1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, see 27 * <http://www.gnu.org/licenses/>. 28 * 29 * Please send any bug reports or fixes you make to the 30 * email address(es): 31 * lksctp developers <linux-sctp@vger.kernel.org> 32 * 33 * Written or modified by: 34 * La Monte H.P. Yarroll <piggy@acm.org> 35 * Karl Knutson <karl@athena.chicago.il.us> 36 * C. Robin <chris@hundredacre.ac.uk> 37 * Jon Grimm <jgrimm@us.ibm.com> 38 * Xingang Guo <xingang.guo@intel.com> 39 * Dajiang Zhang <dajiang.zhang@nokia.com> 40 * Sridhar Samudrala <sri@us.ibm.com> 41 * Daisy Chang <daisyc@us.ibm.com> 42 * Ardelle Fan <ardelle.fan@intel.com> 43 * Kevin Gao <kevin.gao@intel.com> 44 */ 45 46 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 47 48 #include <linux/types.h> 49 #include <linux/kernel.h> 50 #include <linux/ip.h> 51 #include <linux/ipv6.h> 52 #include <linux/net.h> 53 #include <linux/inet.h> 54 #include <linux/scatterlist.h> 55 #include <linux/crypto.h> 56 #include <linux/slab.h> 57 #include <net/sock.h> 58 59 #include <linux/skbuff.h> 60 #include <linux/random.h> /* for get_random_bytes */ 61 #include <net/sctp/sctp.h> 62 #include <net/sctp/sm.h> 63 64 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 65 __u8 type, __u8 flags, int paylen); 66 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 67 __u8 flags, int paylen); 68 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 69 __u8 type, __u8 flags, int paylen); 70 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 71 const struct sctp_association *asoc, 72 const struct sctp_chunk *init_chunk, 73 int *cookie_len, 74 const __u8 *raw_addrs, int addrs_len); 75 static int sctp_process_param(struct sctp_association *asoc, 76 union sctp_params param, 77 const union sctp_addr *peer_addr, 78 gfp_t gfp); 79 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 80 const void *data); 81 static void *sctp_addto_chunk_fixed(struct sctp_chunk *, int len, 82 const void *data); 83 84 /* Control chunk destructor */ 85 static void sctp_control_release_owner(struct sk_buff *skb) 86 { 87 /*TODO: do memory release */ 88 } 89 90 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 91 { 92 struct sctp_association *asoc = chunk->asoc; 93 struct sk_buff *skb = chunk->skb; 94 95 /* TODO: properly account for control chunks. 96 * To do it right we'll need: 97 * 1) endpoint if association isn't known. 98 * 2) proper memory accounting. 99 * 100 * For now don't do anything for now. 101 */ 102 skb->sk = asoc ? asoc->base.sk : NULL; 103 skb->destructor = sctp_control_release_owner; 104 } 105 106 /* What was the inbound interface for this chunk? */ 107 int sctp_chunk_iif(const struct sctp_chunk *chunk) 108 { 109 struct sctp_af *af; 110 int iif = 0; 111 112 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 113 if (af) 114 iif = af->skb_iif(chunk->skb); 115 116 return iif; 117 } 118 119 /* RFC 2960 3.3.2 Initiation (INIT) (1) 120 * 121 * Note 2: The ECN capable field is reserved for future use of 122 * Explicit Congestion Notification. 123 */ 124 static const struct sctp_paramhdr ecap_param = { 125 SCTP_PARAM_ECN_CAPABLE, 126 cpu_to_be16(sizeof(struct sctp_paramhdr)), 127 }; 128 static const struct sctp_paramhdr prsctp_param = { 129 SCTP_PARAM_FWD_TSN_SUPPORT, 130 cpu_to_be16(sizeof(struct sctp_paramhdr)), 131 }; 132 133 /* A helper to initialize an op error inside a 134 * provided chunk, as most cause codes will be embedded inside an 135 * abort chunk. 136 */ 137 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 138 size_t paylen) 139 { 140 sctp_errhdr_t err; 141 __u16 len; 142 143 /* Cause code constants are now defined in network order. */ 144 err.cause = cause_code; 145 len = sizeof(sctp_errhdr_t) + paylen; 146 err.length = htons(len); 147 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 148 } 149 150 /* A helper to initialize an op error inside a 151 * provided chunk, as most cause codes will be embedded inside an 152 * abort chunk. Differs from sctp_init_cause in that it won't oops 153 * if there isn't enough space in the op error chunk 154 */ 155 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 156 size_t paylen) 157 { 158 sctp_errhdr_t err; 159 __u16 len; 160 161 /* Cause code constants are now defined in network order. */ 162 err.cause = cause_code; 163 len = sizeof(sctp_errhdr_t) + paylen; 164 err.length = htons(len); 165 166 if (skb_tailroom(chunk->skb) < len) 167 return -ENOSPC; 168 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 169 sizeof(sctp_errhdr_t), 170 &err); 171 return 0; 172 } 173 /* 3.3.2 Initiation (INIT) (1) 174 * 175 * This chunk is used to initiate a SCTP association between two 176 * endpoints. The format of the INIT chunk is shown below: 177 * 178 * 0 1 2 3 179 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 180 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 * | Type = 1 | Chunk Flags | Chunk Length | 182 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 * | Initiate Tag | 184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 * | Advertised Receiver Window Credit (a_rwnd) | 186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 * | Number of Outbound Streams | Number of Inbound Streams | 188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 * | Initial TSN | 190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 * \ \ 192 * / Optional/Variable-Length Parameters / 193 * \ \ 194 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 * 196 * 197 * The INIT chunk contains the following parameters. Unless otherwise 198 * noted, each parameter MUST only be included once in the INIT chunk. 199 * 200 * Fixed Parameters Status 201 * ---------------------------------------------- 202 * Initiate Tag Mandatory 203 * Advertised Receiver Window Credit Mandatory 204 * Number of Outbound Streams Mandatory 205 * Number of Inbound Streams Mandatory 206 * Initial TSN Mandatory 207 * 208 * Variable Parameters Status Type Value 209 * ------------------------------------------------------------- 210 * IPv4 Address (Note 1) Optional 5 211 * IPv6 Address (Note 1) Optional 6 212 * Cookie Preservative Optional 9 213 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 214 * Host Name Address (Note 3) Optional 11 215 * Supported Address Types (Note 4) Optional 12 216 */ 217 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 218 const struct sctp_bind_addr *bp, 219 gfp_t gfp, int vparam_len) 220 { 221 struct net *net = sock_net(asoc->base.sk); 222 sctp_inithdr_t init; 223 union sctp_params addrs; 224 size_t chunksize; 225 struct sctp_chunk *retval = NULL; 226 int num_types, addrs_len = 0; 227 struct sctp_sock *sp; 228 sctp_supported_addrs_param_t sat; 229 __be16 types[2]; 230 sctp_adaptation_ind_param_t aiparam; 231 sctp_supported_ext_param_t ext_param; 232 int num_ext = 0; 233 __u8 extensions[3]; 234 sctp_paramhdr_t *auth_chunks = NULL, 235 *auth_hmacs = NULL; 236 237 /* RFC 2960 3.3.2 Initiation (INIT) (1) 238 * 239 * Note 1: The INIT chunks can contain multiple addresses that 240 * can be IPv4 and/or IPv6 in any combination. 241 */ 242 retval = NULL; 243 244 /* Convert the provided bind address list to raw format. */ 245 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 246 247 init.init_tag = htonl(asoc->c.my_vtag); 248 init.a_rwnd = htonl(asoc->rwnd); 249 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 250 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 251 init.initial_tsn = htonl(asoc->c.initial_tsn); 252 253 /* How many address types are needed? */ 254 sp = sctp_sk(asoc->base.sk); 255 num_types = sp->pf->supported_addrs(sp, types); 256 257 chunksize = sizeof(init) + addrs_len; 258 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 259 chunksize += sizeof(ecap_param); 260 261 if (net->sctp.prsctp_enable) 262 chunksize += sizeof(prsctp_param); 263 264 /* ADDIP: Section 4.2.7: 265 * An implementation supporting this extension [ADDIP] MUST list 266 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 267 * INIT-ACK parameters. 268 */ 269 if (net->sctp.addip_enable) { 270 extensions[num_ext] = SCTP_CID_ASCONF; 271 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 272 num_ext += 2; 273 } 274 275 if (sp->adaptation_ind) 276 chunksize += sizeof(aiparam); 277 278 chunksize += vparam_len; 279 280 /* Account for AUTH related parameters */ 281 if (net->sctp.auth_enable) { 282 /* Add random parameter length*/ 283 chunksize += sizeof(asoc->c.auth_random); 284 285 /* Add HMACS parameter length if any were defined */ 286 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 287 if (auth_hmacs->length) 288 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 289 else 290 auth_hmacs = NULL; 291 292 /* Add CHUNKS parameter length */ 293 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 294 if (auth_chunks->length) 295 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 296 else 297 auth_chunks = NULL; 298 299 extensions[num_ext] = SCTP_CID_AUTH; 300 num_ext += 1; 301 } 302 303 /* If we have any extensions to report, account for that */ 304 if (num_ext) 305 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 306 num_ext); 307 308 /* RFC 2960 3.3.2 Initiation (INIT) (1) 309 * 310 * Note 3: An INIT chunk MUST NOT contain more than one Host 311 * Name address parameter. Moreover, the sender of the INIT 312 * MUST NOT combine any other address types with the Host Name 313 * address in the INIT. The receiver of INIT MUST ignore any 314 * other address types if the Host Name address parameter is 315 * present in the received INIT chunk. 316 * 317 * PLEASE DO NOT FIXME [This version does not support Host Name.] 318 */ 319 320 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize); 321 if (!retval) 322 goto nodata; 323 324 retval->subh.init_hdr = 325 sctp_addto_chunk(retval, sizeof(init), &init); 326 retval->param_hdr.v = 327 sctp_addto_chunk(retval, addrs_len, addrs.v); 328 329 /* RFC 2960 3.3.2 Initiation (INIT) (1) 330 * 331 * Note 4: This parameter, when present, specifies all the 332 * address types the sending endpoint can support. The absence 333 * of this parameter indicates that the sending endpoint can 334 * support any address type. 335 */ 336 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 337 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 338 sctp_addto_chunk(retval, sizeof(sat), &sat); 339 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 340 341 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 342 343 /* Add the supported extensions parameter. Be nice and add this 344 * fist before addiding the parameters for the extensions themselves 345 */ 346 if (num_ext) { 347 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 348 ext_param.param_hdr.length = 349 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 350 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 351 &ext_param); 352 sctp_addto_param(retval, num_ext, extensions); 353 } 354 355 if (net->sctp.prsctp_enable) 356 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 357 358 if (sp->adaptation_ind) { 359 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 360 aiparam.param_hdr.length = htons(sizeof(aiparam)); 361 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 362 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 363 } 364 365 /* Add SCTP-AUTH chunks to the parameter list */ 366 if (net->sctp.auth_enable) { 367 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 368 asoc->c.auth_random); 369 if (auth_hmacs) 370 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 371 auth_hmacs); 372 if (auth_chunks) 373 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 374 auth_chunks); 375 } 376 nodata: 377 kfree(addrs.v); 378 return retval; 379 } 380 381 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 382 const struct sctp_chunk *chunk, 383 gfp_t gfp, int unkparam_len) 384 { 385 sctp_inithdr_t initack; 386 struct sctp_chunk *retval; 387 union sctp_params addrs; 388 struct sctp_sock *sp; 389 int addrs_len; 390 sctp_cookie_param_t *cookie; 391 int cookie_len; 392 size_t chunksize; 393 sctp_adaptation_ind_param_t aiparam; 394 sctp_supported_ext_param_t ext_param; 395 int num_ext = 0; 396 __u8 extensions[3]; 397 sctp_paramhdr_t *auth_chunks = NULL, 398 *auth_hmacs = NULL, 399 *auth_random = NULL; 400 401 retval = NULL; 402 403 /* Note: there may be no addresses to embed. */ 404 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 405 406 initack.init_tag = htonl(asoc->c.my_vtag); 407 initack.a_rwnd = htonl(asoc->rwnd); 408 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 409 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 410 initack.initial_tsn = htonl(asoc->c.initial_tsn); 411 412 /* FIXME: We really ought to build the cookie right 413 * into the packet instead of allocating more fresh memory. 414 */ 415 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 416 addrs.v, addrs_len); 417 if (!cookie) 418 goto nomem_cookie; 419 420 /* Calculate the total size of allocation, include the reserved 421 * space for reporting unknown parameters if it is specified. 