1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <linux/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <net/sock.h> 62 63 #include <linux/skbuff.h> 64 #include <linux/random.h> /* for get_random_bytes */ 65 #include <net/sctp/sctp.h> 66 #include <net/sctp/sm.h> 67 68 SCTP_STATIC 69 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen); 71 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 72 const struct sctp_association *asoc, 73 const struct sctp_chunk *init_chunk, 74 int *cookie_len, 75 const __u8 *raw_addrs, int addrs_len); 76 static int sctp_process_param(struct sctp_association *asoc, 77 union sctp_params param, 78 const union sctp_addr *peer_addr, 79 gfp_t gfp); 80 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 81 const void *data); 82 83 /* What was the inbound interface for this chunk? */ 84 int sctp_chunk_iif(const struct sctp_chunk *chunk) 85 { 86 struct sctp_af *af; 87 int iif = 0; 88 89 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 90 if (af) 91 iif = af->skb_iif(chunk->skb); 92 93 return iif; 94 } 95 96 /* RFC 2960 3.3.2 Initiation (INIT) (1) 97 * 98 * Note 2: The ECN capable field is reserved for future use of 99 * Explicit Congestion Notification. 100 */ 101 static const struct sctp_paramhdr ecap_param = { 102 SCTP_PARAM_ECN_CAPABLE, 103 cpu_to_be16(sizeof(struct sctp_paramhdr)), 104 }; 105 static const struct sctp_paramhdr prsctp_param = { 106 SCTP_PARAM_FWD_TSN_SUPPORT, 107 cpu_to_be16(sizeof(struct sctp_paramhdr)), 108 }; 109 110 /* A helper to initialize to initialize an op error inside a 111 * provided chunk, as most cause codes will be embedded inside an 112 * abort chunk. 113 */ 114 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 115 size_t paylen) 116 { 117 sctp_errhdr_t err; 118 __u16 len; 119 120 /* Cause code constants are now defined in network order. */ 121 err.cause = cause_code; 122 len = sizeof(sctp_errhdr_t) + paylen; 123 err.length = htons(len); 124 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 125 } 126 127 /* 3.3.2 Initiation (INIT) (1) 128 * 129 * This chunk is used to initiate a SCTP association between two 130 * endpoints. The format of the INIT chunk is shown below: 131 * 132 * 0 1 2 3 133 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 134 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 * | Type = 1 | Chunk Flags | Chunk Length | 136 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 137 * | Initiate Tag | 138 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 139 * | Advertised Receiver Window Credit (a_rwnd) | 140 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 * | Number of Outbound Streams | Number of Inbound Streams | 142 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 143 * | Initial TSN | 144 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 145 * \ \ 146 * / Optional/Variable-Length Parameters / 147 * \ \ 148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 * 150 * 151 * The INIT chunk contains the following parameters. Unless otherwise 152 * noted, each parameter MUST only be included once in the INIT chunk. 153 * 154 * Fixed Parameters Status 155 * ---------------------------------------------- 156 * Initiate Tag Mandatory 157 * Advertised Receiver Window Credit Mandatory 158 * Number of Outbound Streams Mandatory 159 * Number of Inbound Streams Mandatory 160 * Initial TSN Mandatory 161 * 162 * Variable Parameters Status Type Value 163 * ------------------------------------------------------------- 164 * IPv4 Address (Note 1) Optional 5 165 * IPv6 Address (Note 1) Optional 6 166 * Cookie Preservative Optional 9 167 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 168 * Host Name Address (Note 3) Optional 11 169 * Supported Address Types (Note 4) Optional 12 170 */ 171 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 172 const struct sctp_bind_addr *bp, 173 gfp_t gfp, int vparam_len) 174 { 175 sctp_inithdr_t init; 176 union sctp_params addrs; 177 size_t chunksize; 178 struct sctp_chunk *retval = NULL; 179 int num_types, addrs_len = 0; 180 struct sctp_sock *sp; 181 sctp_supported_addrs_param_t sat; 182 __be16 types[2]; 183 sctp_adaptation_ind_param_t aiparam; 184 sctp_supported_ext_param_t ext_param; 185 int num_ext = 0; 186 __u8 extensions[3]; 187 sctp_paramhdr_t *auth_chunks = NULL, 188 *auth_hmacs = NULL; 189 190 /* RFC 2960 3.3.2 Initiation (INIT) (1) 191 * 192 * Note 1: The INIT chunks can contain multiple addresses that 193 * can be IPv4 and/or IPv6 in any combination. 194 */ 195 retval = NULL; 196 197 /* Convert the provided bind address list to raw format. */ 198 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 199 200 init.init_tag = htonl(asoc->c.my_vtag); 201 init.a_rwnd = htonl(asoc->rwnd); 202 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 203 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 204 init.initial_tsn = htonl(asoc->c.initial_tsn); 205 206 /* How many address types are needed? */ 207 sp = sctp_sk(asoc->base.sk); 208 num_types = sp->pf->supported_addrs(sp, types); 209 210 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types); 211 chunksize += sizeof(ecap_param); 212 213 if (sctp_prsctp_enable) 214 chunksize += sizeof(prsctp_param); 215 216 /* ADDIP: Section 4.2.7: 217 * An implementation supporting this extension [ADDIP] MUST list 218 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 219 * INIT-ACK parameters. 220 */ 221 if (sctp_addip_enable) { 222 extensions[num_ext] = SCTP_CID_ASCONF; 223 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 224 num_ext += 2; 225 } 226 227 if (sp->adaptation_ind) 228 chunksize += sizeof(aiparam); 229 230 chunksize += vparam_len; 231 232 /* Account for AUTH related parameters */ 233 if (sctp_auth_enable) { 234 /* Add random parameter length*/ 235 chunksize += sizeof(asoc->c.auth_random); 236 237 /* Add HMACS parameter length if any were defined */ 238 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 239 if (auth_hmacs->length) 240 chunksize += ntohs(auth_hmacs->length); 241 else 242 auth_hmacs = NULL; 243 244 /* Add CHUNKS parameter length */ 245 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 246 if (auth_chunks->length) 247 chunksize += ntohs(auth_chunks->length); 248 else 249 auth_chunks = NULL; 250 251 extensions[num_ext] = SCTP_CID_AUTH; 252 num_ext += 1; 253 } 254 255 /* If we have any extensions to report, account for that */ 256 if (num_ext) 257 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 258 259 /* RFC 2960 3.3.2 Initiation (INIT) (1) 260 * 261 * Note 3: An INIT chunk MUST NOT contain more than one Host 262 * Name address parameter. Moreover, the sender of the INIT 263 * MUST NOT combine any other address types with the Host Name 264 * address in the INIT. The receiver of INIT MUST ignore any 265 * other address types if the Host Name address parameter is 266 * present in the received INIT chunk. 267 * 268 * PLEASE DO NOT FIXME [This version does not support Host Name.] 269 */ 270 271 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 272 if (!retval) 273 goto nodata; 274 275 retval->subh.init_hdr = 276 sctp_addto_chunk(retval, sizeof(init), &init); 277 retval->param_hdr.v = 278 sctp_addto_chunk(retval, addrs_len, addrs.v); 279 280 /* RFC 2960 3.3.2 Initiation (INIT) (1) 281 * 282 * Note 4: This parameter, when present, specifies all the 283 * address types the sending endpoint can support. The absence 284 * of this parameter indicates that the sending endpoint can 285 * support any address type. 286 */ 287 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 288 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 289 sctp_addto_chunk(retval, sizeof(sat), &sat); 290 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 291 292 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 293 294 /* Add the supported extensions parameter. Be nice and add this 295 * fist before addiding the parameters for the extensions themselves 296 */ 297 if (num_ext) { 298 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 299 ext_param.param_hdr.length = 300 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 301 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 302 &ext_param); 303 sctp_addto_param(retval, num_ext, extensions); 304 } 305 306 if (sctp_prsctp_enable) 307 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 308 309 if (sp->adaptation_ind) { 310 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 311 aiparam.param_hdr.length = htons(sizeof(aiparam)); 312 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 313 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 314 } 315 316 /* Add SCTP-AUTH chunks to the parameter list */ 317 if (sctp_auth_enable) { 318 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 319 asoc->c.auth_random); 320 if (auth_hmacs) 321 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 322 auth_hmacs); 323 if (auth_chunks) 324 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 325 auth_chunks); 326 } 327 nodata: 328 kfree(addrs.v); 329 return retval; 330 } 331 332 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 333 const struct sctp_chunk *chunk, 334 gfp_t gfp, int unkparam_len) 335 { 336 sctp_inithdr_t initack; 337 struct sctp_chunk *retval; 338 union sctp_params addrs; 339 struct sctp_sock *sp; 340 int addrs_len; 341 sctp_cookie_param_t *cookie; 342 int cookie_len; 343 size_t chunksize; 344 sctp_adaptation_ind_param_t aiparam; 345 sctp_supported_ext_param_t ext_param; 346 int num_ext = 0; 347 __u8 extensions[3]; 348 sctp_paramhdr_t *auth_chunks = NULL, 349 *auth_hmacs = NULL, 350 *auth_random = NULL; 351 352 retval = NULL; 353 354 /* Note: there may be no addresses to embed. */ 355 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 356 357 initack.init_tag = htonl(asoc->c.my_vtag); 358 initack.a_rwnd = htonl(asoc->rwnd); 359 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 360 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 361 initack.initial_tsn = htonl(asoc->c.initial_tsn); 362 363 /* FIXME: We really ought to build the cookie right 364 * into the packet instead of allocating more fresh memory. 365 */ 366 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 367 addrs.v, addrs_len); 368 if (!cookie) 369 goto nomem_cookie; 370 371 /* Calculate the total size of allocation, include the reserved 372 * space for reporting unknown parameters if it is specified. 373 */ 374 sp = sctp_sk(asoc->base.sk); 375 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 376 377 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 378 if (asoc->peer.ecn_capable) 379 chunksize += sizeof(ecap_param); 380 381 if (asoc->peer.prsctp_capable) 382 chunksize += sizeof(prsctp_param); 383 384 if (asoc->peer.asconf_capable) { 385 extensions[num_ext] = SCTP_CID_ASCONF; 386 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 387 num_ext += 2; 388 } 389 390 if (sp->adaptation_ind) 391 chunksize += sizeof(aiparam); 392 393 if (asoc->peer.auth_capable) { 394 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 395 chunksize += ntohs(auth_random->length); 396 397 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 398 if (auth_hmacs->length) 399 chunksize += ntohs(auth_hmacs->length); 400 else 401 auth_hmacs = NULL; 402 403 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 404 if (auth_chunks->length) 405 chunksize += ntohs(auth_chunks->length); 406 else 407 auth_chunks = NULL; 408 409 extensions[num_ext] = SCTP_CID_AUTH; 410 num_ext += 1; 411 } 412 413 if (num_ext) 414 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext; 415 416 /* Now allocate and fill out the chunk. */ 417 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 418 if (!retval) 419 goto nomem_chunk; 420 421 /* Per the advice in RFC 2960 6.4, send this reply to 422 * the source of the INIT packet. 423 */ 424 retval->transport = chunk->transport; 425 retval->subh.init_hdr = 426 sctp_addto_chunk(retval, sizeof(initack), &initack); 427 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 428 sctp_addto_chunk(retval, cookie_len, cookie); 429 if (asoc->peer.ecn_capable) 430 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 431 if (num_ext) { 432 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 433 ext_param.param_hdr.length = 434 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 435 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 436 &ext_param); 437 sctp_addto_param(retval, num_ext, extensions); 438 } 439 if (asoc->peer.prsctp_capable) 440 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 441 442 if (sp->adaptation_ind) { 443 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 444 aiparam.param_hdr.length = htons(sizeof(aiparam)); 445 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 446 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 447 } 448 449 if (asoc->peer.auth_capable) { 450 sctp_addto_chunk(retval, ntohs(auth_random->length), 451 auth_random); 452 if (auth_hmacs) 453 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 454 auth_hmacs); 455 if (auth_chunks) 456 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 457 auth_chunks); 458 } 459 460 /* We need to remove the const qualifier at this point. */ 461 retval->asoc = (struct sctp_association *) asoc; 462 463 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 464 * 465 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 466 * HEARTBEAT ACK, * etc.) to the same destination transport 467 * address from which it received the DATA or control chunk 468 * to which it is replying. 