1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <linux/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 SCTP_STATIC 69 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen); 71 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 72 const struct sctp_association *asoc, 73 const struct sctp_chunk *init_chunk, 74 int *cookie_len, 75 const __u8 *raw_addrs, int addrs_len); 76 static int sctp_process_param(struct sctp_association *asoc, 77 union sctp_params param, 78 const union sctp_addr *peer_addr, 79 gfp_t gfp); 80 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 81 const void *data); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 __constant_htons(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 __constant_htons(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 115 size_t paylen) 116 { 117 sctp_errhdr_t err; 118 __u16 len; 119 120 /* Cause code constants are now defined in network order. */ 121 err.cause = cause_code; 122 len = sizeof(sctp_errhdr_t) + paylen; 123 err.length = htons(len); 124 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 125 } 126 127 /* 3.3.2 Initiation (INIT) (1) 128 * 129 * This chunk is used to initiate a SCTP association between two 130 * endpoints. The format of the INIT chunk is shown below: 131 * 132 * 0 1 2 3 133 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 134 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 * | Type = 1 | Chunk Flags | Chunk Length | 136 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 137 * | Initiate Tag | 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Advertised Receiver Window Credit (a_rwnd) | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Number of Outbound Streams | Number of Inbound Streams | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Initial TSN | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * \ \ 146 * / Optional/Variable-Length Parameters / 147 * \ \ 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * 150 * 151 * The INIT chunk contains the following parameters. Unless otherwise 152 * noted, each parameter MUST only be included once in the INIT chunk. 153 * 154 * Fixed Parameters Status 155 * ---------------------------------------------- 156 * Initiate Tag Mandatory 157 * Advertised Receiver Window Credit Mandatory 158 * Number of Outbound Streams Mandatory 159 * Number of Inbound Streams Mandatory 160 * Initial TSN Mandatory 161 * 162 * Variable Parameters Status Type Value 163 * ------------------------------------------------------------- 164 * IPv4 Address (Note 1) Optional 5 165 * IPv6 Address (Note 1) Optional 6 166 * Cookie Preservative Optional 9 167 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 168 * Host Name Address (Note 3) Optional 11 169 * Supported Address Types (Note 4) Optional 12 170 */ 171 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 172 const struct sctp_bind_addr *bp, 173 gfp_t gfp, int vparam_len) 174 { 175 sctp_inithdr_t init; 176 union sctp_params addrs; 177 size_t chunksize; 178 struct sctp_chunk *retval = NULL; 179 int num_types, addrs_len = 0; 180 struct sctp_sock *sp; 181 sctp_supported_addrs_param_t sat; 182 __be16 types[2]; 183 sctp_adaptation_ind_param_t aiparam; 184 sctp_supported_ext_param_t ext_param; 185 int num_ext = 0; 186 __u8 extensions[3]; 187 sctp_paramhdr_t *auth_chunks = NULL, 188 *auth_hmacs = NULL; 189 190 /* RFC 2960 3.3.2 Initiation (INIT) (1) 191 * 192 * Note 1: The INIT chunks can contain multiple addresses that 193 * can be IPv4 and/or IPv6 in any combination. 194 */ 195 retval = NULL; 196 197 /* Convert the provided bind address list to raw format. */ 198 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 199 200 init.init_tag = htonl(asoc->c.my_vtag); 201 init.a_rwnd = htonl(asoc->rwnd); 202 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 203 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 204 init.initial_tsn = htonl(asoc->c.initial_tsn); 205 206 /* How many address types are needed? */ 207 sp = sctp_sk(asoc->base.sk); 208 num_types = sp->pf->supported_addrs(sp, types); 209 210 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 211 chunksize += sizeof(ecap_param); 212 213 /* ADDIP: Section 4.2.7: 214 * An implementation supporting this extension [ADDIP] MUST list 215 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 216 * INIT-ACK parameters. 217 */ 218 if (sctp_addip_enable) { 219 extensions[num_ext] = SCTP_CID_ASCONF; 220 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 221 num_ext += 2; 222 } 223 224 chunksize += sizeof(aiparam); 225 chunksize += vparam_len; 226 227 /* Account for AUTH related parameters */ 228 if (sctp_auth_enable) { 229 /* Add random parameter length*/ 230 chunksize += sizeof(asoc->c.auth_random); 231 232 /* Add HMACS parameter length if any were defined */ 233 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 234 if (auth_hmacs->length) 235 chunksize += ntohs(auth_hmacs->length); 236 else 237 auth_hmacs = NULL; 238 239 /* Add CHUNKS parameter length */ 240 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 241 if (auth_chunks->length) 242 chunksize += ntohs(auth_chunks->length); 243 else 244 auth_chunks = NULL; 245 246 extensions[num_ext] = SCTP_CID_AUTH; 247 num_ext += 1; 248 } 249 250 /* If we have any extensions to report, account for that */ 251 if (num_ext) 252 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 253 254 /* RFC 2960 3.3.2 Initiation (INIT) (1) 255 * 256 * Note 3: An INIT chunk MUST NOT contain more than one Host 257 * Name address parameter. Moreover, the sender of the INIT 258 * MUST NOT combine any other address types with the Host Name 259 * address in the INIT. The receiver of INIT MUST ignore any 260 * other address types if the Host Name address parameter is 261 * present in the received INIT chunk. 262 * 263 * PLEASE DO NOT FIXME [This version does not support Host Name.] 264 */ 265 266 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 267 if (!retval) 268 goto nodata; 269 270 retval->subh.init_hdr = 271 sctp_addto_chunk(retval, sizeof(init), &init); 272 retval->param_hdr.v = 273 sctp_addto_chunk(retval, addrs_len, addrs.v); 274 275 /* RFC 2960 3.3.2 Initiation (INIT) (1) 276 * 277 * Note 4: This parameter, when present, specifies all the 278 * address types the sending endpoint can support. The absence 279 * of this parameter indicates that the sending endpoint can 280 * support any address type. 281 */ 282 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 283 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 284 sctp_addto_chunk(retval, sizeof(sat), &sat); 285 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 286 287 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 288 289 /* Add the supported extensions parameter. Be nice and add this 290 * fist before addiding the parameters for the extensions themselves 291 */ 292 if (num_ext) { 293 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 294 ext_param.param_hdr.length = 295 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 296 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 297 &ext_param); 298 sctp_addto_param(retval, num_ext, extensions); 299 } 300 301 if (sctp_prsctp_enable) 302 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 303 304 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 305 aiparam.param_hdr.length = htons(sizeof(aiparam)); 306 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 307 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 308 309 /* Add SCTP-AUTH chunks to the parameter list */ 310 if (sctp_auth_enable) { 311 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 312 asoc->c.auth_random); 313 if (auth_hmacs) 314 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 315 auth_hmacs); 316 if (auth_chunks) 317 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 318 auth_chunks); 319 } 320 nodata: 321 kfree(addrs.v); 322 return retval; 323 } 324 325 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 326 const struct sctp_chunk *chunk, 327 gfp_t gfp, int unkparam_len) 328 { 329 sctp_inithdr_t initack; 330 struct sctp_chunk *retval; 331 union sctp_params addrs; 332 int addrs_len; 333 sctp_cookie_param_t *cookie; 334 int cookie_len; 335 size_t chunksize; 336 sctp_adaptation_ind_param_t aiparam; 337 sctp_supported_ext_param_t ext_param; 338 int num_ext = 0; 339 __u8 extensions[3]; 340 sctp_paramhdr_t *auth_chunks = NULL, 341 *auth_hmacs = NULL, 342 *auth_random = NULL; 343 344 retval = NULL; 345 346 /* Note: there may be no addresses to embed. */ 347 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 348 349 initack.init_tag = htonl(asoc->c.my_vtag); 350 initack.a_rwnd = htonl(asoc->rwnd); 351 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 352 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 353 initack.initial_tsn = htonl(asoc->c.initial_tsn); 354 355 /* FIXME: We really ought to build the cookie right 356 * into the packet instead of allocating more fresh memory. 357 */ 358 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 359 addrs.v, addrs_len); 360 if (!cookie) 361 goto nomem_cookie; 362 363 /* Calculate the total size of allocation, include the reserved 364 * space for reporting unknown parameters if it is specified. 365 */ 366 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 367 368 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 369 if (asoc->peer.ecn_capable) 370 chunksize += sizeof(ecap_param); 371 372 if (sctp_addip_enable) { 373 extensions[num_ext] = SCTP_CID_ASCONF; 374 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 375 num_ext += 2; 376 } 377 378 chunksize += sizeof(aiparam); 379 380 if (asoc->peer.auth_capable) { 381 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 382 chunksize += ntohs(auth_random->length); 383 384 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 385 if (auth_hmacs->length) 386 chunksize += ntohs(auth_hmacs->length); 387 else 388 auth_hmacs = NULL; 389 390 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 391 if (auth_chunks->length) 392 chunksize += ntohs(auth_chunks->length); 393 else 394 auth_chunks = NULL; 395 396 extensions[num_ext] = SCTP_CID_AUTH; 397 num_ext += 1; 398 } 399 400 if (num_ext) 401 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 402 403 /* Now allocate and fill out the chunk. */ 404 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 405 if (!retval) 406 goto nomem_chunk; 407 408 /* Per the advice in RFC 2960 6.4, send this reply to 409 * the source of the INIT packet. 410 */ 411 retval->transport = chunk->transport; 412 retval->subh.init_hdr = 413 sctp_addto_chunk(retval, sizeof(initack), &initack); 414 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 415 sctp_addto_chunk(retval, cookie_len, cookie); 416 if (asoc->peer.ecn_capable) 417 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 418 if (num_ext) { 419 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 420 ext_param.param_hdr.length = 421 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 422 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 423 &ext_param); 424 sctp_addto_param(retval, num_ext, extensions); 425 } 426 if (asoc->peer.prsctp_capable) 427 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 428 429 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 430 aiparam.param_hdr.length = htons(sizeof(aiparam)); 431 aiparam.adaptation_ind = htonl(sctp_sk(asoc->base.sk)->adaptation_ind); 432 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 433 434 if (asoc->peer.auth_capable) { 435 sctp_addto_chunk(retval, ntohs(auth_random->length), 436 auth_random); 437 if (auth_hmacs) 438 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 439 auth_hmacs); 440 if (auth_chunks) 441 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 442 auth_chunks); 443 } 444 445 /* We need to remove the const qualifier at this point. */ 446 retval->asoc = (struct sctp_association *) asoc; 447 448 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 449 * 450 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 451 * HEARTBEAT ACK, * etc.) to the same destination transport 452 * address from which it received the DATA or control chunk 453 * to which it is replying. 