1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <linux-sctp@vger.kernel.org> 33 * 34 * Written or modified by: 35 * La Monte H.P. Yarroll <piggy@acm.org> 36 * Karl Knutson <karl@athena.chicago.il.us> 37 * C. Robin <chris@hundredacre.ac.uk> 38 * Jon Grimm <jgrimm@us.ibm.com> 39 * Xingang Guo <xingang.guo@intel.com> 40 * Dajiang Zhang <dajiang.zhang@nokia.com> 41 * Sridhar Samudrala <sri@us.ibm.com> 42 * Daisy Chang <daisyc@us.ibm.com> 43 * Ardelle Fan <ardelle.fan@intel.com> 44 * Kevin Gao <kevin.gao@intel.com> 45 */ 46 47 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 48 49 #include <linux/types.h> 50 #include <linux/kernel.h> 51 #include <linux/ip.h> 52 #include <linux/ipv6.h> 53 #include <linux/net.h> 54 #include <linux/inet.h> 55 #include <linux/scatterlist.h> 56 #include <linux/crypto.h> 57 #include <linux/slab.h> 58 #include <net/sock.h> 59 60 #include <linux/skbuff.h> 61 #include <linux/random.h> /* for get_random_bytes */ 62 #include <net/sctp/sctp.h> 63 #include <net/sctp/sm.h> 64 65 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 66 __u8 type, __u8 flags, int paylen); 67 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 68 __u8 flags, int paylen); 69 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 70 __u8 type, __u8 flags, int paylen); 71 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 72 const struct sctp_association *asoc, 73 const struct sctp_chunk *init_chunk, 74 int *cookie_len, 75 const __u8 *raw_addrs, int addrs_len); 76 static int sctp_process_param(struct sctp_association *asoc, 77 union sctp_params param, 78 const union sctp_addr *peer_addr, 79 gfp_t gfp); 80 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 81 const void *data); 82 83 /* Control chunk destructor */ 84 static void sctp_control_release_owner(struct sk_buff *skb) 85 { 86 /*TODO: do memory release */ 87 } 88 89 static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 90 { 91 struct sctp_association *asoc = chunk->asoc; 92 struct sk_buff *skb = chunk->skb; 93 94 /* TODO: properly account for control chunks. 95 * To do it right we'll need: 96 * 1) endpoint if association isn't known. 97 * 2) proper memory accounting. 98 * 99 * For now don't do anything for now. 100 */ 101 skb->sk = asoc ? asoc->base.sk : NULL; 102 skb->destructor = sctp_control_release_owner; 103 } 104 105 /* What was the inbound interface for this chunk? */ 106 int sctp_chunk_iif(const struct sctp_chunk *chunk) 107 { 108 struct sctp_af *af; 109 int iif = 0; 110 111 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 112 if (af) 113 iif = af->skb_iif(chunk->skb); 114 115 return iif; 116 } 117 118 /* RFC 2960 3.3.2 Initiation (INIT) (1) 119 * 120 * Note 2: The ECN capable field is reserved for future use of 121 * Explicit Congestion Notification. 122 */ 123 static const struct sctp_paramhdr ecap_param = { 124 SCTP_PARAM_ECN_CAPABLE, 125 cpu_to_be16(sizeof(struct sctp_paramhdr)), 126 }; 127 static const struct sctp_paramhdr prsctp_param = { 128 SCTP_PARAM_FWD_TSN_SUPPORT, 129 cpu_to_be16(sizeof(struct sctp_paramhdr)), 130 }; 131 132 /* A helper to initialize an op error inside a 133 * provided chunk, as most cause codes will be embedded inside an 134 * abort chunk. 135 */ 136 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 137 size_t paylen) 138 { 139 sctp_errhdr_t err; 140 __u16 len; 141 142 /* Cause code constants are now defined in network order. */ 143 err.cause = cause_code; 144 len = sizeof(sctp_errhdr_t) + paylen; 145 err.length = htons(len); 146 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 147 } 148 149 /* A helper to initialize an op error inside a 150 * provided chunk, as most cause codes will be embedded inside an 151 * abort chunk. Differs from sctp_init_cause in that it won't oops 152 * if there isn't enough space in the op error chunk 153 */ 154 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 155 size_t paylen) 156 { 157 sctp_errhdr_t err; 158 __u16 len; 159 160 /* Cause code constants are now defined in network order. */ 161 err.cause = cause_code; 162 len = sizeof(sctp_errhdr_t) + paylen; 163 err.length = htons(len); 164 165 if (skb_tailroom(chunk->skb) < len) 166 return -ENOSPC; 167 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 168 sizeof(sctp_errhdr_t), 169 &err); 170 return 0; 171 } 172 /* 3.3.2 Initiation (INIT) (1) 173 * 174 * This chunk is used to initiate a SCTP association between two 175 * endpoints. The format of the INIT chunk is shown below: 176 * 177 * 0 1 2 3 178 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * | Type = 1 | Chunk Flags | Chunk Length | 181 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 * | Initiate Tag | 183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 * | Advertised Receiver Window Credit (a_rwnd) | 185 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 * | Number of Outbound Streams | Number of Inbound Streams | 187 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 * | Initial TSN | 189 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 * \ \ 191 * / Optional/Variable-Length Parameters / 192 * \ \ 193 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 194 * 195 * 196 * The INIT chunk contains the following parameters. Unless otherwise 197 * noted, each parameter MUST only be included once in the INIT chunk. 198 * 199 * Fixed Parameters Status 200 * ---------------------------------------------- 201 * Initiate Tag Mandatory 202 * Advertised Receiver Window Credit Mandatory 203 * Number of Outbound Streams Mandatory 204 * Number of Inbound Streams Mandatory 205 * Initial TSN Mandatory 206 * 207 * Variable Parameters Status Type Value 208 * ------------------------------------------------------------- 209 * IPv4 Address (Note 1) Optional 5 210 * IPv6 Address (Note 1) Optional 6 211 * Cookie Preservative Optional 9 212 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 213 * Host Name Address (Note 3) Optional 11 214 * Supported Address Types (Note 4) Optional 12 215 */ 216 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 217 const struct sctp_bind_addr *bp, 218 gfp_t gfp, int vparam_len) 219 { 220 struct net *net = sock_net(asoc->base.sk); 221 sctp_inithdr_t init; 222 union sctp_params addrs; 223 size_t chunksize; 224 struct sctp_chunk *retval = NULL; 225 int num_types, addrs_len = 0; 226 struct sctp_sock *sp; 227 sctp_supported_addrs_param_t sat; 228 __be16 types[2]; 229 sctp_adaptation_ind_param_t aiparam; 230 sctp_supported_ext_param_t ext_param; 231 int num_ext = 0; 232 __u8 extensions[3]; 233 sctp_paramhdr_t *auth_chunks = NULL, 234 *auth_hmacs = NULL; 235 236 /* RFC 2960 3.3.2 Initiation (INIT) (1) 237 * 238 * Note 1: The INIT chunks can contain multiple addresses that 239 * can be IPv4 and/or IPv6 in any combination. 240 */ 241 retval = NULL; 242 243 /* Convert the provided bind address list to raw format. */ 244 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 245 246 init.init_tag = htonl(asoc->c.my_vtag); 247 init.a_rwnd = htonl(asoc->rwnd); 248 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 249 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 250 init.initial_tsn = htonl(asoc->c.initial_tsn); 251 252 /* How many address types are needed? */ 253 sp = sctp_sk(asoc->base.sk); 254 num_types = sp->pf->supported_addrs(sp, types); 255 256 chunksize = sizeof(init) + addrs_len; 257 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 258 chunksize += sizeof(ecap_param); 259 260 if (net->sctp.prsctp_enable) 261 chunksize += sizeof(prsctp_param); 262 263 /* ADDIP: Section 4.2.7: 264 * An implementation supporting this extension [ADDIP] MUST list 265 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 266 * INIT-ACK parameters. 