct sctp_sockaddr_entry *saddr; 3356 struct sctp_transport *transport; 3357 union sctp_addr addr; 3358 struct sctp_af *af; 3359 3360 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3361 3362 /* We have checked the packet before, so we do not check again. */ 3363 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3364 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3365 3366 switch (asconf_param->param_hdr.type) { 3367 case SCTP_PARAM_ADD_IP: 3368 /* This is always done in BH context with a socket lock 3369 * held, so the list can not change. 3370 */ 3371 local_bh_disable(); 3372 list_for_each_entry(saddr, &bp->address_list, list) { 3373 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3374 saddr->state = SCTP_ADDR_SRC; 3375 } 3376 local_bh_enable(); 3377 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3378 transports) { 3379 sctp_transport_dst_release(transport); 3380 } 3381 break; 3382 case SCTP_PARAM_DEL_IP: 3383 local_bh_disable(); 3384 sctp_del_bind_addr(bp, &addr); 3385 if (asoc->asconf_addr_del_pending != NULL && 3386 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3387 kfree(asoc->asconf_addr_del_pending); 3388 asoc->asconf_addr_del_pending = NULL; 3389 } 3390 local_bh_enable(); 3391 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3392 transports) { 3393 sctp_transport_dst_release(transport); 3394 } 3395 break; 3396 default: 3397 break; 3398 } 3399 } 3400 3401 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3402 * for the given asconf parameter. If there is no response for this parameter, 3403 * return the error code based on the third argument 'no_err'. 3404 * ADDIP 4.1 3405 * A7) If an error response is received for a TLV parameter, all TLVs with no 3406 * response before the failed TLV are considered successful if not reported. 3407 * All TLVs after the failed response are considered unsuccessful unless a 3408 * specific success indication is present for the parameter. 3409 */ 3410 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3411 struct sctp_addip_param *asconf_param, 3412 int no_err) 3413 { 3414 struct sctp_addip_param *asconf_ack_param; 3415 struct sctp_errhdr *err_param; 3416 int asconf_ack_len; 3417 __be16 err_code; 3418 int length; 3419 3420 if (no_err) 3421 err_code = SCTP_ERROR_NO_ERROR; 3422 else 3423 err_code = SCTP_ERROR_REQ_REFUSED; 3424 3425 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3426 sizeof(struct sctp_chunkhdr); 3427 3428 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3429 * the first asconf_ack parameter. 3430 */ 3431 length = sizeof(struct sctp_addiphdr); 3432 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data + 3433 length); 3434 asconf_ack_len -= length; 3435 3436 while (asconf_ack_len > 0) { 3437 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3438 switch (asconf_ack_param->param_hdr.type) { 3439 case SCTP_PARAM_SUCCESS_REPORT: 3440 return SCTP_ERROR_NO_ERROR; 3441 case SCTP_PARAM_ERR_CAUSE: 3442 length = sizeof(*asconf_ack_param); 3443 err_param = (void *)asconf_ack_param + length; 3444 asconf_ack_len -= length; 3445 if (asconf_ack_len > 0) 3446 return err_param->cause; 3447 else 3448 return SCTP_ERROR_INV_PARAM; 3449 break; 3450 default: 3451 return SCTP_ERROR_INV_PARAM; 3452 } 3453 } 3454 3455 length = ntohs(asconf_ack_param->param_hdr.length); 3456 asconf_ack_param = (void *)asconf_ack_param + length; 3457 asconf_ack_len -= length; 3458 } 3459 3460 return err_code; 3461 } 3462 3463 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3464 int sctp_process_asconf_ack(struct sctp_association *asoc, 3465 struct sctp_chunk *asconf_ack) 3466 { 3467 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3468 struct sctp_addip_param *asconf_param; 3469 __be16 err_code = SCTP_ERROR_NO_ERROR; 3470 union sctp_addr_param *addr_param; 3471 int asconf_len = asconf->skb->len; 3472 int all_param_pass = 0; 3473 int length = 0; 3474 int no_err = 1; 3475 int retval = 0; 3476 3477 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3478 * a pointer to address parameter. 3479 */ 3480 length = sizeof(struct sctp_addip_chunk); 3481 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3482 asconf_len -= length; 3483 3484 /* Skip the address parameter in the last asconf sent and store a 3485 * pointer to the first asconf parameter. 3486 */ 3487 length = ntohs(addr_param->p.length); 3488 asconf_param = (void *)addr_param + length; 3489 asconf_len -= length; 3490 3491 /* ADDIP 4.1 3492 * A8) If there is no response(s) to specific TLV parameter(s), and no 3493 * failures are indicated, then all request(s) are considered 3494 * successful. 