454 * 455 * [INIT ACK back to where the INIT came from.] 456 */ 457 if (chunk) 458 retval->transport = chunk->transport; 459 460 nomem_chunk: 461 kfree(cookie); 462 nomem_cookie: 463 kfree(addrs.v); 464 return retval; 465 } 466 467 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 468 * 469 * This chunk is used only during the initialization of an association. 470 * It is sent by the initiator of an association to its peer to complete 471 * the initialization process. This chunk MUST precede any DATA chunk 472 * sent within the association, but MAY be bundled with one or more DATA 473 * chunks in the same packet. 474 * 475 * 0 1 2 3 476 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 478 * | Type = 10 |Chunk Flags | Length | 479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 * / Cookie / 481 * \ \ 482 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 483 * 484 * Chunk Flags: 8 bit 485 * 486 * Set to zero on transmit and ignored on receipt. 487 * 488 * Length: 16 bits (unsigned integer) 489 * 490 * Set to the size of the chunk in bytes, including the 4 bytes of 491 * the chunk header and the size of the Cookie. 492 * 493 * Cookie: variable size 494 * 495 * This field must contain the exact cookie received in the 496 * State Cookie parameter from the previous INIT ACK. 497 * 498 * An implementation SHOULD make the cookie as small as possible 499 * to insure interoperability. 500 */ 501 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 502 const struct sctp_chunk *chunk) 503 { 504 struct sctp_chunk *retval; 505 void *cookie; 506 int cookie_len; 507 508 cookie = asoc->peer.cookie; 509 cookie_len = asoc->peer.cookie_len; 510 511 /* Build a cookie echo chunk. */ 512 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 513 if (!retval) 514 goto nodata; 515 retval->subh.cookie_hdr = 516 sctp_addto_chunk(retval, cookie_len, cookie); 517 518 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 519 * 520 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 521 * HEARTBEAT ACK, * etc.) to the same destination transport 522 * address from which it * received the DATA or control chunk 523 * to which it is replying. 524 * 525 * [COOKIE ECHO back to where the INIT ACK came from.] 526 */ 527 if (chunk) 528 retval->transport = chunk->transport; 529 530 nodata: 531 return retval; 532 } 533 534 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 535 * 536 * This chunk is used only during the initialization of an 537 * association. It is used to acknowledge the receipt of a COOKIE 538 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 539 * within the association, but MAY be bundled with one or more DATA 540 * chunks or SACK chunk in the same SCTP packet. 541 * 542 * 0 1 2 3 543 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 544 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 545 * | Type = 11 |Chunk Flags | Length = 4 | 546 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 547 * 548 * Chunk Flags: 8 bits 549 * 550 * Set to zero on transmit and ignored on receipt. 551 */ 552 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 553 const struct sctp_chunk *chunk) 554 { 555 struct sctp_chunk *retval; 556 557 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 558 559 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 560 * 561 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 562 * HEARTBEAT ACK, * etc.) to the same destination transport 563 * address from which it * received the DATA or control chunk 564 * to which it is replying. 565 * 566 * [COOKIE ACK back to where the COOKIE ECHO came from.] 567 */ 568 if (retval && chunk) 569 retval->transport = chunk->transport; 570 571 return retval; 572 } 573 574 /* 575 * Appendix A: Explicit Congestion Notification: 576 * CWR: 577 * 578 * RFC 2481 details a specific bit for a sender to send in the header of 579 * its next outbound TCP segment to indicate to its peer that it has 580 * reduced its congestion window. This is termed the CWR bit. For 581 * SCTP the same indication is made by including the CWR chunk. 582 * This chunk contains one data element, i.e. the TSN number that 583 * was sent in the ECNE chunk. This element represents the lowest 584 * TSN number in the datagram that was originally marked with the 585 * CE bit. 586 * 587 * 0 1 2 3 588 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 589 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 590 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 591 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 592 * | Lowest TSN Number | 593 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 594 * 595 * Note: The CWR is considered a Control chunk. 596 */ 597 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 598 const __u32 lowest_tsn, 599 const struct sctp_chunk *chunk) 600 { 601 struct sctp_chunk *retval; 602 sctp_cwrhdr_t cwr; 603 604 cwr.lowest_tsn = htonl(lowest_tsn); 605 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 606 sizeof(sctp_cwrhdr_t)); 607 608 if (!retval) 609 goto nodata; 610 611 retval->subh.ecn_cwr_hdr = 612 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 613 614 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 615 * 616 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 617 * HEARTBEAT ACK, * etc.) to the same destination transport 618 * address from which it * received the DATA or control chunk 619 * to which it is replying. 620 * 621 * [Report a reduced congestion window back to where the ECNE 622 * came from.] 623 */ 624 if (chunk) 625 retval->transport = chunk->transport; 626 627 nodata: 628 return retval; 629 } 630 631 /* Make an ECNE chunk. This is a congestion experienced report. */ 632 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 633 const __u32 lowest_tsn) 634 { 635 struct sctp_chunk *retval; 636 sctp_ecnehdr_t ecne; 637 638 ecne.lowest_tsn = htonl(lowest_tsn); 639 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 640 sizeof(sctp_ecnehdr_t)); 641 if (!retval) 642 goto nodata; 643 retval->subh.ecne_hdr = 644 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 645 646 nodata: 647 return retval; 648 } 649 650 /* Make a DATA chunk for the given association from the provided 651 * parameters. However, do not populate the data payload. 652 */ 653 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 654 const struct sctp_sndrcvinfo *sinfo, 655 int data_len, __u8 flags, __u16 ssn) 656 { 657 struct sctp_chunk *retval; 658 struct sctp_datahdr dp; 659 int chunk_len; 660 661 /* We assign the TSN as LATE as possible, not here when 662 * creating the chunk. 663 */ 664 dp.tsn = 0; 665 dp.stream = htons(sinfo->sinfo_stream); 666 dp.ppid = sinfo->sinfo_ppid; 667 668 /* Set the flags for an unordered send. */ 669 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 670 flags |= SCTP_DATA_UNORDERED; 671 dp.ssn = 0; 672 } else 673 dp.ssn = htons(ssn); 674 675 chunk_len = sizeof(dp) + data_len; 676 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 677 if (!retval) 678 goto nodata; 679 680 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 681 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 682 683 nodata: 684 return retval; 685 } 686 687 /* Create a selective ackowledgement (SACK) for the given 688 * association. This reports on which TSN's we've seen to date, 689 * including duplicates and gaps. 690 */ 691 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 692 { 693 struct sctp_chunk *retval; 694 struct sctp_sackhdr sack; 695 int len; 696 __u32 ctsn; 697 __u16 num_gabs, num_dup_tsns; 698 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 699 700 ctsn = sctp_tsnmap_get_ctsn(map); 701 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 702 703 /* How much room is needed in the chunk? */ 704 num_gabs = sctp_tsnmap_num_gabs(map); 705 num_dup_tsns = sctp_tsnmap_num_dups(map); 706 707 /* Initialize the SACK header. */ 708 sack.cum_tsn_ack = htonl(ctsn); 709 sack.a_rwnd = htonl(asoc->a_rwnd); 710 sack.num_gap_ack_blocks = htons(num_gabs); 711 sack.num_dup_tsns = htons(num_dup_tsns); 712 713 len = sizeof(sack) 714 + sizeof(struct sctp_gap_ack_block) * num_gabs 715 + sizeof(__u32) * num_dup_tsns; 716 717 /* Create the chunk. */ 718 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 719 if (!retval) 720 goto nodata; 721 722 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 723 * 724 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 725 * HEARTBEAT ACK, etc.) to the same destination transport 726 * address from which it received the DATA or control chunk to 727 * which it is replying. This rule should also be followed if 728 * the endpoint is bundling DATA chunks together with the 729 * reply chunk. 730 * 731 * However, when acknowledging multiple DATA chunks received 732 * in packets from different source addresses in a single 733 * SACK, the SACK chunk may be transmitted to one of the 734 * destination transport addresses from which the DATA or 735 * control chunks being acknowledged were received. 736 * 737 * [BUG: We do not implement the following paragraph. 738 * Perhaps we should remember the last transport we used for a 739 * SACK and avoid that (if possible) if we have seen any 740 * duplicates. --piggy] 741 * 742 * When a receiver of a duplicate DATA chunk sends a SACK to a 743 * multi- homed endpoint it MAY be beneficial to vary the 744 * destination address and not use the source address of the 745 * DATA chunk. The reason being that receiving a duplicate 746 * from a multi-homed endpoint might indicate that the return 747 * path (as specified in the source address of the DATA chunk) 748 * for the SACK is broken. 749 * 750 * [Send to the address from which we last received a DATA chunk.] 751 */ 752 retval->transport = asoc->peer.last_data_from; 753 754 retval->subh.sack_hdr = 755 sctp_addto_chunk(retval, sizeof(sack), &sack); 756 757 /* Add the gap ack block information. */ 758 if (num_gabs) 759 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 760 sctp_tsnmap_get_gabs(map)); 761 762 /* Add the duplicate TSN information. */ 763 if (num_dup_tsns) 764 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 765 sctp_tsnmap_get_dups(map)); 766 767 nodata: 768 return retval; 769 } 770 771 /* Make a SHUTDOWN chunk. */ 772 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 773 const struct sctp_chunk *chunk) 774 { 775 struct sctp_chunk *retval; 776 sctp_shutdownhdr_t shut; 777 __u32 ctsn; 778 779 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 780 shut.cum_tsn_ack = htonl(ctsn); 781 782 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 783 sizeof(sctp_shutdownhdr_t)); 784 if (!retval) 785 goto nodata; 786 787 retval->subh.shutdown_hdr = 788 sctp_addto_chunk(retval, sizeof(shut), &shut); 789 790 if (chunk) 791 retval->transport = chunk->transport; 792 nodata: 793 return retval; 794 } 795 796 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 797 const struct sctp_chunk *chunk) 798 { 799 struct sctp_chunk *retval; 800 801 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 802 803 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 804 * 805 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 806 * HEARTBEAT ACK, * etc.) to the same destination transport 807 * address from which it * received the DATA or control chunk 808 * to which it is replying. 