267 */ 268 if (net->sctp.addip_enable) { 269 extensions[num_ext] = SCTP_CID_ASCONF; 270 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 271 num_ext += 2; 272 } 273 274 if (sp->adaptation_ind) 275 chunksize += sizeof(aiparam); 276 277 chunksize += vparam_len; 278 279 /* Account for AUTH related parameters */ 280 if (net->sctp.auth_enable) { 281 /* Add random parameter length*/ 282 chunksize += sizeof(asoc->c.auth_random); 283 284 /* Add HMACS parameter length if any were defined */ 285 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 286 if (auth_hmacs->length) 287 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 288 else 289 auth_hmacs = NULL; 290 291 /* Add CHUNKS parameter length */ 292 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 293 if (auth_chunks->length) 294 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 295 else 296 auth_chunks = NULL; 297 298 extensions[num_ext] = SCTP_CID_AUTH; 299 num_ext += 1; 300 } 301 302 /* If we have any extensions to report, account for that */ 303 if (num_ext) 304 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 305 num_ext); 306 307 /* RFC 2960 3.3.2 Initiation (INIT) (1) 308 * 309 * Note 3: An INIT chunk MUST NOT contain more than one Host 310 * Name address parameter. Moreover, the sender of the INIT 311 * MUST NOT combine any other address types with the Host Name 312 * address in the INIT. The receiver of INIT MUST ignore any 313 * other address types if the Host Name address parameter is 314 * present in the received INIT chunk. 315 * 316 * PLEASE DO NOT FIXME [This version does not support Host Name.] 317 */ 318 319 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize); 320 if (!retval) 321 goto nodata; 322 323 retval->subh.init_hdr = 324 sctp_addto_chunk(retval, sizeof(init), &init); 325 retval->param_hdr.v = 326 sctp_addto_chunk(retval, addrs_len, addrs.v); 327 328 /* RFC 2960 3.3.2 Initiation (INIT) (1) 329 * 330 * Note 4: This parameter, when present, specifies all the 331 * address types the sending endpoint can support. The absence 332 * of this parameter indicates that the sending endpoint can 333 * support any address type. 334 */ 335 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 336 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 337 sctp_addto_chunk(retval, sizeof(sat), &sat); 338 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 339 340 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 341 342 /* Add the supported extensions parameter. Be nice and add this 343 * fist before addiding the parameters for the extensions themselves 344 */ 345 if (num_ext) { 346 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 347 ext_param.param_hdr.length = 348 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 349 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 350 &ext_param); 351 sctp_addto_param(retval, num_ext, extensions); 352 } 353 354 if (net->sctp.prsctp_enable) 355 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 356 357 if (sp->adaptation_ind) { 358 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 359 aiparam.param_hdr.length = htons(sizeof(aiparam)); 360 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 361 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 362 } 363 364 /* Add SCTP-AUTH chunks to the parameter list */ 365 if (net->sctp.auth_enable) { 366 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 367 asoc->c.auth_random); 368 if (auth_hmacs) 369 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 370 auth_hmacs); 371 if (auth_chunks) 372 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 373 auth_chunks); 374 } 375 nodata: 376 kfree(addrs.v); 377 return retval; 378 } 379 380 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 381 const struct sctp_chunk *chunk, 382 gfp_t gfp, int unkparam_len) 383 { 384 sctp_inithdr_t initack; 385 struct sctp_chunk *retval; 386 union sctp_params addrs; 387 struct sctp_sock *sp; 388 int addrs_len; 389 sctp_cookie_param_t *cookie; 390 int cookie_len; 391 size_t chunksize; 392 sctp_adaptation_ind_param_t aiparam; 393 sctp_supported_ext_param_t ext_param; 394 int num_ext = 0; 395 __u8 extensions[3]; 396 sctp_paramhdr_t *auth_chunks = NULL, 397 *auth_hmacs = NULL, 398 *auth_random = NULL; 399 400 retval = NULL; 401 402 /* Note: there may be no addresses to embed. */ 403 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 404 405 initack.init_tag = htonl(asoc->c.my_vtag); 406 initack.a_rwnd = htonl(asoc->rwnd); 407 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 408 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 409 initack.initial_tsn = htonl(asoc->c.initial_tsn); 410 411 /* FIXME: We really ought to build the cookie right 412 * into the packet instead of allocating more fresh memory. 413 */ 414 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 415 addrs.v, addrs_len); 416 if (!cookie) 417 goto nomem_cookie; 418 419 /* Calculate the total size of allocation, include the reserved 420 * space for reporting unknown parameters if it is specified. 421 */ 422 sp = sctp_sk(asoc->base.sk); 423 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 424 425 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 426 if (asoc->peer.ecn_capable) 427 chunksize += sizeof(ecap_param); 428 429 if (asoc->peer.prsctp_capable) 430 chunksize += sizeof(prsctp_param); 431 432 if (asoc->peer.asconf_capable) { 433 extensions[num_ext] = SCTP_CID_ASCONF; 434 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 435 num_ext += 2; 436 } 437 438 if (sp->adaptation_ind) 439 chunksize += sizeof(aiparam); 440 441 if (asoc->peer.auth_capable) { 442 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 443 chunksize += ntohs(auth_random->length); 444 445 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 446 if (auth_hmacs->length) 447 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 448 else 449 auth_hmacs = NULL; 450 451 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 452 if (auth_chunks->length) 453 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 454 else 455 auth_chunks = NULL; 456 457 extensions[num_ext] = SCTP_CID_AUTH; 458 num_ext += 1; 459 } 460 461 if (num_ext) 462 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 463 num_ext); 464 465 /* Now allocate and fill out the chunk. */ 466 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 467 if (!retval) 468 goto nomem_chunk; 469 470 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 471 * 472 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 473 * HEARTBEAT ACK, * etc.) to the same destination transport 474 * address from which it received the DATA or control chunk 475 * to which it is replying. 