1 /* SCTP kernel reference Implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel reference Implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * The SCTP reference implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * The SCTP reference implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <linux/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 SCTP_STATIC 69 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen); 71 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 72 const struct sctp_association *asoc, 73 const struct sctp_chunk *init_chunk, 74 int *cookie_len, 75 const __u8 *raw_addrs, int addrs_len); 76 static int sctp_process_param(struct sctp_association *asoc, 77 union sctp_params param, 78 const union sctp_addr *peer_addr, 79 gfp_t gfp); 80 81 /* What was the inbound interface for this chunk? */ 82 int sctp_chunk_iif(const struct sctp_chunk *chunk) 83 { 84 struct sctp_af *af; 85 int iif = 0; 86 87 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 88 if (af) 89 iif = af->skb_iif(chunk->skb); 90 91 return iif; 92 } 93 94 /* RFC 2960 3.3.2 Initiation (INIT) (1) 95 * 96 * Note 2: The ECN capable field is reserved for future use of 97 * Explicit Congestion Notification. 98 */ 99 static const struct sctp_paramhdr ecap_param = { 100 SCTP_PARAM_ECN_CAPABLE, 101 __constant_htons(sizeof(struct sctp_paramhdr)), 102 }; 103 static const struct sctp_paramhdr prsctp_param = { 104 SCTP_PARAM_FWD_TSN_SUPPORT, 105 __constant_htons(sizeof(struct sctp_paramhdr)), 106 }; 107 108 /* A helper to initialize to initialize an op error inside a 109 * provided chunk, as most cause codes will be embedded inside an 110 * abort chunk. 111 */ 112 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 113 size_t paylen) 114 { 115 sctp_errhdr_t err; 116 __u16 len; 117 118 /* Cause code constants are now defined in network order. */ 119 err.cause = cause_code; 120 len = sizeof(sctp_errhdr_t) + paylen; 121 err.length = htons(len); 122 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 123 } 124 125 /* 3.3.2 Initiation (INIT) (1) 126 * 127 * This chunk is used to initiate a SCTP association between two 128 * endpoints. The format of the INIT chunk is shown below: 129 * 130 * 0 1 2 3 131 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 132 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 133 * | Type = 1 | Chunk Flags | Chunk Length | 134 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 * | Initiate Tag | 136 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 137 * | Advertised Receiver Window Credit (a_rwnd) | 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Number of Outbound Streams | Number of Inbound Streams | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Initial TSN | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * \ \ 144 * / Optional/Variable-Length Parameters / 145 * \ \ 146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 147 * 148 * 149 * The INIT chunk contains the following parameters. Unless otherwise 150 * noted, each parameter MUST only be included once in the INIT chunk. 151 * 152 * Fixed Parameters Status 153 * ---------------------------------------------- 154 * Initiate Tag Mandatory 155 * Advertised Receiver Window Credit Mandatory 156 * Number of Outbound Streams Mandatory 157 * Number of Inbound Streams Mandatory 158 * Initial TSN Mandatory 159 * 160 * Variable Parameters Status Type Value 161 * ------------------------------------------------------------- 162 * IPv4 Address (Note 1) Optional 5 163 * IPv6 Address (Note 1) Optional 6 164 * Cookie Preservative Optional 9 165 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 166 * Host Name Address (Note 3) Optional 11 167 * Supported Address Types (Note 4) Optional 12 168 */ 169 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 170 const struct sctp_bind_addr *bp, 171 gfp_t gfp, int vparam_len) 172 { 173 sctp_inithdr_t init; 174 union sctp_params addrs; 175 size_t chunksize; 176 struct sctp_chunk *retval = NULL; 177 int num_types, addrs_len = 0; 178 struct sctp_sock *sp; 179 sctp_supported_addrs_param_t sat; 180 __be16 types[2]; 181 sctp_adaptation_ind_param_t aiparam; 182 sctp_supported_ext_param_t ext_param; 183 int num_ext = 0; 184 __u8 extensions[3]; 185 sctp_paramhdr_t *auth_chunks = NULL, 186 *auth_hmacs = NULL; 187 188 /* RFC 2960 3.3.2 Initiation (INIT) (1) 189 * 190 * Note 1: The INIT chunks can contain multiple addresses that 191 * can be IPv4 and/or IPv6 in any combination. 192 */ 193 retval = NULL; 194 195 /* Convert the provided bind address list to raw format. */ 196 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 197 198 init.init_tag = htonl(asoc->c.my_vtag); 199 init.a_rwnd = htonl(asoc->rwnd); 200 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 201 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 202 init.initial_tsn = htonl(asoc->c.initial_tsn); 203 204 /* How many address types are needed? */ 205 sp = sctp_sk(asoc->base.sk); 206 num_types = sp->pf->supported_addrs(sp, types); 207 208 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 209 chunksize += sizeof(ecap_param); 210 if (sctp_prsctp_enable) { 211 chunksize += sizeof(prsctp_param); 212 extensions[num_ext] = SCTP_CID_FWD_TSN; 213 num_ext += 1; 214 } 215 /* ADDIP: Section 4.2.7: 216 * An implementation supporting this extension [ADDIP] MUST list 217 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 218 * INIT-ACK parameters. 219 */ 220 if (sctp_addip_enable) { 221 extensions[num_ext] = SCTP_CID_ASCONF; 222 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 223 num_ext += 2; 224 } 225 226 chunksize += sizeof(aiparam); 227 chunksize += vparam_len; 228 229 /* Account for AUTH related parameters */ 230 if (sctp_auth_enable) { 231 /* Add random parameter length*/ 232 chunksize += sizeof(asoc->c.auth_random); 233 234 /* Add HMACS parameter length if any were defined */ 235 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 236 if (auth_hmacs->length) 237 chunksize += ntohs(auth_hmacs->length); 238 else 239 auth_hmacs = NULL; 240 241 /* Add CHUNKS parameter length */ 242 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 243 if (auth_chunks->length) 244 chunksize += ntohs(auth_chunks->length); 245 else 246 auth_chunks = NULL; 247 248 extensions[num_ext] = SCTP_CID_AUTH; 249 num_ext += 1; 250 } 251 252 /* If we have any extensions to report, account for that */ 253 if (num_ext) 254 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 255 256 /* RFC 2960 3.3.2 Initiation (INIT) (1) 257 * 258 * Note 3: An INIT chunk MUST NOT contain more than one Host 259 * Name address parameter. Moreover, the sender of the INIT 260 * MUST NOT combine any other address types with the Host Name 261 * address in the INIT. The receiver of INIT MUST ignore any 262 * other address types if the Host Name address parameter is 263 * present in the received INIT chunk. 264 * 265 * PLEASE DO NOT FIXME [This version does not support Host Name.] 266 */ 267 268 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 269 if (!retval) 270 goto nodata; 271 272 retval->subh.init_hdr = 273 sctp_addto_chunk(retval, sizeof(init), &init); 274 retval->param_hdr.v = 275 sctp_addto_chunk(retval, addrs_len, addrs.v); 276 277 /* RFC 2960 3.3.2 Initiation (INIT) (1) 278 * 279 * Note 4: This parameter, when present, specifies all the 280 * address types the sending endpoint can support. The absence 281 * of this parameter indicates that the sending endpoint can 282 * support any address type. 283 */ 284 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 285 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 286 sctp_addto_chunk(retval, sizeof(sat), &sat); 287 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 288 289 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 290 291 /* Add the supported extensions paramter. Be nice and add this 292 * fist before addiding the parameters for the extensions themselves 293 */ 294 if (num_ext) { 295 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 296 ext_param.param_hdr.length = 297 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 298 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 299 &ext_param); 300 sctp_addto_chunk(retval, num_ext, extensions); 301 } 302 303 if (sctp_prsctp_enable) 304 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 305 306 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 307 aiparam.param_hdr.length = htons(sizeof(aiparam)); 308 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 309 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 310 311 /* Add SCTP-AUTH chunks to the parameter list */ 312 if (sctp_auth_enable) { 313 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 314 asoc->c.auth_random); 315 if (auth_hmacs) 316 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 317 auth_hmacs); 318 if (auth_chunks) 319 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 320 auth_chunks); 321 } 322 nodata: 323 kfree(addrs.v); 324 return retval; 325 } 326 327 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 328 const struct sctp_chunk *chunk, 329 gfp_t gfp, int unkparam_len) 330 { 331 sctp_inithdr_t initack; 332 struct sctp_chunk *retval; 333 union sctp_params addrs; 334 int addrs_len; 335 sctp_cookie_param_t *cookie; 336 int cookie_len; 337 size_t chunksize; 338 sctp_adaptation_ind_param_t aiparam; 339 sctp_supported_ext_param_t ext_param; 340 int num_ext = 0; 341 __u8 extensions[3]; 342 sctp_paramhdr_t *auth_chunks = NULL, 343 *auth_hmacs = NULL, 344 *auth_random = NULL; 345 346 retval = NULL; 347 348 /* Note: there may be no addresses to embed. */ 349 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 350 351 initack.init_tag = htonl(asoc->c.my_vtag); 352 initack.a_rwnd = htonl(asoc->rwnd); 353 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 354 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 355 initack.initial_tsn = htonl(asoc->c.initial_tsn); 356 357 /* FIXME: We really ought to build the cookie right 358 * into the packet instead of allocating more fresh memory. 359 */ 360 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 361 addrs.v, addrs_len); 362 if (!cookie) 363 goto nomem_cookie; 364 365 /* Calculate the total size of allocation, include the reserved 366 * space for reporting unknown parameters if it is specified. 367 */ 368 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 369 370 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 371 if (asoc->peer.ecn_capable) 372 chunksize += sizeof(ecap_param); 373 374 /* Tell peer that we'll do PR-SCTP only if peer advertised. */ 375 if (asoc->peer.prsctp_capable) { 376 chunksize += sizeof(prsctp_param); 377 extensions[num_ext] = SCTP_CID_FWD_TSN; 378 num_ext += 1; 379 } 380 381 if (sctp_addip_enable) { 382 extensions[num_ext] = SCTP_CID_ASCONF; 383 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 384 num_ext += 2; 385 } 386 387 chunksize += sizeof(ext_param) + num_ext; 388 chunksize += sizeof(aiparam); 389 390 if (asoc->peer.auth_capable) { 391 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 392 chunksize += ntohs(auth_random->length); 393 394 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 395 if (auth_hmacs->length) 396 chunksize += ntohs(auth_hmacs->length); 397 else 398 auth_hmacs = NULL; 399 400 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 401 if (auth_chunks->length) 402 chunksize += ntohs(auth_chunks->length); 403 else 404 auth_chunks = NULL; 405 406 extensions[num_ext] = SCTP_CID_AUTH; 407 num_ext += 1; 408 } 409 410 /* Now allocate and fill out the chunk. */ 411 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 412 if (!retval) 413 goto nomem_chunk; 414 415 /* Per the advice in RFC 2960 6.4, send this reply to 416 * the source of the INIT packet. 