3495 */ 3496 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr)) 3497 all_param_pass = 1; 3498 3499 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3500 while (asconf_len > 0) { 3501 if (all_param_pass) 3502 err_code = SCTP_ERROR_NO_ERROR; 3503 else { 3504 err_code = sctp_get_asconf_response(asconf_ack, 3505 asconf_param, 3506 no_err); 3507 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3508 no_err = 0; 3509 } 3510 3511 switch (err_code) { 3512 case SCTP_ERROR_NO_ERROR: 3513 sctp_asconf_param_success(asoc, asconf_param); 3514 break; 3515 3516 case SCTP_ERROR_RSRC_LOW: 3517 retval = 1; 3518 break; 3519 3520 case SCTP_ERROR_UNKNOWN_PARAM: 3521 /* Disable sending this type of asconf parameter in 3522 * future. 3523 */ 3524 asoc->peer.addip_disabled_mask |= 3525 asconf_param->param_hdr.type; 3526 break; 3527 3528 case SCTP_ERROR_REQ_REFUSED: 3529 case SCTP_ERROR_DEL_LAST_IP: 3530 case SCTP_ERROR_DEL_SRC_IP: 3531 default: 3532 break; 3533 } 3534 3535 /* Skip the processed asconf parameter and move to the next 3536 * one. 3537 */ 3538 length = ntohs(asconf_param->param_hdr.length); 3539 asconf_param = (void *)asconf_param + length; 3540 asconf_len -= length; 3541 } 3542 3543 if (no_err && asoc->src_out_of_asoc_ok) { 3544 asoc->src_out_of_asoc_ok = 0; 3545 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3546 } 3547 3548 /* Free the cached last sent asconf chunk. */ 3549 list_del_init(&asconf->transmitted_list); 3550 sctp_chunk_free(asconf); 3551 asoc->addip_last_asconf = NULL; 3552 3553 return retval; 3554 } 3555 3556 /* Make a FWD TSN chunk. */ 3557 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3558 __u32 new_cum_tsn, size_t nstreams, 3559 struct sctp_fwdtsn_skip *skiplist) 3560 { 3561 struct sctp_chunk *retval = NULL; 3562 struct sctp_fwdtsn_hdr ftsn_hdr; 3563 struct sctp_fwdtsn_skip skip; 3564 size_t hint; 3565 int i; 3566 3567 hint = (nstreams + 1) * sizeof(__u32); 3568 3569 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC); 3570 3571 if (!retval) 3572 return NULL; 3573 3574 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3575 retval->subh.fwdtsn_hdr = 3576 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3577 3578 for (i = 0; i < nstreams; i++) { 3579 skip.stream = skiplist[i].stream; 3580 skip.ssn = skiplist[i].ssn; 3581 sctp_addto_chunk(retval, sizeof(skip), &skip); 3582 } 3583 3584 return retval; 3585 } 3586 3587 struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc, 3588 __u32 new_cum_tsn, size_t nstreams, 3589 struct sctp_ifwdtsn_skip *skiplist) 3590 { 3591 struct sctp_chunk *retval = NULL; 3592 struct sctp_ifwdtsn_hdr ftsn_hdr; 3593 size_t hint; 3594 3595 hint = (nstreams + 1) * sizeof(__u32); 3596 3597 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint, 3598 GFP_ATOMIC); 3599 if (!retval) 3600 return NULL; 3601 3602 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3603 retval->subh.ifwdtsn_hdr = 3604 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3605 3606 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist); 3607 3608 return retval; 3609 } 3610 3611 /* RE-CONFIG 3.1 (RE-CONFIG chunk) 3612 * 0 1 2 3 3613 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3614 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3615 * | Type = 130 | Chunk Flags | Chunk Length | 3616 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3617 * \ \ 3618 * / Re-configuration Parameter / 3619 * \ \ 3620 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3621 * \ \ 3622 * / Re-configuration Parameter (optional) / 3623 * \ \ 3624 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3625 */ 3626 static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc, 3627 int length) 3628 { 3629 struct sctp_reconf_chunk *reconf; 3630 struct sctp_chunk *retval; 3631 3632 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length, 3633 GFP_ATOMIC); 3634 if (!retval) 3635 return NULL; 3636 3637 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr; 3638 retval->param_hdr.v = reconf->params; 3639 3640 return retval; 3641 } 3642 3643 /* RE-CONFIG 4.1 (STREAM OUT RESET) 3644 * 0 1 2 3 3645 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3646 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3647 * | Parameter Type = 13 | Parameter Length = 16 + 2 * N | 3648 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3649 * | Re-configuration Request Sequence Number | 3650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3651 * | Re-configuration Response Sequence Number | 3652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3653 * | Sender's Last Assigned TSN | 3654 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3655 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3657 * / ...... / 3658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3659 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3661 * 3662 * RE-CONFIG 4.2 (STREAM IN RESET) 3663 * 0 1 2 3 3664 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3665 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3666 * | Parameter Type = 14 | Parameter Length = 8 + 2 * N | 3667 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3668 * | Re-configuration Request Sequence Number | 3669 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3670 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3671 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3672 * / ...... / 3673 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3674 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3675 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3676 */ 3677 struct sctp_chunk *sctp_make_strreset_req( 3678 const struct sctp_association *asoc, 3679 __u16 stream_num, __be16 *stream_list, 3680 bool out, bool in) 3681 { 3682 __u16 stream_len = stream_num * sizeof(__u16); 3683 struct sctp_strreset_outreq outreq; 3684 struct sctp_strreset_inreq inreq; 3685 struct sctp_chunk *retval; 3686 __u16 outlen, inlen; 3687 3688 outlen = (sizeof(outreq) + stream_len) * out; 3689 inlen = (sizeof(inreq) + stream_len) * in; 3690 3691 retval = sctp_make_reconf(asoc, outlen + inlen); 3692 if (!retval) 3693 return NULL; 3694 3695 if (outlen) { 3696 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST; 3697 outreq.param_hdr.length = htons(outlen); 3698 outreq.request_seq = htonl(asoc->strreset_outseq); 3699 outreq.response_seq = htonl(asoc->strreset_inseq - 1); 3700 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1); 3701 3702 sctp_addto_chunk(retval, sizeof(outreq), &outreq); 3703 3704 if (stream_len) 3705 sctp_addto_chunk(retval, stream_len, stream_list); 3706 } 3707 3708 if (inlen) { 3709 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST; 3710 inreq.param_hdr.length = htons(inlen); 3711 inreq.request_seq = htonl(asoc->strreset_outseq + out); 3712 3713 sctp_addto_chunk(retval, sizeof(inreq), &inreq); 3714 3715 if (stream_len) 3716 sctp_addto_chunk(retval, stream_len, stream_list); 3717 } 3718 3719 return retval; 3720 } 3721 3722 /* RE-CONFIG 4.3 (SSN/TSN RESET ALL) 3723 * 0 1 2 3 3724 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3725 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3726 * | Parameter Type = 15 | Parameter Length = 8 | 3727 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3728 * | Re-configuration Request Sequence Number | 3729 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3730 */ 3731 struct sctp_chunk *sctp_make_strreset_tsnreq( 3732 const struct sctp_association *asoc) 3733 { 3734 struct sctp_strreset_tsnreq tsnreq; 3735 __u16 length = sizeof(tsnreq); 3736 struct sctp_chunk *retval; 3737 3738 retval = sctp_make_reconf(asoc, length); 3739 if (!retval) 3740 return NULL; 3741 3742 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST; 3743 tsnreq.param_hdr.length = htons(length); 3744 tsnreq.request_seq = htonl(asoc->strreset_outseq); 3745 3746 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq); 3747 3748 return retval; 3749 } 3750 3751 /* RE-CONFIG 4.5/4.6 (ADD STREAM) 3752 * 0 1 2 3 3753 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3754 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3755 * | Parameter Type = 17 | Parameter Length = 12 | 3756 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3757 * | Re-configuration Request Sequence Number | 3758 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3759 * | Number of new streams | Reserved | 3760 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3761 */ 3762 struct sctp_chunk *sctp_make_strreset_addstrm( 3763 const struct sctp_association *asoc, 3764 __u16 out, __u16 in) 3765 { 3766 struct sctp_strreset_addstrm addstrm; 3767 __u16 size = sizeof(addstrm); 3768 struct sctp_chunk *retval; 3769 3770 retval = sctp_make_reconf(asoc, (!!out + !!in) * size); 3771 if (!retval) 3772 return NULL; 3773 3774 if (out) { 3775 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS; 3776 addstrm.param_hdr.length = htons(size); 3777 addstrm.number_of_streams = htons(out); 3778 addstrm.request_seq = htonl(asoc->strreset_outseq); 3779 addstrm.reserved = 0; 3780 3781 sctp_addto_chunk(retval, size, &addstrm); 3782 } 3783 3784 if (in) { 3785 