422 */ 423 sp = sctp_sk(asoc->base.sk); 424 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 425 426 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 427 if (asoc->peer.ecn_capable) 428 chunksize += sizeof(ecap_param); 429 430 if (asoc->peer.prsctp_capable) 431 chunksize += sizeof(prsctp_param); 432 433 if (asoc->peer.asconf_capable) { 434 extensions[num_ext] = SCTP_CID_ASCONF; 435 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 436 num_ext += 2; 437 } 438 439 if (sp->adaptation_ind) 440 chunksize += sizeof(aiparam); 441 442 if (asoc->peer.auth_capable) { 443 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 444 chunksize += ntohs(auth_random->length); 445 446 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 447 if (auth_hmacs->length) 448 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 449 else 450 auth_hmacs = NULL; 451 452 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 453 if (auth_chunks->length) 454 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 455 else 456 auth_chunks = NULL; 457 458 extensions[num_ext] = SCTP_CID_AUTH; 459 num_ext += 1; 460 } 461 462 if (num_ext) 463 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 464 num_ext); 465 466 /* Now allocate and fill out the chunk. */ 467 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 468 if (!retval) 469 goto nomem_chunk; 470 471 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 472 * 473 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 474 * HEARTBEAT ACK, * etc.) to the same destination transport 475 * address from which it received the DATA or control chunk 476 * to which it is replying. 477 * 478 * [INIT ACK back to where the INIT came from.] 479 */ 480 retval->transport = chunk->transport; 481 482 retval->subh.init_hdr = 483 sctp_addto_chunk(retval, sizeof(initack), &initack); 484 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 485 sctp_addto_chunk(retval, cookie_len, cookie); 486 if (asoc->peer.ecn_capable) 487 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 488 if (num_ext) { 489 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 490 ext_param.param_hdr.length = 491 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 492 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 493 &ext_param); 494 sctp_addto_param(retval, num_ext, extensions); 495 } 496 if (asoc->peer.prsctp_capable) 497 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 498 499 if (sp->adaptation_ind) { 500 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 501 aiparam.param_hdr.length = htons(sizeof(aiparam)); 502 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 503 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 504 } 505 506 if (asoc->peer.auth_capable) { 507 sctp_addto_chunk(retval, ntohs(auth_random->length), 508 auth_random); 509 if (auth_hmacs) 510 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 511 auth_hmacs); 512 if (auth_chunks) 513 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 514 auth_chunks); 515 } 516 517 /* We need to remove the const qualifier at this point. */ 518 retval->asoc = (struct sctp_association *) asoc; 519 520 nomem_chunk: 521 kfree(cookie); 522 nomem_cookie: 523 kfree(addrs.v); 524 return retval; 525 } 526 527 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 528 * 529 * This chunk is used only during the initialization of an association. 530 * It is sent by the initiator of an association to its peer to complete 531 * the initialization process. This chunk MUST precede any DATA chunk 532 * sent within the association, but MAY be bundled with one or more DATA 533 * chunks in the same packet. 534 * 535 * 0 1 2 3 536 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 537 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 538 * | Type = 10 |Chunk Flags | Length | 539 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 540 * / Cookie / 541 * \ \ 542 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 543 * 544 * Chunk Flags: 8 bit 545 * 546 * Set to zero on transmit and ignored on receipt. 547 * 548 * Length: 16 bits (unsigned integer) 549 * 550 * Set to the size of the chunk in bytes, including the 4 bytes of 551 * the chunk header and the size of the Cookie. 552 * 553 * Cookie: variable size 554 * 555 * This field must contain the exact cookie received in the 556 * State Cookie parameter from the previous INIT ACK. 557 * 558 * An implementation SHOULD make the cookie as small as possible 559 * to insure interoperability. 560 */ 561 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 562 const struct sctp_chunk *chunk) 563 { 564 struct sctp_chunk *retval; 565 void *cookie; 566 int cookie_len; 567 568 cookie = asoc->peer.cookie; 569 cookie_len = asoc->peer.cookie_len; 570 571 /* Build a cookie echo chunk. */ 572 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 573 if (!retval) 574 goto nodata; 575 retval->subh.cookie_hdr = 576 sctp_addto_chunk(retval, cookie_len, cookie); 577 578 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 579 * 580 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 581 * HEARTBEAT ACK, * etc.) to the same destination transport 582 * address from which it * received the DATA or control chunk 583 * to which it is replying. 584 * 585 * [COOKIE ECHO back to where the INIT ACK came from.] 586 */ 587 if (chunk) 588 retval->transport = chunk->transport; 589 590 nodata: 591 return retval; 592 } 593 594 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 595 * 596 * This chunk is used only during the initialization of an 597 * association. It is used to acknowledge the receipt of a COOKIE 598 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 599 * within the association, but MAY be bundled with one or more DATA 600 * chunks or SACK chunk in the same SCTP packet. 601 * 602 * 0 1 2 3 603 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 604 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 * | Type = 11 |Chunk Flags | Length = 4 | 606 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 607 * 608 * Chunk Flags: 8 bits 609 * 610 * Set to zero on transmit and ignored on receipt. 611 */ 612 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 613 const struct sctp_chunk *chunk) 614 { 615 struct sctp_chunk *retval; 616 617 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 618 619 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 620 * 621 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 622 * HEARTBEAT ACK, * etc.) to the same destination transport 623 * address from which it * received the DATA or control chunk 624 * to which it is replying. 625 * 626 * [COOKIE ACK back to where the COOKIE ECHO came from.] 627 */ 628 if (retval && chunk) 629 retval->transport = chunk->transport; 630 631 return retval; 632 } 633 634 /* 635 * Appendix A: Explicit Congestion Notification: 636 * CWR: 637 * 638 * RFC 2481 details a specific bit for a sender to send in the header of 639 * its next outbound TCP segment to indicate to its peer that it has 640 * reduced its congestion window. This is termed the CWR bit. For 641 * SCTP the same indication is made by including the CWR chunk. 642 * This chunk contains one data element, i.e. the TSN number that 643 * was sent in the ECNE chunk. This element represents the lowest 644 * TSN number in the datagram that was originally marked with the 645 * CE bit. 646 * 647 * 0 1 2 3 648 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 649 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 650 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 651 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 652 * | Lowest TSN Number | 653 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 654 * 655 * Note: The CWR is considered a Control chunk. 656 */ 657 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 658 const __u32 lowest_tsn, 659 const struct sctp_chunk *chunk) 660 { 661 struct sctp_chunk *retval; 662 sctp_cwrhdr_t cwr; 663 664 cwr.lowest_tsn = htonl(lowest_tsn); 665 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 666 sizeof(sctp_cwrhdr_t)); 667 668 if (!retval) 669 goto nodata; 670 671 retval->subh.ecn_cwr_hdr = 672 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 673 674 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 675 * 676 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 677 * HEARTBEAT ACK, * etc.) to the same destination transport 678 * address from which it * received the DATA or control chunk 679 * to which it is replying. 680 * 681 * [Report a reduced congestion window back to where the ECNE 682 * came from.] 683 */ 684 if (chunk) 685 retval->transport = chunk->transport; 686 687 nodata: 688 return retval; 689 } 690 691 /* Make an ECNE chunk. This is a congestion experienced report. */ 692 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 693 const __u32 lowest_tsn) 694 { 695 struct sctp_chunk *retval; 696 sctp_ecnehdr_t ecne; 697 698 ecne.lowest_tsn = htonl(lowest_tsn); 699 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 700 sizeof(sctp_ecnehdr_t)); 701 if (!retval) 702 goto nodata; 703 retval->subh.ecne_hdr = 704 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 705 706 nodata: 707 return retval; 708 } 709 710 /* Make a DATA chunk for the given association from the provided 711 * parameters. However, do not populate the data payload. 712 */ 713 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 714 const struct sctp_sndrcvinfo *sinfo, 715 int data_len, __u8 flags, __u16 ssn) 716 { 717 struct sctp_chunk *retval; 718 struct sctp_datahdr dp; 719 int chunk_len; 720 721 /* We assign the TSN as LATE as possible, not here when 722 * creating the chunk. 723 */ 724 dp.tsn = 0; 725 dp.stream = htons(sinfo->sinfo_stream); 726 dp.ppid = sinfo->sinfo_ppid; 727 728 /* Set the flags for an unordered send. */ 729 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 730 flags |= SCTP_DATA_UNORDERED; 731 dp.ssn = 0; 732 } else 733 dp.ssn = htons(ssn); 734 735 chunk_len = sizeof(dp) + data_len; 736 retval = sctp_make_data(asoc, flags, chunk_len); 737 if (!retval) 738 goto nodata; 739 740 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 741 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 742 743 nodata: 744 return retval; 745 } 746 747 /* Create a selective ackowledgement (SACK) for the given 748 * association. This reports on which TSN's we've seen to date, 749 * including duplicates and gaps. 750 */ 751 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 752 { 753 struct sctp_chunk *retval; 754 struct sctp_sackhdr sack; 755 int len; 756 __u32 ctsn; 757 __u16 num_gabs, num_dup_tsns; 758 struct sctp_association *aptr = (struct sctp_association *)asoc; 759 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 760 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 761 struct sctp_transport *trans; 762 763 memset(gabs, 0, sizeof(gabs)); 764 ctsn = sctp_tsnmap_get_ctsn(map); 765 766 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 767 768 /* How much room is needed in the chunk? */ 769 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 770 num_dup_tsns = sctp_tsnmap_num_dups(map); 771 772 /* Initialize the SACK header. */ 773 sack.cum_tsn_ack = htonl(ctsn); 774 sack.a_rwnd = htonl(asoc->a_rwnd); 775 sack.num_gap_ack_blocks = htons(num_gabs); 776 sack.num_dup_tsns = htons(num_dup_tsns); 777 778 len = sizeof(sack) 779 + sizeof(struct sctp_gap_ack_block) * num_gabs 780 + sizeof(__u32) * num_dup_tsns; 781 782 /* Create the chunk. */ 783 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len); 784 if (!retval) 785 goto nodata; 786 787 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 788 * 789 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 790 * HEARTBEAT ACK, etc.) to the same destination transport 791 * address from which it received the DATA or control chunk to 792 * which it is replying. This rule should also be followed if 793 * the endpoint is bundling DATA chunks together with the 794 * reply chunk. 795 * 796 * However, when acknowledging multiple DATA chunks received 797 * in packets from different source addresses in a single 798 * SACK, the SACK chunk may be transmitted to one of the 799 * destination transport addresses from which the DATA or 800 * control chunks being acknowledged were received. 801 * 802 * [BUG: We do not implement the following paragraph. 803 * Perhaps we should remember the last transport we used for a 804 * SACK and avoid that (if possible) if we have seen any 805 * duplicates. --piggy] 806 * 807 * When a receiver of a duplicate DATA chunk sends a SACK to a 808 * multi- homed endpoint it MAY be beneficial to vary the 809 * destination address and not use the source address of the 810 * DATA chunk. The reason being that receiving a duplicate 811 * from a multi-homed endpoint might indicate that the return 812 * path (as specified in the source address of the DATA chunk) 813 * for the SACK is broken. 814 * 815 * [Send to the address from which we last received a DATA chunk.] 