469 * 470 * [INIT ACK back to where the INIT came from.] 471 */ 472 if (chunk) 473 retval->transport = chunk->transport; 474 475 nomem_chunk: 476 kfree(cookie); 477 nomem_cookie: 478 kfree(addrs.v); 479 return retval; 480 } 481 482 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 483 * 484 * This chunk is used only during the initialization of an association. 485 * It is sent by the initiator of an association to its peer to complete 486 * the initialization process. This chunk MUST precede any DATA chunk 487 * sent within the association, but MAY be bundled with one or more DATA 488 * chunks in the same packet. 489 * 490 * 0 1 2 3 491 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 492 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 * | Type = 10 |Chunk Flags | Length | 494 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 495 * / Cookie / 496 * \ \ 497 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 498 * 499 * Chunk Flags: 8 bit 500 * 501 * Set to zero on transmit and ignored on receipt. 502 * 503 * Length: 16 bits (unsigned integer) 504 * 505 * Set to the size of the chunk in bytes, including the 4 bytes of 506 * the chunk header and the size of the Cookie. 507 * 508 * Cookie: variable size 509 * 510 * This field must contain the exact cookie received in the 511 * State Cookie parameter from the previous INIT ACK. 512 * 513 * An implementation SHOULD make the cookie as small as possible 514 * to insure interoperability. 515 */ 516 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 517 const struct sctp_chunk *chunk) 518 { 519 struct sctp_chunk *retval; 520 void *cookie; 521 int cookie_len; 522 523 cookie = asoc->peer.cookie; 524 cookie_len = asoc->peer.cookie_len; 525 526 /* Build a cookie echo chunk. */ 527 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 528 if (!retval) 529 goto nodata; 530 retval->subh.cookie_hdr = 531 sctp_addto_chunk(retval, cookie_len, cookie); 532 533 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 534 * 535 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 536 * HEARTBEAT ACK, * etc.) to the same destination transport 537 * address from which it * received the DATA or control chunk 538 * to which it is replying. 539 * 540 * [COOKIE ECHO back to where the INIT ACK came from.] 541 */ 542 if (chunk) 543 retval->transport = chunk->transport; 544 545 nodata: 546 return retval; 547 } 548 549 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 550 * 551 * This chunk is used only during the initialization of an 552 * association. It is used to acknowledge the receipt of a COOKIE 553 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 554 * within the association, but MAY be bundled with one or more DATA 555 * chunks or SACK chunk in the same SCTP packet. 556 * 557 * 0 1 2 3 558 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 559 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 560 * | Type = 11 |Chunk Flags | Length = 4 | 561 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 562 * 563 * Chunk Flags: 8 bits 564 * 565 * Set to zero on transmit and ignored on receipt. 566 */ 567 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 568 const struct sctp_chunk *chunk) 569 { 570 struct sctp_chunk *retval; 571 572 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 573 574 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 575 * 576 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 577 * HEARTBEAT ACK, * etc.) to the same destination transport 578 * address from which it * received the DATA or control chunk 579 * to which it is replying. 580 * 581 * [COOKIE ACK back to where the COOKIE ECHO came from.] 582 */ 583 if (retval && chunk) 584 retval->transport = chunk->transport; 585 586 return retval; 587 } 588 589 /* 590 * Appendix A: Explicit Congestion Notification: 591 * CWR: 592 * 593 * RFC 2481 details a specific bit for a sender to send in the header of 594 * its next outbound TCP segment to indicate to its peer that it has 595 * reduced its congestion window. This is termed the CWR bit. For 596 * SCTP the same indication is made by including the CWR chunk. 597 * This chunk contains one data element, i.e. the TSN number that 598 * was sent in the ECNE chunk. This element represents the lowest 599 * TSN number in the datagram that was originally marked with the 600 * CE bit. 601 * 602 * 0 1 2 3 603 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 604 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 606 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 607 * | Lowest TSN Number | 608 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 609 * 610 * Note: The CWR is considered a Control chunk. 611 */ 612 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 613 const __u32 lowest_tsn, 614 const struct sctp_chunk *chunk) 615 { 616 struct sctp_chunk *retval; 617 sctp_cwrhdr_t cwr; 618 619 cwr.lowest_tsn = htonl(lowest_tsn); 620 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 621 sizeof(sctp_cwrhdr_t)); 622 623 if (!retval) 624 goto nodata; 625 626 retval->subh.ecn_cwr_hdr = 627 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 628 629 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 630 * 631 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 632 * HEARTBEAT ACK, * etc.) to the same destination transport 633 * address from which it * received the DATA or control chunk 634 * to which it is replying. 635 * 636 * [Report a reduced congestion window back to where the ECNE 637 * came from.] 638 */ 639 if (chunk) 640 retval->transport = chunk->transport; 641 642 nodata: 643 return retval; 644 } 645 646 /* Make an ECNE chunk. This is a congestion experienced report. */ 647 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 648 const __u32 lowest_tsn) 649 { 650 struct sctp_chunk *retval; 651 sctp_ecnehdr_t ecne; 652 653 ecne.lowest_tsn = htonl(lowest_tsn); 654 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 655 sizeof(sctp_ecnehdr_t)); 656 if (!retval) 657 goto nodata; 658 retval->subh.ecne_hdr = 659 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 660 661 nodata: 662 return retval; 663 } 664 665 /* Make a DATA chunk for the given association from the provided 666 * parameters. However, do not populate the data payload. 667 */ 668 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 669 const struct sctp_sndrcvinfo *sinfo, 670 int data_len, __u8 flags, __u16 ssn) 671 { 672 struct sctp_chunk *retval; 673 struct sctp_datahdr dp; 674 int chunk_len; 675 676 /* We assign the TSN as LATE as possible, not here when 677 * creating the chunk. 678 */ 679 dp.tsn = 0; 680 dp.stream = htons(sinfo->sinfo_stream); 681 dp.ppid = sinfo->sinfo_ppid; 682 683 /* Set the flags for an unordered send. */ 684 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 685 flags |= SCTP_DATA_UNORDERED; 686 dp.ssn = 0; 687 } else 688 dp.ssn = htons(ssn); 689 690 chunk_len = sizeof(dp) + data_len; 691 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 692 if (!retval) 693 goto nodata; 694 695 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 696 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 697 698 nodata: 699 return retval; 700 } 701 702 /* Create a selective ackowledgement (SACK) for the given 703 * association. This reports on which TSN's we've seen to date, 704 * including duplicates and gaps. 705 */ 706 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 707 { 708 struct sctp_chunk *retval; 709 struct sctp_sackhdr sack; 710 int len; 711 __u32 ctsn; 712 __u16 num_gabs, num_dup_tsns; 713 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 714 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 715 716 memset(gabs, 0, sizeof(gabs)); 717 ctsn = sctp_tsnmap_get_ctsn(map); 718 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 719 720 /* How much room is needed in the chunk? */ 721 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 722 num_dup_tsns = sctp_tsnmap_num_dups(map); 723 724 /* Initialize the SACK header. */ 725 sack.cum_tsn_ack = htonl(ctsn); 726 sack.a_rwnd = htonl(asoc->a_rwnd); 727 sack.num_gap_ack_blocks = htons(num_gabs); 728 sack.num_dup_tsns = htons(num_dup_tsns); 729 730 len = sizeof(sack) 731 + sizeof(struct sctp_gap_ack_block) * num_gabs 732 + sizeof(__u32) * num_dup_tsns; 733 734 /* Create the chunk. */ 735 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 736 if (!retval) 737 goto nodata; 738 739 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 740 * 741 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 742 * HEARTBEAT ACK, etc.) to the same destination transport 743 * address from which it received the DATA or control chunk to 744 * which it is replying. This rule should also be followed if 745 * the endpoint is bundling DATA chunks together with the 746 * reply chunk. 747 * 748 * However, when acknowledging multiple DATA chunks received 749 * in packets from different source addresses in a single 750 * SACK, the SACK chunk may be transmitted to one of the 751 * destination transport addresses from which the DATA or 752 * control chunks being acknowledged were received. 753 * 754 * [BUG: We do not implement the following paragraph. 755 * Perhaps we should remember the last transport we used for a 756 * SACK and avoid that (if possible) if we have seen any 757 * duplicates. --piggy] 758 * 759 * When a receiver of a duplicate DATA chunk sends a SACK to a 760 * multi- homed endpoint it MAY be beneficial to vary the 761 * destination address and not use the source address of the 762 * DATA chunk. The reason being that receiving a duplicate 763 * from a multi-homed endpoint might indicate that the return 764 * path (as specified in the source address of the DATA chunk) 765 * for the SACK is broken. 766 * 767 * [Send to the address from which we last received a DATA chunk.] 768 */ 769 retval->transport = asoc->peer.last_data_from; 770 771 retval->subh.sack_hdr = 772 sctp_addto_chunk(retval, sizeof(sack), &sack); 773 774 /* Add the gap ack block information. */ 775 if (num_gabs) 776 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 777 gabs); 778 779 /* Add the duplicate TSN information. */ 780 if (num_dup_tsns) 781 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 782 sctp_tsnmap_get_dups(map)); 783 784 nodata: 785 return retval; 786 } 787 788 /* Make a SHUTDOWN chunk. */ 789 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 790 const struct sctp_chunk *chunk) 791 { 792 struct sctp_chunk *retval; 793 sctp_shutdownhdr_t shut; 794 __u32 ctsn; 795 796 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 797 shut.cum_tsn_ack = htonl(ctsn); 798 799 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 800 sizeof(sctp_shutdownhdr_t)); 801 if (!retval) 802 goto nodata; 803 804 retval->subh.shutdown_hdr = 805 sctp_addto_chunk(retval, sizeof(shut), &shut); 806 807 if (chunk) 808 retval->transport = chunk->transport; 809 nodata: 810 return retval; 811 } 812 813 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 814 const struct sctp_chunk *chunk) 815 { 816 struct sctp_chunk *retval; 817 818 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 819 820 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 821 * 822 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 823 * HEARTBEAT ACK, * etc.) to the same destination transport 824 * address from which it * received the DATA or control chunk 825 * to which it is replying. 826 * 827 * [ACK back to where the SHUTDOWN came from.] 828 */ 829 if (retval && chunk) 830 retval->transport = chunk->transport; 831 832 return retval; 833 } 834 835 struct sctp_chunk *sctp_make_shutdown_complete( 836 const struct sctp_association *asoc, 837 const struct sctp_chunk *chunk) 838 { 839 struct sctp_chunk *retval; 840 __u8 flags = 0; 841 842 /* Set the T-bit if we have no association (vtag will be 843 * reflected) 844 */ 845 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 846 847 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 848 849 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 850 * 851 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 852 * HEARTBEAT ACK, * etc.) to the same destination transport 853 * address from which it * received the DATA or control chunk 854 * to which it is replying. 