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS; 3786 addstrm.param_hdr.length = htons(size); 3787 addstrm.number_of_streams = htons(in); 3788 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out); 3789 addstrm.reserved = 0; 3790 3791 sctp_addto_chunk(retval, size, &addstrm); 3792 } 3793 3794 return retval; 3795 } 3796 3797 /* RE-CONFIG 4.4 (RESP) 3798 * 0 1 2 3 3799 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3800 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3801 * | Parameter Type = 16 | Parameter Length | 3802 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3803 * | Re-configuration Response Sequence Number | 3804 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3805 * | Result | 3806 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3807 */ 3808 struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc, 3809 __u32 result, __u32 sn) 3810 { 3811 struct sctp_strreset_resp resp; 3812 __u16 length = sizeof(resp); 3813 struct sctp_chunk *retval; 3814 3815 retval = sctp_make_reconf(asoc, length); 3816 if (!retval) 3817 return NULL; 3818 3819 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3820 resp.param_hdr.length = htons(length); 3821 resp.response_seq = htonl(sn); 3822 resp.result = htonl(result); 3823 3824 sctp_addto_chunk(retval, sizeof(resp), &resp); 3825 3826 return retval; 3827 } 3828 3829 /* RE-CONFIG 4.4 OPTIONAL (TSNRESP) 3830 * 0 1 2 3 3831 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3832 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3833 * | Parameter Type = 16 | Parameter Length | 3834 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3835 * | Re-configuration Response Sequence Number | 3836 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3837 * | Result | 3838 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3839 * | Sender's Next TSN (optional) | 3840 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3841 * | Receiver's Next TSN (optional) | 3842 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3843 */ 3844 struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc, 3845 __u32 result, __u32 sn, 3846 __u32 sender_tsn, 3847 __u32 receiver_tsn) 3848 { 3849 struct sctp_strreset_resptsn tsnresp; 3850 __u16 length = sizeof(tsnresp); 3851 struct sctp_chunk *retval; 3852 3853 retval = sctp_make_reconf(asoc, length); 3854 if (!retval) 3855 return NULL; 3856 3857 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3858 tsnresp.param_hdr.length = htons(length); 3859 3860 tsnresp.response_seq = htonl(sn); 3861 tsnresp.result = htonl(result); 3862 tsnresp.senders_next_tsn = htonl(sender_tsn); 3863 tsnresp.receivers_next_tsn = htonl(receiver_tsn); 3864 3865 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp); 3866 3867 return retval; 3868 } 3869 3870 bool sctp_verify_reconf(const struct sctp_association *asoc, 3871 struct sctp_chunk *chunk, 3872 struct sctp_paramhdr **errp) 3873 { 3874 struct sctp_reconf_chunk *hdr; 3875 union sctp_params param; 3876 __be16 last = 0; 3877 __u16 cnt = 0; 3878 3879 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; 3880 sctp_walk_params(param, hdr, params) { 3881 __u16 length = ntohs(param.p->length); 3882 3883 *errp = param.p; 3884 if (cnt++ > 2) 3885 return false; 3886 switch (param.p->type) { 3887 case SCTP_PARAM_RESET_OUT_REQUEST: 3888 if (length < sizeof(struct sctp_strreset_outreq) || 3889 (last && last != SCTP_PARAM_RESET_RESPONSE && 3890 last != SCTP_PARAM_RESET_IN_REQUEST)) 3891 return false; 3892 break; 3893 case SCTP_PARAM_RESET_IN_REQUEST: 3894 if (length < sizeof(struct sctp_strreset_inreq) || 3895 (last && last != SCTP_PARAM_RESET_OUT_REQUEST)) 3896 return false; 3897 break; 3898 case SCTP_PARAM_RESET_RESPONSE: 3899 if ((length != sizeof(struct sctp_strreset_resp) && 3900 length != sizeof(struct sctp_strreset_resptsn)) || 3901 (last && last != SCTP_PARAM_RESET_RESPONSE && 3902 last != SCTP_PARAM_RESET_OUT_REQUEST)) 3903 return false; 3904 break; 3905 case SCTP_PARAM_RESET_TSN_REQUEST: 3906 if (length != 3907 sizeof(struct sctp_strreset_tsnreq) || last) 3908 return false; 3909 break; 3910 case SCTP_PARAM_RESET_ADD_IN_STREAMS: 3911 if (length != sizeof(struct sctp_strreset_addstrm) || 3912 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS)) 3913 return false; 3914 break; 3915 case SCTP_PARAM_RESET_ADD_OUT_STREAMS: 3916 if (length != sizeof(struct sctp_strreset_addstrm) || 3917 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS)) 3918 return false; 3919 break; 3920 default: 3921 return false; 3922 } 3923 3924 last = param.p->type; 3925 } 3926 3927 return true; 3928 } 3929