809 * 810 * [ACK back to where the SHUTDOWN came from.] 811 */ 812 if (retval && chunk) 813 retval->transport = chunk->transport; 814 815 return retval; 816 } 817 818 struct sctp_chunk *sctp_make_shutdown_complete( 819 const struct sctp_association *asoc, 820 const struct sctp_chunk *chunk) 821 { 822 struct sctp_chunk *retval; 823 __u8 flags = 0; 824 825 /* Set the T-bit if we have no association (vtag will be 826 * reflected) 827 */ 828 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 829 830 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 831 832 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 833 * 834 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 835 * HEARTBEAT ACK, * etc.) to the same destination transport 836 * address from which it * received the DATA or control chunk 837 * to which it is replying. 838 * 839 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 840 * came from.] 841 */ 842 if (retval && chunk) 843 retval->transport = chunk->transport; 844 845 return retval; 846 } 847 848 /* Create an ABORT. Note that we set the T bit if we have no 849 * association, except when responding to an INIT (sctpimpguide 2.41). 850 */ 851 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 852 const struct sctp_chunk *chunk, 853 const size_t hint) 854 { 855 struct sctp_chunk *retval; 856 __u8 flags = 0; 857 858 /* Set the T-bit if we have no association and 'chunk' is not 859 * an INIT (vtag will be reflected). 860 */ 861 if (!asoc) { 862 if (chunk && chunk->chunk_hdr && 863 chunk->chunk_hdr->type == SCTP_CID_INIT) 864 flags = 0; 865 else 866 flags = SCTP_CHUNK_FLAG_T; 867 } 868 869 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 870 871 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 872 * 873 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 874 * HEARTBEAT ACK, * etc.) to the same destination transport 875 * address from which it * received the DATA or control chunk 876 * to which it is replying. 877 * 878 * [ABORT back to where the offender came from.] 879 */ 880 if (retval && chunk) 881 retval->transport = chunk->transport; 882 883 return retval; 884 } 885 886 /* Helper to create ABORT with a NO_USER_DATA error. */ 887 struct sctp_chunk *sctp_make_abort_no_data( 888 const struct sctp_association *asoc, 889 const struct sctp_chunk *chunk, __u32 tsn) 890 { 891 struct sctp_chunk *retval; 892 __be32 payload; 893 894 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 895 + sizeof(tsn)); 896 897 if (!retval) 898 goto no_mem; 899 900 /* Put the tsn back into network byte order. */ 901 payload = htonl(tsn); 902 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 903 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 904 905 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 906 * 907 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 908 * HEARTBEAT ACK, * etc.) to the same destination transport 909 * address from which it * received the DATA or control chunk 910 * to which it is replying. 911 * 912 * [ABORT back to where the offender came from.] 913 */ 914 if (chunk) 915 retval->transport = chunk->transport; 916 917 no_mem: 918 return retval; 919 } 920 921 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 922 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 923 const struct msghdr *msg, 924 size_t paylen) 925 { 926 struct sctp_chunk *retval; 927 void *payload = NULL; 928 int err; 929 930 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 931 if (!retval) 932 goto err_chunk; 933 934 if (paylen) { 935 /* Put the msg_iov together into payload. */ 936 payload = kmalloc(paylen, GFP_KERNEL); 937 if (!payload) 938 goto err_payload; 939 940 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 941 if (err < 0) 942 goto err_copy; 943 } 944 945 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 946 sctp_addto_chunk(retval, paylen, payload); 947 948 if (paylen) 949 kfree(payload); 950 951 return retval; 952 953 err_copy: 954 kfree(payload); 955 err_payload: 956 sctp_chunk_free(retval); 957 retval = NULL; 958 err_chunk: 959 return retval; 960 } 961 962 /* Append bytes to the end of a parameter. Will panic if chunk is not big 963 * enough. 964 */ 965 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 966 const void *data) 967 { 968 void *target; 969 int chunklen = ntohs(chunk->chunk_hdr->length); 970 971 target = skb_put(chunk->skb, len); 972 973 memcpy(target, data, len); 974 975 /* Adjust the chunk length field. */ 976 chunk->chunk_hdr->length = htons(chunklen + len); 977 chunk->chunk_end = skb_tail_pointer(chunk->skb); 978 979 return target; 980 } 981 982 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 983 struct sctp_chunk *sctp_make_abort_violation( 984 const struct sctp_association *asoc, 985 const struct sctp_chunk *chunk, 986 const __u8 *payload, 987 const size_t paylen) 988 { 989 struct sctp_chunk *retval; 990 struct sctp_paramhdr phdr; 991 992 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 993 + sizeof(sctp_paramhdr_t)); 994 if (!retval) 995 goto end; 996 997 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 998 + sizeof(sctp_paramhdr_t)); 999 1000 phdr.type = htons(chunk->chunk_hdr->type); 1001 phdr.length = chunk->chunk_hdr->length; 1002 sctp_addto_chunk(retval, paylen, payload); 1003 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1004 1005 end: 1006 return retval; 1007 } 1008 1009 /* Make a HEARTBEAT chunk. */ 1010 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1011 const struct sctp_transport *transport, 1012 const void *payload, const size_t paylen) 1013 { 1014 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1015 0, paylen); 1016 1017 if (!retval) 1018 goto nodata; 1019 1020 /* Cast away the 'const', as this is just telling the chunk 1021 * what transport it belongs to. 1022 */ 1023 retval->transport = (struct sctp_transport *) transport; 1024 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1025 1026 nodata: 1027 return retval; 1028 } 1029 1030 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1031 const struct sctp_chunk *chunk, 1032 const void *payload, const size_t paylen) 1033 { 1034 struct sctp_chunk *retval; 1035 1036 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1037 if (!retval) 1038 goto nodata; 1039 1040 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1041 1042 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1043 * 1044 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1045 * HEARTBEAT ACK, * etc.) to the same destination transport 1046 * address from which it * received the DATA or control chunk 1047 * to which it is replying. 1048 * 1049 * [HBACK back to where the HEARTBEAT came from.] 1050 */ 1051 if (chunk) 1052 retval->transport = chunk->transport; 1053 1054 nodata: 1055 return retval; 1056 } 1057 1058 /* Create an Operation Error chunk with the specified space reserved. 1059 * This routine can be used for containing multiple causes in the chunk. 1060 */ 1061 static struct sctp_chunk *sctp_make_op_error_space( 1062 const struct sctp_association *asoc, 1063 const struct sctp_chunk *chunk, 1064 size_t size) 1065 { 1066 struct sctp_chunk *retval; 1067 1068 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1069 sizeof(sctp_errhdr_t) + size); 1070 if (!retval) 1071 goto nodata; 1072 1073 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1074 * 1075 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1076 * HEARTBEAT ACK, etc.) to the same destination transport 1077 * address from which it received the DATA or control chunk 1078 * to which it is replying. 1079 * 1080 */ 1081 if (chunk) 1082 retval->transport = chunk->transport; 1083 1084 nodata: 1085 return retval; 1086 } 1087 1088 /* Create an Operation Error chunk. */ 1089 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1090 const struct sctp_chunk *chunk, 1091 __be16 cause_code, const void *payload, 1092 size_t paylen) 1093 { 1094 struct sctp_chunk *retval; 1095 1096 retval = sctp_make_op_error_space(asoc, chunk, paylen); 1097 if (!retval) 1098 goto nodata; 1099 1100 sctp_init_cause(retval, cause_code, paylen); 1101 sctp_addto_chunk(retval, paylen, payload); 1102 1103 nodata: 1104 return retval; 1105 } 1106 1107 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1108 { 1109 struct sctp_chunk *retval; 1110 struct sctp_hmac *hmac_desc; 1111 struct sctp_authhdr auth_hdr; 1112 __u8 *hmac; 1113 1114 /* Get the first hmac that the peer told us to use */ 1115 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1116 if (unlikely(!hmac_desc)) 1117 return NULL; 1118 1119 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1120 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1121 if (!retval) 1122 return NULL; 1123 1124 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1125 auth_hdr.shkey_id = htons(asoc->active_key_id); 1126 1127 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1128 &auth_hdr); 1129 1130 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1131 memset(hmac, 0, hmac_desc->hmac_len); 1132 1133 /* Adjust the chunk header to include the empty MAC */ 1134 retval->chunk_hdr->length = 1135 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1136 retval->chunk_end = skb_tail_pointer(retval->skb); 1137 1138 return retval; 1139 } 1140 1141 1142 /******************************************************************** 1143 * 2nd Level Abstractions 1144 ********************************************************************/ 1145 1146 /* Turn an skb into a chunk. 1147 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1148 */ 1149 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1150 const struct sctp_association *asoc, 1151 struct sock *sk) 1152 { 1153 struct sctp_chunk *retval; 1154 1155 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1156 1157 if (!retval) 1158 goto nodata; 1159 1160 if (!sk) { 1161 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1162 } 1163 1164 INIT_LIST_HEAD(&retval->list); 1165 retval->skb = skb; 1166 retval->asoc = (struct sctp_association *)asoc; 1167 retval->resent = 0; 1168 retval->has_tsn = 0; 1169 retval->has_ssn = 0; 1170 retval->rtt_in_progress = 0; 1171 retval->sent_at = 0; 1172 retval->singleton = 1; 1173 retval->end_of_packet = 0; 1174 retval->ecn_ce_done = 0; 1175 retval->pdiscard = 0; 1176 1177 /* sctpimpguide-05.txt Section 2.8.2 1178 * M1) Each time a new DATA chunk is transmitted 1179 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1180 * 'TSN.Missing.Report' count will be used to determine missing chunks 1181 * and when to fast retransmit. 1182 */ 1183 retval->tsn_missing_report = 0; 1184 retval->tsn_gap_acked = 0; 1185 retval->fast_retransmit = 0; 1186 1187 /* If this is a fragmented message, track all fragments 1188 * of the message (for SEND_FAILED). 1189 */ 1190 retval->msg = NULL; 1191 1192 /* Polish the bead hole. */ 1193 INIT_LIST_HEAD(&retval->transmitted_list); 1194 INIT_LIST_HEAD(&retval->frag_list); 1195 SCTP_DBG_OBJCNT_INC(chunk); 1196 atomic_set(&retval->refcnt, 1); 1197 1198 nodata: 1199 return retval; 1200 } 1201 1202 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1203 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1204 union sctp_addr *dest) 1205 { 1206 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1207 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1208 } 1209 1210 /* Extract the source address from a chunk. */ 1211 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1212 { 1213 /* If we have a known transport, use that. */ 1214 if (chunk->transport) { 1215 return &chunk->transport->ipaddr; 1216 } else { 1217 /* Otherwise, extract it from the IP header. */ 1218 return &chunk->source; 1219 } 1220 } 1221 1222 /* Create a new chunk, setting the type and flags headers from the 1223 * arguments, reserving enough space for a 'paylen' byte payload. 