816 */ 817 retval->transport = asoc->peer.last_data_from; 818 819 retval->subh.sack_hdr = 820 sctp_addto_chunk(retval, sizeof(sack), &sack); 821 822 /* Add the gap ack block information. */ 823 if (num_gabs) 824 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 825 gabs); 826 827 /* Add the duplicate TSN information. */ 828 if (num_dup_tsns) { 829 aptr->stats.idupchunks += num_dup_tsns; 830 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 831 sctp_tsnmap_get_dups(map)); 832 } 833 /* Once we have a sack generated, check to see what our sack 834 * generation is, if its 0, reset the transports to 0, and reset 835 * the association generation to 1 836 * 837 * The idea is that zero is never used as a valid generation for the 838 * association so no transport will match after a wrap event like this, 839 * Until the next sack 840 */ 841 if (++aptr->peer.sack_generation == 0) { 842 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 843 transports) 844 trans->sack_generation = 0; 845 aptr->peer.sack_generation = 1; 846 } 847 nodata: 848 return retval; 849 } 850 851 /* Make a SHUTDOWN chunk. */ 852 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 853 const struct sctp_chunk *chunk) 854 { 855 struct sctp_chunk *retval; 856 sctp_shutdownhdr_t shut; 857 __u32 ctsn; 858 859 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 860 shut.cum_tsn_ack = htonl(ctsn); 861 862 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 863 sizeof(sctp_shutdownhdr_t)); 864 if (!retval) 865 goto nodata; 866 867 retval->subh.shutdown_hdr = 868 sctp_addto_chunk(retval, sizeof(shut), &shut); 869 870 if (chunk) 871 retval->transport = chunk->transport; 872 nodata: 873 return retval; 874 } 875 876 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 877 const struct sctp_chunk *chunk) 878 { 879 struct sctp_chunk *retval; 880 881 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 882 883 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 884 * 885 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 886 * HEARTBEAT ACK, * etc.) to the same destination transport 887 * address from which it * received the DATA or control chunk 888 * to which it is replying. 889 * 890 * [ACK back to where the SHUTDOWN came from.] 891 */ 892 if (retval && chunk) 893 retval->transport = chunk->transport; 894 895 return retval; 896 } 897 898 struct sctp_chunk *sctp_make_shutdown_complete( 899 const struct sctp_association *asoc, 900 const struct sctp_chunk *chunk) 901 { 902 struct sctp_chunk *retval; 903 __u8 flags = 0; 904 905 /* Set the T-bit if we have no association (vtag will be 906 * reflected) 907 */ 908 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 909 910 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 911 912 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 913 * 914 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 915 * HEARTBEAT ACK, * etc.) to the same destination transport 916 * address from which it * received the DATA or control chunk 917 * to which it is replying. 918 * 919 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 920 * came from.] 921 */ 922 if (retval && chunk) 923 retval->transport = chunk->transport; 924 925 return retval; 926 } 927 928 /* Create an ABORT. Note that we set the T bit if we have no 929 * association, except when responding to an INIT (sctpimpguide 2.41). 930 */ 931 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 932 const struct sctp_chunk *chunk, 933 const size_t hint) 934 { 935 struct sctp_chunk *retval; 936 __u8 flags = 0; 937 938 /* Set the T-bit if we have no association and 'chunk' is not 939 * an INIT (vtag will be reflected). 940 */ 941 if (!asoc) { 942 if (chunk && chunk->chunk_hdr && 943 chunk->chunk_hdr->type == SCTP_CID_INIT) 944 flags = 0; 945 else 946 flags = SCTP_CHUNK_FLAG_T; 947 } 948 949 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint); 950 951 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 952 * 953 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 954 * HEARTBEAT ACK, * etc.) to the same destination transport 955 * address from which it * received the DATA or control chunk 956 * to which it is replying. 957 * 958 * [ABORT back to where the offender came from.] 959 */ 960 if (retval && chunk) 961 retval->transport = chunk->transport; 962 963 return retval; 964 } 965 966 /* Helper to create ABORT with a NO_USER_DATA error. */ 967 struct sctp_chunk *sctp_make_abort_no_data( 968 const struct sctp_association *asoc, 969 const struct sctp_chunk *chunk, __u32 tsn) 970 { 971 struct sctp_chunk *retval; 972 __be32 payload; 973 974 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 975 + sizeof(tsn)); 976 977 if (!retval) 978 goto no_mem; 979 980 /* Put the tsn back into network byte order. */ 981 payload = htonl(tsn); 982 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 983 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 984 985 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 986 * 987 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 988 * HEARTBEAT ACK, * etc.) to the same destination transport 989 * address from which it * received the DATA or control chunk 990 * to which it is replying. 991 * 992 * [ABORT back to where the offender came from.] 993 */ 994 if (chunk) 995 retval->transport = chunk->transport; 996 997 no_mem: 998 return retval; 999 } 1000 1001 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1002 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1003 const struct msghdr *msg, 1004 size_t paylen) 1005 { 1006 struct sctp_chunk *retval; 1007 void *payload = NULL; 1008 int err; 1009 1010 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 1011 if (!retval) 1012 goto err_chunk; 1013 1014 if (paylen) { 1015 /* Put the msg_iov together into payload. */ 1016 payload = kmalloc(paylen, GFP_KERNEL); 1017 if (!payload) 1018 goto err_payload; 1019 1020 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 1021 if (err < 0) 1022 goto err_copy; 1023 } 1024 1025 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1026 sctp_addto_chunk(retval, paylen, payload); 1027 1028 if (paylen) 1029 kfree(payload); 1030 1031 return retval; 1032 1033 err_copy: 1034 kfree(payload); 1035 err_payload: 1036 sctp_chunk_free(retval); 1037 retval = NULL; 1038 err_chunk: 1039 return retval; 1040 } 1041 1042 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1043 * enough. 1044 */ 1045 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1046 const void *data) 1047 { 1048 void *target; 1049 int chunklen = ntohs(chunk->chunk_hdr->length); 1050 1051 target = skb_put(chunk->skb, len); 1052 1053 if (data) 1054 memcpy(target, data, len); 1055 else 1056 memset(target, 0, len); 1057 1058 /* Adjust the chunk length field. */ 1059 chunk->chunk_hdr->length = htons(chunklen + len); 1060 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1061 1062 return target; 1063 } 1064 1065 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1066 struct sctp_chunk *sctp_make_abort_violation( 1067 const struct sctp_association *asoc, 1068 const struct sctp_chunk *chunk, 1069 const __u8 *payload, 1070 const size_t paylen) 1071 { 1072 struct sctp_chunk *retval; 1073 struct sctp_paramhdr phdr; 1074 1075 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1076 + sizeof(sctp_paramhdr_t)); 1077 if (!retval) 1078 goto end; 1079 1080 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1081 + sizeof(sctp_paramhdr_t)); 1082 1083 phdr.type = htons(chunk->chunk_hdr->type); 1084 phdr.length = chunk->chunk_hdr->length; 1085 sctp_addto_chunk(retval, paylen, payload); 1086 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1087 1088 end: 1089 return retval; 1090 } 1091 1092 struct sctp_chunk *sctp_make_violation_paramlen( 1093 const struct sctp_association *asoc, 1094 const struct sctp_chunk *chunk, 1095 struct sctp_paramhdr *param) 1096 { 1097 struct sctp_chunk *retval; 1098 static const char error[] = "The following parameter had invalid length:"; 1099 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1100 sizeof(sctp_paramhdr_t); 1101 1102 retval = sctp_make_abort(asoc, chunk, payload_len); 1103 if (!retval) 1104 goto nodata; 1105 1106 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1107 sizeof(error) + sizeof(sctp_paramhdr_t)); 1108 sctp_addto_chunk(retval, sizeof(error), error); 1109 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1110 1111 nodata: 1112 return retval; 1113 } 1114 1115 struct sctp_chunk *sctp_make_violation_max_retrans( 1116 const struct sctp_association *asoc, 1117 const struct sctp_chunk *chunk) 1118 { 1119 struct sctp_chunk *retval; 1120 static const char error[] = "Association exceeded its max_retans count"; 1121 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1122 1123 retval = sctp_make_abort(asoc, chunk, payload_len); 1124 if (!retval) 1125 goto nodata; 1126 1127 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1128 sctp_addto_chunk(retval, sizeof(error), error); 1129 1130 nodata: 1131 return retval; 1132 } 1133 1134 /* Make a HEARTBEAT chunk. */ 1135 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1136 const struct sctp_transport *transport) 1137 { 1138 struct sctp_chunk *retval; 1139 sctp_sender_hb_info_t hbinfo; 1140 1141 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo)); 1142 1143 if (!retval) 1144 goto nodata; 1145 1146 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1147 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1148 hbinfo.daddr = transport->ipaddr; 1149 hbinfo.sent_at = jiffies; 1150 hbinfo.hb_nonce = transport->hb_nonce; 1151 1152 /* Cast away the 'const', as this is just telling the chunk 1153 * what transport it belongs to. 1154 */ 1155 retval->transport = (struct sctp_transport *) transport; 1156 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1157 &hbinfo); 1158 1159 nodata: 1160 return retval; 1161 } 1162 1163 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1164 const struct sctp_chunk *chunk, 1165 const void *payload, const size_t paylen) 1166 { 1167 struct sctp_chunk *retval; 1168 1169 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1170 if (!retval) 1171 goto nodata; 1172 1173 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1174 1175 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1176 * 1177 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1178 * HEARTBEAT ACK, * etc.) to the same destination transport 1179 * address from which it * received the DATA or control chunk 1180 * to which it is replying. 1181 * 1182 * [HBACK back to where the HEARTBEAT came from.] 1183 */ 1184 if (chunk) 1185 retval->transport = chunk->transport; 1186 1187 nodata: 1188 return retval; 1189 } 1190 1191 /* Create an Operation Error chunk with the specified space reserved. 1192 * This routine can be used for containing multiple causes in the chunk. 1193 */ 1194 static struct sctp_chunk *sctp_make_op_error_space( 1195 const struct sctp_association *asoc, 1196 const struct sctp_chunk *chunk, 1197 size_t size) 1198 { 1199 struct sctp_chunk *retval; 1200 1201 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1202 sizeof(sctp_errhdr_t) + size); 1203 if (!retval) 1204 goto nodata; 1205 1206 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1207 * 1208 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1209 * HEARTBEAT ACK, etc.) to the same destination transport 1210 * address from which it received the DATA or control chunk 1211 * to which it is replying. 1212 * 1213 */ 1214 if (chunk) 1215 retval->transport = chunk->transport; 1216 1217 nodata: 1218 return retval; 1219 } 1220 1221 /* Create an Operation Error chunk of a fixed size, 1222 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1223 * This is a helper function to allocate an error chunk for 1224 * for those invalid parameter codes in which we may not want 1225 * to report all the errors, if the incoming chunk is large 1226 */ 1227 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1228 const struct sctp_association *asoc, 1229 const struct sctp_chunk *chunk) 1230 { 1231 size_t size = asoc ? asoc->pathmtu : 0; 1232 1233 if (!size) 1234 size = SCTP_DEFAULT_MAXSEGMENT; 1235 1236 return sctp_make_op_error_space(asoc, chunk, size); 1237 } 1238 1239 /* Create an Operation Error chunk. */ 1240 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1241 const struct sctp_chunk *chunk, 1242 __be16 cause_code, const void *payload, 1243 size_t paylen, size_t reserve_tail) 1244 { 1245 struct sctp_chunk *retval; 1246 1247 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1248 if (!retval) 1249 goto nodata; 1250 1251 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1252 sctp_addto_chunk(retval, paylen, payload); 1253 if (reserve_tail) 1254 sctp_addto_param(retval, reserve_tail, NULL); 1255 1256 nodata: 1257 return retval; 1258 } 1259 1260 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1261 { 1262 struct sctp_chunk *retval; 1263 struct sctp_hmac *hmac_desc; 1264 struct sctp_authhdr auth_hdr; 1265 __u8 *hmac; 1266 1267 /* Get the first hmac that the peer told us to use */ 1268 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1269 if (unlikely(!hmac_desc)) 1270 return NULL; 1271 1272 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1273 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1274 if (!retval) 1275 return NULL; 1276 1277 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1278 auth_hdr.shkey_id = htons(asoc->active_key_id); 1279 1280 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1281 &auth_hdr); 1282 1283 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1284 memset(hmac, 0, hmac_desc->hmac_len); 1285 1286 /* Adjust the chunk header to include the empty MAC */ 1287 retval->chunk_hdr->length = 1288 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1289 retval->chunk_end = skb_tail_pointer(retval->skb); 1290 1291 return retval; 1292 } 1293 1294 1295 /******************************************************************** 1296 * 2nd Level Abstractions 1297 ********************************************************************/ 1298 1299 /* Turn an skb into a chunk. 1300 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1301 * 1302 * sctpimpguide-05.txt Section 2.8.2 1303 * M1) Each time a new DATA chunk is transmitted 1304 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1305 * 'TSN.Missing.Report' count will be used to determine missing chunks 1306 * and when to fast retransmit. 