417 */ 418 retval->transport = chunk->transport; 419 retval->subh.init_hdr = 420 sctp_addto_chunk(retval, sizeof(initack), &initack); 421 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 422 sctp_addto_chunk(retval, cookie_len, cookie); 423 if (asoc->peer.ecn_capable) 424 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 425 if (num_ext) { 426 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 427 ext_param.param_hdr.length = 428 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 429 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 430 &ext_param); 431 sctp_addto_chunk(retval, num_ext, extensions); 432 } 433 if (asoc->peer.prsctp_capable) 434 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 435 436 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 437 aiparam.param_hdr.length = htons(sizeof(aiparam)); 438 aiparam.adaptation_ind = htonl(sctp_sk(asoc->base.sk)->adaptation_ind); 439 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 440 441 if (asoc->peer.auth_capable) { 442 sctp_addto_chunk(retval, ntohs(auth_random->length), 443 auth_random); 444 if (auth_hmacs) 445 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 446 auth_hmacs); 447 if (auth_chunks) 448 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 449 auth_chunks); 450 } 451 452 /* We need to remove the const qualifier at this point. */ 453 retval->asoc = (struct sctp_association *) asoc; 454 455 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 456 * 457 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 458 * HEARTBEAT ACK, * etc.) to the same destination transport 459 * address from which it received the DATA or control chunk 460 * to which it is replying. 461 * 462 * [INIT ACK back to where the INIT came from.] 463 */ 464 if (chunk) 465 retval->transport = chunk->transport; 466 467 nomem_chunk: 468 kfree(cookie); 469 nomem_cookie: 470 kfree(addrs.v); 471 return retval; 472 } 473 474 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 475 * 476 * This chunk is used only during the initialization of an association. 477 * It is sent by the initiator of an association to its peer to complete 478 * the initialization process. This chunk MUST precede any DATA chunk 479 * sent within the association, but MAY be bundled with one or more DATA 480 * chunks in the same packet. 481 * 482 * 0 1 2 3 483 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 484 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 * | Type = 10 |Chunk Flags | Length | 486 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 487 * / Cookie / 488 * \ \ 489 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 490 * 491 * Chunk Flags: 8 bit 492 * 493 * Set to zero on transmit and ignored on receipt. 494 * 495 * Length: 16 bits (unsigned integer) 496 * 497 * Set to the size of the chunk in bytes, including the 4 bytes of 498 * the chunk header and the size of the Cookie. 499 * 500 * Cookie: variable size 501 * 502 * This field must contain the exact cookie received in the 503 * State Cookie parameter from the previous INIT ACK. 504 * 505 * An implementation SHOULD make the cookie as small as possible 506 * to insure interoperability. 507 */ 508 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 509 const struct sctp_chunk *chunk) 510 { 511 struct sctp_chunk *retval; 512 void *cookie; 513 int cookie_len; 514 515 cookie = asoc->peer.cookie; 516 cookie_len = asoc->peer.cookie_len; 517 518 /* Build a cookie echo chunk. */ 519 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 520 if (!retval) 521 goto nodata; 522 retval->subh.cookie_hdr = 523 sctp_addto_chunk(retval, cookie_len, cookie); 524 525 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 526 * 527 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 528 * HEARTBEAT ACK, * etc.) to the same destination transport 529 * address from which it * received the DATA or control chunk 530 * to which it is replying. 531 * 532 * [COOKIE ECHO back to where the INIT ACK came from.] 533 */ 534 if (chunk) 535 retval->transport = chunk->transport; 536 537 nodata: 538 return retval; 539 } 540 541 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 542 * 543 * This chunk is used only during the initialization of an 544 * association. It is used to acknowledge the receipt of a COOKIE 545 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 546 * within the association, but MAY be bundled with one or more DATA 547 * chunks or SACK chunk in the same SCTP packet. 548 * 549 * 0 1 2 3 550 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 551 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 552 * | Type = 11 |Chunk Flags | Length = 4 | 553 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 554 * 555 * Chunk Flags: 8 bits 556 * 557 * Set to zero on transmit and ignored on receipt. 558 */ 559 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 560 const struct sctp_chunk *chunk) 561 { 562 struct sctp_chunk *retval; 563 564 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 565 566 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 567 * 568 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 569 * HEARTBEAT ACK, * etc.) to the same destination transport 570 * address from which it * received the DATA or control chunk 571 * to which it is replying. 572 * 573 * [COOKIE ACK back to where the COOKIE ECHO came from.] 574 */ 575 if (retval && chunk) 576 retval->transport = chunk->transport; 577 578 return retval; 579 } 580 581 /* 582 * Appendix A: Explicit Congestion Notification: 583 * CWR: 584 * 585 * RFC 2481 details a specific bit for a sender to send in the header of 586 * its next outbound TCP segment to indicate to its peer that it has 587 * reduced its congestion window. This is termed the CWR bit. For 588 * SCTP the same indication is made by including the CWR chunk. 589 * This chunk contains one data element, i.e. the TSN number that 590 * was sent in the ECNE chunk. This element represents the lowest 591 * TSN number in the datagram that was originally marked with the 592 * CE bit. 593 * 594 * 0 1 2 3 595 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 596 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 597 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 598 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 * | Lowest TSN Number | 600 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 601 * 602 * Note: The CWR is considered a Control chunk. 603 */ 604 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 605 const __u32 lowest_tsn, 606 const struct sctp_chunk *chunk) 607 { 608 struct sctp_chunk *retval; 609 sctp_cwrhdr_t cwr; 610 611 cwr.lowest_tsn = htonl(lowest_tsn); 612 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 613 sizeof(sctp_cwrhdr_t)); 614 615 if (!retval) 616 goto nodata; 617 618 retval->subh.ecn_cwr_hdr = 619 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 620 621 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 622 * 623 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 624 * HEARTBEAT ACK, * etc.) to the same destination transport 625 * address from which it * received the DATA or control chunk 626 * to which it is replying. 627 * 628 * [Report a reduced congestion window back to where the ECNE 629 * came from.] 630 */ 631 if (chunk) 632 retval->transport = chunk->transport; 633 634 nodata: 635 return retval; 636 } 637 638 /* Make an ECNE chunk. This is a congestion experienced report. */ 639 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 640 const __u32 lowest_tsn) 641 { 642 struct sctp_chunk *retval; 643 sctp_ecnehdr_t ecne; 644 645 ecne.lowest_tsn = htonl(lowest_tsn); 646 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 647 sizeof(sctp_ecnehdr_t)); 648 if (!retval) 649 goto nodata; 650 retval->subh.ecne_hdr = 651 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 652 653 nodata: 654 return retval; 655 } 656 657 /* Make a DATA chunk for the given association from the provided 658 * parameters. However, do not populate the data payload. 659 */ 660 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 661 const struct sctp_sndrcvinfo *sinfo, 662 int data_len, __u8 flags, __u16 ssn) 663 { 664 struct sctp_chunk *retval; 665 struct sctp_datahdr dp; 666 int chunk_len; 667 668 /* We assign the TSN as LATE as possible, not here when 669 * creating the chunk. 670 */ 671 dp.tsn = 0; 672 dp.stream = htons(sinfo->sinfo_stream); 673 dp.ppid = sinfo->sinfo_ppid; 674 675 /* Set the flags for an unordered send. */ 676 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 677 flags |= SCTP_DATA_UNORDERED; 678 dp.ssn = 0; 679 } else 680 dp.ssn = htons(ssn); 681 682 chunk_len = sizeof(dp) + data_len; 683 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 684 if (!retval) 685 goto nodata; 686 687 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 688 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 689 690 nodata: 691 return retval; 692 } 693 694 /* Create a selective ackowledgement (SACK) for the given 695 * association. This reports on which TSN's we've seen to date, 696 * including duplicates and gaps. 697 */ 698 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 699 { 700 struct sctp_chunk *retval; 701 struct sctp_sackhdr sack; 702 int len; 703 __u32 ctsn; 704 __u16 num_gabs, num_dup_tsns; 705 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 706 707 ctsn = sctp_tsnmap_get_ctsn(map); 708 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 709 710 /* How much room is needed in the chunk? */ 711 num_gabs = sctp_tsnmap_num_gabs(map); 712 num_dup_tsns = sctp_tsnmap_num_dups(map); 713 714 /* Initialize the SACK header. */ 715 sack.cum_tsn_ack = htonl(ctsn); 716 sack.a_rwnd = htonl(asoc->a_rwnd); 717 sack.num_gap_ack_blocks = htons(num_gabs); 718 sack.num_dup_tsns = htons(num_dup_tsns); 719 720 len = sizeof(sack) 721 + sizeof(struct sctp_gap_ack_block) * num_gabs 722 + sizeof(__u32) * num_dup_tsns; 723 724 /* Create the chunk. */ 725 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 726 if (!retval) 727 goto nodata; 728 729 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 730 * 731 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 732 * HEARTBEAT ACK, etc.) to the same destination transport 733 * address from which it received the DATA or control chunk to 734 * which it is replying. This rule should also be followed if 735 * the endpoint is bundling DATA chunks together with the 736 * reply chunk. 737 * 738 * However, when acknowledging multiple DATA chunks received 739 * in packets from different source addresses in a single 740 * SACK, the SACK chunk may be transmitted to one of the 741 * destination transport addresses from which the DATA or 742 * control chunks being acknowledged were received. 743 * 744 * [BUG: We do not implement the following paragraph. 745 * Perhaps we should remember the last transport we used for a 746 * SACK and avoid that (if possible) if we have seen any 747 * duplicates. --piggy] 748 * 749 * When a receiver of a duplicate DATA chunk sends a SACK to a 750 * multi- homed endpoint it MAY be beneficial to vary the 751 * destination address and not use the source address of the 752 * DATA chunk. The reason being that receiving a duplicate 753 * from a multi-homed endpoint might indicate that the return 754 * path (as specified in the source address of the DATA chunk) 755 * for the SACK is broken. 756 * 757 * [Send to the address from which we last received a DATA chunk.] 758 */ 759 retval->transport = asoc->peer.last_data_from; 760 761 retval->subh.sack_hdr = 762 sctp_addto_chunk(retval, sizeof(sack), &sack); 763 764 /* Add the gap ack block information. */ 765 if (num_gabs) 766 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 767 sctp_tsnmap_get_gabs(map)); 768 769 /* Add the duplicate TSN information. */ 770 if (num_dup_tsns) 771 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 772 sctp_tsnmap_get_dups(map)); 773 774 nodata: 775 return retval; 776 } 777 778 /* Make a SHUTDOWN chunk. */ 779 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 780 const struct sctp_chunk *chunk) 781 { 782 struct sctp_chunk *retval; 783 sctp_shutdownhdr_t shut; 784 __u32 ctsn; 785 786 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 787 shut.cum_tsn_ack = htonl(ctsn); 788 789 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 790 sizeof(sctp_shutdownhdr_t)); 791 if (!retval) 792 goto nodata; 793 794 retval->subh.shutdown_hdr = 795 sctp_addto_chunk(retval, sizeof(shut), &shut); 796 797 if (chunk) 798 retval->transport = chunk->transport; 799 nodata: 800 return retval; 801 } 802 803 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 804 const struct sctp_chunk *chunk) 805 { 806 struct sctp_chunk *retval; 807 808 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 809 810 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 811 * 812 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 813 * HEARTBEAT ACK, * etc.) to the same destination transport 814 * address from which it * received the DATA or control chunk 815 * to which it is replying. 