1224 */ 1225 SCTP_STATIC 1226 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1227 __u8 type, __u8 flags, int paylen) 1228 { 1229 struct sctp_chunk *retval; 1230 sctp_chunkhdr_t *chunk_hdr; 1231 struct sk_buff *skb; 1232 struct sock *sk; 1233 1234 /* No need to allocate LL here, as this is only a chunk. */ 1235 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1236 GFP_ATOMIC); 1237 if (!skb) 1238 goto nodata; 1239 1240 /* Make room for the chunk header. */ 1241 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1242 chunk_hdr->type = type; 1243 chunk_hdr->flags = flags; 1244 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1245 1246 sk = asoc ? asoc->base.sk : NULL; 1247 retval = sctp_chunkify(skb, asoc, sk); 1248 if (!retval) { 1249 kfree_skb(skb); 1250 goto nodata; 1251 } 1252 1253 retval->chunk_hdr = chunk_hdr; 1254 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1255 1256 /* Determine if the chunk needs to be authenticated */ 1257 if (sctp_auth_send_cid(type, asoc)) 1258 retval->auth = 1; 1259 1260 /* Set the skb to the belonging sock for accounting. */ 1261 skb->sk = sk; 1262 1263 return retval; 1264 nodata: 1265 return NULL; 1266 } 1267 1268 1269 /* Release the memory occupied by a chunk. */ 1270 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1271 { 1272 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1273 dev_kfree_skb(chunk->skb); 1274 1275 SCTP_DBG_OBJCNT_DEC(chunk); 1276 kmem_cache_free(sctp_chunk_cachep, chunk); 1277 } 1278 1279 /* Possibly, free the chunk. */ 1280 void sctp_chunk_free(struct sctp_chunk *chunk) 1281 { 1282 BUG_ON(!list_empty(&chunk->list)); 1283 list_del_init(&chunk->transmitted_list); 1284 1285 /* Release our reference on the message tracker. */ 1286 if (chunk->msg) 1287 sctp_datamsg_put(chunk->msg); 1288 1289 sctp_chunk_put(chunk); 1290 } 1291 1292 /* Grab a reference to the chunk. */ 1293 void sctp_chunk_hold(struct sctp_chunk *ch) 1294 { 1295 atomic_inc(&ch->refcnt); 1296 } 1297 1298 /* Release a reference to the chunk. */ 1299 void sctp_chunk_put(struct sctp_chunk *ch) 1300 { 1301 if (atomic_dec_and_test(&ch->refcnt)) 1302 sctp_chunk_destroy(ch); 1303 } 1304 1305 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1306 * enough. 1307 */ 1308 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1309 { 1310 void *target; 1311 void *padding; 1312 int chunklen = ntohs(chunk->chunk_hdr->length); 1313 int padlen = WORD_ROUND(chunklen) - chunklen; 1314 1315 padding = skb_put(chunk->skb, padlen); 1316 target = skb_put(chunk->skb, len); 1317 1318 memset(padding, 0, padlen); 1319 memcpy(target, data, len); 1320 1321 /* Adjust the chunk length field. */ 1322 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1323 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1324 1325 return target; 1326 } 1327 1328 /* Append bytes from user space to the end of a chunk. Will panic if 1329 * chunk is not big enough. 1330 * Returns a kernel err value. 1331 */ 1332 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1333 struct iovec *data) 1334 { 1335 __u8 *target; 1336 int err = 0; 1337 1338 /* Make room in chunk for data. */ 1339 target = skb_put(chunk->skb, len); 1340 1341 /* Copy data (whole iovec) into chunk */ 1342 if ((err = memcpy_fromiovecend(target, data, off, len))) 1343 goto out; 1344 1345 /* Adjust the chunk length field. */ 1346 chunk->chunk_hdr->length = 1347 htons(ntohs(chunk->chunk_hdr->length) + len); 1348 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1349 1350 out: 1351 return err; 1352 } 1353 1354 /* Helper function to assign a TSN if needed. This assumes that both 1355 * the data_hdr and association have already been assigned. 1356 */ 1357 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1358 { 1359 struct sctp_datamsg *msg; 1360 struct sctp_chunk *lchunk; 1361 struct sctp_stream *stream; 1362 __u16 ssn; 1363 __u16 sid; 1364 1365 if (chunk->has_ssn) 1366 return; 1367 1368 /* All fragments will be on the same stream */ 1369 sid = ntohs(chunk->subh.data_hdr->stream); 1370 stream = &chunk->asoc->ssnmap->out; 1371 1372 /* Now assign the sequence number to the entire message. 1373 * All fragments must have the same stream sequence number. 1374 */ 1375 msg = chunk->msg; 1376 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1377 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1378 ssn = 0; 1379 } else { 1380 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1381 ssn = sctp_ssn_next(stream, sid); 1382 else 1383 ssn = sctp_ssn_peek(stream, sid); 1384 } 1385 1386 lchunk->subh.data_hdr->ssn = htons(ssn); 1387 lchunk->has_ssn = 1; 1388 } 1389 } 1390 1391 /* Helper function to assign a TSN if needed. This assumes that both 1392 * the data_hdr and association have already been assigned. 1393 */ 1394 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1395 { 1396 if (!chunk->has_tsn) { 1397 /* This is the last possible instant to 1398 * assign a TSN. 1399 */ 1400 chunk->subh.data_hdr->tsn = 1401 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1402 chunk->has_tsn = 1; 1403 } 1404 } 1405 1406 /* Create a CLOSED association to use with an incoming packet. */ 1407 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1408 struct sctp_chunk *chunk, 1409 gfp_t gfp) 1410 { 1411 struct sctp_association *asoc; 1412 struct sk_buff *skb; 1413 sctp_scope_t scope; 1414 struct sctp_af *af; 1415 1416 /* Create the bare association. */ 1417 scope = sctp_scope(sctp_source(chunk)); 1418 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1419 if (!asoc) 1420 goto nodata; 1421 asoc->temp = 1; 1422 skb = chunk->skb; 1423 /* Create an entry for the source address of the packet. */ 1424 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1425 if (unlikely(!af)) 1426 goto fail; 1427 af->from_skb(&asoc->c.peer_addr, skb, 1); 1428 nodata: 1429 return asoc; 1430 1431 fail: 1432 sctp_association_free(asoc); 1433 return NULL; 1434 } 1435 1436 /* Build a cookie representing asoc. 1437 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1438 */ 1439 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1440 const struct sctp_association *asoc, 1441 const struct sctp_chunk *init_chunk, 1442 int *cookie_len, 1443 const __u8 *raw_addrs, int addrs_len) 1444 { 1445 sctp_cookie_param_t *retval; 1446 struct sctp_signed_cookie *cookie; 1447 struct scatterlist sg; 1448 int headersize, bodysize; 1449 unsigned int keylen; 1450 char *key; 1451 1452 /* Header size is static data prior to the actual cookie, including 1453 * any padding. 1454 */ 1455 headersize = sizeof(sctp_paramhdr_t) + 1456 (sizeof(struct sctp_signed_cookie) - 1457 sizeof(struct sctp_cookie)); 1458 bodysize = sizeof(struct sctp_cookie) 1459 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1460 1461 /* Pad out the cookie to a multiple to make the signature 1462 * functions simpler to write. 1463 */ 1464 if (bodysize % SCTP_COOKIE_MULTIPLE) 1465 bodysize += SCTP_COOKIE_MULTIPLE 1466 - (bodysize % SCTP_COOKIE_MULTIPLE); 1467 *cookie_len = headersize + bodysize; 1468 1469 /* Clear this memory since we are sending this data structure 1470 * out on the network. 1471 */ 1472 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1473 if (!retval) 1474 goto nodata; 1475 1476 cookie = (struct sctp_signed_cookie *) retval->body; 1477 1478 /* Set up the parameter header. */ 1479 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1480 retval->p.length = htons(*cookie_len); 1481 1482 /* Copy the cookie part of the association itself. */ 1483 cookie->c = asoc->c; 1484 /* Save the raw address list length in the cookie. */ 1485 cookie->c.raw_addr_list_len = addrs_len; 1486 1487 /* Remember PR-SCTP capability. */ 1488 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1489 1490 /* Save adaptation indication in the cookie. */ 1491 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1492 1493 /* Set an expiration time for the cookie. */ 1494 do_gettimeofday(&cookie->c.expiration); 1495 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1496 1497 /* Copy the peer's init packet. */ 1498 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1499 ntohs(init_chunk->chunk_hdr->length)); 1500 1501 /* Copy the raw local address list of the association. */ 1502 memcpy((__u8 *)&cookie->c.peer_init[0] + 1503 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1504 1505 if (sctp_sk(ep->base.sk)->hmac) { 1506 struct hash_desc desc; 1507 1508 /* Sign the message. */ 1509 sg_init_one(&sg, &cookie->c, bodysize); 1510 keylen = SCTP_SECRET_SIZE; 1511 key = (char *)ep->secret_key[ep->current_key]; 1512 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1513 desc.flags = 0; 1514 1515 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1516 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1517 goto free_cookie; 1518 } 1519 1520 return retval; 1521 1522 free_cookie: 1523 kfree(retval); 1524 nodata: 1525 *cookie_len = 0; 1526 return NULL; 1527 } 1528 1529 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1530 struct sctp_association *sctp_unpack_cookie( 1531 const struct sctp_endpoint *ep, 1532 const struct sctp_association *asoc, 1533 struct sctp_chunk *chunk, gfp_t gfp, 1534 int *error, struct sctp_chunk **errp) 1535 { 1536 struct sctp_association *retval = NULL; 1537 struct sctp_signed_cookie *cookie; 1538 struct sctp_cookie *bear_cookie; 1539 int headersize, bodysize, fixed_size; 1540 __u8 *digest = ep->digest; 1541 struct scatterlist sg; 1542 unsigned int keylen, len; 1543 char *key; 1544 sctp_scope_t scope; 1545 struct sk_buff *skb = chunk->skb; 1546 struct timeval tv; 1547 struct hash_desc desc; 1548 1549 /* Header size is static data prior to the actual cookie, including 1550 * any padding. 1551 */ 1552 headersize = sizeof(sctp_chunkhdr_t) + 1553 (sizeof(struct sctp_signed_cookie) - 1554 sizeof(struct sctp_cookie)); 1555 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1556 fixed_size = headersize + sizeof(struct sctp_cookie); 1557 1558 /* Verify that the chunk looks like it even has a cookie. 1559 * There must be enough room for our cookie and our peer's 1560 * INIT chunk. 1561 */ 1562 len = ntohs(chunk->chunk_hdr->length); 1563 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1564 goto malformed; 1565 1566 /* Verify that the cookie has been padded out. */ 1567 if (bodysize % SCTP_COOKIE_MULTIPLE) 1568 goto malformed; 1569 1570 /* Process the cookie. */ 1571 cookie = chunk->subh.cookie_hdr; 1572 bear_cookie = &cookie->c; 1573 1574 if (!sctp_sk(ep->base.sk)->hmac) 1575 goto no_hmac; 1576 1577 /* Check the signature. */ 1578 keylen = SCTP_SECRET_SIZE; 1579 sg_init_one(&sg, bear_cookie, bodysize); 1580 key = (char *)ep->secret_key[ep->current_key]; 1581 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1582 desc.flags = 0; 1583 1584 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1585 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1586 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1587 *error = -SCTP_IERROR_NOMEM; 1588 goto fail; 1589 } 1590 1591 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1592 /* Try the previous key. */ 1593 key = (char *)ep->secret_key[ep->last_key]; 1594 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1595 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1596 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1597 *error = -SCTP_IERROR_NOMEM; 1598 goto fail; 1599 } 1600 1601 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1602 /* Yikes! Still bad signature! */ 1603 *error = -SCTP_IERROR_BAD_SIG; 1604 goto fail; 1605 } 1606 } 1607 1608 no_hmac: 1609 /* IG Section 2.35.2: 1610 * 3) Compare the port numbers and the verification tag contained 1611 * within the COOKIE ECHO chunk to the actual port numbers and the 1612 * verification tag within the SCTP common header of the received 1613 * packet. If these values do not match the packet MUST be silently 1614 * discarded, 1615 */ 1616 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1617 *error = -SCTP_IERROR_BAD_TAG; 1618 goto fail; 1619 } 1620 1621 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1622 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1623 *error = -SCTP_IERROR_BAD_PORTS; 1624 goto fail; 1625 } 1626 1627 /* Check to see if the cookie is stale. If there is already 1628 * an association, there is no need to check cookie's expiration 1629 * for init collision case of lost COOKIE ACK. 1630 * If skb has been timestamped, then use the stamp, otherwise 1631 * use current time. This introduces a small possibility that 1632 * that a cookie may be considered expired, but his would only slow 1633 * down the new association establishment instead of every packet. 