855 * 856 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 857 * came from.] 858 */ 859 if (retval && chunk) 860 retval->transport = chunk->transport; 861 862 return retval; 863 } 864 865 /* Create an ABORT. Note that we set the T bit if we have no 866 * association, except when responding to an INIT (sctpimpguide 2.41). 867 */ 868 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 869 const struct sctp_chunk *chunk, 870 const size_t hint) 871 { 872 struct sctp_chunk *retval; 873 __u8 flags = 0; 874 875 /* Set the T-bit if we have no association and 'chunk' is not 876 * an INIT (vtag will be reflected). 877 */ 878 if (!asoc) { 879 if (chunk && chunk->chunk_hdr && 880 chunk->chunk_hdr->type == SCTP_CID_INIT) 881 flags = 0; 882 else 883 flags = SCTP_CHUNK_FLAG_T; 884 } 885 886 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 887 888 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 889 * 890 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 891 * HEARTBEAT ACK, * etc.) to the same destination transport 892 * address from which it * received the DATA or control chunk 893 * to which it is replying. 894 * 895 * [ABORT back to where the offender came from.] 896 */ 897 if (retval && chunk) 898 retval->transport = chunk->transport; 899 900 return retval; 901 } 902 903 /* Helper to create ABORT with a NO_USER_DATA error. */ 904 struct sctp_chunk *sctp_make_abort_no_data( 905 const struct sctp_association *asoc, 906 const struct sctp_chunk *chunk, __u32 tsn) 907 { 908 struct sctp_chunk *retval; 909 __be32 payload; 910 911 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 912 + sizeof(tsn)); 913 914 if (!retval) 915 goto no_mem; 916 917 /* Put the tsn back into network byte order. */ 918 payload = htonl(tsn); 919 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 920 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 921 922 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 923 * 924 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 925 * HEARTBEAT ACK, * etc.) to the same destination transport 926 * address from which it * received the DATA or control chunk 927 * to which it is replying. 928 * 929 * [ABORT back to where the offender came from.] 930 */ 931 if (chunk) 932 retval->transport = chunk->transport; 933 934 no_mem: 935 return retval; 936 } 937 938 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 939 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 940 const struct msghdr *msg, 941 size_t paylen) 942 { 943 struct sctp_chunk *retval; 944 void *payload = NULL; 945 int err; 946 947 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 948 if (!retval) 949 goto err_chunk; 950 951 if (paylen) { 952 /* Put the msg_iov together into payload. */ 953 payload = kmalloc(paylen, GFP_KERNEL); 954 if (!payload) 955 goto err_payload; 956 957 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 958 if (err < 0) 959 goto err_copy; 960 } 961 962 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 963 sctp_addto_chunk(retval, paylen, payload); 964 965 if (paylen) 966 kfree(payload); 967 968 return retval; 969 970 err_copy: 971 kfree(payload); 972 err_payload: 973 sctp_chunk_free(retval); 974 retval = NULL; 975 err_chunk: 976 return retval; 977 } 978 979 /* Append bytes to the end of a parameter. Will panic if chunk is not big 980 * enough. 981 */ 982 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 983 const void *data) 984 { 985 void *target; 986 int chunklen = ntohs(chunk->chunk_hdr->length); 987 988 target = skb_put(chunk->skb, len); 989 990 memcpy(target, data, len); 991 992 /* Adjust the chunk length field. */ 993 chunk->chunk_hdr->length = htons(chunklen + len); 994 chunk->chunk_end = skb_tail_pointer(chunk->skb); 995 996 return target; 997 } 998 999 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1000 struct sctp_chunk *sctp_make_abort_violation( 1001 const struct sctp_association *asoc, 1002 const struct sctp_chunk *chunk, 1003 const __u8 *payload, 1004 const size_t paylen) 1005 { 1006 struct sctp_chunk *retval; 1007 struct sctp_paramhdr phdr; 1008 1009 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1010 + sizeof(sctp_paramhdr_t)); 1011 if (!retval) 1012 goto end; 1013 1014 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1015 + sizeof(sctp_paramhdr_t)); 1016 1017 phdr.type = htons(chunk->chunk_hdr->type); 1018 phdr.length = chunk->chunk_hdr->length; 1019 sctp_addto_chunk(retval, paylen, payload); 1020 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1021 1022 end: 1023 return retval; 1024 } 1025 1026 struct sctp_chunk *sctp_make_violation_paramlen( 1027 const struct sctp_association *asoc, 1028 const struct sctp_chunk *chunk, 1029 struct sctp_paramhdr *param) 1030 { 1031 struct sctp_chunk *retval; 1032 static const char error[] = "The following parameter had invalid length:"; 1033 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1034 sizeof(sctp_paramhdr_t); 1035 1036 retval = sctp_make_abort(asoc, chunk, payload_len); 1037 if (!retval) 1038 goto nodata; 1039 1040 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1041 sizeof(error) + sizeof(sctp_paramhdr_t)); 1042 sctp_addto_chunk(retval, sizeof(error), error); 1043 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1044 1045 nodata: 1046 return retval; 1047 } 1048 1049 /* Make a HEARTBEAT chunk. */ 1050 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1051 const struct sctp_transport *transport, 1052 const void *payload, const size_t paylen) 1053 { 1054 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1055 0, paylen); 1056 1057 if (!retval) 1058 goto nodata; 1059 1060 /* Cast away the 'const', as this is just telling the chunk 1061 * what transport it belongs to. 1062 */ 1063 retval->transport = (struct sctp_transport *) transport; 1064 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1065 1066 nodata: 1067 return retval; 1068 } 1069 1070 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1071 const struct sctp_chunk *chunk, 1072 const void *payload, const size_t paylen) 1073 { 1074 struct sctp_chunk *retval; 1075 1076 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1077 if (!retval) 1078 goto nodata; 1079 1080 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1081 1082 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1083 * 1084 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1085 * HEARTBEAT ACK, * etc.) to the same destination transport 1086 * address from which it * received the DATA or control chunk 1087 * to which it is replying. 1088 * 1089 * [HBACK back to where the HEARTBEAT came from.] 1090 */ 1091 if (chunk) 1092 retval->transport = chunk->transport; 1093 1094 nodata: 1095 return retval; 1096 } 1097 1098 /* Create an Operation Error chunk with the specified space reserved. 1099 * This routine can be used for containing multiple causes in the chunk. 1100 */ 1101 static struct sctp_chunk *sctp_make_op_error_space( 1102 const struct sctp_association *asoc, 1103 const struct sctp_chunk *chunk, 1104 size_t size) 1105 { 1106 struct sctp_chunk *retval; 1107 1108 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1109 sizeof(sctp_errhdr_t) + size); 1110 if (!retval) 1111 goto nodata; 1112 1113 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1114 * 1115 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1116 * HEARTBEAT ACK, etc.) to the same destination transport 1117 * address from which it received the DATA or control chunk 1118 * to which it is replying. 1119 * 1120 */ 1121 if (chunk) 1122 retval->transport = chunk->transport; 1123 1124 nodata: 1125 return retval; 1126 } 1127 1128 /* Create an Operation Error chunk. */ 1129 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1130 const struct sctp_chunk *chunk, 1131 __be16 cause_code, const void *payload, 1132 size_t paylen) 1133 { 1134 struct sctp_chunk *retval; 1135 1136 retval = sctp_make_op_error_space(asoc, chunk, paylen); 1137 if (!retval) 1138 goto nodata; 1139 1140 sctp_init_cause(retval, cause_code, paylen); 1141 sctp_addto_chunk(retval, paylen, payload); 1142 1143 nodata: 1144 return retval; 1145 } 1146 1147 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1148 { 1149 struct sctp_chunk *retval; 1150 struct sctp_hmac *hmac_desc; 1151 struct sctp_authhdr auth_hdr; 1152 __u8 *hmac; 1153 1154 /* Get the first hmac that the peer told us to use */ 1155 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1156 if (unlikely(!hmac_desc)) 1157 return NULL; 1158 1159 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1160 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1161 if (!retval) 1162 return NULL; 1163 1164 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1165 auth_hdr.shkey_id = htons(asoc->active_key_id); 1166 1167 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1168 &auth_hdr); 1169 1170 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1171 memset(hmac, 0, hmac_desc->hmac_len); 1172 1173 /* Adjust the chunk header to include the empty MAC */ 1174 retval->chunk_hdr->length = 1175 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1176 retval->chunk_end = skb_tail_pointer(retval->skb); 1177 1178 return retval; 1179 } 1180 1181 1182 /******************************************************************** 1183 * 2nd Level Abstractions 1184 ********************************************************************/ 1185 1186 /* Turn an skb into a chunk. 1187 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1188 */ 1189 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1190 const struct sctp_association *asoc, 1191 struct sock *sk) 1192 { 1193 struct sctp_chunk *retval; 1194 1195 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1196 1197 if (!retval) 1198 goto nodata; 1199 1200 if (!sk) { 1201 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1202 } 1203 1204 INIT_LIST_HEAD(&retval->list); 1205 retval->skb = skb; 1206 retval->asoc = (struct sctp_association *)asoc; 1207 retval->resent = 0; 1208 retval->has_tsn = 0; 1209 retval->has_ssn = 0; 1210 retval->rtt_in_progress = 0; 1211 retval->sent_at = 0; 1212 retval->singleton = 1; 1213 retval->end_of_packet = 0; 1214 retval->ecn_ce_done = 0; 1215 retval->pdiscard = 0; 1216 1217 /* sctpimpguide-05.txt Section 2.8.2 1218 * M1) Each time a new DATA chunk is transmitted 1219 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1220 * 'TSN.Missing.Report' count will be used to determine missing chunks 1221 * and when to fast retransmit. 1222 */ 1223 retval->tsn_missing_report = 0; 1224 retval->tsn_gap_acked = 0; 1225 retval->fast_retransmit = SCTP_CAN_FRTX; 1226 1227 /* If this is a fragmented message, track all fragments 1228 * of the message (for SEND_FAILED). 1229 */ 1230 retval->msg = NULL; 1231 1232 /* Polish the bead hole. */ 1233 INIT_LIST_HEAD(&retval->transmitted_list); 1234 INIT_LIST_HEAD(&retval->frag_list); 1235 SCTP_DBG_OBJCNT_INC(chunk); 1236 atomic_set(&retval->refcnt, 1); 1237 1238 nodata: 1239 return retval; 1240 } 1241 1242 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1243 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1244 union sctp_addr *dest) 1245 { 1246 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1247 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1248 } 1249 1250 /* Extract the source address from a chunk. */ 1251 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1252 { 1253 /* If we have a known transport, use that. */ 1254 if (chunk->transport) { 1255 return &chunk->transport->ipaddr; 1256 } else { 1257 /* Otherwise, extract it from the IP header. */ 1258 return &chunk->source; 1259 } 1260 } 1261 1262 /* Create a new chunk, setting the type and flags headers from the 1263 * arguments, reserving enough space for a 'paylen' byte payload. 