1307 * 1308 */ 1309 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1310 const struct sctp_association *asoc, 1311 struct sock *sk) 1312 { 1313 struct sctp_chunk *retval; 1314 1315 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1316 1317 if (!retval) 1318 goto nodata; 1319 if (!sk) 1320 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1321 1322 INIT_LIST_HEAD(&retval->list); 1323 retval->skb = skb; 1324 retval->asoc = (struct sctp_association *)asoc; 1325 retval->singleton = 1; 1326 1327 retval->fast_retransmit = SCTP_CAN_FRTX; 1328 1329 /* Polish the bead hole. */ 1330 INIT_LIST_HEAD(&retval->transmitted_list); 1331 INIT_LIST_HEAD(&retval->frag_list); 1332 SCTP_DBG_OBJCNT_INC(chunk); 1333 atomic_set(&retval->refcnt, 1); 1334 1335 nodata: 1336 return retval; 1337 } 1338 1339 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1340 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1341 union sctp_addr *dest) 1342 { 1343 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1344 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1345 } 1346 1347 /* Extract the source address from a chunk. */ 1348 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1349 { 1350 /* If we have a known transport, use that. */ 1351 if (chunk->transport) { 1352 return &chunk->transport->ipaddr; 1353 } else { 1354 /* Otherwise, extract it from the IP header. */ 1355 return &chunk->source; 1356 } 1357 } 1358 1359 /* Create a new chunk, setting the type and flags headers from the 1360 * arguments, reserving enough space for a 'paylen' byte payload. 1361 */ 1362 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1363 __u8 type, __u8 flags, int paylen) 1364 { 1365 struct sctp_chunk *retval; 1366 sctp_chunkhdr_t *chunk_hdr; 1367 struct sk_buff *skb; 1368 struct sock *sk; 1369 1370 /* No need to allocate LL here, as this is only a chunk. */ 1371 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1372 GFP_ATOMIC); 1373 if (!skb) 1374 goto nodata; 1375 1376 /* Make room for the chunk header. */ 1377 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1378 chunk_hdr->type = type; 1379 chunk_hdr->flags = flags; 1380 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1381 1382 sk = asoc ? asoc->base.sk : NULL; 1383 retval = sctp_chunkify(skb, asoc, sk); 1384 if (!retval) { 1385 kfree_skb(skb); 1386 goto nodata; 1387 } 1388 1389 retval->chunk_hdr = chunk_hdr; 1390 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1391 1392 /* Determine if the chunk needs to be authenticated */ 1393 if (sctp_auth_send_cid(type, asoc)) 1394 retval->auth = 1; 1395 1396 return retval; 1397 nodata: 1398 return NULL; 1399 } 1400 1401 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1402 __u8 flags, int paylen) 1403 { 1404 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen); 1405 } 1406 1407 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1408 __u8 type, __u8 flags, int paylen) 1409 { 1410 struct sctp_chunk *chunk = _sctp_make_chunk(asoc, type, flags, paylen); 1411 1412 if (chunk) 1413 sctp_control_set_owner_w(chunk); 1414 1415 return chunk; 1416 } 1417 1418 /* Release the memory occupied by a chunk. */ 1419 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1420 { 1421 BUG_ON(!list_empty(&chunk->list)); 1422 list_del_init(&chunk->transmitted_list); 1423 1424 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1425 dev_kfree_skb(chunk->skb); 1426 1427 SCTP_DBG_OBJCNT_DEC(chunk); 1428 kmem_cache_free(sctp_chunk_cachep, chunk); 1429 } 1430 1431 /* Possibly, free the chunk. */ 1432 void sctp_chunk_free(struct sctp_chunk *chunk) 1433 { 1434 /* Release our reference on the message tracker. */ 1435 if (chunk->msg) 1436 sctp_datamsg_put(chunk->msg); 1437 1438 sctp_chunk_put(chunk); 1439 } 1440 1441 /* Grab a reference to the chunk. */ 1442 void sctp_chunk_hold(struct sctp_chunk *ch) 1443 { 1444 atomic_inc(&ch->refcnt); 1445 } 1446 1447 /* Release a reference to the chunk. */ 1448 void sctp_chunk_put(struct sctp_chunk *ch) 1449 { 1450 if (atomic_dec_and_test(&ch->refcnt)) 1451 sctp_chunk_destroy(ch); 1452 } 1453 1454 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1455 * enough. 1456 */ 1457 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1458 { 1459 void *target; 1460 void *padding; 1461 int chunklen = ntohs(chunk->chunk_hdr->length); 1462 int padlen = WORD_ROUND(chunklen) - chunklen; 1463 1464 padding = skb_put(chunk->skb, padlen); 1465 target = skb_put(chunk->skb, len); 1466 1467 memset(padding, 0, padlen); 1468 memcpy(target, data, len); 1469 1470 /* Adjust the chunk length field. */ 1471 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1472 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1473 1474 return target; 1475 } 1476 1477 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1478 * space in the chunk 1479 */ 1480 static void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1481 int len, const void *data) 1482 { 1483 if (skb_tailroom(chunk->skb) >= len) 1484 return sctp_addto_chunk(chunk, len, data); 1485 else 1486 return NULL; 1487 } 1488 1489 /* Append bytes from user space to the end of a chunk. Will panic if 1490 * chunk is not big enough. 1491 * Returns a kernel err value. 1492 */ 1493 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1494 struct iovec *data) 1495 { 1496 __u8 *target; 1497 int err = 0; 1498 1499 /* Make room in chunk for data. */ 1500 target = skb_put(chunk->skb, len); 1501 1502 /* Copy data (whole iovec) into chunk */ 1503 if ((err = memcpy_fromiovecend(target, data, off, len))) 1504 goto out; 1505 1506 /* Adjust the chunk length field. */ 1507 chunk->chunk_hdr->length = 1508 htons(ntohs(chunk->chunk_hdr->length) + len); 1509 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1510 1511 out: 1512 return err; 1513 } 1514 1515 /* Helper function to assign a TSN if needed. This assumes that both 1516 * the data_hdr and association have already been assigned. 1517 */ 1518 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1519 { 1520 struct sctp_datamsg *msg; 1521 struct sctp_chunk *lchunk; 1522 struct sctp_stream *stream; 1523 __u16 ssn; 1524 __u16 sid; 1525 1526 if (chunk->has_ssn) 1527 return; 1528 1529 /* All fragments will be on the same stream */ 1530 sid = ntohs(chunk->subh.data_hdr->stream); 1531 stream = &chunk->asoc->ssnmap->out; 1532 1533 /* Now assign the sequence number to the entire message. 1534 * All fragments must have the same stream sequence number. 1535 */ 1536 msg = chunk->msg; 1537 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1538 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1539 ssn = 0; 1540 } else { 1541 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1542 ssn = sctp_ssn_next(stream, sid); 1543 else 1544 ssn = sctp_ssn_peek(stream, sid); 1545 } 1546 1547 lchunk->subh.data_hdr->ssn = htons(ssn); 1548 lchunk->has_ssn = 1; 1549 } 1550 } 1551 1552 /* Helper function to assign a TSN if needed. This assumes that both 1553 * the data_hdr and association have already been assigned. 1554 */ 1555 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1556 { 1557 if (!chunk->has_tsn) { 1558 /* This is the last possible instant to 1559 * assign a TSN. 1560 */ 1561 chunk->subh.data_hdr->tsn = 1562 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1563 chunk->has_tsn = 1; 1564 } 1565 } 1566 1567 /* Create a CLOSED association to use with an incoming packet. */ 1568 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1569 struct sctp_chunk *chunk, 1570 gfp_t gfp) 1571 { 1572 struct sctp_association *asoc; 1573 struct sk_buff *skb; 1574 sctp_scope_t scope; 1575 struct sctp_af *af; 1576 1577 /* Create the bare association. */ 1578 scope = sctp_scope(sctp_source(chunk)); 1579 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1580 if (!asoc) 1581 goto nodata; 1582 asoc->temp = 1; 1583 skb = chunk->skb; 1584 /* Create an entry for the source address of the packet. */ 1585 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1586 if (unlikely(!af)) 1587 goto fail; 1588 af->from_skb(&asoc->c.peer_addr, skb, 1); 1589 nodata: 1590 return asoc; 1591 1592 fail: 1593 sctp_association_free(asoc); 1594 return NULL; 1595 } 1596 1597 /* Build a cookie representing asoc. 1598 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1599 */ 1600 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1601 const struct sctp_association *asoc, 1602 const struct sctp_chunk *init_chunk, 1603 int *cookie_len, 1604 const __u8 *raw_addrs, int addrs_len) 1605 { 1606 sctp_cookie_param_t *retval; 1607 struct sctp_signed_cookie *cookie; 1608 struct scatterlist sg; 1609 int headersize, bodysize; 1610 1611 /* Header size is static data prior to the actual cookie, including 1612 * any padding. 1613 */ 1614 headersize = sizeof(sctp_paramhdr_t) + 1615 (sizeof(struct sctp_signed_cookie) - 1616 sizeof(struct sctp_cookie)); 1617 bodysize = sizeof(struct sctp_cookie) 1618 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1619 1620 /* Pad out the cookie to a multiple to make the signature 1621 * functions simpler to write. 1622 */ 1623 if (bodysize % SCTP_COOKIE_MULTIPLE) 1624 bodysize += SCTP_COOKIE_MULTIPLE 1625 - (bodysize % SCTP_COOKIE_MULTIPLE); 1626 *cookie_len = headersize + bodysize; 1627 1628 /* Clear this memory since we are sending this data structure 1629 * out on the network. 1630 */ 1631 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1632 if (!retval) 1633 goto nodata; 1634 1635 cookie = (struct sctp_signed_cookie *) retval->body; 1636 1637 /* Set up the parameter header. */ 1638 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1639 retval->p.length = htons(*cookie_len); 1640 1641 /* Copy the cookie part of the association itself. */ 1642 cookie->c = asoc->c; 1643 /* Save the raw address list length in the cookie. */ 1644 cookie->c.raw_addr_list_len = addrs_len; 1645 1646 /* Remember PR-SCTP capability. */ 1647 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1648 1649 /* Save adaptation indication in the cookie. */ 1650 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1651 1652 /* Set an expiration time for the cookie. */ 1653 cookie->c.expiration = ktime_add(asoc->cookie_life, 1654 ktime_get()); 1655 1656 /* Copy the peer's init packet. */ 1657 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1658 ntohs(init_chunk->chunk_hdr->length)); 1659 1660 /* Copy the raw local address list of the association. */ 1661 memcpy((__u8 *)&cookie->c.peer_init[0] + 1662 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1663 1664 if (sctp_sk(ep->base.sk)->hmac) { 1665 struct hash_desc desc; 1666 1667 /* Sign the message. */ 1668 sg_init_one(&sg, &cookie->c, bodysize); 1669 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1670 desc.flags = 0; 1671 1672 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1673 sizeof(ep->secret_key)) || 1674 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1675 goto free_cookie; 1676 } 1677 1678 return retval; 1679 1680 free_cookie: 1681 kfree(retval); 1682 nodata: 1683 *cookie_len = 0; 1684 return NULL; 1685 } 1686 1687 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1688 struct sctp_association *sctp_unpack_cookie( 1689 const struct sctp_endpoint *ep, 1690 const struct sctp_association *asoc, 1691 struct sctp_chunk *chunk, gfp_t gfp, 1692 int *error, struct sctp_chunk **errp) 1693 { 1694 struct sctp_association *retval = NULL; 1695 struct sctp_signed_cookie *cookie; 1696 struct sctp_cookie *bear_cookie; 1697 int headersize, bodysize, fixed_size; 1698 __u8 *digest = ep->digest; 1699 struct scatterlist sg; 1700 unsigned int len; 1701 sctp_scope_t scope; 1702 struct sk_buff *skb = chunk->skb; 1703 ktime_t kt; 1704 struct hash_desc desc; 1705 1706 /* Header size is static data prior to the actual cookie, including 1707 * any padding. 1708 */ 1709 headersize = sizeof(sctp_chunkhdr_t) + 1710 (sizeof(struct sctp_signed_cookie) - 1711 sizeof(struct sctp_cookie)); 1712 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1713 fixed_size = headersize + sizeof(struct sctp_cookie); 1714 1715 /* Verify that the chunk looks like it even has a cookie. 1716 * There must be enough room for our cookie and our peer's 1717 * INIT chunk. 1718 */ 1719 len = ntohs(chunk->chunk_hdr->length); 1720 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1721 goto malformed; 1722 1723 /* Verify that the cookie has been padded out. */ 1724 if (bodysize % SCTP_COOKIE_MULTIPLE) 1725 goto malformed; 1726 1727 /* Process the cookie. */ 1728 cookie = chunk->subh.cookie_hdr; 1729 bear_cookie = &cookie->c; 1730 1731 if (!sctp_sk(ep->base.sk)->hmac) 1732 goto no_hmac; 1733 1734 /* Check the signature. */ 1735 sg_init_one(&sg, bear_cookie, bodysize); 1736 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1737 desc.flags = 0; 1738 1739 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1740 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1741 sizeof(ep->secret_key)) || 1742 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1743 *error = -SCTP_IERROR_NOMEM; 1744 goto fail; 1745 } 1746 1747 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1748 *error = -SCTP_IERROR_BAD_SIG; 1749 goto fail; 1750 } 1751 1752 no_hmac: 1753 /* IG Section 2.35.2: 1754 * 3) Compare the port numbers and the verification tag contained 1755 * within the COOKIE ECHO chunk to the actual port numbers and the 1756 * verification tag within the SCTP common header of the received 1757 * packet. If these values do not match the packet MUST be silently 1758 * discarded, 1759 */ 1760 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1761 *error = -SCTP_IERROR_BAD_TAG; 1762 goto fail; 1763 } 1764 1765 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1766 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1767 *error = -SCTP_IERROR_BAD_PORTS; 1768 goto fail; 1769 } 1770 1771 /* Check to see if the cookie is stale. If there is already 1772 * an association, there is no need to check cookie's expiration 1773 * for init collision case of lost COOKIE ACK. 1774 * If skb has been timestamped, then use the stamp, otherwise 1775 * use current time. This introduces a small possibility that 1776 * that a cookie may be considered expired, but his would only slow 1777 * down the new association establishment instead of every packet. 