816 * 817 * [ACK back to where the SHUTDOWN came from.] 818 */ 819 if (retval && chunk) 820 retval->transport = chunk->transport; 821 822 return retval; 823 } 824 825 struct sctp_chunk *sctp_make_shutdown_complete( 826 const struct sctp_association *asoc, 827 const struct sctp_chunk *chunk) 828 { 829 struct sctp_chunk *retval; 830 __u8 flags = 0; 831 832 /* Set the T-bit if we have no association (vtag will be 833 * reflected) 834 */ 835 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 836 837 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 838 839 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 840 * 841 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 842 * HEARTBEAT ACK, * etc.) to the same destination transport 843 * address from which it * received the DATA or control chunk 844 * to which it is replying. 845 * 846 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 847 * came from.] 848 */ 849 if (retval && chunk) 850 retval->transport = chunk->transport; 851 852 return retval; 853 } 854 855 /* Create an ABORT. Note that we set the T bit if we have no 856 * association, except when responding to an INIT (sctpimpguide 2.41). 857 */ 858 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 859 const struct sctp_chunk *chunk, 860 const size_t hint) 861 { 862 struct sctp_chunk *retval; 863 __u8 flags = 0; 864 865 /* Set the T-bit if we have no association and 'chunk' is not 866 * an INIT (vtag will be reflected). 867 */ 868 if (!asoc) { 869 if (chunk && chunk->chunk_hdr && 870 chunk->chunk_hdr->type == SCTP_CID_INIT) 871 flags = 0; 872 else 873 flags = SCTP_CHUNK_FLAG_T; 874 } 875 876 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 877 878 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 879 * 880 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 881 * HEARTBEAT ACK, * etc.) to the same destination transport 882 * address from which it * received the DATA or control chunk 883 * to which it is replying. 884 * 885 * [ABORT back to where the offender came from.] 886 */ 887 if (retval && chunk) 888 retval->transport = chunk->transport; 889 890 return retval; 891 } 892 893 /* Helper to create ABORT with a NO_USER_DATA error. */ 894 struct sctp_chunk *sctp_make_abort_no_data( 895 const struct sctp_association *asoc, 896 const struct sctp_chunk *chunk, __u32 tsn) 897 { 898 struct sctp_chunk *retval; 899 __be32 payload; 900 901 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 902 + sizeof(tsn)); 903 904 if (!retval) 905 goto no_mem; 906 907 /* Put the tsn back into network byte order. */ 908 payload = htonl(tsn); 909 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 910 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 911 912 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 913 * 914 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 915 * HEARTBEAT ACK, * etc.) to the same destination transport 916 * address from which it * received the DATA or control chunk 917 * to which it is replying. 918 * 919 * [ABORT back to where the offender came from.] 920 */ 921 if (chunk) 922 retval->transport = chunk->transport; 923 924 no_mem: 925 return retval; 926 } 927 928 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 929 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 930 const struct msghdr *msg, 931 size_t paylen) 932 { 933 struct sctp_chunk *retval; 934 void *payload = NULL; 935 int err; 936 937 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 938 if (!retval) 939 goto err_chunk; 940 941 if (paylen) { 942 /* Put the msg_iov together into payload. */ 943 payload = kmalloc(paylen, GFP_KERNEL); 944 if (!payload) 945 goto err_payload; 946 947 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 948 if (err < 0) 949 goto err_copy; 950 } 951 952 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 953 sctp_addto_chunk(retval, paylen, payload); 954 955 if (paylen) 956 kfree(payload); 957 958 return retval; 959 960 err_copy: 961 kfree(payload); 962 err_payload: 963 sctp_chunk_free(retval); 964 retval = NULL; 965 err_chunk: 966 return retval; 967 } 968 969 /* Append bytes to the end of a parameter. Will panic if chunk is not big 970 * enough. 971 */ 972 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 973 const void *data) 974 { 975 void *target; 976 int chunklen = ntohs(chunk->chunk_hdr->length); 977 978 target = skb_put(chunk->skb, len); 979 980 memcpy(target, data, len); 981 982 /* Adjust the chunk length field. */ 983 chunk->chunk_hdr->length = htons(chunklen + len); 984 chunk->chunk_end = skb_tail_pointer(chunk->skb); 985 986 return target; 987 } 988 989 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 990 struct sctp_chunk *sctp_make_abort_violation( 991 const struct sctp_association *asoc, 992 const struct sctp_chunk *chunk, 993 const __u8 *payload, 994 const size_t paylen) 995 { 996 struct sctp_chunk *retval; 997 struct sctp_paramhdr phdr; 998 999 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1000 + sizeof(sctp_paramhdr_t)); 1001 if (!retval) 1002 goto end; 1003 1004 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1005 + sizeof(sctp_paramhdr_t)); 1006 1007 phdr.type = htons(chunk->chunk_hdr->type); 1008 phdr.length = chunk->chunk_hdr->length; 1009 sctp_addto_chunk(retval, paylen, payload); 1010 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1011 1012 end: 1013 return retval; 1014 } 1015 1016 /* Make a HEARTBEAT chunk. */ 1017 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1018 const struct sctp_transport *transport, 1019 const void *payload, const size_t paylen) 1020 { 1021 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1022 0, paylen); 1023 1024 if (!retval) 1025 goto nodata; 1026 1027 /* Cast away the 'const', as this is just telling the chunk 1028 * what transport it belongs to. 1029 */ 1030 retval->transport = (struct sctp_transport *) transport; 1031 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1032 1033 nodata: 1034 return retval; 1035 } 1036 1037 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1038 const struct sctp_chunk *chunk, 1039 const void *payload, const size_t paylen) 1040 { 1041 struct sctp_chunk *retval; 1042 1043 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1044 if (!retval) 1045 goto nodata; 1046 1047 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1048 1049 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1050 * 1051 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1052 * HEARTBEAT ACK, * etc.) to the same destination transport 1053 * address from which it * received the DATA or control chunk 1054 * to which it is replying. 1055 * 1056 * [HBACK back to where the HEARTBEAT came from.] 1057 */ 1058 if (chunk) 1059 retval->transport = chunk->transport; 1060 1061 nodata: 1062 return retval; 1063 } 1064 1065 /* Create an Operation Error chunk with the specified space reserved. 1066 * This routine can be used for containing multiple causes in the chunk. 1067 */ 1068 static struct sctp_chunk *sctp_make_op_error_space( 1069 const struct sctp_association *asoc, 1070 const struct sctp_chunk *chunk, 1071 size_t size) 1072 { 1073 struct sctp_chunk *retval; 1074 1075 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1076 sizeof(sctp_errhdr_t) + size); 1077 if (!retval) 1078 goto nodata; 1079 1080 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1081 * 1082 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1083 * HEARTBEAT ACK, etc.) to the same destination transport 1084 * address from which it received the DATA or control chunk 1085 * to which it is replying. 1086 * 1087 */ 1088 if (chunk) 1089 retval->transport = chunk->transport; 1090 1091 nodata: 1092 return retval; 1093 } 1094 1095 /* Create an Operation Error chunk. */ 1096 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1097 const struct sctp_chunk *chunk, 1098 __be16 cause_code, const void *payload, 1099 size_t paylen) 1100 { 1101 struct sctp_chunk *retval; 1102 1103 retval = sctp_make_op_error_space(asoc, chunk, paylen); 1104 if (!retval) 1105 goto nodata; 1106 1107 sctp_init_cause(retval, cause_code, paylen); 1108 sctp_addto_chunk(retval, paylen, payload); 1109 1110 nodata: 1111 return retval; 1112 } 1113 1114 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1115 { 1116 struct sctp_chunk *retval; 1117 struct sctp_hmac *hmac_desc; 1118 struct sctp_authhdr auth_hdr; 1119 __u8 *hmac; 1120 1121 /* Get the first hmac that the peer told us to use */ 1122 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1123 if (unlikely(!hmac_desc)) 1124 return NULL; 1125 1126 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1127 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1128 if (!retval) 1129 return NULL; 1130 1131 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1132 auth_hdr.shkey_id = htons(asoc->active_key_id); 1133 1134 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1135 &auth_hdr); 1136 1137 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1138 memset(hmac, 0, hmac_desc->hmac_len); 1139 1140 /* Adjust the chunk header to include the empty MAC */ 1141 retval->chunk_hdr->length = 1142 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1143 retval->chunk_end = skb_tail_pointer(retval->skb); 1144 1145 return retval; 1146 } 1147 1148 1149 /******************************************************************** 1150 * 2nd Level Abstractions 1151 ********************************************************************/ 1152 1153 /* Turn an skb into a chunk. 1154 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1155 */ 1156 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1157 const struct sctp_association *asoc, 1158 struct sock *sk) 1159 { 1160 struct sctp_chunk *retval; 1161 1162 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1163 1164 if (!retval) 1165 goto nodata; 1166 1167 if (!sk) { 1168 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1169 } 1170 1171 INIT_LIST_HEAD(&retval->list); 1172 retval->skb = skb; 1173 retval->asoc = (struct sctp_association *)asoc; 1174 retval->resent = 0; 1175 retval->has_tsn = 0; 1176 retval->has_ssn = 0; 1177 retval->rtt_in_progress = 0; 1178 retval->sent_at = 0; 1179 retval->singleton = 1; 1180 retval->end_of_packet = 0; 1181 retval->ecn_ce_done = 0; 1182 retval->pdiscard = 0; 1183 1184 /* sctpimpguide-05.txt Section 2.8.2 1185 * M1) Each time a new DATA chunk is transmitted 1186 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1187 * 'TSN.Missing.Report' count will be used to determine missing chunks 1188 * and when to fast retransmit. 1189 */ 1190 retval->tsn_missing_report = 0; 1191 retval->tsn_gap_acked = 0; 1192 retval->fast_retransmit = 0; 1193 1194 /* If this is a fragmented message, track all fragments 1195 * of the message (for SEND_FAILED). 1196 */ 1197 retval->msg = NULL; 1198 1199 /* Polish the bead hole. */ 1200 INIT_LIST_HEAD(&retval->transmitted_list); 1201 INIT_LIST_HEAD(&retval->frag_list); 1202 SCTP_DBG_OBJCNT_INC(chunk); 1203 atomic_set(&retval->refcnt, 1); 1204 1205 nodata: 1206 return retval; 1207 } 1208 1209 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1210 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1211 union sctp_addr *dest) 1212 { 1213 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1214 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1215 } 1216 1217 /* Extract the source address from a chunk. */ 1218 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1219 { 1220 /* If we have a known transport, use that. */ 1221 if (chunk->transport) { 1222 return &chunk->transport->ipaddr; 1223 } else { 1224 /* Otherwise, extract it from the IP header. */ 1225 return &chunk->source; 1226 } 1227 } 1228 1229 /* Create a new chunk, setting the type and flags headers from the 1230 * arguments, reserving enough space for a 'paylen' byte payload. 