1264 */ 1265 SCTP_STATIC 1266 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1267 __u8 type, __u8 flags, int paylen) 1268 { 1269 struct sctp_chunk *retval; 1270 sctp_chunkhdr_t *chunk_hdr; 1271 struct sk_buff *skb; 1272 struct sock *sk; 1273 1274 /* No need to allocate LL here, as this is only a chunk. */ 1275 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1276 GFP_ATOMIC); 1277 if (!skb) 1278 goto nodata; 1279 1280 /* Make room for the chunk header. */ 1281 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1282 chunk_hdr->type = type; 1283 chunk_hdr->flags = flags; 1284 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1285 1286 sk = asoc ? asoc->base.sk : NULL; 1287 retval = sctp_chunkify(skb, asoc, sk); 1288 if (!retval) { 1289 kfree_skb(skb); 1290 goto nodata; 1291 } 1292 1293 retval->chunk_hdr = chunk_hdr; 1294 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1295 1296 /* Determine if the chunk needs to be authenticated */ 1297 if (sctp_auth_send_cid(type, asoc)) 1298 retval->auth = 1; 1299 1300 /* Set the skb to the belonging sock for accounting. */ 1301 skb->sk = sk; 1302 1303 return retval; 1304 nodata: 1305 return NULL; 1306 } 1307 1308 1309 /* Release the memory occupied by a chunk. */ 1310 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1311 { 1312 BUG_ON(!list_empty(&chunk->list)); 1313 list_del_init(&chunk->transmitted_list); 1314 1315 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1316 dev_kfree_skb(chunk->skb); 1317 1318 SCTP_DBG_OBJCNT_DEC(chunk); 1319 kmem_cache_free(sctp_chunk_cachep, chunk); 1320 } 1321 1322 /* Possibly, free the chunk. */ 1323 void sctp_chunk_free(struct sctp_chunk *chunk) 1324 { 1325 /* Release our reference on the message tracker. */ 1326 if (chunk->msg) 1327 sctp_datamsg_put(chunk->msg); 1328 1329 sctp_chunk_put(chunk); 1330 } 1331 1332 /* Grab a reference to the chunk. */ 1333 void sctp_chunk_hold(struct sctp_chunk *ch) 1334 { 1335 atomic_inc(&ch->refcnt); 1336 } 1337 1338 /* Release a reference to the chunk. */ 1339 void sctp_chunk_put(struct sctp_chunk *ch) 1340 { 1341 if (atomic_dec_and_test(&ch->refcnt)) 1342 sctp_chunk_destroy(ch); 1343 } 1344 1345 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1346 * enough. 1347 */ 1348 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1349 { 1350 void *target; 1351 void *padding; 1352 int chunklen = ntohs(chunk->chunk_hdr->length); 1353 int padlen = WORD_ROUND(chunklen) - chunklen; 1354 1355 padding = skb_put(chunk->skb, padlen); 1356 target = skb_put(chunk->skb, len); 1357 1358 memset(padding, 0, padlen); 1359 memcpy(target, data, len); 1360 1361 /* Adjust the chunk length field. */ 1362 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1363 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1364 1365 return target; 1366 } 1367 1368 /* Append bytes from user space to the end of a chunk. Will panic if 1369 * chunk is not big enough. 1370 * Returns a kernel err value. 1371 */ 1372 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1373 struct iovec *data) 1374 { 1375 __u8 *target; 1376 int err = 0; 1377 1378 /* Make room in chunk for data. */ 1379 target = skb_put(chunk->skb, len); 1380 1381 /* Copy data (whole iovec) into chunk */ 1382 if ((err = memcpy_fromiovecend(target, data, off, len))) 1383 goto out; 1384 1385 /* Adjust the chunk length field. */ 1386 chunk->chunk_hdr->length = 1387 htons(ntohs(chunk->chunk_hdr->length) + len); 1388 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1389 1390 out: 1391 return err; 1392 } 1393 1394 /* Helper function to assign a TSN if needed. This assumes that both 1395 * the data_hdr and association have already been assigned. 1396 */ 1397 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1398 { 1399 struct sctp_datamsg *msg; 1400 struct sctp_chunk *lchunk; 1401 struct sctp_stream *stream; 1402 __u16 ssn; 1403 __u16 sid; 1404 1405 if (chunk->has_ssn) 1406 return; 1407 1408 /* All fragments will be on the same stream */ 1409 sid = ntohs(chunk->subh.data_hdr->stream); 1410 stream = &chunk->asoc->ssnmap->out; 1411 1412 /* Now assign the sequence number to the entire message. 1413 * All fragments must have the same stream sequence number. 1414 */ 1415 msg = chunk->msg; 1416 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1417 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1418 ssn = 0; 1419 } else { 1420 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1421 ssn = sctp_ssn_next(stream, sid); 1422 else 1423 ssn = sctp_ssn_peek(stream, sid); 1424 } 1425 1426 lchunk->subh.data_hdr->ssn = htons(ssn); 1427 lchunk->has_ssn = 1; 1428 } 1429 } 1430 1431 /* Helper function to assign a TSN if needed. This assumes that both 1432 * the data_hdr and association have already been assigned. 1433 */ 1434 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1435 { 1436 if (!chunk->has_tsn) { 1437 /* This is the last possible instant to 1438 * assign a TSN. 1439 */ 1440 chunk->subh.data_hdr->tsn = 1441 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1442 chunk->has_tsn = 1; 1443 } 1444 } 1445 1446 /* Create a CLOSED association to use with an incoming packet. */ 1447 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1448 struct sctp_chunk *chunk, 1449 gfp_t gfp) 1450 { 1451 struct sctp_association *asoc; 1452 struct sk_buff *skb; 1453 sctp_scope_t scope; 1454 struct sctp_af *af; 1455 1456 /* Create the bare association. */ 1457 scope = sctp_scope(sctp_source(chunk)); 1458 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1459 if (!asoc) 1460 goto nodata; 1461 asoc->temp = 1; 1462 skb = chunk->skb; 1463 /* Create an entry for the source address of the packet. */ 1464 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1465 if (unlikely(!af)) 1466 goto fail; 1467 af->from_skb(&asoc->c.peer_addr, skb, 1); 1468 nodata: 1469 return asoc; 1470 1471 fail: 1472 sctp_association_free(asoc); 1473 return NULL; 1474 } 1475 1476 /* Build a cookie representing asoc. 1477 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1478 */ 1479 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1480 const struct sctp_association *asoc, 1481 const struct sctp_chunk *init_chunk, 1482 int *cookie_len, 1483 const __u8 *raw_addrs, int addrs_len) 1484 { 1485 sctp_cookie_param_t *retval; 1486 struct sctp_signed_cookie *cookie; 1487 struct scatterlist sg; 1488 int headersize, bodysize; 1489 unsigned int keylen; 1490 char *key; 1491 1492 /* Header size is static data prior to the actual cookie, including 1493 * any padding. 1494 */ 1495 headersize = sizeof(sctp_paramhdr_t) + 1496 (sizeof(struct sctp_signed_cookie) - 1497 sizeof(struct sctp_cookie)); 1498 bodysize = sizeof(struct sctp_cookie) 1499 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1500 1501 /* Pad out the cookie to a multiple to make the signature 1502 * functions simpler to write. 1503 */ 1504 if (bodysize % SCTP_COOKIE_MULTIPLE) 1505 bodysize += SCTP_COOKIE_MULTIPLE 1506 - (bodysize % SCTP_COOKIE_MULTIPLE); 1507 *cookie_len = headersize + bodysize; 1508 1509 /* Clear this memory since we are sending this data structure 1510 * out on the network. 1511 */ 1512 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1513 if (!retval) 1514 goto nodata; 1515 1516 cookie = (struct sctp_signed_cookie *) retval->body; 1517 1518 /* Set up the parameter header. */ 1519 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1520 retval->p.length = htons(*cookie_len); 1521 1522 /* Copy the cookie part of the association itself. */ 1523 cookie->c = asoc->c; 1524 /* Save the raw address list length in the cookie. */ 1525 cookie->c.raw_addr_list_len = addrs_len; 1526 1527 /* Remember PR-SCTP capability. */ 1528 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1529 1530 /* Save adaptation indication in the cookie. */ 1531 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1532 1533 /* Set an expiration time for the cookie. */ 1534 do_gettimeofday(&cookie->c.expiration); 1535 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1536 1537 /* Copy the peer's init packet. */ 1538 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1539 ntohs(init_chunk->chunk_hdr->length)); 1540 1541 /* Copy the raw local address list of the association. */ 1542 memcpy((__u8 *)&cookie->c.peer_init[0] + 1543 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1544 1545 if (sctp_sk(ep->base.sk)->hmac) { 1546 struct hash_desc desc; 1547 1548 /* Sign the message. */ 1549 sg_init_one(&sg, &cookie->c, bodysize); 1550 keylen = SCTP_SECRET_SIZE; 1551 key = (char *)ep->secret_key[ep->current_key]; 1552 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1553 desc.flags = 0; 1554 1555 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1556 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1557 goto free_cookie; 1558 } 1559 1560 return retval; 1561 1562 free_cookie: 1563 kfree(retval); 1564 nodata: 1565 *cookie_len = 0; 1566 return NULL; 1567 } 1568 1569 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1570 struct sctp_association *sctp_unpack_cookie( 1571 const struct sctp_endpoint *ep, 1572 const struct sctp_association *asoc, 1573 struct sctp_chunk *chunk, gfp_t gfp, 1574 int *error, struct sctp_chunk **errp) 1575 { 1576 struct sctp_association *retval = NULL; 1577 struct sctp_signed_cookie *cookie; 1578 struct sctp_cookie *bear_cookie; 1579 int headersize, bodysize, fixed_size; 1580 __u8 *digest = ep->digest; 1581 struct scatterlist sg; 1582 unsigned int keylen, len; 1583 char *key; 1584 sctp_scope_t scope; 1585 struct sk_buff *skb = chunk->skb; 1586 struct timeval tv; 1587 struct hash_desc desc; 1588 1589 /* Header size is static data prior to the actual cookie, including 1590 * any padding. 1591 */ 1592 headersize = sizeof(sctp_chunkhdr_t) + 1593 (sizeof(struct sctp_signed_cookie) - 1594 sizeof(struct sctp_cookie)); 1595 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1596 fixed_size = headersize + sizeof(struct sctp_cookie); 1597 1598 /* Verify that the chunk looks like it even has a cookie. 1599 * There must be enough room for our cookie and our peer's 1600 * INIT chunk. 1601 */ 1602 len = ntohs(chunk->chunk_hdr->length); 1603 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1604 goto malformed; 1605 1606 /* Verify that the cookie has been padded out. */ 1607 if (bodysize % SCTP_COOKIE_MULTIPLE) 1608 goto malformed; 1609 1610 /* Process the cookie. */ 1611 cookie = chunk->subh.cookie_hdr; 1612 bear_cookie = &cookie->c; 1613 1614 if (!sctp_sk(ep->base.sk)->hmac) 1615 goto no_hmac; 1616 1617 /* Check the signature. */ 1618 keylen = SCTP_SECRET_SIZE; 1619 sg_init_one(&sg, bear_cookie, bodysize); 1620 key = (char *)ep->secret_key[ep->current_key]; 1621 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1622 desc.flags = 0; 1623 1624 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1625 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1626 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1627 *error = -SCTP_IERROR_NOMEM; 1628 goto fail; 1629 } 1630 1631 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1632 /* Try the previous key. */ 1633 key = (char *)ep->secret_key[ep->last_key]; 1634 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1635 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1636 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1637 *error = -SCTP_IERROR_NOMEM; 1638 goto fail; 1639 } 1640 1641 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1642 /* Yikes! Still bad signature! */ 1643 *error = -SCTP_IERROR_BAD_SIG; 1644 goto fail; 1645 } 1646 } 1647 1648 no_hmac: 1649 /* IG Section 2.35.2: 1650 * 3) Compare the port numbers and the verification tag contained 1651 * within the COOKIE ECHO chunk to the actual port numbers and the 1652 * verification tag within the SCTP common header of the received 1653 * packet. If these values do not match the packet MUST be silently 1654 * discarded, 1655 */ 1656 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1657 *error = -SCTP_IERROR_BAD_TAG; 1658 goto fail; 1659 } 1660 1661 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1662 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1663 *error = -SCTP_IERROR_BAD_PORTS; 1664 goto fail; 1665 } 1666 1667 /* Check to see if the cookie is stale. If there is already 1668 * an association, there is no need to check cookie's expiration 1669 * for init collision case of lost COOKIE ACK. 1670 * If skb has been timestamped, then use the stamp, otherwise 1671 * use current time. This introduces a small possibility that 1672 * that a cookie may be considered expired, but his would only slow 1673 * down the new association establishment instead of every packet. 1674 */ 1675 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1676 skb_get_timestamp(skb, &tv); 1677 else 1678 do_gettimeofday(&tv); 1679 1680 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1681 /* 1682 * Section 3.3.10.3 Stale Cookie Error (3) 1683 * 1684 * Cause of error 1685 * --------------- 1686 * Stale Cookie Error: Indicates the receipt of a valid State 1687 * Cookie that has expired. 