1778 */ 1779 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1780 kt = skb_get_ktime(skb); 1781 else 1782 kt = ktime_get(); 1783 1784 if (!asoc && ktime_compare(bear_cookie->expiration, kt) < 0) { 1785 /* 1786 * Section 3.3.10.3 Stale Cookie Error (3) 1787 * 1788 * Cause of error 1789 * --------------- 1790 * Stale Cookie Error: Indicates the receipt of a valid State 1791 * Cookie that has expired. 1792 */ 1793 len = ntohs(chunk->chunk_hdr->length); 1794 *errp = sctp_make_op_error_space(asoc, chunk, len); 1795 if (*errp) { 1796 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1797 __be32 n = htonl(usecs); 1798 1799 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1800 sizeof(n)); 1801 sctp_addto_chunk(*errp, sizeof(n), &n); 1802 *error = -SCTP_IERROR_STALE_COOKIE; 1803 } else 1804 *error = -SCTP_IERROR_NOMEM; 1805 1806 goto fail; 1807 } 1808 1809 /* Make a new base association. */ 1810 scope = sctp_scope(sctp_source(chunk)); 1811 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1812 if (!retval) { 1813 *error = -SCTP_IERROR_NOMEM; 1814 goto fail; 1815 } 1816 1817 /* Set up our peer's port number. */ 1818 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1819 1820 /* Populate the association from the cookie. */ 1821 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1822 1823 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1824 GFP_ATOMIC) < 0) { 1825 *error = -SCTP_IERROR_NOMEM; 1826 goto fail; 1827 } 1828 1829 /* Also, add the destination address. */ 1830 if (list_empty(&retval->base.bind_addr.address_list)) { 1831 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1832 SCTP_ADDR_SRC, GFP_ATOMIC); 1833 } 1834 1835 retval->next_tsn = retval->c.initial_tsn; 1836 retval->ctsn_ack_point = retval->next_tsn - 1; 1837 retval->addip_serial = retval->c.initial_tsn; 1838 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1839 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1840 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1841 1842 /* The INIT stuff will be done by the side effects. */ 1843 return retval; 1844 1845 fail: 1846 if (retval) 1847 sctp_association_free(retval); 1848 1849 return NULL; 1850 1851 malformed: 1852 /* Yikes! The packet is either corrupt or deliberately 1853 * malformed. 1854 */ 1855 *error = -SCTP_IERROR_MALFORMED; 1856 goto fail; 1857 } 1858 1859 /******************************************************************** 1860 * 3rd Level Abstractions 1861 ********************************************************************/ 1862 1863 struct __sctp_missing { 1864 __be32 num_missing; 1865 __be16 type; 1866 } __packed; 1867 1868 /* 1869 * Report a missing mandatory parameter. 1870 */ 1871 static int sctp_process_missing_param(const struct sctp_association *asoc, 1872 sctp_param_t paramtype, 1873 struct sctp_chunk *chunk, 1874 struct sctp_chunk **errp) 1875 { 1876 struct __sctp_missing report; 1877 __u16 len; 1878 1879 len = WORD_ROUND(sizeof(report)); 1880 1881 /* Make an ERROR chunk, preparing enough room for 1882 * returning multiple unknown parameters. 1883 */ 1884 if (!*errp) 1885 *errp = sctp_make_op_error_space(asoc, chunk, len); 1886 1887 if (*errp) { 1888 report.num_missing = htonl(1); 1889 report.type = paramtype; 1890 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1891 sizeof(report)); 1892 sctp_addto_chunk(*errp, sizeof(report), &report); 1893 } 1894 1895 /* Stop processing this chunk. */ 1896 return 0; 1897 } 1898 1899 /* Report an Invalid Mandatory Parameter. */ 1900 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1901 struct sctp_chunk *chunk, 1902 struct sctp_chunk **errp) 1903 { 1904 /* Invalid Mandatory Parameter Error has no payload. */ 1905 1906 if (!*errp) 1907 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1908 1909 if (*errp) 1910 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1911 1912 /* Stop processing this chunk. */ 1913 return 0; 1914 } 1915 1916 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1917 struct sctp_paramhdr *param, 1918 const struct sctp_chunk *chunk, 1919 struct sctp_chunk **errp) 1920 { 1921 /* This is a fatal error. Any accumulated non-fatal errors are 1922 * not reported. 1923 */ 1924 if (*errp) 1925 sctp_chunk_free(*errp); 1926 1927 /* Create an error chunk and fill it in with our payload. */ 1928 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1929 1930 return 0; 1931 } 1932 1933 1934 /* Do not attempt to handle the HOST_NAME parm. However, do 1935 * send back an indicator to the peer. 1936 */ 1937 static int sctp_process_hn_param(const struct sctp_association *asoc, 1938 union sctp_params param, 1939 struct sctp_chunk *chunk, 1940 struct sctp_chunk **errp) 1941 { 1942 __u16 len = ntohs(param.p->length); 1943 1944 /* Processing of the HOST_NAME parameter will generate an 1945 * ABORT. If we've accumulated any non-fatal errors, they 1946 * would be unrecognized parameters and we should not include 1947 * them in the ABORT. 1948 */ 1949 if (*errp) 1950 sctp_chunk_free(*errp); 1951 1952 *errp = sctp_make_op_error_space(asoc, chunk, len); 1953 1954 if (*errp) { 1955 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1956 sctp_addto_chunk(*errp, len, param.v); 1957 } 1958 1959 /* Stop processing this chunk. */ 1960 return 0; 1961 } 1962 1963 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1964 { 1965 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1966 int have_auth = 0; 1967 int have_asconf = 0; 1968 int i; 1969 1970 for (i = 0; i < num_ext; i++) { 1971 switch (param.ext->chunks[i]) { 1972 case SCTP_CID_AUTH: 1973 have_auth = 1; 1974 break; 1975 case SCTP_CID_ASCONF: 1976 case SCTP_CID_ASCONF_ACK: 1977 have_asconf = 1; 1978 break; 1979 } 1980 } 1981 1982 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1983 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1984 * only if ADD-IP is turned on and we are not backward-compatible 1985 * mode. 1986 */ 1987 if (net->sctp.addip_noauth) 1988 return 1; 1989 1990 if (net->sctp.addip_enable && !have_auth && have_asconf) 1991 return 0; 1992 1993 return 1; 1994 } 1995 1996 static void sctp_process_ext_param(struct sctp_association *asoc, 1997 union sctp_params param) 1998 { 1999 struct net *net = sock_net(asoc->base.sk); 2000 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2001 int i; 2002 2003 for (i = 0; i < num_ext; i++) { 2004 switch (param.ext->chunks[i]) { 2005 case SCTP_CID_FWD_TSN: 2006 if (net->sctp.prsctp_enable && !asoc->peer.prsctp_capable) 2007 asoc->peer.prsctp_capable = 1; 2008 break; 2009 case SCTP_CID_AUTH: 2010 /* if the peer reports AUTH, assume that he 2011 * supports AUTH. 2012 */ 2013 if (net->sctp.auth_enable) 2014 asoc->peer.auth_capable = 1; 2015 break; 2016 case SCTP_CID_ASCONF: 2017 case SCTP_CID_ASCONF_ACK: 2018 if (net->sctp.addip_enable) 2019 asoc->peer.asconf_capable = 1; 2020 break; 2021 default: 2022 break; 2023 } 2024 } 2025 } 2026 2027 /* RFC 3.2.1 & the Implementers Guide 2.2. 2028 * 2029 * The Parameter Types are encoded such that the 2030 * highest-order two bits specify the action that must be 2031 * taken if the processing endpoint does not recognize the 2032 * Parameter Type. 2033 * 2034 * 00 - Stop processing this parameter; do not process any further 2035 * parameters within this chunk 2036 * 2037 * 01 - Stop processing this parameter, do not process any further 2038 * parameters within this chunk, and report the unrecognized 2039 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2040 * 2041 * 10 - Skip this parameter and continue processing. 2042 * 2043 * 11 - Skip this parameter and continue processing but 2044 * report the unrecognized parameter in an 2045 * 'Unrecognized Parameter' ERROR chunk. 2046 * 2047 * Return value: 2048 * SCTP_IERROR_NO_ERROR - continue with the chunk 2049 * SCTP_IERROR_ERROR - stop and report an error. 2050 * SCTP_IERROR_NOMEME - out of memory. 2051 */ 2052 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2053 union sctp_params param, 2054 struct sctp_chunk *chunk, 2055 struct sctp_chunk **errp) 2056 { 2057 int retval = SCTP_IERROR_NO_ERROR; 2058 2059 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2060 case SCTP_PARAM_ACTION_DISCARD: 2061 retval = SCTP_IERROR_ERROR; 2062 break; 2063 case SCTP_PARAM_ACTION_SKIP: 2064 break; 2065 case SCTP_PARAM_ACTION_DISCARD_ERR: 2066 retval = SCTP_IERROR_ERROR; 2067 /* Fall through */ 2068 case SCTP_PARAM_ACTION_SKIP_ERR: 2069 /* Make an ERROR chunk, preparing enough room for 2070 * returning multiple unknown parameters. 2071 */ 2072 if (NULL == *errp) 2073 *errp = sctp_make_op_error_fixed(asoc, chunk); 2074 2075 if (*errp) { 2076 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2077 WORD_ROUND(ntohs(param.p->length)))) 2078 sctp_addto_chunk_fixed(*errp, 2079 WORD_ROUND(ntohs(param.p->length)), 2080 param.v); 2081 } else { 2082 /* If there is no memory for generating the ERROR 2083 * report as specified, an ABORT will be triggered 2084 * to the peer and the association won't be 2085 * established. 2086 */ 2087 retval = SCTP_IERROR_NOMEM; 2088 } 2089 break; 2090 default: 2091 break; 2092 } 2093 2094 return retval; 2095 } 2096 2097 /* Verify variable length parameters 2098 * Return values: 2099 * SCTP_IERROR_ABORT - trigger an ABORT 2100 * SCTP_IERROR_NOMEM - out of memory (abort) 2101 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2102 * SCTP_IERROR_NO_ERROR - continue with the chunk 2103 */ 2104 static sctp_ierror_t sctp_verify_param(struct net *net, 2105 const struct sctp_association *asoc, 2106 union sctp_params param, 2107 sctp_cid_t cid, 2108 struct sctp_chunk *chunk, 2109 struct sctp_chunk **err_chunk) 2110 { 2111 struct sctp_hmac_algo_param *hmacs; 2112 int retval = SCTP_IERROR_NO_ERROR; 2113 __u16 n_elt, id = 0; 2114 int i; 2115 2116 /* FIXME - This routine is not looking at each parameter per the 2117 * chunk type, i.e., unrecognized parameters should be further 2118 * identified based on the chunk id. 2119 */ 2120 2121 switch (param.p->type) { 2122 case SCTP_PARAM_IPV4_ADDRESS: 2123 case SCTP_PARAM_IPV6_ADDRESS: 2124 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2125 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2126 case SCTP_PARAM_STATE_COOKIE: 2127 case SCTP_PARAM_HEARTBEAT_INFO: 2128 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2129 case SCTP_PARAM_ECN_CAPABLE: 2130 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2131 break; 2132 2133 case SCTP_PARAM_SUPPORTED_EXT: 2134 if (!sctp_verify_ext_param(net, param)) 2135 return SCTP_IERROR_ABORT; 2136 break; 2137 2138 case SCTP_PARAM_SET_PRIMARY: 2139 if (net->sctp.addip_enable) 2140 break; 2141 goto fallthrough; 2142 2143 case SCTP_PARAM_HOST_NAME_ADDRESS: 2144 /* Tell the peer, we won't support this param. */ 2145 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2146 retval = SCTP_IERROR_ABORT; 2147 break; 2148 2149 case SCTP_PARAM_FWD_TSN_SUPPORT: 2150 if (net->sctp.prsctp_enable) 2151 break; 2152 goto fallthrough; 2153 2154 case SCTP_PARAM_RANDOM: 2155 if (!net->sctp.auth_enable) 2156 goto fallthrough; 2157 2158 /* SCTP-AUTH: Secion 6.1 2159 * If the random number is not 32 byte long the association 2160 * MUST be aborted. The ABORT chunk SHOULD contain the error 2161 * cause 'Protocol Violation'. 2162 */ 2163 if (SCTP_AUTH_RANDOM_LENGTH != 2164 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2165 sctp_process_inv_paramlength(asoc, param.p, 2166 chunk, err_chunk); 2167 retval = SCTP_IERROR_ABORT; 2168 } 2169 break; 2170 2171 case SCTP_PARAM_CHUNKS: 2172 if (!net->sctp.auth_enable) 2173 goto fallthrough; 2174 2175 /* SCTP-AUTH: Section 3.2 2176 * The CHUNKS parameter MUST be included once in the INIT or 2177 * INIT-ACK chunk if the sender wants to receive authenticated 2178 * chunks. Its maximum length is 260 bytes. 2179 */ 2180 if (260 < ntohs(param.p->length)) { 2181 sctp_process_inv_paramlength(asoc, param.p, 2182 chunk, err_chunk); 2183 retval = SCTP_IERROR_ABORT; 2184 } 2185 break; 2186 2187 case SCTP_PARAM_HMAC_ALGO: 2188 if (!net->sctp.auth_enable) 2189 goto fallthrough; 2190 2191 hmacs = (struct sctp_hmac_algo_param *)param.p; 2192 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2193 2194 /* SCTP-AUTH: Section 6.1 2195 * The HMAC algorithm based on SHA-1 MUST be supported and 2196 * included in the HMAC-ALGO parameter. 