1231 */ 1232 SCTP_STATIC 1233 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1234 __u8 type, __u8 flags, int paylen) 1235 { 1236 struct sctp_chunk *retval; 1237 sctp_chunkhdr_t *chunk_hdr; 1238 struct sk_buff *skb; 1239 struct sock *sk; 1240 1241 /* No need to allocate LL here, as this is only a chunk. */ 1242 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1243 GFP_ATOMIC); 1244 if (!skb) 1245 goto nodata; 1246 1247 /* Make room for the chunk header. */ 1248 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1249 chunk_hdr->type = type; 1250 chunk_hdr->flags = flags; 1251 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1252 1253 sk = asoc ? asoc->base.sk : NULL; 1254 retval = sctp_chunkify(skb, asoc, sk); 1255 if (!retval) { 1256 kfree_skb(skb); 1257 goto nodata; 1258 } 1259 1260 retval->chunk_hdr = chunk_hdr; 1261 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1262 1263 /* Determine if the chunk needs to be authenticated */ 1264 if (sctp_auth_send_cid(type, asoc)) 1265 retval->auth = 1; 1266 1267 /* Set the skb to the belonging sock for accounting. */ 1268 skb->sk = sk; 1269 1270 return retval; 1271 nodata: 1272 return NULL; 1273 } 1274 1275 1276 /* Release the memory occupied by a chunk. */ 1277 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1278 { 1279 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1280 dev_kfree_skb(chunk->skb); 1281 1282 SCTP_DBG_OBJCNT_DEC(chunk); 1283 kmem_cache_free(sctp_chunk_cachep, chunk); 1284 } 1285 1286 /* Possibly, free the chunk. */ 1287 void sctp_chunk_free(struct sctp_chunk *chunk) 1288 { 1289 BUG_ON(!list_empty(&chunk->list)); 1290 list_del_init(&chunk->transmitted_list); 1291 1292 /* Release our reference on the message tracker. */ 1293 if (chunk->msg) 1294 sctp_datamsg_put(chunk->msg); 1295 1296 sctp_chunk_put(chunk); 1297 } 1298 1299 /* Grab a reference to the chunk. */ 1300 void sctp_chunk_hold(struct sctp_chunk *ch) 1301 { 1302 atomic_inc(&ch->refcnt); 1303 } 1304 1305 /* Release a reference to the chunk. */ 1306 void sctp_chunk_put(struct sctp_chunk *ch) 1307 { 1308 if (atomic_dec_and_test(&ch->refcnt)) 1309 sctp_chunk_destroy(ch); 1310 } 1311 1312 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1313 * enough. 1314 */ 1315 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1316 { 1317 void *target; 1318 void *padding; 1319 int chunklen = ntohs(chunk->chunk_hdr->length); 1320 int padlen = WORD_ROUND(chunklen) - chunklen; 1321 1322 padding = skb_put(chunk->skb, padlen); 1323 target = skb_put(chunk->skb, len); 1324 1325 memset(padding, 0, padlen); 1326 memcpy(target, data, len); 1327 1328 /* Adjust the chunk length field. */ 1329 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1330 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1331 1332 return target; 1333 } 1334 1335 /* Append bytes from user space to the end of a chunk. Will panic if 1336 * chunk is not big enough. 1337 * Returns a kernel err value. 1338 */ 1339 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1340 struct iovec *data) 1341 { 1342 __u8 *target; 1343 int err = 0; 1344 1345 /* Make room in chunk for data. */ 1346 target = skb_put(chunk->skb, len); 1347 1348 /* Copy data (whole iovec) into chunk */ 1349 if ((err = memcpy_fromiovecend(target, data, off, len))) 1350 goto out; 1351 1352 /* Adjust the chunk length field. */ 1353 chunk->chunk_hdr->length = 1354 htons(ntohs(chunk->chunk_hdr->length) + len); 1355 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1356 1357 out: 1358 return err; 1359 } 1360 1361 /* Helper function to assign a TSN if needed. This assumes that both 1362 * the data_hdr and association have already been assigned. 1363 */ 1364 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1365 { 1366 struct sctp_datamsg *msg; 1367 struct sctp_chunk *lchunk; 1368 struct sctp_stream *stream; 1369 __u16 ssn; 1370 __u16 sid; 1371 1372 if (chunk->has_ssn) 1373 return; 1374 1375 /* All fragments will be on the same stream */ 1376 sid = ntohs(chunk->subh.data_hdr->stream); 1377 stream = &chunk->asoc->ssnmap->out; 1378 1379 /* Now assign the sequence number to the entire message. 1380 * All fragments must have the same stream sequence number. 1381 */ 1382 msg = chunk->msg; 1383 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1384 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1385 ssn = 0; 1386 } else { 1387 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1388 ssn = sctp_ssn_next(stream, sid); 1389 else 1390 ssn = sctp_ssn_peek(stream, sid); 1391 } 1392 1393 lchunk->subh.data_hdr->ssn = htons(ssn); 1394 lchunk->has_ssn = 1; 1395 } 1396 } 1397 1398 /* Helper function to assign a TSN if needed. This assumes that both 1399 * the data_hdr and association have already been assigned. 1400 */ 1401 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1402 { 1403 if (!chunk->has_tsn) { 1404 /* This is the last possible instant to 1405 * assign a TSN. 1406 */ 1407 chunk->subh.data_hdr->tsn = 1408 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1409 chunk->has_tsn = 1; 1410 } 1411 } 1412 1413 /* Create a CLOSED association to use with an incoming packet. */ 1414 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1415 struct sctp_chunk *chunk, 1416 gfp_t gfp) 1417 { 1418 struct sctp_association *asoc; 1419 struct sk_buff *skb; 1420 sctp_scope_t scope; 1421 struct sctp_af *af; 1422 1423 /* Create the bare association. */ 1424 scope = sctp_scope(sctp_source(chunk)); 1425 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1426 if (!asoc) 1427 goto nodata; 1428 asoc->temp = 1; 1429 skb = chunk->skb; 1430 /* Create an entry for the source address of the packet. */ 1431 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1432 if (unlikely(!af)) 1433 goto fail; 1434 af->from_skb(&asoc->c.peer_addr, skb, 1); 1435 nodata: 1436 return asoc; 1437 1438 fail: 1439 sctp_association_free(asoc); 1440 return NULL; 1441 } 1442 1443 /* Build a cookie representing asoc. 1444 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1445 */ 1446 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1447 const struct sctp_association *asoc, 1448 const struct sctp_chunk *init_chunk, 1449 int *cookie_len, 1450 const __u8 *raw_addrs, int addrs_len) 1451 { 1452 sctp_cookie_param_t *retval; 1453 struct sctp_signed_cookie *cookie; 1454 struct scatterlist sg; 1455 int headersize, bodysize; 1456 unsigned int keylen; 1457 char *key; 1458 1459 /* Header size is static data prior to the actual cookie, including 1460 * any padding. 1461 */ 1462 headersize = sizeof(sctp_paramhdr_t) + 1463 (sizeof(struct sctp_signed_cookie) - 1464 sizeof(struct sctp_cookie)); 1465 bodysize = sizeof(struct sctp_cookie) 1466 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1467 1468 /* Pad out the cookie to a multiple to make the signature 1469 * functions simpler to write. 1470 */ 1471 if (bodysize % SCTP_COOKIE_MULTIPLE) 1472 bodysize += SCTP_COOKIE_MULTIPLE 1473 - (bodysize % SCTP_COOKIE_MULTIPLE); 1474 *cookie_len = headersize + bodysize; 1475 1476 /* Clear this memory since we are sending this data structure 1477 * out on the network. 1478 */ 1479 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1480 if (!retval) 1481 goto nodata; 1482 1483 cookie = (struct sctp_signed_cookie *) retval->body; 1484 1485 /* Set up the parameter header. */ 1486 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1487 retval->p.length = htons(*cookie_len); 1488 1489 /* Copy the cookie part of the association itself. */ 1490 cookie->c = asoc->c; 1491 /* Save the raw address list length in the cookie. */ 1492 cookie->c.raw_addr_list_len = addrs_len; 1493 1494 /* Remember PR-SCTP capability. */ 1495 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1496 1497 /* Save adaptation indication in the cookie. */ 1498 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1499 1500 /* Set an expiration time for the cookie. */ 1501 do_gettimeofday(&cookie->c.expiration); 1502 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1503 1504 /* Copy the peer's init packet. */ 1505 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1506 ntohs(init_chunk->chunk_hdr->length)); 1507 1508 /* Copy the raw local address list of the association. */ 1509 memcpy((__u8 *)&cookie->c.peer_init[0] + 1510 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1511 1512 if (sctp_sk(ep->base.sk)->hmac) { 1513 struct hash_desc desc; 1514 1515 /* Sign the message. */ 1516 sg_init_one(&sg, &cookie->c, bodysize); 1517 keylen = SCTP_SECRET_SIZE; 1518 key = (char *)ep->secret_key[ep->current_key]; 1519 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1520 desc.flags = 0; 1521 1522 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1523 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1524 goto free_cookie; 1525 } 1526 1527 return retval; 1528 1529 free_cookie: 1530 kfree(retval); 1531 nodata: 1532 *cookie_len = 0; 1533 return NULL; 1534 } 1535 1536 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1537 struct sctp_association *sctp_unpack_cookie( 1538 const struct sctp_endpoint *ep, 1539 const struct sctp_association *asoc, 1540 struct sctp_chunk *chunk, gfp_t gfp, 1541 int *error, struct sctp_chunk **errp) 1542 { 1543 struct sctp_association *retval = NULL; 1544 struct sctp_signed_cookie *cookie; 1545 struct sctp_cookie *bear_cookie; 1546 int headersize, bodysize, fixed_size; 1547 __u8 *digest = ep->digest; 1548 struct scatterlist sg; 1549 unsigned int keylen, len; 1550 char *key; 1551 sctp_scope_t scope; 1552 struct sk_buff *skb = chunk->skb; 1553 struct timeval tv; 1554 struct hash_desc desc; 1555 1556 /* Header size is static data prior to the actual cookie, including 1557 * any padding. 1558 */ 1559 headersize = sizeof(sctp_chunkhdr_t) + 1560 (sizeof(struct sctp_signed_cookie) - 1561 sizeof(struct sctp_cookie)); 1562 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1563 fixed_size = headersize + sizeof(struct sctp_cookie); 1564 1565 /* Verify that the chunk looks like it even has a cookie. 1566 * There must be enough room for our cookie and our peer's 1567 * INIT chunk. 1568 */ 1569 len = ntohs(chunk->chunk_hdr->length); 1570 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1571 goto malformed; 1572 1573 /* Verify that the cookie has been padded out. */ 1574 if (bodysize % SCTP_COOKIE_MULTIPLE) 1575 goto malformed; 1576 1577 /* Process the cookie. */ 1578 cookie = chunk->subh.cookie_hdr; 1579 bear_cookie = &cookie->c; 1580 1581 if (!sctp_sk(ep->base.sk)->hmac) 1582 goto no_hmac; 1583 1584 /* Check the signature. */ 1585 keylen = SCTP_SECRET_SIZE; 1586 sg_init_one(&sg, bear_cookie, bodysize); 1587 key = (char *)ep->secret_key[ep->current_key]; 1588 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1589 desc.flags = 0; 1590 1591 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1592 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1593 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1594 *error = -SCTP_IERROR_NOMEM; 1595 goto fail; 1596 } 1597 1598 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1599 /* Try the previous key. */ 1600 key = (char *)ep->secret_key[ep->last_key]; 1601 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1602 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1603 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1604 *error = -SCTP_IERROR_NOMEM; 1605 goto fail; 1606 } 1607 1608 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1609 /* Yikes! Still bad signature! */ 1610 *error = -SCTP_IERROR_BAD_SIG; 1611 goto fail; 1612 } 1613 } 1614 1615 no_hmac: 1616 /* IG Section 2.35.2: 1617 * 3) Compare the port numbers and the verification tag contained 1618 * within the COOKIE ECHO chunk to the actual port numbers and the 1619 * verification tag within the SCTP common header of the received 1620 * packet. If these values do not match the packet MUST be silently 1621 * discarded, 1622 */ 1623 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1624 *error = -SCTP_IERROR_BAD_TAG; 1625 goto fail; 1626 } 1627 1628 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1629 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1630 *error = -SCTP_IERROR_BAD_PORTS; 1631 goto fail; 1632 } 1633 1634 /* Check to see if the cookie is stale. If there is already 1635 * an association, there is no need to check cookie's expiration 1636 * for init collision case of lost COOKIE ACK. 1637 * If skb has been timestamped, then use the stamp, otherwise 1638 * use current time. This introduces a small possibility that 1639 * that a cookie may be considered expired, but his would only slow 1640 * down the new association establishment instead of every packet. 