476 * 477 * [INIT ACK back to where the INIT came from.] 478 */ 479 retval->transport = chunk->transport; 480 481 retval->subh.init_hdr = 482 sctp_addto_chunk(retval, sizeof(initack), &initack); 483 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 484 sctp_addto_chunk(retval, cookie_len, cookie); 485 if (asoc->peer.ecn_capable) 486 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 487 if (num_ext) { 488 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 489 ext_param.param_hdr.length = 490 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 491 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 492 &ext_param); 493 sctp_addto_param(retval, num_ext, extensions); 494 } 495 if (asoc->peer.prsctp_capable) 496 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 497 498 if (sp->adaptation_ind) { 499 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 500 aiparam.param_hdr.length = htons(sizeof(aiparam)); 501 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 502 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 503 } 504 505 if (asoc->peer.auth_capable) { 506 sctp_addto_chunk(retval, ntohs(auth_random->length), 507 auth_random); 508 if (auth_hmacs) 509 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 510 auth_hmacs); 511 if (auth_chunks) 512 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 513 auth_chunks); 514 } 515 516 /* We need to remove the const qualifier at this point. */ 517 retval->asoc = (struct sctp_association *) asoc; 518 519 nomem_chunk: 520 kfree(cookie); 521 nomem_cookie: 522 kfree(addrs.v); 523 return retval; 524 } 525 526 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 527 * 528 * This chunk is used only during the initialization of an association. 529 * It is sent by the initiator of an association to its peer to complete 530 * the initialization process. This chunk MUST precede any DATA chunk 531 * sent within the association, but MAY be bundled with one or more DATA 532 * chunks in the same packet. 533 * 534 * 0 1 2 3 535 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 536 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 537 * | Type = 10 |Chunk Flags | Length | 538 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 539 * / Cookie / 540 * \ \ 541 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 542 * 543 * Chunk Flags: 8 bit 544 * 545 * Set to zero on transmit and ignored on receipt. 546 * 547 * Length: 16 bits (unsigned integer) 548 * 549 * Set to the size of the chunk in bytes, including the 4 bytes of 550 * the chunk header and the size of the Cookie. 551 * 552 * Cookie: variable size 553 * 554 * This field must contain the exact cookie received in the 555 * State Cookie parameter from the previous INIT ACK. 556 * 557 * An implementation SHOULD make the cookie as small as possible 558 * to insure interoperability. 559 */ 560 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 561 const struct sctp_chunk *chunk) 562 { 563 struct sctp_chunk *retval; 564 void *cookie; 565 int cookie_len; 566 567 cookie = asoc->peer.cookie; 568 cookie_len = asoc->peer.cookie_len; 569 570 /* Build a cookie echo chunk. */ 571 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 572 if (!retval) 573 goto nodata; 574 retval->subh.cookie_hdr = 575 sctp_addto_chunk(retval, cookie_len, cookie); 576 577 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 578 * 579 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 580 * HEARTBEAT ACK, * etc.) to the same destination transport 581 * address from which it * received the DATA or control chunk 582 * to which it is replying. 583 * 584 * [COOKIE ECHO back to where the INIT ACK came from.] 585 */ 586 if (chunk) 587 retval->transport = chunk->transport; 588 589 nodata: 590 return retval; 591 } 592 593 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 594 * 595 * This chunk is used only during the initialization of an 596 * association. It is used to acknowledge the receipt of a COOKIE 597 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 598 * within the association, but MAY be bundled with one or more DATA 599 * chunks or SACK chunk in the same SCTP packet. 600 * 601 * 0 1 2 3 602 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 603 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 604 * | Type = 11 |Chunk Flags | Length = 4 | 605 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 606 * 607 * Chunk Flags: 8 bits 608 * 609 * Set to zero on transmit and ignored on receipt. 610 */ 611 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 612 const struct sctp_chunk *chunk) 613 { 614 struct sctp_chunk *retval; 615 616 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 617 618 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 619 * 620 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 621 * HEARTBEAT ACK, * etc.) to the same destination transport 622 * address from which it * received the DATA or control chunk 623 * to which it is replying. 624 * 625 * [COOKIE ACK back to where the COOKIE ECHO came from.] 626 */ 627 if (retval && chunk) 628 retval->transport = chunk->transport; 629 630 return retval; 631 } 632 633 /* 634 * Appendix A: Explicit Congestion Notification: 635 * CWR: 636 * 637 * RFC 2481 details a specific bit for a sender to send in the header of 638 * its next outbound TCP segment to indicate to its peer that it has 639 * reduced its congestion window. This is termed the CWR bit. For 640 * SCTP the same indication is made by including the CWR chunk. 641 * This chunk contains one data element, i.e. the TSN number that 642 * was sent in the ECNE chunk. This element represents the lowest 643 * TSN number in the datagram that was originally marked with the 644 * CE bit. 645 * 646 * 0 1 2 3 647 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 648 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 649 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 650 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 651 * | Lowest TSN Number | 652 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 * 654 * Note: The CWR is considered a Control chunk. 655 */ 656 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 657 const __u32 lowest_tsn, 658 const struct sctp_chunk *chunk) 659 { 660 struct sctp_chunk *retval; 661 sctp_cwrhdr_t cwr; 662 663 cwr.lowest_tsn = htonl(lowest_tsn); 664 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 665 sizeof(sctp_cwrhdr_t)); 666 667 if (!retval) 668 goto nodata; 669 670 retval->subh.ecn_cwr_hdr = 671 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 672 673 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 674 * 675 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 676 * HEARTBEAT ACK, * etc.) to the same destination transport 677 * address from which it * received the DATA or control chunk 678 * to which it is replying. 679 * 680 * [Report a reduced congestion window back to where the ECNE 681 * came from.] 682 */ 683 if (chunk) 684 retval->transport = chunk->transport; 685 686 nodata: 687 return retval; 688 } 689 690 /* Make an ECNE chunk. This is a congestion experienced report. */ 691 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 692 const __u32 lowest_tsn) 693 { 694 struct sctp_chunk *retval; 695 sctp_ecnehdr_t ecne; 696 697 ecne.lowest_tsn = htonl(lowest_tsn); 698 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 699 sizeof(sctp_ecnehdr_t)); 700 if (!retval) 701 goto nodata; 702 retval->subh.ecne_hdr = 703 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 704 705 nodata: 706 return retval; 707 } 708 709 /* Make a DATA chunk for the given association from the provided 710 * parameters. However, do not populate the data payload. 