1634 */ 1635 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1636 skb_get_timestamp(skb, &tv); 1637 else 1638 do_gettimeofday(&tv); 1639 1640 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1641 /* 1642 * Section 3.3.10.3 Stale Cookie Error (3) 1643 * 1644 * Cause of error 1645 * --------------- 1646 * Stale Cookie Error: Indicates the receipt of a valid State 1647 * Cookie that has expired. 1648 */ 1649 len = ntohs(chunk->chunk_hdr->length); 1650 *errp = sctp_make_op_error_space(asoc, chunk, len); 1651 if (*errp) { 1652 suseconds_t usecs = (tv.tv_sec - 1653 bear_cookie->expiration.tv_sec) * 1000000L + 1654 tv.tv_usec - bear_cookie->expiration.tv_usec; 1655 __be32 n = htonl(usecs); 1656 1657 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1658 sizeof(n)); 1659 sctp_addto_chunk(*errp, sizeof(n), &n); 1660 *error = -SCTP_IERROR_STALE_COOKIE; 1661 } else 1662 *error = -SCTP_IERROR_NOMEM; 1663 1664 goto fail; 1665 } 1666 1667 /* Make a new base association. */ 1668 scope = sctp_scope(sctp_source(chunk)); 1669 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1670 if (!retval) { 1671 *error = -SCTP_IERROR_NOMEM; 1672 goto fail; 1673 } 1674 1675 /* Set up our peer's port number. */ 1676 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1677 1678 /* Populate the association from the cookie. */ 1679 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1680 1681 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1682 GFP_ATOMIC) < 0) { 1683 *error = -SCTP_IERROR_NOMEM; 1684 goto fail; 1685 } 1686 1687 /* Also, add the destination address. */ 1688 if (list_empty(&retval->base.bind_addr.address_list)) { 1689 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1, 1690 GFP_ATOMIC); 1691 } 1692 1693 retval->next_tsn = retval->c.initial_tsn; 1694 retval->ctsn_ack_point = retval->next_tsn - 1; 1695 retval->addip_serial = retval->c.initial_tsn; 1696 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1697 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1698 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1699 1700 /* The INIT stuff will be done by the side effects. */ 1701 return retval; 1702 1703 fail: 1704 if (retval) 1705 sctp_association_free(retval); 1706 1707 return NULL; 1708 1709 malformed: 1710 /* Yikes! The packet is either corrupt or deliberately 1711 * malformed. 1712 */ 1713 *error = -SCTP_IERROR_MALFORMED; 1714 goto fail; 1715 } 1716 1717 /******************************************************************** 1718 * 3rd Level Abstractions 1719 ********************************************************************/ 1720 1721 struct __sctp_missing { 1722 __be32 num_missing; 1723 __be16 type; 1724 } __attribute__((packed)); 1725 1726 /* 1727 * Report a missing mandatory parameter. 1728 */ 1729 static int sctp_process_missing_param(const struct sctp_association *asoc, 1730 sctp_param_t paramtype, 1731 struct sctp_chunk *chunk, 1732 struct sctp_chunk **errp) 1733 { 1734 struct __sctp_missing report; 1735 __u16 len; 1736 1737 len = WORD_ROUND(sizeof(report)); 1738 1739 /* Make an ERROR chunk, preparing enough room for 1740 * returning multiple unknown parameters. 1741 */ 1742 if (!*errp) 1743 *errp = sctp_make_op_error_space(asoc, chunk, len); 1744 1745 if (*errp) { 1746 report.num_missing = htonl(1); 1747 report.type = paramtype; 1748 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1749 sizeof(report)); 1750 sctp_addto_chunk(*errp, sizeof(report), &report); 1751 } 1752 1753 /* Stop processing this chunk. */ 1754 return 0; 1755 } 1756 1757 /* Report an Invalid Mandatory Parameter. */ 1758 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1759 struct sctp_chunk *chunk, 1760 struct sctp_chunk **errp) 1761 { 1762 /* Invalid Mandatory Parameter Error has no payload. */ 1763 1764 if (!*errp) 1765 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1766 1767 if (*errp) 1768 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1769 1770 /* Stop processing this chunk. */ 1771 return 0; 1772 } 1773 1774 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1775 struct sctp_paramhdr *param, 1776 const struct sctp_chunk *chunk, 1777 struct sctp_chunk **errp) 1778 { 1779 char error[] = "The following parameter had invalid length:"; 1780 size_t payload_len = WORD_ROUND(sizeof(error)) + 1781 sizeof(sctp_paramhdr_t); 1782 1783 1784 /* This is a fatal error. Any accumulated non-fatal errors are 1785 * not reported. 1786 */ 1787 if (*errp) 1788 sctp_chunk_free(*errp); 1789 1790 /* Create an error chunk and fill it in with our payload. */ 1791 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1792 1793 if (*errp) { 1794 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, 1795 sizeof(error) + sizeof(sctp_paramhdr_t)); 1796 sctp_addto_chunk(*errp, sizeof(error), error); 1797 sctp_addto_param(*errp, sizeof(sctp_paramhdr_t), param); 1798 } 1799 1800 return 0; 1801 } 1802 1803 1804 /* Do not attempt to handle the HOST_NAME parm. However, do 1805 * send back an indicator to the peer. 1806 */ 1807 static int sctp_process_hn_param(const struct sctp_association *asoc, 1808 union sctp_params param, 1809 struct sctp_chunk *chunk, 1810 struct sctp_chunk **errp) 1811 { 1812 __u16 len = ntohs(param.p->length); 1813 1814 /* Processing of the HOST_NAME parameter will generate an 1815 * ABORT. If we've accumulated any non-fatal errors, they 1816 * would be unrecognized parameters and we should not include 1817 * them in the ABORT. 1818 */ 1819 if (*errp) 1820 sctp_chunk_free(*errp); 1821 1822 *errp = sctp_make_op_error_space(asoc, chunk, len); 1823 1824 if (*errp) { 1825 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1826 sctp_addto_chunk(*errp, len, param.v); 1827 } 1828 1829 /* Stop processing this chunk. */ 1830 return 0; 1831 } 1832 1833 static void sctp_process_ext_param(struct sctp_association *asoc, 1834 union sctp_params param) 1835 { 1836 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1837 int i; 1838 1839 for (i = 0; i < num_ext; i++) { 1840 switch (param.ext->chunks[i]) { 1841 case SCTP_CID_FWD_TSN: 1842 if (sctp_prsctp_enable && 1843 !asoc->peer.prsctp_capable) 1844 asoc->peer.prsctp_capable = 1; 1845 break; 1846 case SCTP_CID_AUTH: 1847 /* if the peer reports AUTH, assume that he 1848 * supports AUTH. 1849 */ 1850 asoc->peer.auth_capable = 1; 1851 break; 1852 case SCTP_CID_ASCONF: 1853 case SCTP_CID_ASCONF_ACK: 1854 asoc->peer.asconf_capable = 1; 1855 break; 1856 default: 1857 break; 1858 } 1859 } 1860 } 1861 1862 /* RFC 3.2.1 & the Implementers Guide 2.2. 1863 * 1864 * The Parameter Types are encoded such that the 1865 * highest-order two bits specify the action that must be 1866 * taken if the processing endpoint does not recognize the 1867 * Parameter Type. 1868 * 1869 * 00 - Stop processing this parameter; do not process any further 1870 * parameters within this chunk 1871 * 1872 * 01 - Stop processing this parameter, do not process any further 1873 * parameters within this chunk, and report the unrecognized 1874 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1875 * 1876 * 10 - Skip this parameter and continue processing. 1877 * 1878 * 11 - Skip this parameter and continue processing but 1879 * report the unrecognized parameter in an 1880 * 'Unrecognized Parameter' ERROR chunk. 1881 * 1882 * Return value: 1883 * SCTP_IERROR_NO_ERROR - continue with the chunk 1884 * SCTP_IERROR_ERROR - stop and report an error. 1885 * SCTP_IERROR_NOMEME - out of memory. 1886 */ 1887 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 1888 union sctp_params param, 1889 struct sctp_chunk *chunk, 1890 struct sctp_chunk **errp) 1891 { 1892 int retval = SCTP_IERROR_NO_ERROR; 1893 1894 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1895 case SCTP_PARAM_ACTION_DISCARD: 1896 retval = SCTP_IERROR_ERROR; 1897 break; 1898 case SCTP_PARAM_ACTION_SKIP: 1899 break; 1900 case SCTP_PARAM_ACTION_DISCARD_ERR: 1901 retval = SCTP_IERROR_ERROR; 1902 /* Fall through */ 1903 case SCTP_PARAM_ACTION_SKIP_ERR: 1904 /* Make an ERROR chunk, preparing enough room for 1905 * returning multiple unknown parameters. 1906 */ 1907 if (NULL == *errp) 1908 *errp = sctp_make_op_error_space(asoc, chunk, 1909 ntohs(chunk->chunk_hdr->length)); 1910 1911 if (*errp) { 1912 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1913 WORD_ROUND(ntohs(param.p->length))); 1914 sctp_addto_chunk(*errp, 1915 WORD_ROUND(ntohs(param.p->length)), 1916 param.v); 1917 } else { 1918 /* If there is no memory for generating the ERROR 1919 * report as specified, an ABORT will be triggered 1920 * to the peer and the association won't be 1921 * established. 1922 */ 1923 retval = SCTP_IERROR_NOMEM; 1924 } 1925 break; 1926 default: 1927 break; 1928 } 1929 1930 return retval; 1931 } 1932 1933 /* Verify variable length parameters 1934 * Return values: 1935 * SCTP_IERROR_ABORT - trigger an ABORT 1936 * SCTP_IERROR_NOMEM - out of memory (abort) 1937 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 1938 * SCTP_IERROR_NO_ERROR - continue with the chunk 1939 */ 1940 static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 1941 union sctp_params param, 1942 sctp_cid_t cid, 1943 struct sctp_chunk *chunk, 1944 struct sctp_chunk **err_chunk) 1945 { 1946 int retval = SCTP_IERROR_NO_ERROR; 1947 1948 /* FIXME - This routine is not looking at each parameter per the 1949 * chunk type, i.e., unrecognized parameters should be further 1950 * identified based on the chunk id. 1951 */ 1952 1953 switch (param.p->type) { 1954 case SCTP_PARAM_IPV4_ADDRESS: 1955 case SCTP_PARAM_IPV6_ADDRESS: 1956 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1957 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1958 case SCTP_PARAM_STATE_COOKIE: 1959 case SCTP_PARAM_HEARTBEAT_INFO: 1960 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1961 case SCTP_PARAM_ECN_CAPABLE: 1962 case SCTP_PARAM_ADAPTATION_LAYER_IND: 1963 case SCTP_PARAM_SUPPORTED_EXT: 1964 break; 1965 1966 case SCTP_PARAM_HOST_NAME_ADDRESS: 1967 /* Tell the peer, we won't support this param. */ 1968 sctp_process_hn_param(asoc, param, chunk, err_chunk); 1969 retval = SCTP_IERROR_ABORT; 1970 break; 1971 1972 case SCTP_PARAM_FWD_TSN_SUPPORT: 1973 if (sctp_prsctp_enable) 1974 break; 1975 goto fallthrough; 1976 1977 case SCTP_PARAM_RANDOM: 1978 if (!sctp_auth_enable) 1979 goto fallthrough; 1980 1981 /* SCTP-AUTH: Secion 6.1 1982 * If the random number is not 32 byte long the association 1983 * MUST be aborted. The ABORT chunk SHOULD contain the error 1984 * cause 'Protocol Violation'. 1985 */ 1986 if (SCTP_AUTH_RANDOM_LENGTH != 1987 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 1988 sctp_process_inv_paramlength(asoc, param.p, 1989 chunk, err_chunk); 1990 retval = SCTP_IERROR_ABORT; 1991 } 1992 break; 1993 1994 case SCTP_PARAM_CHUNKS: 1995 if (!sctp_auth_enable) 1996 goto fallthrough; 1997 1998 /* SCTP-AUTH: Section 3.2 1999 * The CHUNKS parameter MUST be included once in the INIT or 2000 * INIT-ACK chunk if the sender wants to receive authenticated 2001 * chunks. Its maximum length is 260 bytes. 