1688 */ 1689 len = ntohs(chunk->chunk_hdr->length); 1690 *errp = sctp_make_op_error_space(asoc, chunk, len); 1691 if (*errp) { 1692 suseconds_t usecs = (tv.tv_sec - 1693 bear_cookie->expiration.tv_sec) * 1000000L + 1694 tv.tv_usec - bear_cookie->expiration.tv_usec; 1695 __be32 n = htonl(usecs); 1696 1697 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1698 sizeof(n)); 1699 sctp_addto_chunk(*errp, sizeof(n), &n); 1700 *error = -SCTP_IERROR_STALE_COOKIE; 1701 } else 1702 *error = -SCTP_IERROR_NOMEM; 1703 1704 goto fail; 1705 } 1706 1707 /* Make a new base association. */ 1708 scope = sctp_scope(sctp_source(chunk)); 1709 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1710 if (!retval) { 1711 *error = -SCTP_IERROR_NOMEM; 1712 goto fail; 1713 } 1714 1715 /* Set up our peer's port number. */ 1716 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1717 1718 /* Populate the association from the cookie. */ 1719 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1720 1721 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1722 GFP_ATOMIC) < 0) { 1723 *error = -SCTP_IERROR_NOMEM; 1724 goto fail; 1725 } 1726 1727 /* Also, add the destination address. */ 1728 if (list_empty(&retval->base.bind_addr.address_list)) { 1729 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1730 SCTP_ADDR_SRC, GFP_ATOMIC); 1731 } 1732 1733 retval->next_tsn = retval->c.initial_tsn; 1734 retval->ctsn_ack_point = retval->next_tsn - 1; 1735 retval->addip_serial = retval->c.initial_tsn; 1736 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1737 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1738 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1739 1740 /* The INIT stuff will be done by the side effects. */ 1741 return retval; 1742 1743 fail: 1744 if (retval) 1745 sctp_association_free(retval); 1746 1747 return NULL; 1748 1749 malformed: 1750 /* Yikes! The packet is either corrupt or deliberately 1751 * malformed. 1752 */ 1753 *error = -SCTP_IERROR_MALFORMED; 1754 goto fail; 1755 } 1756 1757 /******************************************************************** 1758 * 3rd Level Abstractions 1759 ********************************************************************/ 1760 1761 struct __sctp_missing { 1762 __be32 num_missing; 1763 __be16 type; 1764 } __attribute__((packed)); 1765 1766 /* 1767 * Report a missing mandatory parameter. 1768 */ 1769 static int sctp_process_missing_param(const struct sctp_association *asoc, 1770 sctp_param_t paramtype, 1771 struct sctp_chunk *chunk, 1772 struct sctp_chunk **errp) 1773 { 1774 struct __sctp_missing report; 1775 __u16 len; 1776 1777 len = WORD_ROUND(sizeof(report)); 1778 1779 /* Make an ERROR chunk, preparing enough room for 1780 * returning multiple unknown parameters. 1781 */ 1782 if (!*errp) 1783 *errp = sctp_make_op_error_space(asoc, chunk, len); 1784 1785 if (*errp) { 1786 report.num_missing = htonl(1); 1787 report.type = paramtype; 1788 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1789 sizeof(report)); 1790 sctp_addto_chunk(*errp, sizeof(report), &report); 1791 } 1792 1793 /* Stop processing this chunk. */ 1794 return 0; 1795 } 1796 1797 /* Report an Invalid Mandatory Parameter. */ 1798 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1799 struct sctp_chunk *chunk, 1800 struct sctp_chunk **errp) 1801 { 1802 /* Invalid Mandatory Parameter Error has no payload. */ 1803 1804 if (!*errp) 1805 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1806 1807 if (*errp) 1808 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1809 1810 /* Stop processing this chunk. */ 1811 return 0; 1812 } 1813 1814 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1815 struct sctp_paramhdr *param, 1816 const struct sctp_chunk *chunk, 1817 struct sctp_chunk **errp) 1818 { 1819 /* This is a fatal error. Any accumulated non-fatal errors are 1820 * not reported. 1821 */ 1822 if (*errp) 1823 sctp_chunk_free(*errp); 1824 1825 /* Create an error chunk and fill it in with our payload. */ 1826 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1827 1828 return 0; 1829 } 1830 1831 1832 /* Do not attempt to handle the HOST_NAME parm. However, do 1833 * send back an indicator to the peer. 1834 */ 1835 static int sctp_process_hn_param(const struct sctp_association *asoc, 1836 union sctp_params param, 1837 struct sctp_chunk *chunk, 1838 struct sctp_chunk **errp) 1839 { 1840 __u16 len = ntohs(param.p->length); 1841 1842 /* Processing of the HOST_NAME parameter will generate an 1843 * ABORT. If we've accumulated any non-fatal errors, they 1844 * would be unrecognized parameters and we should not include 1845 * them in the ABORT. 1846 */ 1847 if (*errp) 1848 sctp_chunk_free(*errp); 1849 1850 *errp = sctp_make_op_error_space(asoc, chunk, len); 1851 1852 if (*errp) { 1853 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1854 sctp_addto_chunk(*errp, len, param.v); 1855 } 1856 1857 /* Stop processing this chunk. */ 1858 return 0; 1859 } 1860 1861 static int sctp_verify_ext_param(union sctp_params param) 1862 { 1863 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1864 int have_auth = 0; 1865 int have_asconf = 0; 1866 int i; 1867 1868 for (i = 0; i < num_ext; i++) { 1869 switch (param.ext->chunks[i]) { 1870 case SCTP_CID_AUTH: 1871 have_auth = 1; 1872 break; 1873 case SCTP_CID_ASCONF: 1874 case SCTP_CID_ASCONF_ACK: 1875 have_asconf = 1; 1876 break; 1877 } 1878 } 1879 1880 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1881 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1882 * only if ADD-IP is turned on and we are not backward-compatible 1883 * mode. 1884 */ 1885 if (sctp_addip_noauth) 1886 return 1; 1887 1888 if (sctp_addip_enable && !have_auth && have_asconf) 1889 return 0; 1890 1891 return 1; 1892 } 1893 1894 static void sctp_process_ext_param(struct sctp_association *asoc, 1895 union sctp_params param) 1896 { 1897 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1898 int i; 1899 1900 for (i = 0; i < num_ext; i++) { 1901 switch (param.ext->chunks[i]) { 1902 case SCTP_CID_FWD_TSN: 1903 if (sctp_prsctp_enable && 1904 !asoc->peer.prsctp_capable) 1905 asoc->peer.prsctp_capable = 1; 1906 break; 1907 case SCTP_CID_AUTH: 1908 /* if the peer reports AUTH, assume that he 1909 * supports AUTH. 1910 */ 1911 if (sctp_auth_enable) 1912 asoc->peer.auth_capable = 1; 1913 break; 1914 case SCTP_CID_ASCONF: 1915 case SCTP_CID_ASCONF_ACK: 1916 if (sctp_addip_enable) 1917 asoc->peer.asconf_capable = 1; 1918 break; 1919 default: 1920 break; 1921 } 1922 } 1923 } 1924 1925 /* RFC 3.2.1 & the Implementers Guide 2.2. 1926 * 1927 * The Parameter Types are encoded such that the 1928 * highest-order two bits specify the action that must be 1929 * taken if the processing endpoint does not recognize the 1930 * Parameter Type. 1931 * 1932 * 00 - Stop processing this parameter; do not process any further 1933 * parameters within this chunk 1934 * 1935 * 01 - Stop processing this parameter, do not process any further 1936 * parameters within this chunk, and report the unrecognized 1937 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1938 * 1939 * 10 - Skip this parameter and continue processing. 1940 * 1941 * 11 - Skip this parameter and continue processing but 1942 * report the unrecognized parameter in an 1943 * 'Unrecognized Parameter' ERROR chunk. 1944 * 1945 * Return value: 1946 * SCTP_IERROR_NO_ERROR - continue with the chunk 1947 * SCTP_IERROR_ERROR - stop and report an error. 1948 * SCTP_IERROR_NOMEME - out of memory. 1949 */ 1950 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 1951 union sctp_params param, 1952 struct sctp_chunk *chunk, 1953 struct sctp_chunk **errp) 1954 { 1955 int retval = SCTP_IERROR_NO_ERROR; 1956 1957 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1958 case SCTP_PARAM_ACTION_DISCARD: 1959 retval = SCTP_IERROR_ERROR; 1960 break; 1961 case SCTP_PARAM_ACTION_SKIP: 1962 break; 1963 case SCTP_PARAM_ACTION_DISCARD_ERR: 1964 retval = SCTP_IERROR_ERROR; 1965 /* Fall through */ 1966 case SCTP_PARAM_ACTION_SKIP_ERR: 1967 /* Make an ERROR chunk, preparing enough room for 1968 * returning multiple unknown parameters. 1969 */ 1970 if (NULL == *errp) 1971 *errp = sctp_make_op_error_space(asoc, chunk, 1972 ntohs(chunk->chunk_hdr->length)); 1973 1974 if (*errp) { 1975 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 1976 WORD_ROUND(ntohs(param.p->length))); 1977 sctp_addto_chunk(*errp, 1978 WORD_ROUND(ntohs(param.p->length)), 1979 param.v); 1980 } else { 1981 /* If there is no memory for generating the ERROR 1982 * report as specified, an ABORT will be triggered 1983 * to the peer and the association won't be 1984 * established. 1985 */ 1986 retval = SCTP_IERROR_NOMEM; 1987 } 1988 break; 1989 default: 1990 break; 1991 } 1992 1993 return retval; 1994 } 1995 1996 /* Verify variable length parameters 1997 * Return values: 1998 * SCTP_IERROR_ABORT - trigger an ABORT 1999 * SCTP_IERROR_NOMEM - out of memory (abort) 2000 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2001 * SCTP_IERROR_NO_ERROR - continue with the chunk 2002 */ 2003 static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 2004 union sctp_params param, 2005 sctp_cid_t cid, 2006 struct sctp_chunk *chunk, 2007 struct sctp_chunk **err_chunk) 2008 { 2009 struct sctp_hmac_algo_param *hmacs; 2010 int retval = SCTP_IERROR_NO_ERROR; 2011 __u16 n_elt, id = 0; 2012 int i; 2013 2014 /* FIXME - This routine is not looking at each parameter per the 2015 * chunk type, i.e., unrecognized parameters should be further 2016 * identified based on the chunk id. 2017 */ 2018 2019 switch (param.p->type) { 2020 case SCTP_PARAM_IPV4_ADDRESS: 2021 case SCTP_PARAM_IPV6_ADDRESS: 2022 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2023 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2024 case SCTP_PARAM_STATE_COOKIE: 2025 case SCTP_PARAM_HEARTBEAT_INFO: 2026 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2027 case SCTP_PARAM_ECN_CAPABLE: 2028 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2029 break; 2030 2031 case SCTP_PARAM_SUPPORTED_EXT: 2032 if (!sctp_verify_ext_param(param)) 2033 return SCTP_IERROR_ABORT; 2034 break; 2035 2036 case SCTP_PARAM_SET_PRIMARY: 2037 if (sctp_addip_enable) 2038 break; 2039 goto fallthrough; 2040 2041 case SCTP_PARAM_HOST_NAME_ADDRESS: 2042 /* Tell the peer, we won't support this param. */ 2043 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2044 retval = SCTP_IERROR_ABORT; 2045 break; 2046 2047 case SCTP_PARAM_FWD_TSN_SUPPORT: 2048 if (sctp_prsctp_enable) 2049 break; 2050 goto fallthrough; 2051 2052 case SCTP_PARAM_RANDOM: 2053 if (!sctp_auth_enable) 2054 goto fallthrough; 2055 2056 /* SCTP-AUTH: Secion 6.1 2057 * If the random number is not 32 byte long the association 2058 * MUST be aborted. The ABORT chunk SHOULD contain the error 2059 * cause 'Protocol Violation'. 2060 */ 2061 if (SCTP_AUTH_RANDOM_LENGTH != 2062 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2063 sctp_process_inv_paramlength(asoc, param.p, 2064 chunk, err_chunk); 2065 retval = SCTP_IERROR_ABORT; 2066 } 2067 break; 2068 2069 case SCTP_PARAM_CHUNKS: 2070 if (!sctp_auth_enable) 2071 goto fallthrough; 2072 2073 /* SCTP-AUTH: Section 3.2 2074 * The CHUNKS parameter MUST be included once in the INIT or 2075 * INIT-ACK chunk if the sender wants to receive authenticated 2076 * chunks. Its maximum length is 260 bytes. 2077 */ 2078 if (260 < ntohs(param.p->length)) { 2079 sctp_process_inv_paramlength(asoc, param.p, 2080 chunk, err_chunk); 2081 retval = SCTP_IERROR_ABORT; 2082 } 2083 break; 2084 2085 case SCTP_PARAM_HMAC_ALGO: 2086 if (!sctp_auth_enable) 2087 goto fallthrough; 2088 2089 hmacs = (struct sctp_hmac_algo_param *)param.p; 2090 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2091 2092 /* SCTP-AUTH: Section 6.1 2093 * The HMAC algorithm based on SHA-1 MUST be supported and 2094 * included in the HMAC-ALGO parameter. 2095 */ 2096 for (i = 0; i < n_elt; i++) { 2097 id = ntohs(hmacs->hmac_ids[i]); 2098 2099 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2100 break; 2101 } 2102 2103 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2104 sctp_process_inv_paramlength(asoc, param.p, chunk, 2105 err_chunk); 2106 retval = SCTP_IERROR_ABORT; 2107 } 2108 break; 2109 fallthrough: 2110 default: 2111 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2112 ntohs(param.p->type), cid); 2113 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2114 break; 2115 } 2116 return retval; 2117 } 2118 2119 /* Verify the INIT packet before we process it. */ 2120 int sctp_verify_init(const struct sctp_association *asoc, 2121 sctp_cid_t cid, 2122 sctp_init_chunk_t *peer_init, 2123 struct sctp_chunk *chunk, 2124 struct sctp_chunk **errp) 2125 { 2126 union sctp_params param; 2127 int has_cookie = 0; 2128 int result; 2129 2130 /* Verify stream values are non-zero. */ 2131 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2132 (0 == peer_init->init_hdr.num_inbound_streams) || 2133 (0 == peer_init->init_hdr.init_tag) || 2134 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2135 2136 return sctp_process_inv_mandatory(asoc, chunk, errp); 2137 } 2138 2139 /* Check for missing mandatory parameters. */ 2140 sctp_walk_params(param, peer_init, init_hdr.params) { 2141 2142 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2143 has_cookie = 1; 2144 2145 } /* for (loop through all parameters) */ 2146 2147 /* There is a possibility that a parameter length was bad and 2148 * in that case we would have stoped walking the parameters. 