711 */ 712 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 713 const struct sctp_sndrcvinfo *sinfo, 714 int data_len, __u8 flags, __u16 ssn) 715 { 716 struct sctp_chunk *retval; 717 struct sctp_datahdr dp; 718 int chunk_len; 719 720 /* We assign the TSN as LATE as possible, not here when 721 * creating the chunk. 722 */ 723 dp.tsn = 0; 724 dp.stream = htons(sinfo->sinfo_stream); 725 dp.ppid = sinfo->sinfo_ppid; 726 727 /* Set the flags for an unordered send. */ 728 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 729 flags |= SCTP_DATA_UNORDERED; 730 dp.ssn = 0; 731 } else 732 dp.ssn = htons(ssn); 733 734 chunk_len = sizeof(dp) + data_len; 735 retval = sctp_make_data(asoc, flags, chunk_len); 736 if (!retval) 737 goto nodata; 738 739 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 740 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 741 742 nodata: 743 return retval; 744 } 745 746 /* Create a selective ackowledgement (SACK) for the given 747 * association. This reports on which TSN's we've seen to date, 748 * including duplicates and gaps. 749 */ 750 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 751 { 752 struct sctp_chunk *retval; 753 struct sctp_sackhdr sack; 754 int len; 755 __u32 ctsn; 756 __u16 num_gabs, num_dup_tsns; 757 struct sctp_association *aptr = (struct sctp_association *)asoc; 758 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 759 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 760 struct sctp_transport *trans; 761 762 memset(gabs, 0, sizeof(gabs)); 763 ctsn = sctp_tsnmap_get_ctsn(map); 764 765 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 766 767 /* How much room is needed in the chunk? */ 768 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 769 num_dup_tsns = sctp_tsnmap_num_dups(map); 770 771 /* Initialize the SACK header. */ 772 sack.cum_tsn_ack = htonl(ctsn); 773 sack.a_rwnd = htonl(asoc->a_rwnd); 774 sack.num_gap_ack_blocks = htons(num_gabs); 775 sack.num_dup_tsns = htons(num_dup_tsns); 776 777 len = sizeof(sack) 778 + sizeof(struct sctp_gap_ack_block) * num_gabs 779 + sizeof(__u32) * num_dup_tsns; 780 781 /* Create the chunk. */ 782 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len); 783 if (!retval) 784 goto nodata; 785 786 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 787 * 788 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 789 * HEARTBEAT ACK, etc.) to the same destination transport 790 * address from which it received the DATA or control chunk to 791 * which it is replying. This rule should also be followed if 792 * the endpoint is bundling DATA chunks together with the 793 * reply chunk. 794 * 795 * However, when acknowledging multiple DATA chunks received 796 * in packets from different source addresses in a single 797 * SACK, the SACK chunk may be transmitted to one of the 798 * destination transport addresses from which the DATA or 799 * control chunks being acknowledged were received. 800 * 801 * [BUG: We do not implement the following paragraph. 802 * Perhaps we should remember the last transport we used for a 803 * SACK and avoid that (if possible) if we have seen any 804 * duplicates. --piggy] 805 * 806 * When a receiver of a duplicate DATA chunk sends a SACK to a 807 * multi- homed endpoint it MAY be beneficial to vary the 808 * destination address and not use the source address of the 809 * DATA chunk. The reason being that receiving a duplicate 810 * from a multi-homed endpoint might indicate that the return 811 * path (as specified in the source address of the DATA chunk) 812 * for the SACK is broken. 813 * 814 * [Send to the address from which we last received a DATA chunk.] 815 */ 816 retval->transport = asoc->peer.last_data_from; 817 818 retval->subh.sack_hdr = 819 sctp_addto_chunk(retval, sizeof(sack), &sack); 820 821 /* Add the gap ack block information. */ 822 if (num_gabs) 823 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 824 gabs); 825 826 /* Add the duplicate TSN information. */ 827 if (num_dup_tsns) { 828 aptr->stats.idupchunks += num_dup_tsns; 829 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 830 sctp_tsnmap_get_dups(map)); 831 } 832 /* Once we have a sack generated, check to see what our sack 833 * generation is, if its 0, reset the transports to 0, and reset 834 * the association generation to 1 835 * 836 * The idea is that zero is never used as a valid generation for the 837 * association so no transport will match after a wrap event like this, 838 * Until the next sack 839 */ 840 if (++aptr->peer.sack_generation == 0) { 841 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 842 transports) 843 trans->sack_generation = 0; 844 aptr->peer.sack_generation = 1; 845 } 846 nodata: 847 return retval; 848 } 849 850 /* Make a SHUTDOWN chunk. */ 851 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 852 const struct sctp_chunk *chunk) 853 { 854 struct sctp_chunk *retval; 855 sctp_shutdownhdr_t shut; 856 __u32 ctsn; 857 858 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 859 shut.cum_tsn_ack = htonl(ctsn); 860 861 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 862 sizeof(sctp_shutdownhdr_t)); 863 if (!retval) 864 goto nodata; 865 866 retval->subh.shutdown_hdr = 867 sctp_addto_chunk(retval, sizeof(shut), &shut); 868 869 if (chunk) 870 retval->transport = chunk->transport; 871 nodata: 872 return retval; 873 } 874 875 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 876 const struct sctp_chunk *chunk) 877 { 878 struct sctp_chunk *retval; 879 880 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 881 882 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 883 * 884 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 885 * HEARTBEAT ACK, * etc.) to the same destination transport 886 * address from which it * received the DATA or control chunk 887 * to which it is replying. 888 * 889 * [ACK back to where the SHUTDOWN came from.] 890 */ 891 if (retval && chunk) 892 retval->transport = chunk->transport; 893 894 return retval; 895 } 896 897 struct sctp_chunk *sctp_make_shutdown_complete( 898 const struct sctp_association *asoc, 899 const struct sctp_chunk *chunk) 900 { 901 struct sctp_chunk *retval; 902 __u8 flags = 0; 903 904 /* Set the T-bit if we have no association (vtag will be 905 * reflected) 906 */ 907 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 908 909 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 910 911 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 912 * 913 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 914 * HEARTBEAT ACK, * etc.) to the same destination transport 915 * address from which it * received the DATA or control chunk 916 * to which it is replying. 917 * 918 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 919 * came from.] 920 */ 921 if (retval && chunk) 922 retval->transport = chunk->transport; 923 924 return retval; 925 } 926 927 /* Create an ABORT. Note that we set the T bit if we have no 928 * association, except when responding to an INIT (sctpimpguide 2.41). 