1641 */ 1642 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1643 skb_get_timestamp(skb, &tv); 1644 else 1645 do_gettimeofday(&tv); 1646 1647 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1648 /* 1649 * Section 3.3.10.3 Stale Cookie Error (3) 1650 * 1651 * Cause of error 1652 * --------------- 1653 * Stale Cookie Error: Indicates the receipt of a valid State 1654 * Cookie that has expired. 1655 */ 1656 len = ntohs(chunk->chunk_hdr->length); 1657 *errp = sctp_make_op_error_space(asoc, chunk, len); 1658 if (*errp) { 1659 suseconds_t usecs = (tv.tv_sec - 1660 bear_cookie->expiration.tv_sec) * 1000000L + 1661 tv.tv_usec - bear_cookie->expiration.tv_usec; 1662 __be32 n = htonl(usecs); 1663 1664 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1665 sizeof(n)); 1666 sctp_addto_chunk(*errp, sizeof(n), &n); 1667 *error = -SCTP_IERROR_STALE_COOKIE; 1668 } else 1669 *error = -SCTP_IERROR_NOMEM; 1670 1671 goto fail; 1672 } 1673 1674 /* Make a new base association. */ 1675 scope = sctp_scope(sctp_source(chunk)); 1676 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1677 if (!retval) { 1678 *error = -SCTP_IERROR_NOMEM; 1679 goto fail; 1680 } 1681 1682 /* Set up our peer's port number. */ 1683 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1684 1685 /* Populate the association from the cookie. */ 1686 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1687 1688 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1689 GFP_ATOMIC) < 0) { 1690 *error = -SCTP_IERROR_NOMEM; 1691 goto fail; 1692 } 1693 1694 /* Also, add the destination address. */ 1695 if (list_empty(&retval->base.bind_addr.address_list)) { 1696 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1, 1697 GFP_ATOMIC); 1698 } 1699 1700 retval->next_tsn = retval->c.initial_tsn; 1701 retval->ctsn_ack_point = retval->next_tsn - 1; 1702 retval->addip_serial = retval->c.initial_tsn; 1703 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1704 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1705 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1706 1707 /* The INIT stuff will be done by the side effects. */ 1708 return retval; 1709 1710 fail: 1711 if (retval) 1712 sctp_association_free(retval); 1713 1714 return NULL; 1715 1716 malformed: 1717 /* Yikes! The packet is either corrupt or deliberately 1718 * malformed. 1719 */ 1720 *error = -SCTP_IERROR_MALFORMED; 1721 goto fail; 1722 } 1723 1724 /******************************************************************** 1725 * 3rd Level Abstractions 1726 ********************************************************************/ 1727 1728 struct __sctp_missing { 1729 __be32 num_missing; 1730 __be16 type; 1731 } __attribute__((packed)); 1732 1733 /* 1734 * Report a missing mandatory parameter. 1735 */ 1736 static int sctp_process_missing_param(const struct sctp_association *asoc, 1737 sctp_param_t paramtype, 1738 struct sctp_chunk *chunk, 1739 struct sctp_chunk **errp) 1740 { 1741 struct __sctp_missing report; 1742 __u16 len; 1743 1744 len = WORD_ROUND(sizeof(report)); 1745 1746 /* Make an ERROR chunk, preparing enough room for 1747 * returning multiple unknown parameters. 1748 */ 1749 if (!*errp) 1750 *errp = sctp_make_op_error_space(asoc, chunk, len); 1751 1752 if (*errp) { 1753 report.num_missing = htonl(1); 1754 report.type = paramtype; 1755 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1756 sizeof(report)); 1757 sctp_addto_chunk(*errp, sizeof(report), &report); 1758 } 1759 1760 /* Stop processing this chunk. */ 1761 return 0; 1762 } 1763 1764 /* Report an Invalid Mandatory Parameter. */ 1765 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1766 struct sctp_chunk *chunk, 1767 struct sctp_chunk **errp) 1768 { 1769 /* Invalid Mandatory Parameter Error has no payload. */ 1770 1771 if (!*errp) 1772 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1773 1774 if (*errp) 1775 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1776 1777 /* Stop processing this chunk. */ 1778 return 0; 1779 } 1780 1781 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1782 struct sctp_paramhdr *param, 1783 const struct sctp_chunk *chunk, 1784 struct sctp_chunk **errp) 1785 { 1786 char error[] = "The following parameter had invalid length:"; 1787 size_t payload_len = WORD_ROUND(sizeof(error)) + 1788 sizeof(sctp_paramhdr_t); 1789 1790 1791 /* This is a fatal error. Any accumulated non-fatal errors are 1792 * not reported. 1793 */ 1794 if (*errp) 1795 sctp_chunk_free(*errp); 1796 1797 /* Create an error chunk and fill it in with our payload. */ 1798 *errp = sctp_make_op_error_space(asoc, chunk, payload_len); 1799 1800 if (*errp) { 1801 sctp_init_cause(*errp, SCTP_ERROR_PROTO_VIOLATION, 1802 sizeof(error) + sizeof(sctp_paramhdr_t)); 1803 sctp_addto_chunk(*errp, sizeof(error), error); 1804 sctp_addto_param(*errp, sizeof(sctp_paramhdr_t), param); 1805 } 1806 1807 return 0; 1808 } 1809 1810 1811 /* Do not attempt to handle the HOST_NAME parm. However, do 1812 * send back an indicator to the peer. 1813 */ 1814 static int sctp_process_hn_param(const struct sctp_association *asoc, 1815 union sctp_params param, 1816 struct sctp_chunk *chunk, 1817 struct sctp_chunk **errp) 1818 { 1819 __u16 len = ntohs(param.p->length); 1820 1821 /* Processing of the HOST_NAME parameter will generate an 1822 * ABORT. If we've accumulated any non-fatal errors, they 1823 * would be unrecognized parameters and we should not include 1824 * them in the ABORT. 1825 */ 1826 if (*errp) 1827 sctp_chunk_free(*errp); 1828 1829 *errp = sctp_make_op_error_space(asoc, chunk, len); 1830 1831 if (*errp) { 1832 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1833 sctp_addto_chunk(*errp, len, param.v); 1834 } 1835 1836 /* Stop processing this chunk. */ 1837 return 0; 1838 } 1839 1840 static void sctp_process_ext_param(struct sctp_association *asoc, 1841 union sctp_params param) 1842 { 1843 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1844 int i; 1845 1846 for (i = 0; i < num_ext; i++) { 1847 switch (param.ext->chunks[i]) { 1848 case SCTP_CID_FWD_TSN: 1849 if (sctp_prsctp_enable && 1850 !asoc->peer.prsctp_capable) 1851 asoc->peer.prsctp_capable = 1; 1852 break; 1853 case SCTP_CID_AUTH: 1854 /* if the peer reports AUTH, assume that he 1855 * supports AUTH. 1856 */ 1857 asoc->peer.auth_capable = 1; 1858 break; 1859 case SCTP_CID_ASCONF: 1860 case SCTP_CID_ASCONF_ACK: 1861 asoc->peer.asconf_capable = 1; 1862 break; 1863 default: 1864 break; 1865 } 1866 } 1867 } 1868 1869 /* RFC 3.2.1 & the Implementers Guide 2.2. 1870 * 1871 * The Parameter Types are encoded such that the 1872 * highest-order two bits specify the action that must be 1873 * taken if the processing endpoint does not recognize the 1874 * Parameter Type. 1875 * 1876 * 00 - Stop processing this parameter; do not process any further 1877 * parameters within this chunk 1878 * 1879 * 01 - Stop processing this parameter, do not process any further 1880 * parameters within this chunk, and report the unrecognized 1881 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1882 * 1883 * 10 - Skip this parameter and continue processing. 1884 * 1885 * 11 - Skip this parameter and continue processing but 1886 * report the unrecognized parameter in an 1887 * 'Unrecognized Parameter' ERROR chunk. 1888 * 1889 * Return value: 1890 * SCTP_IERROR_NO_ERROR - continue with the chunk 1891 * SCTP_IERROR_ERROR - stop and report an error. 1892 * SCTP_IERROR_NOMEME - out of memory. 1893 */ 1894 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 1895 union sctp_params param, 1896 struct sctp_chunk *chunk, 1897 struct sctp_chunk **errp) 1898 { 1899 int retval = SCTP_IERROR_NO_ERROR; 1900 1901 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1902 case SCTP_PARAM_ACTION_DISCARD: 1903 retval = SCTP_IERROR_ERROR; 1904 break; 1905 case SCTP_PARAM_ACTION_SKIP: 1906 break; 1907 case SCTP_PARAM_ACTION_DISCARD_ERR: 1908 retval = SCTP_IERROR_ERROR; 1909 /* Fall through */ 1910 case SCTP_PARAM_ACTION_SKIP_ERR: 1911 /* Make an ERROR chunk, preparing enough room for 1912 * returning multiple unknown parameters. 1913 */ 1914 if (NULL == *errp) 1915 *errp = sctp_make_op_error_space(asoc, chunk, 1916 ntohs(chunk->chunk_hdr->length)); 1917 1918 if (*errp) { 1919 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1920 WORD_ROUND(ntohs(param.p->length))); 1921 sctp_addto_chunk(*errp, 1922 WORD_ROUND(ntohs(param.p->length)), 1923 param.v); 1924 } else { 1925 /* If there is no memory for generating the ERROR 1926 * report as specified, an ABORT will be triggered 1927 * to the peer and the association won't be 1928 * established. 1929 */ 1930 retval = SCTP_IERROR_NOMEM; 1931 } 1932 break; 1933 default: 1934 break; 1935 } 1936 1937 return retval; 1938 } 1939 1940 /* Verify variable length parameters 1941 * Return values: 1942 * SCTP_IERROR_ABORT - trigger an ABORT 1943 * SCTP_IERROR_NOMEM - out of memory (abort) 1944 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 1945 * SCTP_IERROR_NO_ERROR - continue with the chunk 1946 */ 1947 static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 1948 union sctp_params param, 1949 sctp_cid_t cid, 1950 struct sctp_chunk *chunk, 1951 struct sctp_chunk **err_chunk) 1952 { 1953 int retval = SCTP_IERROR_NO_ERROR; 1954 1955 /* FIXME - This routine is not looking at each parameter per the 1956 * chunk type, i.e., unrecognized parameters should be further 1957 * identified based on the chunk id. 1958 */ 1959 1960 switch (param.p->type) { 1961 case SCTP_PARAM_IPV4_ADDRESS: 1962 case SCTP_PARAM_IPV6_ADDRESS: 1963 case SCTP_PARAM_COOKIE_PRESERVATIVE: 1964 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 1965 case SCTP_PARAM_STATE_COOKIE: 1966 case SCTP_PARAM_HEARTBEAT_INFO: 1967 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 1968 case SCTP_PARAM_ECN_CAPABLE: 1969 case SCTP_PARAM_ADAPTATION_LAYER_IND: 1970 case SCTP_PARAM_SUPPORTED_EXT: 1971 break; 1972 1973 case SCTP_PARAM_HOST_NAME_ADDRESS: 1974 /* Tell the peer, we won't support this param. */ 1975 sctp_process_hn_param(asoc, param, chunk, err_chunk); 1976 retval = SCTP_IERROR_ABORT; 1977 break; 1978 1979 case SCTP_PARAM_FWD_TSN_SUPPORT: 1980 if (sctp_prsctp_enable) 1981 break; 1982 goto fallthrough; 1983 1984 case SCTP_PARAM_RANDOM: 1985 if (!sctp_auth_enable) 1986 goto fallthrough; 1987 1988 /* SCTP-AUTH: Secion 6.1 1989 * If the random number is not 32 byte long the association 1990 * MUST be aborted. The ABORT chunk SHOULD contain the error 1991 * cause 'Protocol Violation'. 1992 */ 1993 if (SCTP_AUTH_RANDOM_LENGTH != 1994 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 1995 sctp_process_inv_paramlength(asoc, param.p, 1996 chunk, err_chunk); 1997 retval = SCTP_IERROR_ABORT; 1998 } 1999 break; 2000 2001 case SCTP_PARAM_CHUNKS: 2002 if (!sctp_auth_enable) 2003 goto fallthrough; 2004 2005 /* SCTP-AUTH: Section 3.2 2006 * The CHUNKS parameter MUST be included once in the INIT or 2007 * INIT-ACK chunk if the sender wants to receive authenticated 2008 * chunks. Its maximum length is 260 bytes. 