2149 * The current param.p would point at the bad one. 2150 * Current consensus on the mailing list is to generate a PROTOCOL 2151 * VIOLATION error. We build the ERROR chunk here and let the normal 2152 * error handling code build and send the packet. 2153 */ 2154 if (param.v != (void*)chunk->chunk_end) 2155 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2156 2157 /* The only missing mandatory param possible today is 2158 * the state cookie for an INIT-ACK chunk. 2159 */ 2160 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2161 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2162 chunk, errp); 2163 2164 /* Verify all the variable length parameters */ 2165 sctp_walk_params(param, peer_init, init_hdr.params) { 2166 2167 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2168 switch (result) { 2169 case SCTP_IERROR_ABORT: 2170 case SCTP_IERROR_NOMEM: 2171 return 0; 2172 case SCTP_IERROR_ERROR: 2173 return 1; 2174 case SCTP_IERROR_NO_ERROR: 2175 default: 2176 break; 2177 } 2178 2179 } /* for (loop through all parameters) */ 2180 2181 return 1; 2182 } 2183 2184 /* Unpack the parameters in an INIT packet into an association. 2185 * Returns 0 on failure, else success. 2186 * FIXME: This is an association method. 2187 */ 2188 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2189 const union sctp_addr *peer_addr, 2190 sctp_init_chunk_t *peer_init, gfp_t gfp) 2191 { 2192 union sctp_params param; 2193 struct sctp_transport *transport; 2194 struct list_head *pos, *temp; 2195 char *cookie; 2196 2197 /* We must include the address that the INIT packet came from. 2198 * This is the only address that matters for an INIT packet. 2199 * When processing a COOKIE ECHO, we retrieve the from address 2200 * of the INIT from the cookie. 2201 */ 2202 2203 /* This implementation defaults to making the first transport 2204 * added as the primary transport. The source address seems to 2205 * be a a better choice than any of the embedded addresses. 2206 */ 2207 if (peer_addr) { 2208 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2209 goto nomem; 2210 } 2211 2212 /* Process the initialization parameters. */ 2213 sctp_walk_params(param, peer_init, init_hdr.params) { 2214 2215 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2216 goto clean_up; 2217 } 2218 2219 /* AUTH: After processing the parameters, make sure that we 2220 * have all the required info to potentially do authentications. 2221 */ 2222 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2223 !asoc->peer.peer_hmacs)) 2224 asoc->peer.auth_capable = 0; 2225 2226 /* In a non-backward compatible mode, if the peer claims 2227 * support for ADD-IP but not AUTH, the ADD-IP spec states 2228 * that we MUST ABORT the association. Section 6. The section 2229 * also give us an option to silently ignore the packet, which 2230 * is what we'll do here. 2231 */ 2232 if (!sctp_addip_noauth && 2233 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2234 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2235 SCTP_PARAM_DEL_IP | 2236 SCTP_PARAM_SET_PRIMARY); 2237 asoc->peer.asconf_capable = 0; 2238 goto clean_up; 2239 } 2240 2241 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2242 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2243 transport = list_entry(pos, struct sctp_transport, transports); 2244 if (transport->state == SCTP_UNKNOWN) { 2245 sctp_assoc_rm_peer(asoc, transport); 2246 } 2247 } 2248 2249 /* The fixed INIT headers are always in network byte 2250 * order. 2251 */ 2252 asoc->peer.i.init_tag = 2253 ntohl(peer_init->init_hdr.init_tag); 2254 asoc->peer.i.a_rwnd = 2255 ntohl(peer_init->init_hdr.a_rwnd); 2256 asoc->peer.i.num_outbound_streams = 2257 ntohs(peer_init->init_hdr.num_outbound_streams); 2258 asoc->peer.i.num_inbound_streams = 2259 ntohs(peer_init->init_hdr.num_inbound_streams); 2260 asoc->peer.i.initial_tsn = 2261 ntohl(peer_init->init_hdr.initial_tsn); 2262 2263 /* Apply the upper bounds for output streams based on peer's 2264 * number of inbound streams. 2265 */ 2266 if (asoc->c.sinit_num_ostreams > 2267 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2268 asoc->c.sinit_num_ostreams = 2269 ntohs(peer_init->init_hdr.num_inbound_streams); 2270 } 2271 2272 if (asoc->c.sinit_max_instreams > 2273 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2274 asoc->c.sinit_max_instreams = 2275 ntohs(peer_init->init_hdr.num_outbound_streams); 2276 } 2277 2278 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2279 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2280 2281 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2282 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2283 2284 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2285 cookie = asoc->peer.cookie; 2286 if (cookie) { 2287 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2288 if (!asoc->peer.cookie) 2289 goto clean_up; 2290 } 2291 2292 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2293 * high (for example, implementations MAY use the size of the receiver 2294 * advertised window). 2295 */ 2296 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2297 transports) { 2298 transport->ssthresh = asoc->peer.i.a_rwnd; 2299 } 2300 2301 /* Set up the TSN tracking pieces. */ 2302 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2303 asoc->peer.i.initial_tsn, gfp)) 2304 goto clean_up; 2305 2306 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2307 * 2308 * The stream sequence number in all the streams shall start 2309 * from 0 when the association is established. Also, when the 2310 * stream sequence number reaches the value 65535 the next 2311 * stream sequence number shall be set to 0. 2312 */ 2313 2314 /* Allocate storage for the negotiated streams if it is not a temporary 2315 * association. 2316 */ 2317 if (!asoc->temp) { 2318 int error; 2319 2320 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2321 asoc->c.sinit_num_ostreams, gfp); 2322 if (!asoc->ssnmap) 2323 goto clean_up; 2324 2325 error = sctp_assoc_set_id(asoc, gfp); 2326 if (error) 2327 goto clean_up; 2328 } 2329 2330 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2331 * 2332 * When an endpoint has an ASCONF signaled change to be sent to the 2333 * remote endpoint it should do the following: 2334 * ... 2335 * A2) A serial number should be assigned to the Chunk. The serial 2336 * number should be a monotonically increasing number. All serial 2337 * numbers are defined to be initialized at the start of the 2338 * association to the same value as the Initial TSN. 2339 */ 2340 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2341 return 1; 2342 2343 clean_up: 2344 /* Release the transport structures. */ 2345 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2346 transport = list_entry(pos, struct sctp_transport, transports); 2347 if (transport->state != SCTP_ACTIVE) 2348 sctp_assoc_rm_peer(asoc, transport); 2349 } 2350 2351 nomem: 2352 return 0; 2353 } 2354 2355 2356 /* Update asoc with the option described in param. 2357 * 2358 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2359 * 2360 * asoc is the association to update. 2361 * param is the variable length parameter to use for update. 2362 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2363 * If the current packet is an INIT we want to minimize the amount of 2364 * work we do. In particular, we should not build transport 2365 * structures for the addresses. 2366 */ 2367 static int sctp_process_param(struct sctp_association *asoc, 2368 union sctp_params param, 2369 const union sctp_addr *peer_addr, 2370 gfp_t gfp) 2371 { 2372 union sctp_addr addr; 2373 int i; 2374 __u16 sat; 2375 int retval = 1; 2376 sctp_scope_t scope; 2377 time_t stale; 2378 struct sctp_af *af; 2379 union sctp_addr_param *addr_param; 2380 struct sctp_transport *t; 2381 2382 /* We maintain all INIT parameters in network byte order all the 2383 * time. This allows us to not worry about whether the parameters 2384 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2385 */ 2386 switch (param.p->type) { 2387 case SCTP_PARAM_IPV6_ADDRESS: 2388 if (PF_INET6 != asoc->base.sk->sk_family) 2389 break; 2390 goto do_addr_param; 2391 2392 case SCTP_PARAM_IPV4_ADDRESS: 2393 /* v4 addresses are not allowed on v6-only socket */ 2394 if (ipv6_only_sock(asoc->base.sk)) 2395 break; 2396 do_addr_param: 2397 af = sctp_get_af_specific(param_type2af(param.p->type)); 2398 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2399 scope = sctp_scope(peer_addr); 2400 if (sctp_in_scope(&addr, scope)) 2401 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2402 return 0; 2403 break; 2404 2405 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2406 if (!sctp_cookie_preserve_enable) 2407 break; 2408 2409 stale = ntohl(param.life->lifespan_increment); 2410 2411 /* Suggested Cookie Life span increment's unit is msec, 2412 * (1/1000sec). 2413 */ 2414 asoc->cookie_life.tv_sec += stale / 1000; 2415 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2416 break; 2417 2418 case SCTP_PARAM_HOST_NAME_ADDRESS: 2419 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2420 break; 2421 2422 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2423 /* Turn off the default values first so we'll know which 2424 * ones are really set by the peer. 2425 */ 2426 asoc->peer.ipv4_address = 0; 2427 asoc->peer.ipv6_address = 0; 2428 2429 /* Assume that peer supports the address family 2430 * by which it sends a packet. 2431 */ 2432 if (peer_addr->sa.sa_family == AF_INET6) 2433 asoc->peer.ipv6_address = 1; 2434 else if (peer_addr->sa.sa_family == AF_INET) 2435 asoc->peer.ipv4_address = 1; 2436 2437 /* Cycle through address types; avoid divide by 0. */ 2438 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2439 if (sat) 2440 sat /= sizeof(__u16); 2441 2442 for (i = 0; i < sat; ++i) { 2443 switch (param.sat->types[i]) { 2444 case SCTP_PARAM_IPV4_ADDRESS: 2445 asoc->peer.ipv4_address = 1; 2446 break; 2447 2448 case SCTP_PARAM_IPV6_ADDRESS: 2449 if (PF_INET6 == asoc->base.sk->sk_family) 2450 asoc->peer.ipv6_address = 1; 2451 break; 2452 2453 case SCTP_PARAM_HOST_NAME_ADDRESS: 2454 asoc->peer.hostname_address = 1; 2455 break; 2456 2457 default: /* Just ignore anything else. */ 2458 break; 2459 } 2460 } 2461 break; 2462 2463 case SCTP_PARAM_STATE_COOKIE: 2464 asoc->peer.cookie_len = 2465 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2466 asoc->peer.cookie = param.cookie->body; 2467 break; 2468 2469 case SCTP_PARAM_HEARTBEAT_INFO: 2470 /* Would be odd to receive, but it causes no problems. */ 2471 break; 2472 2473 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2474 /* Rejected during verify stage. */ 2475 break; 2476 2477 case SCTP_PARAM_ECN_CAPABLE: 2478 asoc->peer.ecn_capable = 1; 2479 break; 2480 2481 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2482 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2483 break; 2484 2485 case SCTP_PARAM_SET_PRIMARY: 2486 if (!sctp_addip_enable) 2487 goto fall_through; 2488 2489 addr_param = param.v + sizeof(sctp_addip_param_t); 2490 2491 af = sctp_get_af_specific(param_type2af(param.p->type)); 2492 af->from_addr_param(&addr, addr_param, 2493 htons(asoc->peer.port), 0); 2494 2495 /* if the address is invalid, we can't process it. 2496 * XXX: see spec for what to do. 2497 */ 2498 if (!af->addr_valid(&addr, NULL, NULL)) 2499 break; 2500 2501 t = sctp_assoc_lookup_paddr(asoc, &addr); 2502 if (!t) 2503 break; 2504 2505 sctp_assoc_set_primary(asoc, t); 2506 break; 2507 2508 case SCTP_PARAM_SUPPORTED_EXT: 2509 sctp_process_ext_param(asoc, param); 2510 break; 2511 2512 case SCTP_PARAM_FWD_TSN_SUPPORT: 2513 if (sctp_prsctp_enable) { 2514 asoc->peer.prsctp_capable = 1; 2515 break; 2516 } 2517 /* Fall Through */ 2518 goto fall_through; 2519 2520 case SCTP_PARAM_RANDOM: 2521 if (!sctp_auth_enable) 2522 goto fall_through; 2523 2524 /* Save peer's random parameter */ 2525 asoc->peer.peer_random = kmemdup(param.p, 2526 ntohs(param.p->length), gfp); 2527 if (!asoc->peer.peer_random) { 2528 retval = 0; 2529 break; 2530 } 2531 break; 2532 2533 case SCTP_PARAM_HMAC_ALGO: 2534 if (!sctp_auth_enable) 2535 goto fall_through; 2536 2537 /* Save peer's HMAC list */ 2538 asoc->peer.peer_hmacs = kmemdup(param.p, 2539 ntohs(param.p->length), gfp); 2540 if (!asoc->peer.peer_hmacs) { 2541 retval = 0; 2542 break; 2543 } 2544 2545 /* Set the default HMAC the peer requested*/ 2546 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2547 break; 2548 2549 case SCTP_PARAM_CHUNKS: 2550 if (!sctp_auth_enable) 2551 goto fall_through; 2552 2553 asoc->peer.peer_chunks = kmemdup(param.p, 2554 ntohs(param.p->length), gfp); 2555 if (!asoc->peer.peer_chunks) 2556 retval = 0; 2557 break; 2558 fall_through: 2559 default: 2560 /* Any unrecognized parameters should have been caught 2561 * and handled by sctp_verify_param() which should be 2562 * called prior to this routine. Simply log the error 2563 * here. 2564 */ 2565 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2566 ntohs(param.p->type), asoc); 2567 break; 2568 } 2569 2570 return retval; 2571 } 2572 2573 /* Select a new verification tag. */ 2574 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2575 { 2576 /* I believe that this random number generator complies with RFC1750. 