929 */ 930 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 931 const struct sctp_chunk *chunk, 932 const size_t hint) 933 { 934 struct sctp_chunk *retval; 935 __u8 flags = 0; 936 937 /* Set the T-bit if we have no association and 'chunk' is not 938 * an INIT (vtag will be reflected). 939 */ 940 if (!asoc) { 941 if (chunk && chunk->chunk_hdr && 942 chunk->chunk_hdr->type == SCTP_CID_INIT) 943 flags = 0; 944 else 945 flags = SCTP_CHUNK_FLAG_T; 946 } 947 948 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint); 949 950 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 951 * 952 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 953 * HEARTBEAT ACK, * etc.) to the same destination transport 954 * address from which it * received the DATA or control chunk 955 * to which it is replying. 956 * 957 * [ABORT back to where the offender came from.] 958 */ 959 if (retval && chunk) 960 retval->transport = chunk->transport; 961 962 return retval; 963 } 964 965 /* Helper to create ABORT with a NO_USER_DATA error. */ 966 struct sctp_chunk *sctp_make_abort_no_data( 967 const struct sctp_association *asoc, 968 const struct sctp_chunk *chunk, __u32 tsn) 969 { 970 struct sctp_chunk *retval; 971 __be32 payload; 972 973 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 974 + sizeof(tsn)); 975 976 if (!retval) 977 goto no_mem; 978 979 /* Put the tsn back into network byte order. */ 980 payload = htonl(tsn); 981 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 982 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 983 984 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 985 * 986 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 987 * HEARTBEAT ACK, * etc.) to the same destination transport 988 * address from which it * received the DATA or control chunk 989 * to which it is replying. 990 * 991 * [ABORT back to where the offender came from.] 992 */ 993 if (chunk) 994 retval->transport = chunk->transport; 995 996 no_mem: 997 return retval; 998 } 999 1000 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1001 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1002 const struct msghdr *msg, 1003 size_t paylen) 1004 { 1005 struct sctp_chunk *retval; 1006 void *payload = NULL; 1007 int err; 1008 1009 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 1010 if (!retval) 1011 goto err_chunk; 1012 1013 if (paylen) { 1014 /* Put the msg_iov together into payload. */ 1015 payload = kmalloc(paylen, GFP_KERNEL); 1016 if (!payload) 1017 goto err_payload; 1018 1019 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 1020 if (err < 0) 1021 goto err_copy; 1022 } 1023 1024 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1025 sctp_addto_chunk(retval, paylen, payload); 1026 1027 if (paylen) 1028 kfree(payload); 1029 1030 return retval; 1031 1032 err_copy: 1033 kfree(payload); 1034 err_payload: 1035 sctp_chunk_free(retval); 1036 retval = NULL; 1037 err_chunk: 1038 return retval; 1039 } 1040 1041 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1042 * enough. 1043 */ 1044 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1045 const void *data) 1046 { 1047 void *target; 1048 int chunklen = ntohs(chunk->chunk_hdr->length); 1049 1050 target = skb_put(chunk->skb, len); 1051 1052 if (data) 1053 memcpy(target, data, len); 1054 else 1055 memset(target, 0, len); 1056 1057 /* Adjust the chunk length field. */ 1058 chunk->chunk_hdr->length = htons(chunklen + len); 1059 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1060 1061 return target; 1062 } 1063 1064 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1065 struct sctp_chunk *sctp_make_abort_violation( 1066 const struct sctp_association *asoc, 1067 const struct sctp_chunk *chunk, 1068 const __u8 *payload, 1069 const size_t paylen) 1070 { 1071 struct sctp_chunk *retval; 1072 struct sctp_paramhdr phdr; 1073 1074 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1075 + sizeof(sctp_paramhdr_t)); 1076 if (!retval) 1077 goto end; 1078 1079 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1080 + sizeof(sctp_paramhdr_t)); 1081 1082 phdr.type = htons(chunk->chunk_hdr->type); 1083 phdr.length = chunk->chunk_hdr->length; 1084 sctp_addto_chunk(retval, paylen, payload); 1085 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1086 1087 end: 1088 return retval; 1089 } 1090 1091 struct sctp_chunk *sctp_make_violation_paramlen( 1092 const struct sctp_association *asoc, 1093 const struct sctp_chunk *chunk, 1094 struct sctp_paramhdr *param) 1095 { 1096 struct sctp_chunk *retval; 1097 static const char error[] = "The following parameter had invalid length:"; 1098 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1099 sizeof(sctp_paramhdr_t); 1100 1101 retval = sctp_make_abort(asoc, chunk, payload_len); 1102 if (!retval) 1103 goto nodata; 1104 1105 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1106 sizeof(error) + sizeof(sctp_paramhdr_t)); 1107 sctp_addto_chunk(retval, sizeof(error), error); 1108 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1109 1110 nodata: 1111 return retval; 1112 } 1113 1114 struct sctp_chunk *sctp_make_violation_max_retrans( 1115 const struct sctp_association *asoc, 1116 const struct sctp_chunk *chunk) 1117 { 1118 struct sctp_chunk *retval; 1119 static const char error[] = "Association exceeded its max_retans count"; 1120 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1121 1122 retval = sctp_make_abort(asoc, chunk, payload_len); 1123 if (!retval) 1124 goto nodata; 1125 1126 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1127 sctp_addto_chunk(retval, sizeof(error), error); 1128 1129 nodata: 1130 return retval; 1131 } 1132 1133 /* Make a HEARTBEAT chunk. */ 1134 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1135 const struct sctp_transport *transport) 1136 { 1137 struct sctp_chunk *retval; 1138 sctp_sender_hb_info_t hbinfo; 1139 1140 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo)); 1141 1142 if (!retval) 1143 goto nodata; 1144 1145 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1146 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1147 hbinfo.daddr = transport->ipaddr; 1148 hbinfo.sent_at = jiffies; 1149 hbinfo.hb_nonce = transport->hb_nonce; 1150 1151 /* Cast away the 'const', as this is just telling the chunk 1152 * what transport it belongs to. 1153 */ 1154 retval->transport = (struct sctp_transport *) transport; 1155 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1156 &hbinfo); 1157 1158 nodata: 1159 return retval; 1160 } 1161 1162 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1163 const struct sctp_chunk *chunk, 1164 const void *payload, const size_t paylen) 1165 { 1166 struct sctp_chunk *retval; 1167 1168 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1169 if (!retval) 1170 goto nodata; 1171 1172 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1173 1174 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1175 * 1176 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1177 * HEARTBEAT ACK, * etc.) to the same destination transport 1178 * address from which it * received the DATA or control chunk 1179 * to which it is replying. 1180 * 1181 * [HBACK back to where the HEARTBEAT came from.] 1182 */ 1183 if (chunk) 1184 retval->transport = chunk->transport; 1185 1186 nodata: 1187 return retval; 1188 } 1189 1190 /* Create an Operation Error chunk with the specified space reserved. 1191 * This routine can be used for containing multiple causes in the chunk. 