2009 */ 2010 if (260 < ntohs(param.p->length)) { 2011 sctp_process_inv_paramlength(asoc, param.p, 2012 chunk, err_chunk); 2013 retval = SCTP_IERROR_ABORT; 2014 } 2015 break; 2016 2017 case SCTP_PARAM_HMAC_ALGO: 2018 if (!sctp_auth_enable) 2019 break; 2020 /* Fall Through */ 2021 fallthrough: 2022 default: 2023 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2024 ntohs(param.p->type), cid); 2025 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2026 break; 2027 } 2028 return retval; 2029 } 2030 2031 /* Verify the INIT packet before we process it. */ 2032 int sctp_verify_init(const struct sctp_association *asoc, 2033 sctp_cid_t cid, 2034 sctp_init_chunk_t *peer_init, 2035 struct sctp_chunk *chunk, 2036 struct sctp_chunk **errp) 2037 { 2038 union sctp_params param; 2039 int has_cookie = 0; 2040 int result; 2041 2042 /* Verify stream values are non-zero. */ 2043 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2044 (0 == peer_init->init_hdr.num_inbound_streams) || 2045 (0 == peer_init->init_hdr.init_tag) || 2046 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2047 2048 return sctp_process_inv_mandatory(asoc, chunk, errp); 2049 } 2050 2051 /* Check for missing mandatory parameters. */ 2052 sctp_walk_params(param, peer_init, init_hdr.params) { 2053 2054 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2055 has_cookie = 1; 2056 2057 } /* for (loop through all parameters) */ 2058 2059 /* There is a possibility that a parameter length was bad and 2060 * in that case we would have stoped walking the parameters. 2061 * The current param.p would point at the bad one. 2062 * Current consensus on the mailing list is to generate a PROTOCOL 2063 * VIOLATION error. We build the ERROR chunk here and let the normal 2064 * error handling code build and send the packet. 2065 */ 2066 if (param.v != (void*)chunk->chunk_end) 2067 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2068 2069 /* The only missing mandatory param possible today is 2070 * the state cookie for an INIT-ACK chunk. 2071 */ 2072 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2073 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2074 chunk, errp); 2075 2076 /* Verify all the variable length parameters */ 2077 sctp_walk_params(param, peer_init, init_hdr.params) { 2078 2079 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2080 switch (result) { 2081 case SCTP_IERROR_ABORT: 2082 case SCTP_IERROR_NOMEM: 2083 return 0; 2084 case SCTP_IERROR_ERROR: 2085 return 1; 2086 case SCTP_IERROR_NO_ERROR: 2087 default: 2088 break; 2089 } 2090 2091 } /* for (loop through all parameters) */ 2092 2093 return 1; 2094 } 2095 2096 /* Unpack the parameters in an INIT packet into an association. 2097 * Returns 0 on failure, else success. 2098 * FIXME: This is an association method. 2099 */ 2100 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2101 const union sctp_addr *peer_addr, 2102 sctp_init_chunk_t *peer_init, gfp_t gfp) 2103 { 2104 union sctp_params param; 2105 struct sctp_transport *transport; 2106 struct list_head *pos, *temp; 2107 char *cookie; 2108 2109 /* We must include the address that the INIT packet came from. 2110 * This is the only address that matters for an INIT packet. 2111 * When processing a COOKIE ECHO, we retrieve the from address 2112 * of the INIT from the cookie. 2113 */ 2114 2115 /* This implementation defaults to making the first transport 2116 * added as the primary transport. The source address seems to 2117 * be a a better choice than any of the embedded addresses. 2118 */ 2119 if (peer_addr) { 2120 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2121 goto nomem; 2122 } 2123 2124 /* Process the initialization parameters. */ 2125 sctp_walk_params(param, peer_init, init_hdr.params) { 2126 2127 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2128 goto clean_up; 2129 } 2130 2131 /* AUTH: After processing the parameters, make sure that we 2132 * have all the required info to potentially do authentications. 2133 */ 2134 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2135 !asoc->peer.peer_hmacs)) 2136 asoc->peer.auth_capable = 0; 2137 2138 2139 /* If the peer claims support for ADD-IP without support 2140 * for AUTH, disable support for ADD-IP. 2141 * Do this only if backward compatible mode is turned off. 2142 */ 2143 if (!sctp_addip_noauth && 2144 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2145 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2146 SCTP_PARAM_DEL_IP | 2147 SCTP_PARAM_SET_PRIMARY); 2148 asoc->peer.asconf_capable = 0; 2149 } 2150 2151 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2152 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2153 transport = list_entry(pos, struct sctp_transport, transports); 2154 if (transport->state == SCTP_UNKNOWN) { 2155 sctp_assoc_rm_peer(asoc, transport); 2156 } 2157 } 2158 2159 /* The fixed INIT headers are always in network byte 2160 * order. 2161 */ 2162 asoc->peer.i.init_tag = 2163 ntohl(peer_init->init_hdr.init_tag); 2164 asoc->peer.i.a_rwnd = 2165 ntohl(peer_init->init_hdr.a_rwnd); 2166 asoc->peer.i.num_outbound_streams = 2167 ntohs(peer_init->init_hdr.num_outbound_streams); 2168 asoc->peer.i.num_inbound_streams = 2169 ntohs(peer_init->init_hdr.num_inbound_streams); 2170 asoc->peer.i.initial_tsn = 2171 ntohl(peer_init->init_hdr.initial_tsn); 2172 2173 /* Apply the upper bounds for output streams based on peer's 2174 * number of inbound streams. 2175 */ 2176 if (asoc->c.sinit_num_ostreams > 2177 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2178 asoc->c.sinit_num_ostreams = 2179 ntohs(peer_init->init_hdr.num_inbound_streams); 2180 } 2181 2182 if (asoc->c.sinit_max_instreams > 2183 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2184 asoc->c.sinit_max_instreams = 2185 ntohs(peer_init->init_hdr.num_outbound_streams); 2186 } 2187 2188 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2189 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2190 2191 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2192 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2193 2194 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2195 cookie = asoc->peer.cookie; 2196 if (cookie) { 2197 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2198 if (!asoc->peer.cookie) 2199 goto clean_up; 2200 } 2201 2202 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2203 * high (for example, implementations MAY use the size of the receiver 2204 * advertised window). 2205 */ 2206 list_for_each(pos, &asoc->peer.transport_addr_list) { 2207 transport = list_entry(pos, struct sctp_transport, transports); 2208 transport->ssthresh = asoc->peer.i.a_rwnd; 2209 } 2210 2211 /* Set up the TSN tracking pieces. */ 2212 sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_SIZE, 2213 asoc->peer.i.initial_tsn); 2214 2215 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2216 * 2217 * The stream sequence number in all the streams shall start 2218 * from 0 when the association is established. Also, when the 2219 * stream sequence number reaches the value 65535 the next 2220 * stream sequence number shall be set to 0. 2221 */ 2222 2223 /* Allocate storage for the negotiated streams if it is not a temporary 2224 * association. 2225 */ 2226 if (!asoc->temp) { 2227 int error; 2228 2229 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2230 asoc->c.sinit_num_ostreams, gfp); 2231 if (!asoc->ssnmap) 2232 goto clean_up; 2233 2234 error = sctp_assoc_set_id(asoc, gfp); 2235 if (error) 2236 goto clean_up; 2237 } 2238 2239 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2240 * 2241 * When an endpoint has an ASCONF signaled change to be sent to the 2242 * remote endpoint it should do the following: 2243 * ... 2244 * A2) A serial number should be assigned to the Chunk. The serial 2245 * number should be a monotonically increasing number. All serial 2246 * numbers are defined to be initialized at the start of the 2247 * association to the same value as the Initial TSN. 2248 */ 2249 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2250 return 1; 2251 2252 clean_up: 2253 /* Release the transport structures. */ 2254 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2255 transport = list_entry(pos, struct sctp_transport, transports); 2256 list_del_init(pos); 2257 sctp_transport_free(transport); 2258 } 2259 2260 asoc->peer.transport_count = 0; 2261 2262 nomem: 2263 return 0; 2264 } 2265 2266 2267 /* Update asoc with the option described in param. 2268 * 2269 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2270 * 2271 * asoc is the association to update. 2272 * param is the variable length parameter to use for update. 2273 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2274 * If the current packet is an INIT we want to minimize the amount of 2275 * work we do. In particular, we should not build transport 2276 * structures for the addresses. 2277 */ 2278 static int sctp_process_param(struct sctp_association *asoc, 2279 union sctp_params param, 2280 const union sctp_addr *peer_addr, 2281 gfp_t gfp) 2282 { 2283 union sctp_addr addr; 2284 int i; 2285 __u16 sat; 2286 int retval = 1; 2287 sctp_scope_t scope; 2288 time_t stale; 2289 struct sctp_af *af; 2290 2291 /* We maintain all INIT parameters in network byte order all the 2292 * time. This allows us to not worry about whether the parameters 2293 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2294 */ 2295 switch (param.p->type) { 2296 case SCTP_PARAM_IPV6_ADDRESS: 2297 if (PF_INET6 != asoc->base.sk->sk_family) 2298 break; 2299 /* Fall through. */ 2300 case SCTP_PARAM_IPV4_ADDRESS: 2301 af = sctp_get_af_specific(param_type2af(param.p->type)); 2302 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2303 scope = sctp_scope(peer_addr); 2304 if (sctp_in_scope(&addr, scope)) 2305 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2306 return 0; 2307 break; 2308 2309 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2310 if (!sctp_cookie_preserve_enable) 2311 break; 2312 2313 stale = ntohl(param.life->lifespan_increment); 2314 2315 /* Suggested Cookie Life span increment's unit is msec, 2316 * (1/1000sec). 2317 */ 2318 asoc->cookie_life.tv_sec += stale / 1000; 2319 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2320 break; 2321 2322 case SCTP_PARAM_HOST_NAME_ADDRESS: 2323 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2324 break; 2325 2326 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2327 /* Turn off the default values first so we'll know which 2328 * ones are really set by the peer. 2329 */ 2330 asoc->peer.ipv4_address = 0; 2331 asoc->peer.ipv6_address = 0; 2332 2333 /* Cycle through address types; avoid divide by 0. */ 2334 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2335 if (sat) 2336 sat /= sizeof(__u16); 2337 2338 for (i = 0; i < sat; ++i) { 2339 switch (param.sat->types[i]) { 2340 case SCTP_PARAM_IPV4_ADDRESS: 2341 asoc->peer.ipv4_address = 1; 2342 break; 2343 2344 case SCTP_PARAM_IPV6_ADDRESS: 2345 asoc->peer.ipv6_address = 1; 2346 break; 2347 2348 case SCTP_PARAM_HOST_NAME_ADDRESS: 2349 asoc->peer.hostname_address = 1; 2350 break; 2351 2352 default: /* Just ignore anything else. */ 2353 break; 2354 } 2355 } 2356 break; 2357 2358 case SCTP_PARAM_STATE_COOKIE: 2359 asoc->peer.cookie_len = 2360 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2361 asoc->peer.cookie = param.cookie->body; 2362 break; 2363 2364 case SCTP_PARAM_HEARTBEAT_INFO: 2365 /* Would be odd to receive, but it causes no problems. */ 2366 break; 2367 2368 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2369 /* Rejected during verify stage. */ 2370 break; 2371 2372 case SCTP_PARAM_ECN_CAPABLE: 2373 asoc->peer.ecn_capable = 1; 2374 break; 2375 2376 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2377 asoc->peer.adaptation_ind = param.aind->adaptation_ind; 2378 break; 2379 2380 case SCTP_PARAM_SUPPORTED_EXT: 2381 sctp_process_ext_param(asoc, param); 2382 break; 2383 2384 case SCTP_PARAM_FWD_TSN_SUPPORT: 2385 if (sctp_prsctp_enable) { 2386 asoc->peer.prsctp_capable = 1; 2387 break; 2388 } 2389 /* Fall Through */ 2390 goto fall_through; 2391 2392 case SCTP_PARAM_RANDOM: 2393 if (!sctp_auth_enable) 2394 goto fall_through; 2395 2396 /* Save peer's random parameter */ 2397 asoc->peer.peer_random = kmemdup(param.p, 2398 ntohs(param.p->length), gfp); 2399 if (!asoc->peer.peer_random) { 2400 retval = 0; 2401 break; 2402 } 2403 break; 2404 2405 case SCTP_PARAM_HMAC_ALGO: 2406 if (!sctp_auth_enable) 2407 goto fall_through; 2408 2409 /* Save peer's HMAC list */ 2410 asoc->peer.peer_hmacs = kmemdup(param.p, 2411 ntohs(param.p->length), gfp); 2412 if (!asoc->peer.peer_hmacs) { 2413 retval = 0; 2414 break; 2415 } 2416 2417 /* Set the default HMAC the peer requested*/ 2418 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2419 break; 2420 2421 case SCTP_PARAM_CHUNKS: 2422 if (!sctp_auth_enable) 2423 goto fall_through; 2424 2425 asoc->peer.peer_chunks = kmemdup(param.p, 2426 ntohs(param.p->length), gfp); 2427 if (!asoc->peer.peer_chunks) 2428 retval = 0; 2429 break; 2430 fall_through: 2431 default: 2432 /* Any unrecognized parameters should have been caught 2433 * and handled by sctp_verify_param() which should be 2434 * called prior to this routine. Simply log the error 2435 * here. 2436 */ 2437 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2438 ntohs(param.p->type), asoc); 2439 break; 2440 } 2441 2442 return retval; 2443 } 2444 2445 /* Select a new verification tag. */ 2446 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2447 { 2448 /* I believe that this random number generator complies with RFC1750. 