2197 */ 2198 for (i = 0; i < n_elt; i++) { 2199 id = ntohs(hmacs->hmac_ids[i]); 2200 2201 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2202 break; 2203 } 2204 2205 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2206 sctp_process_inv_paramlength(asoc, param.p, chunk, 2207 err_chunk); 2208 retval = SCTP_IERROR_ABORT; 2209 } 2210 break; 2211 fallthrough: 2212 default: 2213 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2214 __func__, ntohs(param.p->type), cid); 2215 2216 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2217 break; 2218 } 2219 return retval; 2220 } 2221 2222 /* Verify the INIT packet before we process it. */ 2223 int sctp_verify_init(struct net *net, const struct sctp_association *asoc, 2224 sctp_cid_t cid, 2225 sctp_init_chunk_t *peer_init, 2226 struct sctp_chunk *chunk, 2227 struct sctp_chunk **errp) 2228 { 2229 union sctp_params param; 2230 bool has_cookie = false; 2231 int result; 2232 2233 /* Check for missing mandatory parameters. Note: Initial TSN is 2234 * also mandatory, but is not checked here since the valid range 2235 * is 0..2**32-1. RFC4960, section 3.3.3. 2236 */ 2237 if (peer_init->init_hdr.num_outbound_streams == 0 || 2238 peer_init->init_hdr.num_inbound_streams == 0 || 2239 peer_init->init_hdr.init_tag == 0 || 2240 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2241 return sctp_process_inv_mandatory(asoc, chunk, errp); 2242 2243 sctp_walk_params(param, peer_init, init_hdr.params) { 2244 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2245 has_cookie = true; 2246 } 2247 2248 /* There is a possibility that a parameter length was bad and 2249 * in that case we would have stoped walking the parameters. 2250 * The current param.p would point at the bad one. 2251 * Current consensus on the mailing list is to generate a PROTOCOL 2252 * VIOLATION error. We build the ERROR chunk here and let the normal 2253 * error handling code build and send the packet. 2254 */ 2255 if (param.v != (void *)chunk->chunk_end) 2256 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2257 2258 /* The only missing mandatory param possible today is 2259 * the state cookie for an INIT-ACK chunk. 2260 */ 2261 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2262 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2263 chunk, errp); 2264 2265 /* Verify all the variable length parameters */ 2266 sctp_walk_params(param, peer_init, init_hdr.params) { 2267 2268 result = sctp_verify_param(net, asoc, param, cid, chunk, errp); 2269 switch (result) { 2270 case SCTP_IERROR_ABORT: 2271 case SCTP_IERROR_NOMEM: 2272 return 0; 2273 case SCTP_IERROR_ERROR: 2274 return 1; 2275 case SCTP_IERROR_NO_ERROR: 2276 default: 2277 break; 2278 } 2279 2280 } /* for (loop through all parameters) */ 2281 2282 return 1; 2283 } 2284 2285 /* Unpack the parameters in an INIT packet into an association. 2286 * Returns 0 on failure, else success. 2287 * FIXME: This is an association method. 2288 */ 2289 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2290 const union sctp_addr *peer_addr, 2291 sctp_init_chunk_t *peer_init, gfp_t gfp) 2292 { 2293 struct net *net = sock_net(asoc->base.sk); 2294 union sctp_params param; 2295 struct sctp_transport *transport; 2296 struct list_head *pos, *temp; 2297 struct sctp_af *af; 2298 union sctp_addr addr; 2299 char *cookie; 2300 int src_match = 0; 2301 2302 /* We must include the address that the INIT packet came from. 2303 * This is the only address that matters for an INIT packet. 2304 * When processing a COOKIE ECHO, we retrieve the from address 2305 * of the INIT from the cookie. 2306 */ 2307 2308 /* This implementation defaults to making the first transport 2309 * added as the primary transport. The source address seems to 2310 * be a a better choice than any of the embedded addresses. 2311 */ 2312 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2313 goto nomem; 2314 2315 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2316 src_match = 1; 2317 2318 /* Process the initialization parameters. */ 2319 sctp_walk_params(param, peer_init, init_hdr.params) { 2320 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2321 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2322 af = sctp_get_af_specific(param_type2af(param.p->type)); 2323 af->from_addr_param(&addr, param.addr, 2324 chunk->sctp_hdr->source, 0); 2325 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2326 src_match = 1; 2327 } 2328 2329 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2330 goto clean_up; 2331 } 2332 2333 /* source address of chunk may not match any valid address */ 2334 if (!src_match) 2335 goto clean_up; 2336 2337 /* AUTH: After processing the parameters, make sure that we 2338 * have all the required info to potentially do authentications. 2339 */ 2340 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2341 !asoc->peer.peer_hmacs)) 2342 asoc->peer.auth_capable = 0; 2343 2344 /* In a non-backward compatible mode, if the peer claims 2345 * support for ADD-IP but not AUTH, the ADD-IP spec states 2346 * that we MUST ABORT the association. Section 6. The section 2347 * also give us an option to silently ignore the packet, which 2348 * is what we'll do here. 2349 */ 2350 if (!net->sctp.addip_noauth && 2351 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2352 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2353 SCTP_PARAM_DEL_IP | 2354 SCTP_PARAM_SET_PRIMARY); 2355 asoc->peer.asconf_capable = 0; 2356 goto clean_up; 2357 } 2358 2359 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2360 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2361 transport = list_entry(pos, struct sctp_transport, transports); 2362 if (transport->state == SCTP_UNKNOWN) { 2363 sctp_assoc_rm_peer(asoc, transport); 2364 } 2365 } 2366 2367 /* The fixed INIT headers are always in network byte 2368 * order. 2369 */ 2370 asoc->peer.i.init_tag = 2371 ntohl(peer_init->init_hdr.init_tag); 2372 asoc->peer.i.a_rwnd = 2373 ntohl(peer_init->init_hdr.a_rwnd); 2374 asoc->peer.i.num_outbound_streams = 2375 ntohs(peer_init->init_hdr.num_outbound_streams); 2376 asoc->peer.i.num_inbound_streams = 2377 ntohs(peer_init->init_hdr.num_inbound_streams); 2378 asoc->peer.i.initial_tsn = 2379 ntohl(peer_init->init_hdr.initial_tsn); 2380 2381 /* Apply the upper bounds for output streams based on peer's 2382 * number of inbound streams. 2383 */ 2384 if (asoc->c.sinit_num_ostreams > 2385 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2386 asoc->c.sinit_num_ostreams = 2387 ntohs(peer_init->init_hdr.num_inbound_streams); 2388 } 2389 2390 if (asoc->c.sinit_max_instreams > 2391 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2392 asoc->c.sinit_max_instreams = 2393 ntohs(peer_init->init_hdr.num_outbound_streams); 2394 } 2395 2396 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2397 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2398 2399 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2400 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2401 2402 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2403 cookie = asoc->peer.cookie; 2404 if (cookie) { 2405 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2406 if (!asoc->peer.cookie) 2407 goto clean_up; 2408 } 2409 2410 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2411 * high (for example, implementations MAY use the size of the receiver 2412 * advertised window). 2413 */ 2414 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2415 transports) { 2416 transport->ssthresh = asoc->peer.i.a_rwnd; 2417 } 2418 2419 /* Set up the TSN tracking pieces. */ 2420 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2421 asoc->peer.i.initial_tsn, gfp)) 2422 goto clean_up; 2423 2424 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2425 * 2426 * The stream sequence number in all the streams shall start 2427 * from 0 when the association is established. Also, when the 2428 * stream sequence number reaches the value 65535 the next 2429 * stream sequence number shall be set to 0. 2430 */ 2431 2432 /* Allocate storage for the negotiated streams if it is not a temporary 2433 * association. 2434 */ 2435 if (!asoc->temp) { 2436 int error; 2437 2438 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2439 asoc->c.sinit_num_ostreams, gfp); 2440 if (!asoc->ssnmap) 2441 goto clean_up; 2442 2443 error = sctp_assoc_set_id(asoc, gfp); 2444 if (error) 2445 goto clean_up; 2446 } 2447 2448 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2449 * 2450 * When an endpoint has an ASCONF signaled change to be sent to the 2451 * remote endpoint it should do the following: 2452 * ... 2453 * A2) A serial number should be assigned to the Chunk. The serial 2454 * number should be a monotonically increasing number. All serial 2455 * numbers are defined to be initialized at the start of the 2456 * association to the same value as the Initial TSN. 2457 */ 2458 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2459 return 1; 2460 2461 clean_up: 2462 /* Release the transport structures. */ 2463 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2464 transport = list_entry(pos, struct sctp_transport, transports); 2465 if (transport->state != SCTP_ACTIVE) 2466 sctp_assoc_rm_peer(asoc, transport); 2467 } 2468 2469 nomem: 2470 return 0; 2471 } 2472 2473 2474 /* Update asoc with the option described in param. 2475 * 2476 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2477 * 2478 * asoc is the association to update. 2479 * param is the variable length parameter to use for update. 2480 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2481 * If the current packet is an INIT we want to minimize the amount of 2482 * work we do. In particular, we should not build transport 2483 * structures for the addresses. 2484 */ 2485 static int sctp_process_param(struct sctp_association *asoc, 2486 union sctp_params param, 2487 const union sctp_addr *peer_addr, 2488 gfp_t gfp) 2489 { 2490 struct net *net = sock_net(asoc->base.sk); 2491 union sctp_addr addr; 2492 int i; 2493 __u16 sat; 2494 int retval = 1; 2495 sctp_scope_t scope; 2496 time_t stale; 2497 struct sctp_af *af; 2498 union sctp_addr_param *addr_param; 2499 struct sctp_transport *t; 2500 2501 /* We maintain all INIT parameters in network byte order all the 2502 * time. This allows us to not worry about whether the parameters 2503 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2504 */ 2505 switch (param.p->type) { 2506 case SCTP_PARAM_IPV6_ADDRESS: 2507 if (PF_INET6 != asoc->base.sk->sk_family) 2508 break; 2509 goto do_addr_param; 2510 2511 case SCTP_PARAM_IPV4_ADDRESS: 2512 /* v4 addresses are not allowed on v6-only socket */ 2513 if (ipv6_only_sock(asoc->base.sk)) 2514 break; 2515 do_addr_param: 2516 af = sctp_get_af_specific(param_type2af(param.p->type)); 2517 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2518 scope = sctp_scope(peer_addr); 2519 if (sctp_in_scope(net, &addr, scope)) 2520 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2521 return 0; 2522 break; 2523 2524 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2525 if (!net->sctp.cookie_preserve_enable) 2526 break; 2527 2528 stale = ntohl(param.life->lifespan_increment); 2529 2530 /* Suggested Cookie Life span increment's unit is msec, 2531 * (1/1000sec). 2532 */ 2533 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2534 break; 2535 2536 case SCTP_PARAM_HOST_NAME_ADDRESS: 2537 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2538 break; 2539 2540 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2541 /* Turn off the default values first so we'll know which 2542 * ones are really set by the peer. 2543 */ 2544 asoc->peer.ipv4_address = 0; 2545 asoc->peer.ipv6_address = 0; 2546 2547 /* Assume that peer supports the address family 2548 * by which it sends a packet. 2549 */ 2550 if (peer_addr->sa.sa_family == AF_INET6) 2551 asoc->peer.ipv6_address = 1; 2552 else if (peer_addr->sa.sa_family == AF_INET) 2553 asoc->peer.ipv4_address = 1; 2554 2555 /* Cycle through address types; avoid divide by 0. */ 2556 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2557 if (sat) 2558 sat /= sizeof(__u16); 2559 2560 for (i = 0; i < sat; ++i) { 2561 switch (param.sat->types[i]) { 2562 case SCTP_PARAM_IPV4_ADDRESS: 2563 asoc->peer.ipv4_address = 1; 2564 break; 2565 2566 case SCTP_PARAM_IPV6_ADDRESS: 2567 if (PF_INET6 == asoc->base.sk->sk_family) 2568 asoc->peer.ipv6_address = 1; 2569 break; 2570 2571 case SCTP_PARAM_HOST_NAME_ADDRESS: 2572 asoc->peer.hostname_address = 1; 2573 break; 2574 2575 default: /* Just ignore anything else. */ 2576 break; 2577 } 2578 } 2579 break; 2580 2581 case SCTP_PARAM_STATE_COOKIE: 2582 asoc->peer.cookie_len = 2583 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2584 asoc->peer.cookie = param.cookie->body; 2585 break; 2586 2587 case SCTP_PARAM_HEARTBEAT_INFO: 2588 /* Would be odd to receive, but it causes no problems. */ 2589 break; 2590 2591 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2592 /* Rejected during verify stage. */ 2593 break; 2594 2595 case SCTP_PARAM_ECN_CAPABLE: 2596 asoc->peer.ecn_capable = 1; 2597 break; 2598 2599 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2600 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2601 break; 2602 2603 case SCTP_PARAM_SET_PRIMARY: 2604 if (!net->sctp.addip_enable) 2605 goto fall_through; 2606 2607 addr_param = param.v + sizeof(sctp_addip_param_t); 2608 2609 af = sctp_get_af_specific(param_type2af(param.p->type)); 2610 af->from_addr_param(&addr, addr_param, 2611 htons(asoc->peer.port), 0); 2612 2613 /* if the address is invalid, we can't process it. 2614 * XXX: see spec for what to do. 2615 */ 2616 if (!af->addr_valid(&addr, NULL, NULL)) 2617 break; 2618 2619 t = sctp_assoc_lookup_paddr(asoc, &addr); 2620 if (!t) 2621 break; 2622 2623 sctp_assoc_set_primary(asoc, t); 2624 break; 2625 2626 case SCTP_PARAM_SUPPORTED_EXT: 2627 sctp_process_ext_param(asoc, param); 2628 break; 2629 2630 case SCTP_PARAM_FWD_TSN_SUPPORT: 2631 if (net->sctp.prsctp_enable) { 2632 asoc->peer.prsctp_capable = 1; 2633 break; 2634 } 2635 /* Fall Through */ 2636 goto fall_through; 2637 2638 case SCTP_PARAM_RANDOM: 2639 if (!net->sctp.auth_enable) 2640 goto fall_through; 2641 2642 /* Save peer's random parameter */ 2643 asoc->peer.peer_random = kmemdup(param.p, 2644 ntohs(param.p->length), gfp); 2645 if (!asoc->peer.peer_random) { 2646 retval = 0; 2647 break; 2648 } 2649 break; 2650 2651 case SCTP_PARAM_HMAC_ALGO: 2652 if (!net->sctp.auth_enable) 2653 goto fall_through; 2654 2655 /* Save peer's HMAC list */ 2656 asoc->peer.peer_hmacs = kmemdup(param.p, 2657 ntohs(param.p->length), gfp); 2658 if (!asoc->peer.peer_hmacs) { 2659 retval = 0; 2660 break; 2661 } 2662 2663 /* Set the default HMAC the peer requested*/ 2664 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2665 break; 2666 2667 case SCTP_PARAM_CHUNKS: 2668 if (!net->sctp.auth_enable) 2669 goto fall_through; 2670 2671 asoc->peer.peer_chunks = kmemdup(param.p, 2672 ntohs(param.p->length), gfp); 2673 if (!asoc->peer.peer_chunks) 2674 retval = 0; 2675 break; 2676 fall_through: 2677 default: 2678 /* Any unrecognized parameters should have been caught 2679 * and handled by sctp_verify_param() which should be 2680 * called prior to this routine. Simply log the error 2681 * here. 2682 */ 2683 pr_debug("%s: ignoring param:%d for association:%p.