1192 */ 1193 static struct sctp_chunk *sctp_make_op_error_space( 1194 const struct sctp_association *asoc, 1195 const struct sctp_chunk *chunk, 1196 size_t size) 1197 { 1198 struct sctp_chunk *retval; 1199 1200 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1201 sizeof(sctp_errhdr_t) + size); 1202 if (!retval) 1203 goto nodata; 1204 1205 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1206 * 1207 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1208 * HEARTBEAT ACK, etc.) to the same destination transport 1209 * address from which it received the DATA or control chunk 1210 * to which it is replying. 1211 * 1212 */ 1213 if (chunk) 1214 retval->transport = chunk->transport; 1215 1216 nodata: 1217 return retval; 1218 } 1219 1220 /* Create an Operation Error chunk of a fixed size, 1221 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1222 * This is a helper function to allocate an error chunk for 1223 * for those invalid parameter codes in which we may not want 1224 * to report all the errors, if the incoming chunk is large 1225 */ 1226 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1227 const struct sctp_association *asoc, 1228 const struct sctp_chunk *chunk) 1229 { 1230 size_t size = asoc ? asoc->pathmtu : 0; 1231 1232 if (!size) 1233 size = SCTP_DEFAULT_MAXSEGMENT; 1234 1235 return sctp_make_op_error_space(asoc, chunk, size); 1236 } 1237 1238 /* Create an Operation Error chunk. */ 1239 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1240 const struct sctp_chunk *chunk, 1241 __be16 cause_code, const void *payload, 1242 size_t paylen, size_t reserve_tail) 1243 { 1244 struct sctp_chunk *retval; 1245 1246 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1247 if (!retval) 1248 goto nodata; 1249 1250 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1251 sctp_addto_chunk(retval, paylen, payload); 1252 if (reserve_tail) 1253 sctp_addto_param(retval, reserve_tail, NULL); 1254 1255 nodata: 1256 return retval; 1257 } 1258 1259 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1260 { 1261 struct sctp_chunk *retval; 1262 struct sctp_hmac *hmac_desc; 1263 struct sctp_authhdr auth_hdr; 1264 __u8 *hmac; 1265 1266 /* Get the first hmac that the peer told us to use */ 1267 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1268 if (unlikely(!hmac_desc)) 1269 return NULL; 1270 1271 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1272 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1273 if (!retval) 1274 return NULL; 1275 1276 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1277 auth_hdr.shkey_id = htons(asoc->active_key_id); 1278 1279 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1280 &auth_hdr); 1281 1282 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1283 memset(hmac, 0, hmac_desc->hmac_len); 1284 1285 /* Adjust the chunk header to include the empty MAC */ 1286 retval->chunk_hdr->length = 1287 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1288 retval->chunk_end = skb_tail_pointer(retval->skb); 1289 1290 return retval; 1291 } 1292 1293 1294 /******************************************************************** 1295 * 2nd Level Abstractions 1296 ********************************************************************/ 1297 1298 /* Turn an skb into a chunk. 1299 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1300 */ 1301 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1302 const struct sctp_association *asoc, 1303 struct sock *sk) 1304 { 1305 struct sctp_chunk *retval; 1306 1307 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1308 1309 if (!retval) 1310 goto nodata; 1311 if (!sk) 1312 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1313 1314 INIT_LIST_HEAD(&retval->list); 1315 retval->skb = skb; 1316 retval->asoc = (struct sctp_association *)asoc; 1317 retval->has_tsn = 0; 1318 retval->has_ssn = 0; 1319 retval->rtt_in_progress = 0; 1320 retval->sent_at = 0; 1321 retval->singleton = 1; 1322 retval->end_of_packet = 0; 1323 retval->ecn_ce_done = 0; 1324 retval->pdiscard = 0; 1325 1326 /* sctpimpguide-05.txt Section 2.8.2 1327 * M1) Each time a new DATA chunk is transmitted 1328 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1329 * 'TSN.Missing.Report' count will be used to determine missing chunks 1330 * and when to fast retransmit. 1331 */ 1332 retval->tsn_missing_report = 0; 1333 retval->tsn_gap_acked = 0; 1334 retval->fast_retransmit = SCTP_CAN_FRTX; 1335 1336 /* If this is a fragmented message, track all fragments 1337 * of the message (for SEND_FAILED). 1338 */ 1339 retval->msg = NULL; 1340 1341 /* Polish the bead hole. */ 1342 INIT_LIST_HEAD(&retval->transmitted_list); 1343 INIT_LIST_HEAD(&retval->frag_list); 1344 SCTP_DBG_OBJCNT_INC(chunk); 1345 atomic_set(&retval->refcnt, 1); 1346 1347 nodata: 1348 return retval; 1349 } 1350 1351 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1352 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1353 union sctp_addr *dest) 1354 { 1355 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1356 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1357 } 1358 1359 /* Extract the source address from a chunk. */ 1360 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1361 { 1362 /* If we have a known transport, use that. */ 1363 if (chunk->transport) { 1364 return &chunk->transport->ipaddr; 1365 } else { 1366 /* Otherwise, extract it from the IP header. */ 1367 return &chunk->source; 1368 } 1369 } 1370 1371 /* Create a new chunk, setting the type and flags headers from the 1372 * arguments, reserving enough space for a 'paylen' byte payload. 1373 */ 1374 static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1375 __u8 type, __u8 flags, int paylen) 1376 { 1377 struct sctp_chunk *retval; 1378 sctp_chunkhdr_t *chunk_hdr; 1379 struct sk_buff *skb; 1380 struct sock *sk; 1381 1382 /* No need to allocate LL here, as this is only a chunk. */ 1383 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1384 GFP_ATOMIC); 1385 if (!skb) 1386 goto nodata; 1387 1388 /* Make room for the chunk header. */ 1389 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1390 chunk_hdr->type = type; 1391 chunk_hdr->flags = flags; 1392 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1393 1394 sk = asoc ? asoc->base.sk : NULL; 1395 retval = sctp_chunkify(skb, asoc, sk); 1396 if (!retval) { 1397 kfree_skb(skb); 1398 goto nodata; 1399 } 1400 1401 retval->chunk_hdr = chunk_hdr; 1402 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1403 1404 /* Determine if the chunk needs to be authenticated */ 1405 if (sctp_auth_send_cid(type, asoc)) 1406 retval->auth = 1; 1407 1408 return retval; 1409 nodata: 1410 return NULL; 1411 } 1412 1413 static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1414 __u8 flags, int paylen) 1415 { 1416 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen); 1417 } 1418 1419 static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1420 __u8 type, __u8 flags, int paylen) 1421 { 1422 struct sctp_chunk *chunk = _sctp_make_chunk(asoc, type, flags, paylen); 1423 1424 if (chunk) 1425 sctp_control_set_owner_w(chunk); 1426 1427 return chunk; 1428 } 1429 1430 /* Release the memory occupied by a chunk. */ 1431 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1432 { 1433 BUG_ON(!list_empty(&chunk->list)); 1434 list_del_init(&chunk->transmitted_list); 1435 1436 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1437 dev_kfree_skb(chunk->skb); 1438 1439 SCTP_DBG_OBJCNT_DEC(chunk); 1440 kmem_cache_free(sctp_chunk_cachep, chunk); 1441 } 1442 1443 /* Possibly, free the chunk. */ 1444 void sctp_chunk_free(struct sctp_chunk *chunk) 1445 { 1446 /* Release our reference on the message tracker. */ 1447 if (chunk->msg) 1448 sctp_datamsg_put(chunk->msg); 1449 1450 sctp_chunk_put(chunk); 1451 } 1452 1453 /* Grab a reference to the chunk. */ 1454 void sctp_chunk_hold(struct sctp_chunk *ch) 1455 { 1456 atomic_inc(&ch->refcnt); 1457 } 1458 1459 /* Release a reference to the chunk. */ 1460 void sctp_chunk_put(struct sctp_chunk *ch) 1461 { 1462 if (atomic_dec_and_test(&ch->refcnt)) 1463 sctp_chunk_destroy(ch); 1464 } 1465 1466 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1467 * enough. 