2449 * A tag of 0 is reserved for special cases (e.g. INIT). 2450 */ 2451 __u32 x; 2452 2453 do { 2454 get_random_bytes(&x, sizeof(__u32)); 2455 } while (x == 0); 2456 2457 return x; 2458 } 2459 2460 /* Select an initial TSN to send during startup. */ 2461 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2462 { 2463 __u32 retval; 2464 2465 get_random_bytes(&retval, sizeof(__u32)); 2466 return retval; 2467 } 2468 2469 /* 2470 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2471 * 0 1 2 3 2472 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2473 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2474 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2475 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2476 * | Serial Number | 2477 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2478 * | Address Parameter | 2479 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2480 * | ASCONF Parameter #1 | 2481 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2482 * \ \ 2483 * / .... / 2484 * \ \ 2485 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2486 * | ASCONF Parameter #N | 2487 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2488 * 2489 * Address Parameter and other parameter will not be wrapped in this function 2490 */ 2491 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2492 union sctp_addr *addr, 2493 int vparam_len) 2494 { 2495 sctp_addiphdr_t asconf; 2496 struct sctp_chunk *retval; 2497 int length = sizeof(asconf) + vparam_len; 2498 union sctp_addr_param addrparam; 2499 int addrlen; 2500 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2501 2502 addrlen = af->to_addr_param(addr, &addrparam); 2503 if (!addrlen) 2504 return NULL; 2505 length += addrlen; 2506 2507 /* Create the chunk. */ 2508 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2509 if (!retval) 2510 return NULL; 2511 2512 asconf.serial = htonl(asoc->addip_serial++); 2513 2514 retval->subh.addip_hdr = 2515 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2516 retval->param_hdr.v = 2517 sctp_addto_chunk(retval, addrlen, &addrparam); 2518 2519 return retval; 2520 } 2521 2522 /* ADDIP 2523 * 3.2.1 Add IP Address 2524 * 0 1 2 3 2525 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2526 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2527 * | Type = 0xC001 | Length = Variable | 2528 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2529 * | ASCONF-Request Correlation ID | 2530 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2531 * | Address Parameter | 2532 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2533 * 2534 * 3.2.2 Delete IP Address 2535 * 0 1 2 3 2536 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2537 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2538 * | Type = 0xC002 | Length = Variable | 2539 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2540 * | ASCONF-Request Correlation ID | 2541 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2542 * | Address Parameter | 2543 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2544 * 2545 */ 2546 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2547 union sctp_addr *laddr, 2548 struct sockaddr *addrs, 2549 int addrcnt, 2550 __be16 flags) 2551 { 2552 sctp_addip_param_t param; 2553 struct sctp_chunk *retval; 2554 union sctp_addr_param addr_param; 2555 union sctp_addr *addr; 2556 void *addr_buf; 2557 struct sctp_af *af; 2558 int paramlen = sizeof(param); 2559 int addr_param_len = 0; 2560 int totallen = 0; 2561 int i; 2562 2563 /* Get total length of all the address parameters. */ 2564 addr_buf = addrs; 2565 for (i = 0; i < addrcnt; i++) { 2566 addr = (union sctp_addr *)addr_buf; 2567 af = sctp_get_af_specific(addr->v4.sin_family); 2568 addr_param_len = af->to_addr_param(addr, &addr_param); 2569 2570 totallen += paramlen; 2571 totallen += addr_param_len; 2572 2573 addr_buf += af->sockaddr_len; 2574 } 2575 2576 /* Create an asconf chunk with the required length. */ 2577 retval = sctp_make_asconf(asoc, laddr, totallen); 2578 if (!retval) 2579 return NULL; 2580 2581 /* Add the address parameters to the asconf chunk. */ 2582 addr_buf = addrs; 2583 for (i = 0; i < addrcnt; i++) { 2584 addr = (union sctp_addr *)addr_buf; 2585 af = sctp_get_af_specific(addr->v4.sin_family); 2586 addr_param_len = af->to_addr_param(addr, &addr_param); 2587 param.param_hdr.type = flags; 2588 param.param_hdr.length = htons(paramlen + addr_param_len); 2589 param.crr_id = i; 2590 2591 sctp_addto_chunk(retval, paramlen, ¶m); 2592 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2593 2594 addr_buf += af->sockaddr_len; 2595 } 2596 return retval; 2597 } 2598 2599 /* ADDIP 2600 * 3.2.4 Set Primary IP Address 2601 * 0 1 2 3 2602 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2604 * | Type =0xC004 | Length = Variable | 2605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2606 * | ASCONF-Request Correlation ID | 2607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2608 * | Address Parameter | 2609 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2610 * 2611 * Create an ASCONF chunk with Set Primary IP address parameter. 2612 */ 2613 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2614 union sctp_addr *addr) 2615 { 2616 sctp_addip_param_t param; 2617 struct sctp_chunk *retval; 2618 int len = sizeof(param); 2619 union sctp_addr_param addrparam; 2620 int addrlen; 2621 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2622 2623 addrlen = af->to_addr_param(addr, &addrparam); 2624 if (!addrlen) 2625 return NULL; 2626 len += addrlen; 2627 2628 /* Create the chunk and make asconf header. */ 2629 retval = sctp_make_asconf(asoc, addr, len); 2630 if (!retval) 2631 return NULL; 2632 2633 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2634 param.param_hdr.length = htons(len); 2635 param.crr_id = 0; 2636 2637 sctp_addto_chunk(retval, sizeof(param), ¶m); 2638 sctp_addto_chunk(retval, addrlen, &addrparam); 2639 2640 return retval; 2641 } 2642 2643 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2644 * 0 1 2 3 2645 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2646 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2647 * | Type = 0x80 | Chunk Flags | Chunk Length | 2648 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2649 * | Serial Number | 2650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2651 * | ASCONF Parameter Response#1 | 2652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2653 * \ \ 2654 * / .... / 2655 * \ \ 2656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2657 * | ASCONF Parameter Response#N | 2658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2659 * 2660 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2661 */ 2662 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2663 __u32 serial, int vparam_len) 2664 { 2665 sctp_addiphdr_t asconf; 2666 struct sctp_chunk *retval; 2667 int length = sizeof(asconf) + vparam_len; 2668 2669 /* Create the chunk. */ 2670 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2671 if (!retval) 2672 return NULL; 2673 2674 asconf.serial = htonl(serial); 2675 2676 retval->subh.addip_hdr = 2677 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2678 2679 return retval; 2680 } 2681 2682 /* Add response parameters to an ASCONF_ACK chunk. */ 2683 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2684 __be16 err_code, sctp_addip_param_t *asconf_param) 2685 { 2686 sctp_addip_param_t ack_param; 2687 sctp_errhdr_t err_param; 2688 int asconf_param_len = 0; 2689 int err_param_len = 0; 2690 __be16 response_type; 2691 2692 if (SCTP_ERROR_NO_ERROR == err_code) { 2693 response_type = SCTP_PARAM_SUCCESS_REPORT; 2694 } else { 2695 response_type = SCTP_PARAM_ERR_CAUSE; 2696 err_param_len = sizeof(err_param); 2697 if (asconf_param) 2698 asconf_param_len = 2699 ntohs(asconf_param->param_hdr.length); 2700 } 2701 2702 /* Add Success Indication or Error Cause Indication parameter. */ 2703 ack_param.param_hdr.type = response_type; 2704 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2705 err_param_len + 2706 asconf_param_len); 2707 ack_param.crr_id = crr_id; 2708 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2709 2710 if (SCTP_ERROR_NO_ERROR == err_code) 2711 return; 2712 2713 /* Add Error Cause parameter. */ 2714 err_param.cause = err_code; 2715 err_param.length = htons(err_param_len + asconf_param_len); 2716 sctp_addto_chunk(chunk, err_param_len, &err_param); 2717 2718 /* Add the failed TLV copied from ASCONF chunk. */ 2719 if (asconf_param) 2720 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2721 } 2722 2723 /* Process a asconf parameter. */ 2724 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2725 struct sctp_chunk *asconf, 2726 sctp_addip_param_t *asconf_param) 2727 { 2728 struct sctp_transport *peer; 2729 struct sctp_af *af; 2730 union sctp_addr addr; 2731 struct list_head *pos; 2732 union sctp_addr_param *addr_param; 2733 2734 addr_param = (union sctp_addr_param *) 2735 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2736 2737 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2738 if (unlikely(!af)) 2739 return SCTP_ERROR_INV_PARAM; 2740 2741 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2742 switch (asconf_param->param_hdr.type) { 2743 case SCTP_PARAM_ADD_IP: 2744 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2745 * request and does not have the local resources to add this 2746 * new address to the association, it MUST return an Error 2747 * Cause TLV set to the new error code 'Operation Refused 2748 * Due to Resource Shortage'. 2749 */ 2750 2751 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2752 if (!peer) 2753 return SCTP_ERROR_RSRC_LOW; 2754 2755 /* Start the heartbeat timer. */ 2756 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2757 sctp_transport_hold(peer); 2758 break; 2759 case SCTP_PARAM_DEL_IP: 2760 /* ADDIP 4.3 D7) If a request is received to delete the 2761 * last remaining IP address of a peer endpoint, the receiver 2762 * MUST send an Error Cause TLV with the error cause set to the 2763 * new error code 'Request to Delete Last Remaining IP Address'. 