\n", 2684 __func__, ntohs(param.p->type), asoc); 2685 break; 2686 } 2687 2688 return retval; 2689 } 2690 2691 /* Select a new verification tag. */ 2692 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2693 { 2694 /* I believe that this random number generator complies with RFC1750. 2695 * A tag of 0 is reserved for special cases (e.g. INIT). 2696 */ 2697 __u32 x; 2698 2699 do { 2700 get_random_bytes(&x, sizeof(__u32)); 2701 } while (x == 0); 2702 2703 return x; 2704 } 2705 2706 /* Select an initial TSN to send during startup. */ 2707 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2708 { 2709 __u32 retval; 2710 2711 get_random_bytes(&retval, sizeof(__u32)); 2712 return retval; 2713 } 2714 2715 /* 2716 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2717 * 0 1 2 3 2718 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2719 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2720 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2721 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2722 * | Serial Number | 2723 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2724 * | Address Parameter | 2725 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2726 * | ASCONF Parameter #1 | 2727 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2728 * \ \ 2729 * / .... / 2730 * \ \ 2731 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2732 * | ASCONF Parameter #N | 2733 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2734 * 2735 * Address Parameter and other parameter will not be wrapped in this function 2736 */ 2737 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2738 union sctp_addr *addr, 2739 int vparam_len) 2740 { 2741 sctp_addiphdr_t asconf; 2742 struct sctp_chunk *retval; 2743 int length = sizeof(asconf) + vparam_len; 2744 union sctp_addr_param addrparam; 2745 int addrlen; 2746 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2747 2748 addrlen = af->to_addr_param(addr, &addrparam); 2749 if (!addrlen) 2750 return NULL; 2751 length += addrlen; 2752 2753 /* Create the chunk. */ 2754 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length); 2755 if (!retval) 2756 return NULL; 2757 2758 asconf.serial = htonl(asoc->addip_serial++); 2759 2760 retval->subh.addip_hdr = 2761 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2762 retval->param_hdr.v = 2763 sctp_addto_chunk(retval, addrlen, &addrparam); 2764 2765 return retval; 2766 } 2767 2768 /* ADDIP 2769 * 3.2.1 Add IP Address 2770 * 0 1 2 3 2771 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2772 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2773 * | Type = 0xC001 | Length = Variable | 2774 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2775 * | ASCONF-Request Correlation ID | 2776 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2777 * | Address Parameter | 2778 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2779 * 2780 * 3.2.2 Delete IP Address 2781 * 0 1 2 3 2782 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2783 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2784 * | Type = 0xC002 | Length = Variable | 2785 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2786 * | ASCONF-Request Correlation ID | 2787 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2788 * | Address Parameter | 2789 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2790 * 2791 */ 2792 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2793 union sctp_addr *laddr, 2794 struct sockaddr *addrs, 2795 int addrcnt, 2796 __be16 flags) 2797 { 2798 sctp_addip_param_t param; 2799 struct sctp_chunk *retval; 2800 union sctp_addr_param addr_param; 2801 union sctp_addr *addr; 2802 void *addr_buf; 2803 struct sctp_af *af; 2804 int paramlen = sizeof(param); 2805 int addr_param_len = 0; 2806 int totallen = 0; 2807 int i; 2808 int del_pickup = 0; 2809 2810 /* Get total length of all the address parameters. */ 2811 addr_buf = addrs; 2812 for (i = 0; i < addrcnt; i++) { 2813 addr = addr_buf; 2814 af = sctp_get_af_specific(addr->v4.sin_family); 2815 addr_param_len = af->to_addr_param(addr, &addr_param); 2816 2817 totallen += paramlen; 2818 totallen += addr_param_len; 2819 2820 addr_buf += af->sockaddr_len; 2821 if (asoc->asconf_addr_del_pending && !del_pickup) { 2822 /* reuse the parameter length from the same scope one */ 2823 totallen += paramlen; 2824 totallen += addr_param_len; 2825 del_pickup = 1; 2826 2827 pr_debug("%s: picked same-scope del_pending addr, " 2828 "totallen for all addresses is %d\n", 2829 __func__, totallen); 2830 } 2831 } 2832 2833 /* Create an asconf chunk with the required length. */ 2834 retval = sctp_make_asconf(asoc, laddr, totallen); 2835 if (!retval) 2836 return NULL; 2837 2838 /* Add the address parameters to the asconf chunk. */ 2839 addr_buf = addrs; 2840 for (i = 0; i < addrcnt; i++) { 2841 addr = addr_buf; 2842 af = sctp_get_af_specific(addr->v4.sin_family); 2843 addr_param_len = af->to_addr_param(addr, &addr_param); 2844 param.param_hdr.type = flags; 2845 param.param_hdr.length = htons(paramlen + addr_param_len); 2846 param.crr_id = i; 2847 2848 sctp_addto_chunk(retval, paramlen, ¶m); 2849 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2850 2851 addr_buf += af->sockaddr_len; 2852 } 2853 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2854 addr = asoc->asconf_addr_del_pending; 2855 af = sctp_get_af_specific(addr->v4.sin_family); 2856 addr_param_len = af->to_addr_param(addr, &addr_param); 2857 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2858 param.param_hdr.length = htons(paramlen + addr_param_len); 2859 param.crr_id = i; 2860 2861 sctp_addto_chunk(retval, paramlen, ¶m); 2862 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2863 } 2864 return retval; 2865 } 2866 2867 /* ADDIP 2868 * 3.2.4 Set Primary IP Address 2869 * 0 1 2 3 2870 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2871 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2872 * | Type =0xC004 | Length = Variable | 2873 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2874 * | ASCONF-Request Correlation ID | 2875 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2876 * | Address Parameter | 2877 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2878 * 2879 * Create an ASCONF chunk with Set Primary IP address parameter. 2880 */ 2881 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2882 union sctp_addr *addr) 2883 { 2884 sctp_addip_param_t param; 2885 struct sctp_chunk *retval; 2886 int len = sizeof(param); 2887 union sctp_addr_param addrparam; 2888 int addrlen; 2889 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2890 2891 addrlen = af->to_addr_param(addr, &addrparam); 2892 if (!addrlen) 2893 return NULL; 2894 len += addrlen; 2895 2896 /* Create the chunk and make asconf header. */ 2897 retval = sctp_make_asconf(asoc, addr, len); 2898 if (!retval) 2899 return NULL; 2900 2901 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2902 param.param_hdr.length = htons(len); 2903 param.crr_id = 0; 2904 2905 sctp_addto_chunk(retval, sizeof(param), ¶m); 2906 sctp_addto_chunk(retval, addrlen, &addrparam); 2907 2908 return retval; 2909 } 2910 2911 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2912 * 0 1 2 3 2913 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2914 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2915 * | Type = 0x80 | Chunk Flags | Chunk Length | 2916 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2917 * | Serial Number | 2918 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2919 * | ASCONF Parameter Response#1 | 2920 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2921 * \ \ 2922 * / .... / 2923 * \ \ 2924 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2925 * | ASCONF Parameter Response#N | 2926 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2927 * 2928 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2929 */ 2930 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2931 __u32 serial, int vparam_len) 2932 { 2933 sctp_addiphdr_t asconf; 2934 struct sctp_chunk *retval; 2935 int length = sizeof(asconf) + vparam_len; 2936 2937 /* Create the chunk. */ 2938 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2939 if (!retval) 2940 return NULL; 2941 2942 asconf.serial = htonl(serial); 2943 2944 retval->subh.addip_hdr = 2945 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2946 2947 return retval; 2948 } 2949 2950 /* Add response parameters to an ASCONF_ACK chunk. */ 2951 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2952 __be16 err_code, sctp_addip_param_t *asconf_param) 2953 { 2954 sctp_addip_param_t ack_param; 2955 sctp_errhdr_t err_param; 2956 int asconf_param_len = 0; 2957 int err_param_len = 0; 2958 __be16 response_type; 2959 2960 if (SCTP_ERROR_NO_ERROR == err_code) { 2961 response_type = SCTP_PARAM_SUCCESS_REPORT; 2962 } else { 2963 response_type = SCTP_PARAM_ERR_CAUSE; 2964 err_param_len = sizeof(err_param); 2965 if (asconf_param) 2966 asconf_param_len = 2967 ntohs(asconf_param->param_hdr.length); 2968 } 2969 2970 /* Add Success Indication or Error Cause Indication parameter. */ 2971 ack_param.param_hdr.type = response_type; 2972 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2973 err_param_len + 2974 asconf_param_len); 2975 ack_param.crr_id = crr_id; 2976 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2977 2978 if (SCTP_ERROR_NO_ERROR == err_code) 2979 return; 2980 2981 /* Add Error Cause parameter. */ 2982 err_param.cause = err_code; 2983 err_param.length = htons(err_param_len + asconf_param_len); 2984 sctp_addto_chunk(chunk, err_param_len, &err_param); 2985 2986 /* Add the failed TLV copied from ASCONF chunk. */ 2987 if (asconf_param) 2988 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2989 } 2990 2991 /* Process a asconf parameter. */ 2992 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2993 struct sctp_chunk *asconf, 2994 sctp_addip_param_t *asconf_param) 2995 { 2996 struct sctp_transport *peer; 2997 struct sctp_af *af; 2998 union sctp_addr addr; 2999 union sctp_addr_param *addr_param; 3000 3001 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3002 3003 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3004 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3005 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3006 return SCTP_ERROR_UNKNOWN_PARAM; 3007 3008 switch (addr_param->p.type) { 3009 case SCTP_PARAM_IPV6_ADDRESS: 3010 if (!asoc->peer.ipv6_address) 3011 return SCTP_ERROR_DNS_FAILED; 3012 break; 3013 case SCTP_PARAM_IPV4_ADDRESS: 3014 if (!asoc->peer.ipv4_address) 3015 return SCTP_ERROR_DNS_FAILED; 3016 break; 3017 default: 3018 return SCTP_ERROR_DNS_FAILED; 3019 } 3020 3021 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3022 if (unlikely(!af)) 3023 return SCTP_ERROR_DNS_FAILED; 3024 3025 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3026 3027 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3028 * or multicast address. 3029 * (note: wildcard is permitted and requires special handling so 3030 * make sure we check for that) 3031 */ 3032 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3033 return SCTP_ERROR_DNS_FAILED; 3034 3035 switch (asconf_param->param_hdr.type) { 3036 case SCTP_PARAM_ADD_IP: 3037 /* Section 4.2.1: 3038 * If the address 0.0.0.0 or ::0 is provided, the source 3039 * address of the packet MUST be added. 3040 */ 3041 if (af->is_any(&addr)) 3042 memcpy(&addr, &asconf->source, sizeof(addr)); 3043 3044 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3045 * request and does not have the local resources to add this 3046 * new address to the association, it MUST return an Error 3047 * Cause TLV set to the new error code 'Operation Refused 3048 * Due to Resource Shortage'. 