2002 */ 2003 if (260 < ntohs(param.p->length)) { 2004 sctp_process_inv_paramlength(asoc, param.p, 2005 chunk, err_chunk); 2006 retval = SCTP_IERROR_ABORT; 2007 } 2008 break; 2009 2010 case SCTP_PARAM_HMAC_ALGO: 2011 if (!sctp_auth_enable) 2012 break; 2013 /* Fall Through */ 2014 fallthrough: 2015 default: 2016 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2017 ntohs(param.p->type), cid); 2018 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2019 break; 2020 } 2021 return retval; 2022 } 2023 2024 /* Verify the INIT packet before we process it. */ 2025 int sctp_verify_init(const struct sctp_association *asoc, 2026 sctp_cid_t cid, 2027 sctp_init_chunk_t *peer_init, 2028 struct sctp_chunk *chunk, 2029 struct sctp_chunk **errp) 2030 { 2031 union sctp_params param; 2032 int has_cookie = 0; 2033 int result; 2034 2035 /* Verify stream values are non-zero. */ 2036 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2037 (0 == peer_init->init_hdr.num_inbound_streams) || 2038 (0 == peer_init->init_hdr.init_tag) || 2039 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2040 2041 return sctp_process_inv_mandatory(asoc, chunk, errp); 2042 } 2043 2044 /* Check for missing mandatory parameters. */ 2045 sctp_walk_params(param, peer_init, init_hdr.params) { 2046 2047 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2048 has_cookie = 1; 2049 2050 } /* for (loop through all parameters) */ 2051 2052 /* There is a possibility that a parameter length was bad and 2053 * in that case we would have stoped walking the parameters. 2054 * The current param.p would point at the bad one. 2055 * Current consensus on the mailing list is to generate a PROTOCOL 2056 * VIOLATION error. We build the ERROR chunk here and let the normal 2057 * error handling code build and send the packet. 2058 */ 2059 if (param.v != (void*)chunk->chunk_end) 2060 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2061 2062 /* The only missing mandatory param possible today is 2063 * the state cookie for an INIT-ACK chunk. 2064 */ 2065 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2066 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2067 chunk, errp); 2068 2069 /* Verify all the variable length parameters */ 2070 sctp_walk_params(param, peer_init, init_hdr.params) { 2071 2072 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2073 switch (result) { 2074 case SCTP_IERROR_ABORT: 2075 case SCTP_IERROR_NOMEM: 2076 return 0; 2077 case SCTP_IERROR_ERROR: 2078 return 1; 2079 case SCTP_IERROR_NO_ERROR: 2080 default: 2081 break; 2082 } 2083 2084 } /* for (loop through all parameters) */ 2085 2086 return 1; 2087 } 2088 2089 /* Unpack the parameters in an INIT packet into an association. 2090 * Returns 0 on failure, else success. 2091 * FIXME: This is an association method. 2092 */ 2093 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2094 const union sctp_addr *peer_addr, 2095 sctp_init_chunk_t *peer_init, gfp_t gfp) 2096 { 2097 union sctp_params param; 2098 struct sctp_transport *transport; 2099 struct list_head *pos, *temp; 2100 char *cookie; 2101 2102 /* We must include the address that the INIT packet came from. 2103 * This is the only address that matters for an INIT packet. 2104 * When processing a COOKIE ECHO, we retrieve the from address 2105 * of the INIT from the cookie. 2106 */ 2107 2108 /* This implementation defaults to making the first transport 2109 * added as the primary transport. The source address seems to 2110 * be a a better choice than any of the embedded addresses. 2111 */ 2112 if (peer_addr) { 2113 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2114 goto nomem; 2115 } 2116 2117 /* Process the initialization parameters. */ 2118 sctp_walk_params(param, peer_init, init_hdr.params) { 2119 2120 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2121 goto clean_up; 2122 } 2123 2124 /* AUTH: After processing the parameters, make sure that we 2125 * have all the required info to potentially do authentications. 2126 */ 2127 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2128 !asoc->peer.peer_hmacs)) 2129 asoc->peer.auth_capable = 0; 2130 2131 2132 /* If the peer claims support for ADD-IP without support 2133 * for AUTH, disable support for ADD-IP. 2134 * Do this only if backward compatible mode is turned off. 2135 */ 2136 if (!sctp_addip_noauth && 2137 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2138 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2139 SCTP_PARAM_DEL_IP | 2140 SCTP_PARAM_SET_PRIMARY); 2141 asoc->peer.asconf_capable = 0; 2142 } 2143 2144 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2145 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2146 transport = list_entry(pos, struct sctp_transport, transports); 2147 if (transport->state == SCTP_UNKNOWN) { 2148 sctp_assoc_rm_peer(asoc, transport); 2149 } 2150 } 2151 2152 /* The fixed INIT headers are always in network byte 2153 * order. 2154 */ 2155 asoc->peer.i.init_tag = 2156 ntohl(peer_init->init_hdr.init_tag); 2157 asoc->peer.i.a_rwnd = 2158 ntohl(peer_init->init_hdr.a_rwnd); 2159 asoc->peer.i.num_outbound_streams = 2160 ntohs(peer_init->init_hdr.num_outbound_streams); 2161 asoc->peer.i.num_inbound_streams = 2162 ntohs(peer_init->init_hdr.num_inbound_streams); 2163 asoc->peer.i.initial_tsn = 2164 ntohl(peer_init->init_hdr.initial_tsn); 2165 2166 /* Apply the upper bounds for output streams based on peer's 2167 * number of inbound streams. 2168 */ 2169 if (asoc->c.sinit_num_ostreams > 2170 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2171 asoc->c.sinit_num_ostreams = 2172 ntohs(peer_init->init_hdr.num_inbound_streams); 2173 } 2174 2175 if (asoc->c.sinit_max_instreams > 2176 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2177 asoc->c.sinit_max_instreams = 2178 ntohs(peer_init->init_hdr.num_outbound_streams); 2179 } 2180 2181 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2182 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2183 2184 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2185 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2186 2187 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2188 cookie = asoc->peer.cookie; 2189 if (cookie) { 2190 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2191 if (!asoc->peer.cookie) 2192 goto clean_up; 2193 } 2194 2195 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2196 * high (for example, implementations MAY use the size of the receiver 2197 * advertised window). 2198 */ 2199 list_for_each(pos, &asoc->peer.transport_addr_list) { 2200 transport = list_entry(pos, struct sctp_transport, transports); 2201 transport->ssthresh = asoc->peer.i.a_rwnd; 2202 } 2203 2204 /* Set up the TSN tracking pieces. */ 2205 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 2206 asoc->peer.i.initial_tsn); 2207 2208 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2209 * 2210 * The stream sequence number in all the streams shall start 2211 * from 0 when the association is established. Also, when the 2212 * stream sequence number reaches the value 65535 the next 2213 * stream sequence number shall be set to 0. 2214 */ 2215 2216 /* Allocate storage for the negotiated streams if it is not a temporary 2217 * association. 2218 */ 2219 if (!asoc->temp) { 2220 int error; 2221 2222 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2223 asoc->c.sinit_num_ostreams, gfp); 2224 if (!asoc->ssnmap) 2225 goto clean_up; 2226 2227 error = sctp_assoc_set_id(asoc, gfp); 2228 if (error) 2229 goto clean_up; 2230 } 2231 2232 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2233 * 2234 * When an endpoint has an ASCONF signaled change to be sent to the 2235 * remote endpoint it should do the following: 2236 * ... 2237 * A2) A serial number should be assigned to the Chunk. The serial 2238 * number should be a monotonically increasing number. All serial 2239 * numbers are defined to be initialized at the start of the 2240 * association to the same value as the Initial TSN. 2241 */ 2242 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2243 return 1; 2244 2245 clean_up: 2246 /* Release the transport structures. */ 2247 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2248 transport = list_entry(pos, struct sctp_transport, transports); 2249 list_del_init(pos); 2250 sctp_transport_free(transport); 2251 } 2252 2253 asoc->peer.transport_count = 0; 2254 2255 nomem: 2256 return 0; 2257 } 2258 2259 2260 /* Update asoc with the option described in param. 2261 * 2262 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2263 * 2264 * asoc is the association to update. 2265 * param is the variable length parameter to use for update. 2266 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2267 * If the current packet is an INIT we want to minimize the amount of 2268 * work we do. In particular, we should not build transport 2269 * structures for the addresses. 2270 */ 2271 static int sctp_process_param(struct sctp_association *asoc, 2272 union sctp_params param, 2273 const union sctp_addr *peer_addr, 2274 gfp_t gfp) 2275 { 2276 union sctp_addr addr; 2277 int i; 2278 __u16 sat; 2279 int retval = 1; 2280 sctp_scope_t scope; 2281 time_t stale; 2282 struct sctp_af *af; 2283 2284 /* We maintain all INIT parameters in network byte order all the 2285 * time. This allows us to not worry about whether the parameters 2286 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2287 */ 2288 switch (param.p->type) { 2289 case SCTP_PARAM_IPV6_ADDRESS: 2290 if (PF_INET6 != asoc->base.sk->sk_family) 2291 break; 2292 /* Fall through. */ 2293 case SCTP_PARAM_IPV4_ADDRESS: 2294 af = sctp_get_af_specific(param_type2af(param.p->type)); 2295 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2296 scope = sctp_scope(peer_addr); 2297 if (sctp_in_scope(&addr, scope)) 2298 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2299 return 0; 2300 break; 2301 2302 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2303 if (!sctp_cookie_preserve_enable) 2304 break; 2305 2306 stale = ntohl(param.life->lifespan_increment); 2307 2308 /* Suggested Cookie Life span increment's unit is msec, 2309 * (1/1000sec). 2310 */ 2311 asoc->cookie_life.tv_sec += stale / 1000; 2312 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2313 break; 2314 2315 case SCTP_PARAM_HOST_NAME_ADDRESS: 2316 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2317 break; 2318 2319 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2320 /* Turn off the default values first so we'll know which 2321 * ones are really set by the peer. 2322 */ 2323 asoc->peer.ipv4_address = 0; 2324 asoc->peer.ipv6_address = 0; 2325 2326 /* Cycle through address types; avoid divide by 0. */ 2327 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2328 if (sat) 2329 sat /= sizeof(__u16); 2330 2331 for (i = 0; i < sat; ++i) { 2332 switch (param.sat->types[i]) { 2333 case SCTP_PARAM_IPV4_ADDRESS: 2334 asoc->peer.ipv4_address = 1; 2335 break; 2336 2337 case SCTP_PARAM_IPV6_ADDRESS: 2338 asoc->peer.ipv6_address = 1; 2339 break; 2340 2341 case SCTP_PARAM_HOST_NAME_ADDRESS: 2342 asoc->peer.hostname_address = 1; 2343 break; 2344 2345 default: /* Just ignore anything else. */ 2346 break; 2347 } 2348 } 2349 break; 2350 2351 case SCTP_PARAM_STATE_COOKIE: 2352 asoc->peer.cookie_len = 2353 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2354 asoc->peer.cookie = param.cookie->body; 2355 break; 2356 2357 case SCTP_PARAM_HEARTBEAT_INFO: 2358 /* Would be odd to receive, but it causes no problems. */ 2359 break; 2360 2361 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2362 /* Rejected during verify stage. */ 2363 break; 2364 2365 case SCTP_PARAM_ECN_CAPABLE: 2366 asoc->peer.ecn_capable = 1; 2367 break; 2368 2369 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2370 asoc->peer.adaptation_ind = param.aind->adaptation_ind; 2371 break; 2372 2373 case SCTP_PARAM_SUPPORTED_EXT: 2374 sctp_process_ext_param(asoc, param); 2375 break; 2376 2377 case SCTP_PARAM_FWD_TSN_SUPPORT: 2378 if (sctp_prsctp_enable) { 2379 asoc->peer.prsctp_capable = 1; 2380 break; 2381 } 2382 /* Fall Through */ 2383 goto fall_through; 2384 2385 case SCTP_PARAM_RANDOM: 2386 if (!sctp_auth_enable) 2387 goto fall_through; 2388 2389 /* Save peer's random parameter */ 2390 asoc->peer.peer_random = kmemdup(param.p, 2391 ntohs(param.p->length), gfp); 2392 if (!asoc->peer.peer_random) { 2393 retval = 0; 2394 break; 2395 } 2396 break; 2397 2398 case SCTP_PARAM_HMAC_ALGO: 2399 if (!sctp_auth_enable) 2400 goto fall_through; 2401 2402 /* Save peer's HMAC list */ 2403 asoc->peer.peer_hmacs = kmemdup(param.p, 2404 ntohs(param.p->length), gfp); 2405 if (!asoc->peer.peer_hmacs) { 2406 retval = 0; 2407 break; 2408 } 2409 2410 /* Set the default HMAC the peer requested*/ 2411 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2412 break; 2413 2414 case SCTP_PARAM_CHUNKS: 2415 if (!sctp_auth_enable) 2416 goto fall_through; 2417 2418 asoc->peer.peer_chunks = kmemdup(param.p, 2419 ntohs(param.p->length), gfp); 2420 if (!asoc->peer.peer_chunks) 2421 retval = 0; 2422 break; 2423 fall_through: 2424 default: 2425 /* Any unrecognized parameters should have been caught 2426 * and handled by sctp_verify_param() which should be 2427 * called prior to this routine. Simply log the error 2428 * here. 2429 */ 2430 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2431 ntohs(param.p->type), asoc); 2432 break; 2433 } 2434 2435 return retval; 2436 } 2437 2438 /* Select a new verification tag. */ 2439 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2440 { 2441 /* I believe that this random number generator complies with RFC1750. 