2577 * A tag of 0 is reserved for special cases (e.g. INIT). 2578 */ 2579 __u32 x; 2580 2581 do { 2582 get_random_bytes(&x, sizeof(__u32)); 2583 } while (x == 0); 2584 2585 return x; 2586 } 2587 2588 /* Select an initial TSN to send during startup. */ 2589 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2590 { 2591 __u32 retval; 2592 2593 get_random_bytes(&retval, sizeof(__u32)); 2594 return retval; 2595 } 2596 2597 /* 2598 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2599 * 0 1 2 3 2600 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2601 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2602 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2604 * | Serial Number | 2605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2606 * | Address Parameter | 2607 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2608 * | ASCONF Parameter #1 | 2609 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2610 * \ \ 2611 * / .... / 2612 * \ \ 2613 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2614 * | ASCONF Parameter #N | 2615 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2616 * 2617 * Address Parameter and other parameter will not be wrapped in this function 2618 */ 2619 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2620 union sctp_addr *addr, 2621 int vparam_len) 2622 { 2623 sctp_addiphdr_t asconf; 2624 struct sctp_chunk *retval; 2625 int length = sizeof(asconf) + vparam_len; 2626 union sctp_addr_param addrparam; 2627 int addrlen; 2628 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2629 2630 addrlen = af->to_addr_param(addr, &addrparam); 2631 if (!addrlen) 2632 return NULL; 2633 length += addrlen; 2634 2635 /* Create the chunk. */ 2636 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2637 if (!retval) 2638 return NULL; 2639 2640 asconf.serial = htonl(asoc->addip_serial++); 2641 2642 retval->subh.addip_hdr = 2643 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2644 retval->param_hdr.v = 2645 sctp_addto_chunk(retval, addrlen, &addrparam); 2646 2647 return retval; 2648 } 2649 2650 /* ADDIP 2651 * 3.2.1 Add IP Address 2652 * 0 1 2 3 2653 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2654 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2655 * | Type = 0xC001 | Length = Variable | 2656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2657 * | ASCONF-Request Correlation ID | 2658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2659 * | Address Parameter | 2660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2661 * 2662 * 3.2.2 Delete IP Address 2663 * 0 1 2 3 2664 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2665 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2666 * | Type = 0xC002 | Length = Variable | 2667 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2668 * | ASCONF-Request Correlation ID | 2669 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2670 * | Address Parameter | 2671 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2672 * 2673 */ 2674 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2675 union sctp_addr *laddr, 2676 struct sockaddr *addrs, 2677 int addrcnt, 2678 __be16 flags) 2679 { 2680 sctp_addip_param_t param; 2681 struct sctp_chunk *retval; 2682 union sctp_addr_param addr_param; 2683 union sctp_addr *addr; 2684 void *addr_buf; 2685 struct sctp_af *af; 2686 int paramlen = sizeof(param); 2687 int addr_param_len = 0; 2688 int totallen = 0; 2689 int i; 2690 2691 /* Get total length of all the address parameters. */ 2692 addr_buf = addrs; 2693 for (i = 0; i < addrcnt; i++) { 2694 addr = (union sctp_addr *)addr_buf; 2695 af = sctp_get_af_specific(addr->v4.sin_family); 2696 addr_param_len = af->to_addr_param(addr, &addr_param); 2697 2698 totallen += paramlen; 2699 totallen += addr_param_len; 2700 2701 addr_buf += af->sockaddr_len; 2702 } 2703 2704 /* Create an asconf chunk with the required length. */ 2705 retval = sctp_make_asconf(asoc, laddr, totallen); 2706 if (!retval) 2707 return NULL; 2708 2709 /* Add the address parameters to the asconf chunk. */ 2710 addr_buf = addrs; 2711 for (i = 0; i < addrcnt; i++) { 2712 addr = (union sctp_addr *)addr_buf; 2713 af = sctp_get_af_specific(addr->v4.sin_family); 2714 addr_param_len = af->to_addr_param(addr, &addr_param); 2715 param.param_hdr.type = flags; 2716 param.param_hdr.length = htons(paramlen + addr_param_len); 2717 param.crr_id = i; 2718 2719 sctp_addto_chunk(retval, paramlen, ¶m); 2720 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2721 2722 addr_buf += af->sockaddr_len; 2723 } 2724 return retval; 2725 } 2726 2727 /* ADDIP 2728 * 3.2.4 Set Primary IP Address 2729 * 0 1 2 3 2730 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2731 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2732 * | Type =0xC004 | Length = Variable | 2733 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2734 * | ASCONF-Request Correlation ID | 2735 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2736 * | Address Parameter | 2737 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2738 * 2739 * Create an ASCONF chunk with Set Primary IP address parameter. 2740 */ 2741 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2742 union sctp_addr *addr) 2743 { 2744 sctp_addip_param_t param; 2745 struct sctp_chunk *retval; 2746 int len = sizeof(param); 2747 union sctp_addr_param addrparam; 2748 int addrlen; 2749 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2750 2751 addrlen = af->to_addr_param(addr, &addrparam); 2752 if (!addrlen) 2753 return NULL; 2754 len += addrlen; 2755 2756 /* Create the chunk and make asconf header. */ 2757 retval = sctp_make_asconf(asoc, addr, len); 2758 if (!retval) 2759 return NULL; 2760 2761 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2762 param.param_hdr.length = htons(len); 2763 param.crr_id = 0; 2764 2765 sctp_addto_chunk(retval, sizeof(param), ¶m); 2766 sctp_addto_chunk(retval, addrlen, &addrparam); 2767 2768 return retval; 2769 } 2770 2771 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2772 * 0 1 2 3 2773 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2774 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2775 * | Type = 0x80 | Chunk Flags | Chunk Length | 2776 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2777 * | Serial Number | 2778 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2779 * | ASCONF Parameter Response#1 | 2780 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2781 * \ \ 2782 * / .... / 2783 * \ \ 2784 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2785 * | ASCONF Parameter Response#N | 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * 2788 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2789 */ 2790 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2791 __u32 serial, int vparam_len) 2792 { 2793 sctp_addiphdr_t asconf; 2794 struct sctp_chunk *retval; 2795 int length = sizeof(asconf) + vparam_len; 2796 2797 /* Create the chunk. */ 2798 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2799 if (!retval) 2800 return NULL; 2801 2802 asconf.serial = htonl(serial); 2803 2804 retval->subh.addip_hdr = 2805 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2806 2807 return retval; 2808 } 2809 2810 /* Add response parameters to an ASCONF_ACK chunk. */ 2811 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2812 __be16 err_code, sctp_addip_param_t *asconf_param) 2813 { 2814 sctp_addip_param_t ack_param; 2815 sctp_errhdr_t err_param; 2816 int asconf_param_len = 0; 2817 int err_param_len = 0; 2818 __be16 response_type; 2819 2820 if (SCTP_ERROR_NO_ERROR == err_code) { 2821 response_type = SCTP_PARAM_SUCCESS_REPORT; 2822 } else { 2823 response_type = SCTP_PARAM_ERR_CAUSE; 2824 err_param_len = sizeof(err_param); 2825 if (asconf_param) 2826 asconf_param_len = 2827 ntohs(asconf_param->param_hdr.length); 2828 } 2829 2830 /* Add Success Indication or Error Cause Indication parameter. */ 2831 ack_param.param_hdr.type = response_type; 2832 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2833 err_param_len + 2834 asconf_param_len); 2835 ack_param.crr_id = crr_id; 2836 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2837 2838 if (SCTP_ERROR_NO_ERROR == err_code) 2839 return; 2840 2841 /* Add Error Cause parameter. */ 2842 err_param.cause = err_code; 2843 err_param.length = htons(err_param_len + asconf_param_len); 2844 sctp_addto_chunk(chunk, err_param_len, &err_param); 2845 2846 /* Add the failed TLV copied from ASCONF chunk. */ 2847 if (asconf_param) 2848 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2849 } 2850 2851 /* Process a asconf parameter. */ 2852 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2853 struct sctp_chunk *asconf, 2854 sctp_addip_param_t *asconf_param) 2855 { 2856 struct sctp_transport *peer; 2857 struct sctp_af *af; 2858 union sctp_addr addr; 2859 union sctp_addr_param *addr_param; 2860 2861 addr_param = (union sctp_addr_param *) 2862 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2863 2864 switch (addr_param->v4.param_hdr.type) { 2865 case SCTP_PARAM_IPV6_ADDRESS: 2866 if (!asoc->peer.ipv6_address) 2867 return SCTP_ERROR_INV_PARAM; 2868 break; 2869 case SCTP_PARAM_IPV4_ADDRESS: 2870 if (!asoc->peer.ipv4_address) 2871 return SCTP_ERROR_INV_PARAM; 2872 break; 2873 default: 2874 return SCTP_ERROR_INV_PARAM; 2875 } 2876 2877 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2878 if (unlikely(!af)) 2879 return SCTP_ERROR_INV_PARAM; 2880 2881 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2882 2883 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 2884 * or multicast address. 2885 * (note: wildcard is permitted and requires special handling so 2886 * make sure we check for that) 2887 */ 2888 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 2889 return SCTP_ERROR_INV_PARAM; 2890 2891 switch (asconf_param->param_hdr.type) { 2892 case SCTP_PARAM_ADD_IP: 2893 /* Section 4.2.1: 2894 * If the address 0.0.0.0 or ::0 is provided, the source 2895 * address of the packet MUST be added. 2896 */ 2897 if (af->is_any(&addr)) 2898 memcpy(&addr, &asconf->source, sizeof(addr)); 2899 2900 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2901 * request and does not have the local resources to add this 2902 * new address to the association, it MUST return an Error 2903 * Cause TLV set to the new error code 'Operation Refused 2904 * Due to Resource Shortage'. 2905 */ 2906 2907 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2908 if (!peer) 2909 return SCTP_ERROR_RSRC_LOW; 2910 2911 /* Start the heartbeat timer. */ 2912 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2913 sctp_transport_hold(peer); 2914 break; 2915 case SCTP_PARAM_DEL_IP: 2916 /* ADDIP 4.3 D7) If a request is received to delete the 2917 * last remaining IP address of a peer endpoint, the receiver 2918 * MUST send an Error Cause TLV with the error cause set to the 2919 * new error code 'Request to Delete Last Remaining IP Address'. 2920 */ 2921 if (asoc->peer.transport_count == 1) 2922 return SCTP_ERROR_DEL_LAST_IP; 2923 2924 /* ADDIP 4.3 D8) If a request is received to delete an IP 2925 * address which is also the source address of the IP packet 2926 * which contained the ASCONF chunk, the receiver MUST reject 2927 * this request. To reject the request the receiver MUST send 2928 * an Error Cause TLV set to the new error code 'Request to 2929 * Delete Source IP Address' 2930 */ 2931 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2932 return SCTP_ERROR_DEL_SRC_IP; 2933 2934 /* Section 4.2.2 2935 * If the address 0.0.0.0 or ::0 is provided, all 2936 * addresses of the peer except the source address of the 2937 * packet MUST be deleted. 