2764 */ 2765 pos = asoc->peer.transport_addr_list.next; 2766 if (pos->next == &asoc->peer.transport_addr_list) 2767 return SCTP_ERROR_DEL_LAST_IP; 2768 2769 /* ADDIP 4.3 D8) If a request is received to delete an IP 2770 * address which is also the source address of the IP packet 2771 * which contained the ASCONF chunk, the receiver MUST reject 2772 * this request. To reject the request the receiver MUST send 2773 * an Error Cause TLV set to the new error code 'Request to 2774 * Delete Source IP Address' 2775 */ 2776 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2777 return SCTP_ERROR_DEL_SRC_IP; 2778 2779 sctp_assoc_del_peer(asoc, &addr); 2780 break; 2781 case SCTP_PARAM_SET_PRIMARY: 2782 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2783 if (!peer) 2784 return SCTP_ERROR_INV_PARAM; 2785 2786 sctp_assoc_set_primary(asoc, peer); 2787 break; 2788 default: 2789 return SCTP_ERROR_INV_PARAM; 2790 break; 2791 } 2792 2793 return SCTP_ERROR_NO_ERROR; 2794 } 2795 2796 /* Verify the ASCONF packet before we process it. */ 2797 int sctp_verify_asconf(const struct sctp_association *asoc, 2798 struct sctp_paramhdr *param_hdr, void *chunk_end, 2799 struct sctp_paramhdr **errp) { 2800 sctp_addip_param_t *asconf_param; 2801 union sctp_params param; 2802 int length, plen; 2803 2804 param.v = (sctp_paramhdr_t *) param_hdr; 2805 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 2806 length = ntohs(param.p->length); 2807 *errp = param.p; 2808 2809 if (param.v > chunk_end - length || 2810 length < sizeof(sctp_paramhdr_t)) 2811 return 0; 2812 2813 switch (param.p->type) { 2814 case SCTP_PARAM_ADD_IP: 2815 case SCTP_PARAM_DEL_IP: 2816 case SCTP_PARAM_SET_PRIMARY: 2817 asconf_param = (sctp_addip_param_t *)param.v; 2818 plen = ntohs(asconf_param->param_hdr.length); 2819 if (plen < sizeof(sctp_addip_param_t) + 2820 sizeof(sctp_paramhdr_t)) 2821 return 0; 2822 break; 2823 case SCTP_PARAM_SUCCESS_REPORT: 2824 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2825 if (length != sizeof(sctp_addip_param_t)) 2826 return 0; 2827 2828 break; 2829 default: 2830 break; 2831 } 2832 2833 param.v += WORD_ROUND(length); 2834 } 2835 2836 if (param.v != chunk_end) 2837 return 0; 2838 2839 return 1; 2840 } 2841 2842 /* Process an incoming ASCONF chunk with the next expected serial no. and 2843 * return an ASCONF_ACK chunk to be sent in response. 2844 */ 2845 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 2846 struct sctp_chunk *asconf) 2847 { 2848 sctp_addiphdr_t *hdr; 2849 union sctp_addr_param *addr_param; 2850 sctp_addip_param_t *asconf_param; 2851 struct sctp_chunk *asconf_ack; 2852 2853 __be16 err_code; 2854 int length = 0; 2855 int chunk_len; 2856 __u32 serial; 2857 int all_param_pass = 1; 2858 2859 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 2860 hdr = (sctp_addiphdr_t *)asconf->skb->data; 2861 serial = ntohl(hdr->serial); 2862 2863 /* Skip the addiphdr and store a pointer to address parameter. */ 2864 length = sizeof(sctp_addiphdr_t); 2865 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 2866 chunk_len -= length; 2867 2868 /* Skip the address parameter and store a pointer to the first 2869 * asconf paramter. 2870 */ 2871 length = ntohs(addr_param->v4.param_hdr.length); 2872 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 2873 chunk_len -= length; 2874 2875 /* create an ASCONF_ACK chunk. 2876 * Based on the definitions of parameters, we know that the size of 2877 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 2878 * paramters. 2879 */ 2880 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 2881 if (!asconf_ack) 2882 goto done; 2883 2884 /* Process the TLVs contained within the ASCONF chunk. */ 2885 while (chunk_len > 0) { 2886 err_code = sctp_process_asconf_param(asoc, asconf, 2887 asconf_param); 2888 /* ADDIP 4.1 A7) 2889 * If an error response is received for a TLV parameter, 2890 * all TLVs with no response before the failed TLV are 2891 * considered successful if not reported. All TLVs after 2892 * the failed response are considered unsuccessful unless 2893 * a specific success indication is present for the parameter. 2894 */ 2895 if (SCTP_ERROR_NO_ERROR != err_code) 2896 all_param_pass = 0; 2897 2898 if (!all_param_pass) 2899 sctp_add_asconf_response(asconf_ack, 2900 asconf_param->crr_id, err_code, 2901 asconf_param); 2902 2903 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 2904 * an IP address sends an 'Out of Resource' in its response, it 2905 * MUST also fail any subsequent add or delete requests bundled 2906 * in the ASCONF. 2907 */ 2908 if (SCTP_ERROR_RSRC_LOW == err_code) 2909 goto done; 2910 2911 /* Move to the next ASCONF param. */ 2912 length = ntohs(asconf_param->param_hdr.length); 2913 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 2914 length); 2915 chunk_len -= length; 2916 } 2917 2918 done: 2919 asoc->peer.addip_serial++; 2920 2921 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 2922 * after freeing the reference to old asconf ack if any. 2923 */ 2924 if (asconf_ack) { 2925 if (asoc->addip_last_asconf_ack) 2926 sctp_chunk_free(asoc->addip_last_asconf_ack); 2927 2928 sctp_chunk_hold(asconf_ack); 2929 asoc->addip_last_asconf_ack = asconf_ack; 2930 } 2931 2932 return asconf_ack; 2933 } 2934 2935 /* Process a asconf parameter that is successfully acked. */ 2936 static int sctp_asconf_param_success(struct sctp_association *asoc, 2937 sctp_addip_param_t *asconf_param) 2938 { 2939 struct sctp_af *af; 2940 union sctp_addr addr; 2941 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 2942 union sctp_addr_param *addr_param; 2943 struct list_head *pos; 2944 struct sctp_transport *transport; 2945 struct sctp_sockaddr_entry *saddr; 2946 int retval = 0; 2947 2948 addr_param = (union sctp_addr_param *) 2949 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2950 2951 /* We have checked the packet before, so we do not check again. */ 2952 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2953 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 2954 2955 switch (asconf_param->param_hdr.type) { 2956 case SCTP_PARAM_ADD_IP: 2957 /* This is always done in BH context with a socket lock 2958 * held, so the list can not change. 2959 */ 2960 local_bh_disable(); 2961 list_for_each_entry(saddr, &bp->address_list, list) { 2962 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 2963 saddr->use_as_src = 1; 2964 } 2965 local_bh_enable(); 2966 break; 2967 case SCTP_PARAM_DEL_IP: 2968 local_bh_disable(); 2969 retval = sctp_del_bind_addr(bp, &addr); 2970 local_bh_enable(); 2971 list_for_each(pos, &asoc->peer.transport_addr_list) { 2972 transport = list_entry(pos, struct sctp_transport, 2973 transports); 2974 dst_release(transport->dst); 2975 sctp_transport_route(transport, NULL, 2976 sctp_sk(asoc->base.sk)); 2977 } 2978 break; 2979 default: 2980 break; 2981 } 2982 2983 return retval; 2984 } 2985 2986 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 2987 * for the given asconf parameter. If there is no response for this parameter, 2988 * return the error code based on the third argument 'no_err'. 2989 * ADDIP 4.1 2990 * A7) If an error response is received for a TLV parameter, all TLVs with no 2991 * response before the failed TLV are considered successful if not reported. 2992 * All TLVs after the failed response are considered unsuccessful unless a 2993 * specific success indication is present for the parameter. 2994 */ 2995 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 2996 sctp_addip_param_t *asconf_param, 2997 int no_err) 2998 { 2999 sctp_addip_param_t *asconf_ack_param; 3000 sctp_errhdr_t *err_param; 3001 int length; 3002 int asconf_ack_len; 3003 __be16 err_code; 3004 3005 if (no_err) 3006 err_code = SCTP_ERROR_NO_ERROR; 3007 else 3008 err_code = SCTP_ERROR_REQ_REFUSED; 3009 3010 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3011 sizeof(sctp_chunkhdr_t); 3012 3013 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3014 * the first asconf_ack parameter. 3015 */ 3016 length = sizeof(sctp_addiphdr_t); 3017 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3018 length); 3019 asconf_ack_len -= length; 3020 3021 while (asconf_ack_len > 0) { 3022 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3023 switch(asconf_ack_param->param_hdr.type) { 3024 case SCTP_PARAM_SUCCESS_REPORT: 3025 return SCTP_ERROR_NO_ERROR; 3026 case SCTP_PARAM_ERR_CAUSE: 3027 length = sizeof(sctp_addip_param_t); 3028 err_param = (sctp_errhdr_t *) 3029 ((void *)asconf_ack_param + length); 3030 asconf_ack_len -= length; 3031 if (asconf_ack_len > 0) 3032 return err_param->cause; 3033 else 3034 return SCTP_ERROR_INV_PARAM; 3035 break; 3036 default: 3037 return SCTP_ERROR_INV_PARAM; 3038 } 3039 } 3040 3041 length = ntohs(asconf_ack_param->param_hdr.length); 3042 asconf_ack_param = (sctp_addip_param_t *) 3043 ((void *)asconf_ack_param + length); 3044 asconf_ack_len -= length; 3045 } 3046 3047 return err_code; 3048 } 3049 3050 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3051 int sctp_process_asconf_ack(struct sctp_association *asoc, 3052 struct sctp_chunk *asconf_ack) 3053 { 3054 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3055 union sctp_addr_param *addr_param; 3056 sctp_addip_param_t *asconf_param; 3057 int length = 0; 3058 int asconf_len = asconf->skb->len; 3059 int all_param_pass = 0; 3060 int no_err = 1; 3061 int retval = 0; 3062 __be16 err_code = SCTP_ERROR_NO_ERROR; 3063 3064 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3065 * a pointer to address parameter. 3066 */ 3067 length = sizeof(sctp_addip_chunk_t); 3068 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3069 asconf_len -= length; 3070 3071 /* Skip the address parameter in the last asconf sent and store a 3072 * pointer to the first asconf paramter. 3073 */ 3074 length = ntohs(addr_param->v4.param_hdr.length); 3075 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3076 asconf_len -= length; 3077 3078 /* ADDIP 4.1 3079 * A8) If there is no response(s) to specific TLV parameter(s), and no 3080 * failures are indicated, then all request(s) are considered 3081 * successful. 3082 */ 3083 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3084 all_param_pass = 1; 3085 3086 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3087 while (asconf_len > 0) { 3088 if (all_param_pass) 3089 err_code = SCTP_ERROR_NO_ERROR; 3090 else { 3091 err_code = sctp_get_asconf_response(asconf_ack, 3092 asconf_param, 3093 no_err); 3094 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3095 no_err = 0; 3096 } 3097 3098 switch (err_code) { 3099 case SCTP_ERROR_NO_ERROR: 3100 retval = sctp_asconf_param_success(asoc, asconf_param); 3101 break; 3102 3103 case SCTP_ERROR_RSRC_LOW: 3104 retval = 1; 3105 break; 3106 3107 case SCTP_ERROR_INV_PARAM: 3108 /* Disable sending this type of asconf parameter in 3109 * future. 3110 */ 3111 asoc->peer.addip_disabled_mask |= 3112 asconf_param->param_hdr.type; 3113 break; 3114 3115 case SCTP_ERROR_REQ_REFUSED: 3116 case SCTP_ERROR_DEL_LAST_IP: 3117 case SCTP_ERROR_DEL_SRC_IP: 3118 default: 3119 break; 3120 } 3121 3122 /* Skip the processed asconf parameter and move to the next 3123 * one. 3124 */ 3125 length = ntohs(asconf_param->param_hdr.length); 3126 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3127 length); 3128 asconf_len -= length; 3129 } 3130 3131 /* Free the cached last sent asconf chunk. */ 3132 sctp_chunk_free(asconf); 3133 asoc->addip_last_asconf = NULL; 3134 3135 /* Send the next asconf chunk from the addip chunk queue. */ 3136 if (!list_empty(&asoc->addip_chunk_list)) { 3137 struct list_head *entry = asoc->addip_chunk_list.next; 3138 asconf = list_entry(entry, struct sctp_chunk, list); 3139 3140 list_del_init(entry); 3141 3142 /* Hold the chunk until an ASCONF_ACK is received. */ 3143 sctp_chunk_hold(asconf); 3144 if (sctp_primitive_ASCONF(asoc, asconf)) 3145 sctp_chunk_free(asconf); 3146 else 3147 asoc->addip_last_asconf = asconf; 3148 } 3149 3150 return retval; 3151 } 3152 3153 /* Make a FWD TSN chunk. */ 3154 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3155 __u32 new_cum_tsn, size_t nstreams, 3156 struct sctp_fwdtsn_skip *skiplist) 3157 { 3158 struct sctp_chunk *retval = NULL; 3159 struct sctp_fwdtsn_chunk *ftsn_chunk; 3160 struct sctp_fwdtsn_hdr ftsn_hdr; 3161 struct sctp_fwdtsn_skip skip; 3162 size_t hint; 3163 int i; 3164 3165 hint = (nstreams + 1) * sizeof(__u32); 3166 3167 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3168 3169 if (!retval) 3170 return NULL; 3171 3172 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 3173 3174 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3175 retval->subh.fwdtsn_hdr = 3176 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3177 3178 for (i = 0; i < nstreams; i++) { 3179 skip.stream = skiplist[i].stream; 3180 skip.ssn = skiplist[i].ssn; 3181 sctp_addto_chunk(retval, sizeof(skip), &skip); 3182 } 3183 3184 return retval; 3185 } 3186