2442 * A tag of 0 is reserved for special cases (e.g. INIT). 2443 */ 2444 __u32 x; 2445 2446 do { 2447 get_random_bytes(&x, sizeof(__u32)); 2448 } while (x == 0); 2449 2450 return x; 2451 } 2452 2453 /* Select an initial TSN to send during startup. */ 2454 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2455 { 2456 __u32 retval; 2457 2458 get_random_bytes(&retval, sizeof(__u32)); 2459 return retval; 2460 } 2461 2462 /* 2463 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2464 * 0 1 2 3 2465 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2466 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2467 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2468 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2469 * | Serial Number | 2470 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2471 * | Address Parameter | 2472 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2473 * | ASCONF Parameter #1 | 2474 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2475 * \ \ 2476 * / .... / 2477 * \ \ 2478 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2479 * | ASCONF Parameter #N | 2480 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2481 * 2482 * Address Parameter and other parameter will not be wrapped in this function 2483 */ 2484 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2485 union sctp_addr *addr, 2486 int vparam_len) 2487 { 2488 sctp_addiphdr_t asconf; 2489 struct sctp_chunk *retval; 2490 int length = sizeof(asconf) + vparam_len; 2491 union sctp_addr_param addrparam; 2492 int addrlen; 2493 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2494 2495 addrlen = af->to_addr_param(addr, &addrparam); 2496 if (!addrlen) 2497 return NULL; 2498 length += addrlen; 2499 2500 /* Create the chunk. */ 2501 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2502 if (!retval) 2503 return NULL; 2504 2505 asconf.serial = htonl(asoc->addip_serial++); 2506 2507 retval->subh.addip_hdr = 2508 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2509 retval->param_hdr.v = 2510 sctp_addto_chunk(retval, addrlen, &addrparam); 2511 2512 return retval; 2513 } 2514 2515 /* ADDIP 2516 * 3.2.1 Add IP Address 2517 * 0 1 2 3 2518 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2519 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2520 * | Type = 0xC001 | Length = Variable | 2521 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2522 * | ASCONF-Request Correlation ID | 2523 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2524 * | Address Parameter | 2525 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2526 * 2527 * 3.2.2 Delete IP Address 2528 * 0 1 2 3 2529 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2530 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2531 * | Type = 0xC002 | Length = Variable | 2532 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2533 * | ASCONF-Request Correlation ID | 2534 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2535 * | Address Parameter | 2536 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2537 * 2538 */ 2539 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2540 union sctp_addr *laddr, 2541 struct sockaddr *addrs, 2542 int addrcnt, 2543 __be16 flags) 2544 { 2545 sctp_addip_param_t param; 2546 struct sctp_chunk *retval; 2547 union sctp_addr_param addr_param; 2548 union sctp_addr *addr; 2549 void *addr_buf; 2550 struct sctp_af *af; 2551 int paramlen = sizeof(param); 2552 int addr_param_len = 0; 2553 int totallen = 0; 2554 int i; 2555 2556 /* Get total length of all the address parameters. */ 2557 addr_buf = addrs; 2558 for (i = 0; i < addrcnt; i++) { 2559 addr = (union sctp_addr *)addr_buf; 2560 af = sctp_get_af_specific(addr->v4.sin_family); 2561 addr_param_len = af->to_addr_param(addr, &addr_param); 2562 2563 totallen += paramlen; 2564 totallen += addr_param_len; 2565 2566 addr_buf += af->sockaddr_len; 2567 } 2568 2569 /* Create an asconf chunk with the required length. */ 2570 retval = sctp_make_asconf(asoc, laddr, totallen); 2571 if (!retval) 2572 return NULL; 2573 2574 /* Add the address parameters to the asconf chunk. */ 2575 addr_buf = addrs; 2576 for (i = 0; i < addrcnt; i++) { 2577 addr = (union sctp_addr *)addr_buf; 2578 af = sctp_get_af_specific(addr->v4.sin_family); 2579 addr_param_len = af->to_addr_param(addr, &addr_param); 2580 param.param_hdr.type = flags; 2581 param.param_hdr.length = htons(paramlen + addr_param_len); 2582 param.crr_id = i; 2583 2584 sctp_addto_chunk(retval, paramlen, ¶m); 2585 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2586 2587 addr_buf += af->sockaddr_len; 2588 } 2589 return retval; 2590 } 2591 2592 /* ADDIP 2593 * 3.2.4 Set Primary IP Address 2594 * 0 1 2 3 2595 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2597 * | Type =0xC004 | Length = Variable | 2598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2599 * | ASCONF-Request Correlation ID | 2600 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2601 * | Address Parameter | 2602 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2603 * 2604 * Create an ASCONF chunk with Set Primary IP address parameter. 2605 */ 2606 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2607 union sctp_addr *addr) 2608 { 2609 sctp_addip_param_t param; 2610 struct sctp_chunk *retval; 2611 int len = sizeof(param); 2612 union sctp_addr_param addrparam; 2613 int addrlen; 2614 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2615 2616 addrlen = af->to_addr_param(addr, &addrparam); 2617 if (!addrlen) 2618 return NULL; 2619 len += addrlen; 2620 2621 /* Create the chunk and make asconf header. */ 2622 retval = sctp_make_asconf(asoc, addr, len); 2623 if (!retval) 2624 return NULL; 2625 2626 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2627 param.param_hdr.length = htons(len); 2628 param.crr_id = 0; 2629 2630 sctp_addto_chunk(retval, sizeof(param), ¶m); 2631 sctp_addto_chunk(retval, addrlen, &addrparam); 2632 2633 return retval; 2634 } 2635 2636 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2637 * 0 1 2 3 2638 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2639 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2640 * | Type = 0x80 | Chunk Flags | Chunk Length | 2641 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2642 * | Serial Number | 2643 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2644 * | ASCONF Parameter Response#1 | 2645 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2646 * \ \ 2647 * / .... / 2648 * \ \ 2649 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2650 * | ASCONF Parameter Response#N | 2651 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2652 * 2653 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2654 */ 2655 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2656 __u32 serial, int vparam_len) 2657 { 2658 sctp_addiphdr_t asconf; 2659 struct sctp_chunk *retval; 2660 int length = sizeof(asconf) + vparam_len; 2661 2662 /* Create the chunk. */ 2663 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2664 if (!retval) 2665 return NULL; 2666 2667 asconf.serial = htonl(serial); 2668 2669 retval->subh.addip_hdr = 2670 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2671 2672 return retval; 2673 } 2674 2675 /* Add response parameters to an ASCONF_ACK chunk. */ 2676 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2677 __be16 err_code, sctp_addip_param_t *asconf_param) 2678 { 2679 sctp_addip_param_t ack_param; 2680 sctp_errhdr_t err_param; 2681 int asconf_param_len = 0; 2682 int err_param_len = 0; 2683 __be16 response_type; 2684 2685 if (SCTP_ERROR_NO_ERROR == err_code) { 2686 response_type = SCTP_PARAM_SUCCESS_REPORT; 2687 } else { 2688 response_type = SCTP_PARAM_ERR_CAUSE; 2689 err_param_len = sizeof(err_param); 2690 if (asconf_param) 2691 asconf_param_len = 2692 ntohs(asconf_param->param_hdr.length); 2693 } 2694 2695 /* Add Success Indication or Error Cause Indication parameter. */ 2696 ack_param.param_hdr.type = response_type; 2697 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2698 err_param_len + 2699 asconf_param_len); 2700 ack_param.crr_id = crr_id; 2701 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2702 2703 if (SCTP_ERROR_NO_ERROR == err_code) 2704 return; 2705 2706 /* Add Error Cause parameter. */ 2707 err_param.cause = err_code; 2708 err_param.length = htons(err_param_len + asconf_param_len); 2709 sctp_addto_chunk(chunk, err_param_len, &err_param); 2710 2711 /* Add the failed TLV copied from ASCONF chunk. */ 2712 if (asconf_param) 2713 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2714 } 2715 2716 /* Process a asconf parameter. */ 2717 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2718 struct sctp_chunk *asconf, 2719 sctp_addip_param_t *asconf_param) 2720 { 2721 struct sctp_transport *peer; 2722 struct sctp_af *af; 2723 union sctp_addr addr; 2724 struct list_head *pos; 2725 union sctp_addr_param *addr_param; 2726 2727 addr_param = (union sctp_addr_param *) 2728 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2729 2730 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2731 if (unlikely(!af)) 2732 return SCTP_ERROR_INV_PARAM; 2733 2734 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2735 switch (asconf_param->param_hdr.type) { 2736 case SCTP_PARAM_ADD_IP: 2737 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2738 * request and does not have the local resources to add this 2739 * new address to the association, it MUST return an Error 2740 * Cause TLV set to the new error code 'Operation Refused 2741 * Due to Resource Shortage'. 2742 */ 2743 2744 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2745 if (!peer) 2746 return SCTP_ERROR_RSRC_LOW; 2747 2748 /* Start the heartbeat timer. */ 2749 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2750 sctp_transport_hold(peer); 2751 break; 2752 case SCTP_PARAM_DEL_IP: 2753 /* ADDIP 4.3 D7) If a request is received to delete the 2754 * last remaining IP address of a peer endpoint, the receiver 2755 * MUST send an Error Cause TLV with the error cause set to the 2756 * new error code 'Request to Delete Last Remaining IP Address'. 