2938 */ 2939 if (af->is_any(&addr)) { 2940 sctp_assoc_set_primary(asoc, asconf->transport); 2941 sctp_assoc_del_nonprimary_peers(asoc, 2942 asconf->transport); 2943 } else 2944 sctp_assoc_del_peer(asoc, &addr); 2945 break; 2946 case SCTP_PARAM_SET_PRIMARY: 2947 /* ADDIP Section 4.2.4 2948 * If the address 0.0.0.0 or ::0 is provided, the receiver 2949 * MAY mark the source address of the packet as its 2950 * primary. 2951 */ 2952 if (af->is_any(&addr)) 2953 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 2954 2955 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2956 if (!peer) 2957 return SCTP_ERROR_INV_PARAM; 2958 2959 sctp_assoc_set_primary(asoc, peer); 2960 break; 2961 default: 2962 return SCTP_ERROR_INV_PARAM; 2963 break; 2964 } 2965 2966 return SCTP_ERROR_NO_ERROR; 2967 } 2968 2969 /* Verify the ASCONF packet before we process it. */ 2970 int sctp_verify_asconf(const struct sctp_association *asoc, 2971 struct sctp_paramhdr *param_hdr, void *chunk_end, 2972 struct sctp_paramhdr **errp) { 2973 sctp_addip_param_t *asconf_param; 2974 union sctp_params param; 2975 int length, plen; 2976 2977 param.v = (sctp_paramhdr_t *) param_hdr; 2978 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 2979 length = ntohs(param.p->length); 2980 *errp = param.p; 2981 2982 if (param.v > chunk_end - length || 2983 length < sizeof(sctp_paramhdr_t)) 2984 return 0; 2985 2986 switch (param.p->type) { 2987 case SCTP_PARAM_ADD_IP: 2988 case SCTP_PARAM_DEL_IP: 2989 case SCTP_PARAM_SET_PRIMARY: 2990 asconf_param = (sctp_addip_param_t *)param.v; 2991 plen = ntohs(asconf_param->param_hdr.length); 2992 if (plen < sizeof(sctp_addip_param_t) + 2993 sizeof(sctp_paramhdr_t)) 2994 return 0; 2995 break; 2996 case SCTP_PARAM_SUCCESS_REPORT: 2997 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2998 if (length != sizeof(sctp_addip_param_t)) 2999 return 0; 3000 3001 break; 3002 default: 3003 break; 3004 } 3005 3006 param.v += WORD_ROUND(length); 3007 } 3008 3009 if (param.v != chunk_end) 3010 return 0; 3011 3012 return 1; 3013 } 3014 3015 /* Process an incoming ASCONF chunk with the next expected serial no. and 3016 * return an ASCONF_ACK chunk to be sent in response. 3017 */ 3018 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3019 struct sctp_chunk *asconf) 3020 { 3021 sctp_addiphdr_t *hdr; 3022 union sctp_addr_param *addr_param; 3023 sctp_addip_param_t *asconf_param; 3024 struct sctp_chunk *asconf_ack; 3025 3026 __be16 err_code; 3027 int length = 0; 3028 int chunk_len; 3029 __u32 serial; 3030 int all_param_pass = 1; 3031 3032 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3033 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3034 serial = ntohl(hdr->serial); 3035 3036 /* Skip the addiphdr and store a pointer to address parameter. */ 3037 length = sizeof(sctp_addiphdr_t); 3038 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3039 chunk_len -= length; 3040 3041 /* Skip the address parameter and store a pointer to the first 3042 * asconf parameter. 3043 */ 3044 length = ntohs(addr_param->v4.param_hdr.length); 3045 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3046 chunk_len -= length; 3047 3048 /* create an ASCONF_ACK chunk. 3049 * Based on the definitions of parameters, we know that the size of 3050 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 3051 * parameters. 3052 */ 3053 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 3054 if (!asconf_ack) 3055 goto done; 3056 3057 /* Process the TLVs contained within the ASCONF chunk. */ 3058 while (chunk_len > 0) { 3059 err_code = sctp_process_asconf_param(asoc, asconf, 3060 asconf_param); 3061 /* ADDIP 4.1 A7) 3062 * If an error response is received for a TLV parameter, 3063 * all TLVs with no response before the failed TLV are 3064 * considered successful if not reported. All TLVs after 3065 * the failed response are considered unsuccessful unless 3066 * a specific success indication is present for the parameter. 3067 */ 3068 if (SCTP_ERROR_NO_ERROR != err_code) 3069 all_param_pass = 0; 3070 3071 if (!all_param_pass) 3072 sctp_add_asconf_response(asconf_ack, 3073 asconf_param->crr_id, err_code, 3074 asconf_param); 3075 3076 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3077 * an IP address sends an 'Out of Resource' in its response, it 3078 * MUST also fail any subsequent add or delete requests bundled 3079 * in the ASCONF. 3080 */ 3081 if (SCTP_ERROR_RSRC_LOW == err_code) 3082 goto done; 3083 3084 /* Move to the next ASCONF param. */ 3085 length = ntohs(asconf_param->param_hdr.length); 3086 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3087 length); 3088 chunk_len -= length; 3089 } 3090 3091 done: 3092 asoc->peer.addip_serial++; 3093 3094 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3095 * after freeing the reference to old asconf ack if any. 3096 */ 3097 if (asconf_ack) { 3098 sctp_chunk_hold(asconf_ack); 3099 list_add_tail(&asconf_ack->transmitted_list, 3100 &asoc->asconf_ack_list); 3101 } 3102 3103 return asconf_ack; 3104 } 3105 3106 /* Process a asconf parameter that is successfully acked. */ 3107 static int sctp_asconf_param_success(struct sctp_association *asoc, 3108 sctp_addip_param_t *asconf_param) 3109 { 3110 struct sctp_af *af; 3111 union sctp_addr addr; 3112 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3113 union sctp_addr_param *addr_param; 3114 struct sctp_transport *transport; 3115 struct sctp_sockaddr_entry *saddr; 3116 int retval = 0; 3117 3118 addr_param = (union sctp_addr_param *) 3119 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 3120 3121 /* We have checked the packet before, so we do not check again. */ 3122 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 3123 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3124 3125 switch (asconf_param->param_hdr.type) { 3126 case SCTP_PARAM_ADD_IP: 3127 /* This is always done in BH context with a socket lock 3128 * held, so the list can not change. 3129 */ 3130 local_bh_disable(); 3131 list_for_each_entry(saddr, &bp->address_list, list) { 3132 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3133 saddr->state = SCTP_ADDR_SRC; 3134 } 3135 local_bh_enable(); 3136 break; 3137 case SCTP_PARAM_DEL_IP: 3138 local_bh_disable(); 3139 retval = sctp_del_bind_addr(bp, &addr); 3140 local_bh_enable(); 3141 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3142 transports) { 3143 dst_release(transport->dst); 3144 sctp_transport_route(transport, NULL, 3145 sctp_sk(asoc->base.sk)); 3146 } 3147 break; 3148 default: 3149 break; 3150 } 3151 3152 return retval; 3153 } 3154 3155 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3156 * for the given asconf parameter. If there is no response for this parameter, 3157 * return the error code based on the third argument 'no_err'. 3158 * ADDIP 4.1 3159 * A7) If an error response is received for a TLV parameter, all TLVs with no 3160 * response before the failed TLV are considered successful if not reported. 3161 * All TLVs after the failed response are considered unsuccessful unless a 3162 * specific success indication is present for the parameter. 3163 */ 3164 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3165 sctp_addip_param_t *asconf_param, 3166 int no_err) 3167 { 3168 sctp_addip_param_t *asconf_ack_param; 3169 sctp_errhdr_t *err_param; 3170 int length; 3171 int asconf_ack_len; 3172 __be16 err_code; 3173 3174 if (no_err) 3175 err_code = SCTP_ERROR_NO_ERROR; 3176 else 3177 err_code = SCTP_ERROR_REQ_REFUSED; 3178 3179 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3180 sizeof(sctp_chunkhdr_t); 3181 3182 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3183 * the first asconf_ack parameter. 3184 */ 3185 length = sizeof(sctp_addiphdr_t); 3186 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3187 length); 3188 asconf_ack_len -= length; 3189 3190 while (asconf_ack_len > 0) { 3191 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3192 switch(asconf_ack_param->param_hdr.type) { 3193 case SCTP_PARAM_SUCCESS_REPORT: 3194 return SCTP_ERROR_NO_ERROR; 3195 case SCTP_PARAM_ERR_CAUSE: 3196 length = sizeof(sctp_addip_param_t); 3197 err_param = (sctp_errhdr_t *) 3198 ((void *)asconf_ack_param + length); 3199 asconf_ack_len -= length; 3200 if (asconf_ack_len > 0) 3201 return err_param->cause; 3202 else 3203 return SCTP_ERROR_INV_PARAM; 3204 break; 3205 default: 3206 return SCTP_ERROR_INV_PARAM; 3207 } 3208 } 3209 3210 length = ntohs(asconf_ack_param->param_hdr.length); 3211 asconf_ack_param = (sctp_addip_param_t *) 3212 ((void *)asconf_ack_param + length); 3213 asconf_ack_len -= length; 3214 } 3215 3216 return err_code; 3217 } 3218 3219 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3220 int sctp_process_asconf_ack(struct sctp_association *asoc, 3221 struct sctp_chunk *asconf_ack) 3222 { 3223 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3224 union sctp_addr_param *addr_param; 3225 sctp_addip_param_t *asconf_param; 3226 int length = 0; 3227 int asconf_len = asconf->skb->len; 3228 int all_param_pass = 0; 3229 int no_err = 1; 3230 int retval = 0; 3231 __be16 err_code = SCTP_ERROR_NO_ERROR; 3232 3233 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3234 * a pointer to address parameter. 3235 */ 3236 length = sizeof(sctp_addip_chunk_t); 3237 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3238 asconf_len -= length; 3239 3240 /* Skip the address parameter in the last asconf sent and store a 3241 * pointer to the first asconf parameter. 3242 */ 3243 length = ntohs(addr_param->v4.param_hdr.length); 3244 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3245 asconf_len -= length; 3246 3247 /* ADDIP 4.1 3248 * A8) If there is no response(s) to specific TLV parameter(s), and no 3249 * failures are indicated, then all request(s) are considered 3250 * successful. 3251 */ 3252 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3253 all_param_pass = 1; 3254 3255 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3256 while (asconf_len > 0) { 3257 if (all_param_pass) 3258 err_code = SCTP_ERROR_NO_ERROR; 3259 else { 3260 err_code = sctp_get_asconf_response(asconf_ack, 3261 asconf_param, 3262 no_err); 3263 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3264 no_err = 0; 3265 } 3266 3267 switch (err_code) { 3268 case SCTP_ERROR_NO_ERROR: 3269 retval = sctp_asconf_param_success(asoc, asconf_param); 3270 break; 3271 3272 case SCTP_ERROR_RSRC_LOW: 3273 retval = 1; 3274 break; 3275 3276 case SCTP_ERROR_INV_PARAM: 3277 /* Disable sending this type of asconf parameter in 3278 * future. 3279 */ 3280 asoc->peer.addip_disabled_mask |= 3281 asconf_param->param_hdr.type; 3282 break; 3283 3284 case SCTP_ERROR_REQ_REFUSED: 3285 case SCTP_ERROR_DEL_LAST_IP: 3286 case SCTP_ERROR_DEL_SRC_IP: 3287 default: 3288 break; 3289 } 3290 3291 /* Skip the processed asconf parameter and move to the next 3292 * one. 3293 */ 3294 length = ntohs(asconf_param->param_hdr.length); 3295 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3296 length); 3297 asconf_len -= length; 3298 } 3299 3300 /* Free the cached last sent asconf chunk. */ 3301 list_del_init(&asconf->transmitted_list); 3302 sctp_chunk_free(asconf); 3303 asoc->addip_last_asconf = NULL; 3304 3305 /* Send the next asconf chunk from the addip chunk queue. */ 3306 if (!list_empty(&asoc->addip_chunk_list)) { 3307 struct list_head *entry = asoc->addip_chunk_list.next; 3308 asconf = list_entry(entry, struct sctp_chunk, list); 3309 3310 list_del_init(entry); 3311 3312 /* Hold the chunk until an ASCONF_ACK is received. */ 3313 sctp_chunk_hold(asconf); 3314 if (sctp_primitive_ASCONF(asoc, asconf)) 3315 sctp_chunk_free(asconf); 3316 else 3317 asoc->addip_last_asconf = asconf; 3318 } 3319 3320 return retval; 3321 } 3322 3323 /* Make a FWD TSN chunk. */ 3324 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3325 __u32 new_cum_tsn, size_t nstreams, 3326 struct sctp_fwdtsn_skip *skiplist) 3327 { 3328 struct sctp_chunk *retval = NULL; 3329 struct sctp_fwdtsn_chunk *ftsn_chunk; 3330 struct sctp_fwdtsn_hdr ftsn_hdr; 3331 struct sctp_fwdtsn_skip skip; 3332 size_t hint; 3333 int i; 3334 3335 hint = (nstreams + 1) * sizeof(__u32); 3336 3337 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3338 3339 if (!retval) 3340 return NULL; 3341 3342 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 3343 3344 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3345 retval->subh.fwdtsn_hdr = 3346 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3347 3348 for (i = 0; i < nstreams; i++) { 3349 skip.stream = skiplist[i].stream; 3350 skip.ssn = skiplist[i].ssn; 3351 sctp_addto_chunk(retval, sizeof(skip), &skip); 3352 } 3353 3354 return retval; 3355 } 3356