3049 */ 3050 3051 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3052 if (!peer) 3053 return SCTP_ERROR_RSRC_LOW; 3054 3055 /* Start the heartbeat timer. */ 3056 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3057 sctp_transport_hold(peer); 3058 asoc->new_transport = peer; 3059 break; 3060 case SCTP_PARAM_DEL_IP: 3061 /* ADDIP 4.3 D7) If a request is received to delete the 3062 * last remaining IP address of a peer endpoint, the receiver 3063 * MUST send an Error Cause TLV with the error cause set to the 3064 * new error code 'Request to Delete Last Remaining IP Address'. 3065 */ 3066 if (asoc->peer.transport_count == 1) 3067 return SCTP_ERROR_DEL_LAST_IP; 3068 3069 /* ADDIP 4.3 D8) If a request is received to delete an IP 3070 * address which is also the source address of the IP packet 3071 * which contained the ASCONF chunk, the receiver MUST reject 3072 * this request. To reject the request the receiver MUST send 3073 * an Error Cause TLV set to the new error code 'Request to 3074 * Delete Source IP Address' 3075 */ 3076 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3077 return SCTP_ERROR_DEL_SRC_IP; 3078 3079 /* Section 4.2.2 3080 * If the address 0.0.0.0 or ::0 is provided, all 3081 * addresses of the peer except the source address of the 3082 * packet MUST be deleted. 3083 */ 3084 if (af->is_any(&addr)) { 3085 sctp_assoc_set_primary(asoc, asconf->transport); 3086 sctp_assoc_del_nonprimary_peers(asoc, 3087 asconf->transport); 3088 } else 3089 sctp_assoc_del_peer(asoc, &addr); 3090 break; 3091 case SCTP_PARAM_SET_PRIMARY: 3092 /* ADDIP Section 4.2.4 3093 * If the address 0.0.0.0 or ::0 is provided, the receiver 3094 * MAY mark the source address of the packet as its 3095 * primary. 3096 */ 3097 if (af->is_any(&addr)) 3098 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3099 3100 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3101 if (!peer) 3102 return SCTP_ERROR_DNS_FAILED; 3103 3104 sctp_assoc_set_primary(asoc, peer); 3105 break; 3106 } 3107 3108 return SCTP_ERROR_NO_ERROR; 3109 } 3110 3111 /* Verify the ASCONF packet before we process it. */ 3112 int sctp_verify_asconf(const struct sctp_association *asoc, 3113 struct sctp_paramhdr *param_hdr, void *chunk_end, 3114 struct sctp_paramhdr **errp) { 3115 sctp_addip_param_t *asconf_param; 3116 union sctp_params param; 3117 int length, plen; 3118 3119 param.v = (sctp_paramhdr_t *) param_hdr; 3120 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3121 length = ntohs(param.p->length); 3122 *errp = param.p; 3123 3124 if (param.v > chunk_end - length || 3125 length < sizeof(sctp_paramhdr_t)) 3126 return 0; 3127 3128 switch (param.p->type) { 3129 case SCTP_PARAM_ADD_IP: 3130 case SCTP_PARAM_DEL_IP: 3131 case SCTP_PARAM_SET_PRIMARY: 3132 asconf_param = (sctp_addip_param_t *)param.v; 3133 plen = ntohs(asconf_param->param_hdr.length); 3134 if (plen < sizeof(sctp_addip_param_t) + 3135 sizeof(sctp_paramhdr_t)) 3136 return 0; 3137 break; 3138 case SCTP_PARAM_SUCCESS_REPORT: 3139 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3140 if (length != sizeof(sctp_addip_param_t)) 3141 return 0; 3142 3143 break; 3144 default: 3145 break; 3146 } 3147 3148 param.v += WORD_ROUND(length); 3149 } 3150 3151 if (param.v != chunk_end) 3152 return 0; 3153 3154 return 1; 3155 } 3156 3157 /* Process an incoming ASCONF chunk with the next expected serial no. and 3158 * return an ASCONF_ACK chunk to be sent in response. 3159 */ 3160 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3161 struct sctp_chunk *asconf) 3162 { 3163 sctp_addiphdr_t *hdr; 3164 union sctp_addr_param *addr_param; 3165 sctp_addip_param_t *asconf_param; 3166 struct sctp_chunk *asconf_ack; 3167 3168 __be16 err_code; 3169 int length = 0; 3170 int chunk_len; 3171 __u32 serial; 3172 int all_param_pass = 1; 3173 3174 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3175 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3176 serial = ntohl(hdr->serial); 3177 3178 /* Skip the addiphdr and store a pointer to address parameter. */ 3179 length = sizeof(sctp_addiphdr_t); 3180 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3181 chunk_len -= length; 3182 3183 /* Skip the address parameter and store a pointer to the first 3184 * asconf parameter. 3185 */ 3186 length = ntohs(addr_param->p.length); 3187 asconf_param = (void *)addr_param + length; 3188 chunk_len -= length; 3189 3190 /* create an ASCONF_ACK chunk. 3191 * Based on the definitions of parameters, we know that the size of 3192 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3193 * parameters. 3194 */ 3195 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3196 if (!asconf_ack) 3197 goto done; 3198 3199 /* Process the TLVs contained within the ASCONF chunk. */ 3200 while (chunk_len > 0) { 3201 err_code = sctp_process_asconf_param(asoc, asconf, 3202 asconf_param); 3203 /* ADDIP 4.1 A7) 3204 * If an error response is received for a TLV parameter, 3205 * all TLVs with no response before the failed TLV are 3206 * considered successful if not reported. All TLVs after 3207 * the failed response are considered unsuccessful unless 3208 * a specific success indication is present for the parameter. 3209 */ 3210 if (SCTP_ERROR_NO_ERROR != err_code) 3211 all_param_pass = 0; 3212 3213 if (!all_param_pass) 3214 sctp_add_asconf_response(asconf_ack, 3215 asconf_param->crr_id, err_code, 3216 asconf_param); 3217 3218 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3219 * an IP address sends an 'Out of Resource' in its response, it 3220 * MUST also fail any subsequent add or delete requests bundled 3221 * in the ASCONF. 3222 */ 3223 if (SCTP_ERROR_RSRC_LOW == err_code) 3224 goto done; 3225 3226 /* Move to the next ASCONF param. */ 3227 length = ntohs(asconf_param->param_hdr.length); 3228 asconf_param = (void *)asconf_param + length; 3229 chunk_len -= length; 3230 } 3231 3232 done: 3233 asoc->peer.addip_serial++; 3234 3235 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3236 * after freeing the reference to old asconf ack if any. 3237 */ 3238 if (asconf_ack) { 3239 sctp_chunk_hold(asconf_ack); 3240 list_add_tail(&asconf_ack->transmitted_list, 3241 &asoc->asconf_ack_list); 3242 } 3243 3244 return asconf_ack; 3245 } 3246 3247 /* Process a asconf parameter that is successfully acked. */ 3248 static void sctp_asconf_param_success(struct sctp_association *asoc, 3249 sctp_addip_param_t *asconf_param) 3250 { 3251 struct sctp_af *af; 3252 union sctp_addr addr; 3253 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3254 union sctp_addr_param *addr_param; 3255 struct sctp_transport *transport; 3256 struct sctp_sockaddr_entry *saddr; 3257 3258 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3259 3260 /* We have checked the packet before, so we do not check again. */ 3261 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3262 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3263 3264 switch (asconf_param->param_hdr.type) { 3265 case SCTP_PARAM_ADD_IP: 3266 /* This is always done in BH context with a socket lock 3267 * held, so the list can not change. 3268 */ 3269 local_bh_disable(); 3270 list_for_each_entry(saddr, &bp->address_list, list) { 3271 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3272 saddr->state = SCTP_ADDR_SRC; 3273 } 3274 local_bh_enable(); 3275 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3276 transports) { 3277 dst_release(transport->dst); 3278 transport->dst = NULL; 3279 } 3280 break; 3281 case SCTP_PARAM_DEL_IP: 3282 local_bh_disable(); 3283 sctp_del_bind_addr(bp, &addr); 3284 if (asoc->asconf_addr_del_pending != NULL && 3285 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3286 kfree(asoc->asconf_addr_del_pending); 3287 asoc->asconf_addr_del_pending = NULL; 3288 } 3289 local_bh_enable(); 3290 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3291 transports) { 3292 dst_release(transport->dst); 3293 transport->dst = NULL; 3294 } 3295 break; 3296 default: 3297 break; 3298 } 3299 } 3300 3301 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3302 * for the given asconf parameter. If there is no response for this parameter, 3303 * return the error code based on the third argument 'no_err'. 3304 * ADDIP 4.1 3305 * A7) If an error response is received for a TLV parameter, all TLVs with no 3306 * response before the failed TLV are considered successful if not reported. 3307 * All TLVs after the failed response are considered unsuccessful unless a 3308 * specific success indication is present for the parameter. 3309 */ 3310 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3311 sctp_addip_param_t *asconf_param, 3312 int no_err) 3313 { 3314 sctp_addip_param_t *asconf_ack_param; 3315 sctp_errhdr_t *err_param; 3316 int length; 3317 int asconf_ack_len; 3318 __be16 err_code; 3319 3320 if (no_err) 3321 err_code = SCTP_ERROR_NO_ERROR; 3322 else 3323 err_code = SCTP_ERROR_REQ_REFUSED; 3324 3325 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3326 sizeof(sctp_chunkhdr_t); 3327 3328 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3329 * the first asconf_ack parameter. 3330 */ 3331 length = sizeof(sctp_addiphdr_t); 3332 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3333 length); 3334 asconf_ack_len -= length; 3335 3336 while (asconf_ack_len > 0) { 3337 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3338 switch (asconf_ack_param->param_hdr.type) { 3339 case SCTP_PARAM_SUCCESS_REPORT: 3340 return SCTP_ERROR_NO_ERROR; 3341 case SCTP_PARAM_ERR_CAUSE: 3342 length = sizeof(sctp_addip_param_t); 3343 err_param = (void *)asconf_ack_param + length; 3344 asconf_ack_len -= length; 3345 if (asconf_ack_len > 0) 3346 return err_param->cause; 3347 else 3348 return SCTP_ERROR_INV_PARAM; 3349 break; 3350 default: 3351 return SCTP_ERROR_INV_PARAM; 3352 } 3353 } 3354 3355 length = ntohs(asconf_ack_param->param_hdr.length); 3356 asconf_ack_param = (void *)asconf_ack_param + length; 3357 asconf_ack_len -= length; 3358 } 3359 3360 return err_code; 3361 } 3362 3363 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3364 int sctp_process_asconf_ack(struct sctp_association *asoc, 3365 struct sctp_chunk *asconf_ack) 3366 { 3367 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3368 union sctp_addr_param *addr_param; 3369 sctp_addip_param_t *asconf_param; 3370 int length = 0; 3371 int asconf_len = asconf->skb->len; 3372 int all_param_pass = 0; 3373 int no_err = 1; 3374 int retval = 0; 3375 __be16 err_code = SCTP_ERROR_NO_ERROR; 3376 3377 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3378 * a pointer to address parameter. 3379 */ 3380 length = sizeof(sctp_addip_chunk_t); 3381 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3382 asconf_len -= length; 3383 3384 /* Skip the address parameter in the last asconf sent and store a 3385 * pointer to the first asconf parameter. 3386 */ 3387 length = ntohs(addr_param->p.length); 3388 asconf_param = (void *)addr_param + length; 3389 asconf_len -= length; 3390 3391 /* ADDIP 4.1 3392 * A8) If there is no response(s) to specific TLV parameter(s), and no 3393 * failures are indicated, then all request(s) are considered 3394 * successful. 3395 */ 3396 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3397 all_param_pass = 1; 3398 3399 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3400 while (asconf_len > 0) { 3401 if (all_param_pass) 3402 err_code = SCTP_ERROR_NO_ERROR; 3403 else { 3404 err_code = sctp_get_asconf_response(asconf_ack, 3405 asconf_param, 3406 no_err); 3407 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3408 no_err = 0; 3409 } 3410 3411 switch (err_code) { 3412 case SCTP_ERROR_NO_ERROR: 3413 sctp_asconf_param_success(asoc, asconf_param); 3414 break; 3415 3416 case SCTP_ERROR_RSRC_LOW: 3417 retval = 1; 3418 break; 3419 3420 case SCTP_ERROR_UNKNOWN_PARAM: 3421 /* Disable sending this type of asconf parameter in 3422 * future. 3423 */ 3424 asoc->peer.addip_disabled_mask |= 3425 asconf_param->param_hdr.type; 3426 break; 3427 3428 case SCTP_ERROR_REQ_REFUSED: 3429 case SCTP_ERROR_DEL_LAST_IP: 3430 case SCTP_ERROR_DEL_SRC_IP: 3431 default: 3432 break; 3433 } 3434 3435 /* Skip the processed asconf parameter and move to the next 3436 * one. 3437 */ 3438 length = ntohs(asconf_param->param_hdr.length); 3439 asconf_param = (void *)asconf_param + length; 3440 asconf_len -= length; 3441 } 3442 3443 if (no_err && asoc->src_out_of_asoc_ok) { 3444 asoc->src_out_of_asoc_ok = 0; 3445 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3446 } 3447 3448 /* Free the cached last sent asconf chunk. */ 3449 list_del_init(&asconf->transmitted_list); 3450 sctp_chunk_free(asconf); 3451 asoc->addip_last_asconf = NULL; 3452 3453 return retval; 3454 } 3455 3456 /* Make a FWD TSN chunk. */ 3457 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3458 __u32 new_cum_tsn, size_t nstreams, 3459 struct sctp_fwdtsn_skip *skiplist) 3460 { 3461 struct sctp_chunk *retval = NULL; 3462 struct sctp_fwdtsn_hdr ftsn_hdr; 3463 struct sctp_fwdtsn_skip skip; 3464 size_t hint; 3465 int i; 3466 3467 hint = (nstreams + 1) * sizeof(__u32); 3468 3469 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint); 3470 3471 if (!retval) 3472 return NULL; 3473 3474 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3475 retval->subh.fwdtsn_hdr = 3476 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3477 3478 for (i = 0; i < nstreams; i++) { 3479 skip.stream = skiplist[i].stream; 3480 skip.ssn = skiplist[i].ssn; 3481 sctp_addto_chunk(retval, sizeof(skip), &skip); 3482 } 3483 3484 return retval; 3485 } 3486