2757 */ 2758 pos = asoc->peer.transport_addr_list.next; 2759 if (pos->next == &asoc->peer.transport_addr_list) 2760 return SCTP_ERROR_DEL_LAST_IP; 2761 2762 /* ADDIP 4.3 D8) If a request is received to delete an IP 2763 * address which is also the source address of the IP packet 2764 * which contained the ASCONF chunk, the receiver MUST reject 2765 * this request. To reject the request the receiver MUST send 2766 * an Error Cause TLV set to the new error code 'Request to 2767 * Delete Source IP Address' 2768 */ 2769 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2770 return SCTP_ERROR_DEL_SRC_IP; 2771 2772 sctp_assoc_del_peer(asoc, &addr); 2773 break; 2774 case SCTP_PARAM_SET_PRIMARY: 2775 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2776 if (!peer) 2777 return SCTP_ERROR_INV_PARAM; 2778 2779 sctp_assoc_set_primary(asoc, peer); 2780 break; 2781 default: 2782 return SCTP_ERROR_INV_PARAM; 2783 break; 2784 } 2785 2786 return SCTP_ERROR_NO_ERROR; 2787 } 2788 2789 /* Verify the ASCONF packet before we process it. */ 2790 int sctp_verify_asconf(const struct sctp_association *asoc, 2791 struct sctp_paramhdr *param_hdr, void *chunk_end, 2792 struct sctp_paramhdr **errp) { 2793 sctp_addip_param_t *asconf_param; 2794 union sctp_params param; 2795 int length, plen; 2796 2797 param.v = (sctp_paramhdr_t *) param_hdr; 2798 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 2799 length = ntohs(param.p->length); 2800 *errp = param.p; 2801 2802 if (param.v > chunk_end - length || 2803 length < sizeof(sctp_paramhdr_t)) 2804 return 0; 2805 2806 switch (param.p->type) { 2807 case SCTP_PARAM_ADD_IP: 2808 case SCTP_PARAM_DEL_IP: 2809 case SCTP_PARAM_SET_PRIMARY: 2810 asconf_param = (sctp_addip_param_t *)param.v; 2811 plen = ntohs(asconf_param->param_hdr.length); 2812 if (plen < sizeof(sctp_addip_param_t) + 2813 sizeof(sctp_paramhdr_t)) 2814 return 0; 2815 break; 2816 case SCTP_PARAM_SUCCESS_REPORT: 2817 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2818 if (length != sizeof(sctp_addip_param_t)) 2819 return 0; 2820 2821 break; 2822 default: 2823 break; 2824 } 2825 2826 param.v += WORD_ROUND(length); 2827 } 2828 2829 if (param.v != chunk_end) 2830 return 0; 2831 2832 return 1; 2833 } 2834 2835 /* Process an incoming ASCONF chunk with the next expected serial no. and 2836 * return an ASCONF_ACK chunk to be sent in response. 2837 */ 2838 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2839 struct sctp_chunk *asconf) 2840 { 2841 sctp_addiphdr_t *hdr; 2842 union sctp_addr_param *addr_param; 2843 sctp_addip_param_t *asconf_param; 2844 struct sctp_chunk *asconf_ack; 2845 2846 __be16 err_code; 2847 int length = 0; 2848 int chunk_len; 2849 __u32 serial; 2850 int all_param_pass = 1; 2851 2852 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 2853 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2854 serial = ntohl(hdr->serial); 2855 2856 /* Skip the addiphdr and store a pointer to address parameter. */ 2857 length = sizeof(sctp_addiphdr_t); 2858 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2859 chunk_len -= length; 2860 2861 /* Skip the address parameter and store a pointer to the first 2862 * asconf parameter. 2863 */ 2864 length = ntohs(addr_param->v4.param_hdr.length); 2865 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2866 chunk_len -= length; 2867 2868 /* create an ASCONF_ACK chunk. 2869 * Based on the definitions of parameters, we know that the size of 2870 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2871 * parameters. 2872 */ 2873 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2874 if (!asconf_ack) 2875 goto done; 2876 2877 /* Process the TLVs contained within the ASCONF chunk. */ 2878 while (chunk_len > 0) { 2879 err_code = sctp_process_asconf_param(asoc, asconf, 2880 asconf_param); 2881 /* ADDIP 4.1 A7) 2882 * If an error response is received for a TLV parameter, 2883 * all TLVs with no response before the failed TLV are 2884 * considered successful if not reported. All TLVs after 2885 * the failed response are considered unsuccessful unless 2886 * a specific success indication is present for the parameter. 2887 */ 2888 if (SCTP_ERROR_NO_ERROR != err_code) 2889 all_param_pass = 0; 2890 2891 if (!all_param_pass) 2892 sctp_add_asconf_response(asconf_ack, 2893 asconf_param->crr_id, err_code, 2894 asconf_param); 2895 2896 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2897 * an IP address sends an 'Out of Resource' in its response, it 2898 * MUST also fail any subsequent add or delete requests bundled 2899 * in the ASCONF. 2900 */ 2901 if (SCTP_ERROR_RSRC_LOW == err_code) 2902 goto done; 2903 2904 /* Move to the next ASCONF param. */ 2905 length = ntohs(asconf_param->param_hdr.length); 2906 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2907 length); 2908 chunk_len -= length; 2909 } 2910 2911 done: 2912 asoc->peer.addip_serial++; 2913 2914 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2915 * after freeing the reference to old asconf ack if any. 2916 */ 2917 if (asconf_ack) { 2918 if (asoc->addip_last_asconf_ack) 2919 sctp_chunk_free(asoc->addip_last_asconf_ack); 2920 2921 sctp_chunk_hold(asconf_ack); 2922 asoc->addip_last_asconf_ack = asconf_ack; 2923 } 2924 2925 return asconf_ack; 2926 } 2927 2928 /* Process a asconf parameter that is successfully acked. */ 2929 static int sctp_asconf_param_success(struct sctp_association *asoc, 2930 sctp_addip_param_t *asconf_param) 2931 { 2932 struct sctp_af *af; 2933 union sctp_addr addr; 2934 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2935 union sctp_addr_param *addr_param; 2936 struct list_head *pos; 2937 struct sctp_transport *transport; 2938 struct sctp_sockaddr_entry *saddr; 2939 int retval = 0; 2940 2941 addr_param = (union sctp_addr_param *) 2942 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2943 2944 /* We have checked the packet before, so we do not check again. */ 2945 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2946 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 2947 2948 switch (asconf_param->param_hdr.type) { 2949 case SCTP_PARAM_ADD_IP: 2950 /* This is always done in BH context with a socket lock 2951 * held, so the list can not change. 2952 */ 2953 local_bh_disable(); 2954 list_for_each_entry(saddr, &bp->address_list, list) { 2955 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 2956 saddr->use_as_src = 1; 2957 } 2958 local_bh_enable(); 2959 break; 2960 case SCTP_PARAM_DEL_IP: 2961 local_bh_disable(); 2962 retval = sctp_del_bind_addr(bp, &addr); 2963 local_bh_enable(); 2964 list_for_each(pos, &asoc->peer.transport_addr_list) { 2965 transport = list_entry(pos, struct sctp_transport, 2966 transports); 2967 dst_release(transport->dst); 2968 sctp_transport_route(transport, NULL, 2969 sctp_sk(asoc->base.sk)); 2970 } 2971 break; 2972 default: 2973 break; 2974 } 2975 2976 return retval; 2977 } 2978 2979 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2980 * for the given asconf parameter. If there is no response for this parameter, 2981 * return the error code based on the third argument 'no_err'. 2982 * ADDIP 4.1 2983 * A7) If an error response is received for a TLV parameter, all TLVs with no 2984 * response before the failed TLV are considered successful if not reported. 2985 * All TLVs after the failed response are considered unsuccessful unless a 2986 * specific success indication is present for the parameter. 2987 */ 2988 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2989 sctp_addip_param_t *asconf_param, 2990 int no_err) 2991 { 2992 sctp_addip_param_t *asconf_ack_param; 2993 sctp_errhdr_t *err_param; 2994 int length; 2995 int asconf_ack_len; 2996 __be16 err_code; 2997 2998 if (no_err) 2999 err_code = SCTP_ERROR_NO_ERROR; 3000 else 3001 err_code = SCTP_ERROR_REQ_REFUSED; 3002 3003 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3004 sizeof(sctp_chunkhdr_t); 3005 3006 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3007 * the first asconf_ack parameter. 3008 */ 3009 length = sizeof(sctp_addiphdr_t); 3010 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3011 length); 3012 asconf_ack_len -= length; 3013 3014 while (asconf_ack_len > 0) { 3015 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3016 switch(asconf_ack_param->param_hdr.type) { 3017 case SCTP_PARAM_SUCCESS_REPORT: 3018 return SCTP_ERROR_NO_ERROR; 3019 case SCTP_PARAM_ERR_CAUSE: 3020 length = sizeof(sctp_addip_param_t); 3021 err_param = (sctp_errhdr_t *) 3022 ((void *)asconf_ack_param + length); 3023 asconf_ack_len -= length; 3024 if (asconf_ack_len > 0) 3025 return err_param->cause; 3026 else 3027 return SCTP_ERROR_INV_PARAM; 3028 break; 3029 default: 3030 return SCTP_ERROR_INV_PARAM; 3031 } 3032 } 3033 3034 length = ntohs(asconf_ack_param->param_hdr.length); 3035 asconf_ack_param = (sctp_addip_param_t *) 3036 ((void *)asconf_ack_param + length); 3037 asconf_ack_len -= length; 3038 } 3039 3040 return err_code; 3041 } 3042 3043 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3044 int sctp_process_asconf_ack(struct sctp_association *asoc, 3045 struct sctp_chunk *asconf_ack) 3046 { 3047 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3048 union sctp_addr_param *addr_param; 3049 sctp_addip_param_t *asconf_param; 3050 int length = 0; 3051 int asconf_len = asconf->skb->len; 3052 int all_param_pass = 0; 3053 int no_err = 1; 3054 int retval = 0; 3055 __be16 err_code = SCTP_ERROR_NO_ERROR; 3056 3057 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3058 * a pointer to address parameter. 3059 */ 3060 length = sizeof(sctp_addip_chunk_t); 3061 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3062 asconf_len -= length; 3063 3064 /* Skip the address parameter in the last asconf sent and store a 3065 * pointer to the first asconf parameter. 3066 */ 3067 length = ntohs(addr_param->v4.param_hdr.length); 3068 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3069 asconf_len -= length; 3070 3071 /* ADDIP 4.1 3072 * A8) If there is no response(s) to specific TLV parameter(s), and no 3073 * failures are indicated, then all request(s) are considered 3074 * successful. 3075 */ 3076 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3077 all_param_pass = 1; 3078 3079 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3080 while (asconf_len > 0) { 3081 if (all_param_pass) 3082 err_code = SCTP_ERROR_NO_ERROR; 3083 else { 3084 err_code = sctp_get_asconf_response(asconf_ack, 3085 asconf_param, 3086 no_err); 3087 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3088 no_err = 0; 3089 } 3090 3091 switch (err_code) { 3092 case SCTP_ERROR_NO_ERROR: 3093 retval = sctp_asconf_param_success(asoc, asconf_param); 3094 break; 3095 3096 case SCTP_ERROR_RSRC_LOW: 3097 retval = 1; 3098 break; 3099 3100 case SCTP_ERROR_INV_PARAM: 3101 /* Disable sending this type of asconf parameter in 3102 * future. 3103 */ 3104 asoc->peer.addip_disabled_mask |= 3105 asconf_param->param_hdr.type; 3106 break; 3107 3108 case SCTP_ERROR_REQ_REFUSED: 3109 case SCTP_ERROR_DEL_LAST_IP: 3110 case SCTP_ERROR_DEL_SRC_IP: 3111 default: 3112 break; 3113 } 3114 3115 /* Skip the processed asconf parameter and move to the next 3116 * one. 3117 */ 3118 length = ntohs(asconf_param->param_hdr.length); 3119 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3120 length); 3121 asconf_len -= length; 3122 } 3123 3124 /* Free the cached last sent asconf chunk. */ 3125 sctp_chunk_free(asconf); 3126 asoc->addip_last_asconf = NULL; 3127 3128 /* Send the next asconf chunk from the addip chunk queue. */ 3129 if (!list_empty(&asoc->addip_chunk_list)) { 3130 struct list_head *entry = asoc->addip_chunk_list.next; 3131 asconf = list_entry(entry, struct sctp_chunk, list); 3132 3133 list_del_init(entry); 3134 3135 /* Hold the chunk until an ASCONF_ACK is received. */ 3136 sctp_chunk_hold(asconf); 3137 if (sctp_primitive_ASCONF(asoc, asconf)) 3138 sctp_chunk_free(asconf); 3139 else 3140 asoc->addip_last_asconf = asconf; 3141 } 3142 3143 return retval; 3144 } 3145 3146 /* Make a FWD TSN chunk. */ 3147 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3148 __u32 new_cum_tsn, size_t nstreams, 3149 struct sctp_fwdtsn_skip *skiplist) 3150 { 3151 struct sctp_chunk *retval = NULL; 3152 struct sctp_fwdtsn_chunk *ftsn_chunk; 3153 struct sctp_fwdtsn_hdr ftsn_hdr; 3154 struct sctp_fwdtsn_skip skip; 3155 size_t hint; 3156 int i; 3157 3158 hint = (nstreams + 1) * sizeof(__u32); 3159 3160 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3161 3162 if (!retval) 3163 return NULL; 3164 3165 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 3166 3167 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3168 retval->subh.fwdtsn_hdr = 3169 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3170 3171 for (i = 0; i < nstreams; i++) { 3172 skip.stream = skiplist[i].stream; 3173 skip.ssn = skiplist[i].ssn; 3174 sctp_addto_chunk(retval, sizeof(skip), &skip); 3175 } 3176 3177 return retval; 3178 } 3179