1468 */ 1469 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1470 { 1471 void *target; 1472 void *padding; 1473 int chunklen = ntohs(chunk->chunk_hdr->length); 1474 int padlen = WORD_ROUND(chunklen) - chunklen; 1475 1476 padding = skb_put(chunk->skb, padlen); 1477 target = skb_put(chunk->skb, len); 1478 1479 memset(padding, 0, padlen); 1480 memcpy(target, data, len); 1481 1482 /* Adjust the chunk length field. */ 1483 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1484 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1485 1486 return target; 1487 } 1488 1489 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1490 * space in the chunk 1491 */ 1492 void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1493 int len, const void *data) 1494 { 1495 if (skb_tailroom(chunk->skb) >= len) 1496 return sctp_addto_chunk(chunk, len, data); 1497 else 1498 return NULL; 1499 } 1500 1501 /* Append bytes from user space to the end of a chunk. Will panic if 1502 * chunk is not big enough. 1503 * Returns a kernel err value. 1504 */ 1505 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1506 struct iovec *data) 1507 { 1508 __u8 *target; 1509 int err = 0; 1510 1511 /* Make room in chunk for data. */ 1512 target = skb_put(chunk->skb, len); 1513 1514 /* Copy data (whole iovec) into chunk */ 1515 if ((err = memcpy_fromiovecend(target, data, off, len))) 1516 goto out; 1517 1518 /* Adjust the chunk length field. */ 1519 chunk->chunk_hdr->length = 1520 htons(ntohs(chunk->chunk_hdr->length) + len); 1521 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1522 1523 out: 1524 return err; 1525 } 1526 1527 /* Helper function to assign a TSN if needed. This assumes that both 1528 * the data_hdr and association have already been assigned. 1529 */ 1530 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1531 { 1532 struct sctp_datamsg *msg; 1533 struct sctp_chunk *lchunk; 1534 struct sctp_stream *stream; 1535 __u16 ssn; 1536 __u16 sid; 1537 1538 if (chunk->has_ssn) 1539 return; 1540 1541 /* All fragments will be on the same stream */ 1542 sid = ntohs(chunk->subh.data_hdr->stream); 1543 stream = &chunk->asoc->ssnmap->out; 1544 1545 /* Now assign the sequence number to the entire message. 1546 * All fragments must have the same stream sequence number. 1547 */ 1548 msg = chunk->msg; 1549 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1550 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1551 ssn = 0; 1552 } else { 1553 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1554 ssn = sctp_ssn_next(stream, sid); 1555 else 1556 ssn = sctp_ssn_peek(stream, sid); 1557 } 1558 1559 lchunk->subh.data_hdr->ssn = htons(ssn); 1560 lchunk->has_ssn = 1; 1561 } 1562 } 1563 1564 /* Helper function to assign a TSN if needed. This assumes that both 1565 * the data_hdr and association have already been assigned. 1566 */ 1567 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1568 { 1569 if (!chunk->has_tsn) { 1570 /* This is the last possible instant to 1571 * assign a TSN. 1572 */ 1573 chunk->subh.data_hdr->tsn = 1574 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1575 chunk->has_tsn = 1; 1576 } 1577 } 1578 1579 /* Create a CLOSED association to use with an incoming packet. */ 1580 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1581 struct sctp_chunk *chunk, 1582 gfp_t gfp) 1583 { 1584 struct sctp_association *asoc; 1585 struct sk_buff *skb; 1586 sctp_scope_t scope; 1587 struct sctp_af *af; 1588 1589 /* Create the bare association. */ 1590 scope = sctp_scope(sctp_source(chunk)); 1591 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1592 if (!asoc) 1593 goto nodata; 1594 asoc->temp = 1; 1595 skb = chunk->skb; 1596 /* Create an entry for the source address of the packet. */ 1597 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1598 if (unlikely(!af)) 1599 goto fail; 1600 af->from_skb(&asoc->c.peer_addr, skb, 1); 1601 nodata: 1602 return asoc; 1603 1604 fail: 1605 sctp_association_free(asoc); 1606 return NULL; 1607 } 1608 1609 /* Build a cookie representing asoc. 1610 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1611 */ 1612 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1613 const struct sctp_association *asoc, 1614 const struct sctp_chunk *init_chunk, 1615 int *cookie_len, 1616 const __u8 *raw_addrs, int addrs_len) 1617 { 1618 sctp_cookie_param_t *retval; 1619 struct sctp_signed_cookie *cookie; 1620 struct scatterlist sg; 1621 int headersize, bodysize; 1622 1623 /* Header size is static data prior to the actual cookie, including 1624 * any padding. 1625 */ 1626 headersize = sizeof(sctp_paramhdr_t) + 1627 (sizeof(struct sctp_signed_cookie) - 1628 sizeof(struct sctp_cookie)); 1629 bodysize = sizeof(struct sctp_cookie) 1630 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1631 1632 /* Pad out the cookie to a multiple to make the signature 1633 * functions simpler to write. 1634 */ 1635 if (bodysize % SCTP_COOKIE_MULTIPLE) 1636 bodysize += SCTP_COOKIE_MULTIPLE 1637 - (bodysize % SCTP_COOKIE_MULTIPLE); 1638 *cookie_len = headersize + bodysize; 1639 1640 /* Clear this memory since we are sending this data structure 1641 * out on the network. 1642 */ 1643 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1644 if (!retval) 1645 goto nodata; 1646 1647 cookie = (struct sctp_signed_cookie *) retval->body; 1648 1649 /* Set up the parameter header. */ 1650 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1651 retval->p.length = htons(*cookie_len); 1652 1653 /* Copy the cookie part of the association itself. */ 1654 cookie->c = asoc->c; 1655 /* Save the raw address list length in the cookie. */ 1656 cookie->c.raw_addr_list_len = addrs_len; 1657 1658 /* Remember PR-SCTP capability. */ 1659 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1660 1661 /* Save adaptation indication in the cookie. */ 1662 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1663 1664 /* Set an expiration time for the cookie. */ 1665 cookie->c.expiration = ktime_add(asoc->cookie_life, 1666 ktime_get()); 1667 1668 /* Copy the peer's init packet. */ 1669 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1670 ntohs(init_chunk->chunk_hdr->length)); 1671 1672 /* Copy the raw local address list of the association. */ 1673 memcpy((__u8 *)&cookie->c.peer_init[0] + 1674 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1675 1676 if (sctp_sk(ep->base.sk)->hmac) { 1677 struct hash_desc desc; 1678 1679 /* Sign the message. */ 1680 sg_init_one(&sg, &cookie->c, bodysize); 1681 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1682 desc.flags = 0; 1683 1684 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1685 sizeof(ep->secret_key)) || 1686 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1687 goto free_cookie; 1688 } 1689 1690 return retval; 1691 1692 free_cookie: 1693 kfree(retval); 1694 nodata: 1695 *cookie_len = 0; 1696 return NULL; 1697 } 1698 1699 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1700 struct sctp_association *sctp_unpack_cookie( 1701 const struct sctp_endpoint *ep, 1702 const struct sctp_association *asoc, 1703 struct sctp_chunk *chunk, gfp_t gfp, 1704 int *error, struct sctp_chunk **errp) 1705 { 1706 struct sctp_association *retval = NULL; 1707 struct sctp_signed_cookie *cookie; 1708 struct sctp_cookie *bear_cookie; 1709 int headersize, bodysize, fixed_size; 1710 __u8 *digest = ep->digest; 1711 struct scatterlist sg; 1712 unsigned int len; 1713 sctp_scope_t scope; 1714 struct sk_buff *skb = chunk->skb; 1715 ktime_t kt; 1716 struct hash_desc desc; 1717 1718 /* Header size is static data prior to the actual cookie, including 1719 * any padding. 1720 */ 1721 headersize = sizeof(sctp_chunkhdr_t) + 1722 (sizeof(struct sctp_signed_cookie) - 1723 sizeof(struct sctp_cookie)); 1724 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1725 fixed_size = headersize + sizeof(struct sctp_cookie); 1726 1727 /* Verify that the chunk looks like it even has a cookie. 1728 * There must be enough room for our cookie and our peer's 1729 * INIT chunk. 1730 */ 1731 len = ntohs(chunk->chunk_hdr->length); 1732 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1733 goto malformed; 1734 1735 /* Verify that the cookie has been padded out. */ 1736 if (bodysize % SCTP_COOKIE_MULTIPLE) 1737 goto malformed; 1738 1739 /* Process the cookie. */ 1740 cookie = chunk->subh.cookie_hdr; 1741 bear_cookie = &cookie->c; 1742 1743 if (!sctp_sk(ep->base.sk)->hmac) 1744 goto no_hmac; 1745 1746 /* Check the signature. */ 1747 sg_init_one(&sg, bear_cookie, bodysize); 1748 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1749 desc.flags = 0; 1750 1751 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1752 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1753 sizeof(ep->secret_key)) || 1754 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1755 *error = -SCTP_IERROR_NOMEM; 1756 goto fail; 1757 } 1758 1759 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1760 *error = -SCTP_IERROR_BAD_SIG; 1761 goto fail; 1762 } 1763 1764 no_hmac: 1765 /* IG Section 2.35.2: 1766 * 3) Compare the port numbers and the verification tag contained 1767 * within the COOKIE ECHO chunk to the actual port numbers and the 1768 * verification tag within the SCTP common header of the received 1769 * packet. If these values do not match the packet MUST be silently 1770 * discarded, 1771 */ 1772 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1773 *error = -SCTP_IERROR_BAD_TAG; 1774 goto fail; 1775 } 1776 1777 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1778 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1779 *error = -SCTP_IERROR_BAD_PORTS; 1780 goto fail; 1781 } 1782 1783 /* Check to see if the cookie is stale. If there is already 1784 * an association, there is no need to check cookie's expiration 1785 * for init collision case of lost COOKIE ACK. 1786 * If skb has been timestamped, then use the stamp, otherwise 1787 * use current time. This introduces a small possibility that 1788 * that a cookie may be considered expired, but his would only slow 1789 * down the new association establishment instead of every packet. 1790 */ 1791 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1792 kt = skb_get_ktime(skb); 1793 else 1794 kt = ktime_get(); 1795 1796 if (!asoc && ktime_compare(bear_cookie->expiration, kt) < 0) { 1797 /* 1798 * Section 3.3.10.3 Stale Cookie Error (3) 1799 * 1800 * Cause of error 1801 * --------------- 1802 * Stale Cookie Error: Indicates the receipt of a valid State 1803 * Cookie that has expired. 1804 */ 1805 len = ntohs(chunk->chunk_hdr->length); 1806 *errp = sctp_make_op_error_space(asoc, chunk, len); 1807 if (*errp) { 1808 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1809 __be32 n = htonl(usecs); 1810 1811 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1812 sizeof(n)); 1813 sctp_addto_chunk(*errp, sizeof(n), &n); 1814 *error = -SCTP_IERROR_STALE_COOKIE; 1815 } else 1816 *error = -SCTP_IERROR_NOMEM; 1817 1818 goto fail; 1819 } 1820 1821 /* Make a new base association. */ 1822 scope = sctp_scope(sctp_source(chunk)); 1823 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1824 if (!retval) { 1825 *error = -SCTP_IERROR_NOMEM; 1826 goto fail; 1827 } 1828 1829 /* Set up our peer's port number. */ 1830 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1831 1832 /* Populate the association from the cookie. */ 1833 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1834 1835 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1836 GFP_ATOMIC) < 0) { 1837 *error = -SCTP_IERROR_NOMEM; 1838 goto fail; 1839 } 1840 1841 /* Also, add the destination address. */ 1842 if (list_empty(&retval->base.bind_addr.address_list)) { 1843 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1844 SCTP_ADDR_SRC, GFP_ATOMIC); 1845 } 1846 1847 retval->next_tsn = retval->c.initial_tsn; 1848 retval->ctsn_ack_point = retval->next_tsn - 1; 1849 retval->addip_serial = retval->c.initial_tsn; 1850 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1851 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1852 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1853 1854 /* The INIT stuff will be done by the side effects. */ 1855 return retval; 1856 1857 fail: 1858 if (retval) 1859 sctp_association_free(retval); 1860 1861 return NULL; 1862 1863 malformed: 1864 /* Yikes! The packet is either corrupt or deliberately 1865 * malformed. 1866 */ 1867 *error = -SCTP_IERROR_MALFORMED; 1868 goto fail; 1869 } 1870 1871 /******************************************************************** 1872 * 3rd Level Abstractions 1873 ********************************************************************/ 1874 1875 struct __sctp_missing { 1876 __be32 num_missing; 1877 __be16 type; 1878 } __packed; 1879 1880 /* 1881 * Report a missing mandatory parameter. 1882 */ 1883 static int sctp_process_missing_param(const struct sctp_association *asoc, 1884 sctp_param_t paramtype, 1885 struct sctp_chunk *chunk, 1886 struct sctp_chunk **errp) 1887 { 1888 struct __sctp_missing report; 1889 __u16 len; 1890 1891 len = WORD_ROUND(sizeof(report)); 1892 1893 /* Make an ERROR chunk, preparing enough room for 1894 * returning multiple unknown parameters. 1895 */ 1896 if (!*errp) 1897 *errp = sctp_make_op_error_space(asoc, chunk, len); 1898 1899 if (*errp) { 1900 report.num_missing = htonl(1); 1901 report.type = paramtype; 1902 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1903 sizeof(report)); 1904 sctp_addto_chunk(*errp, sizeof(report), &report); 1905 } 1906 1907 /* Stop processing this chunk. */ 1908 return 0; 1909 } 1910 1911 /* Report an Invalid Mandatory Parameter. */ 1912 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1913 struct sctp_chunk *chunk, 1914 struct sctp_chunk **errp) 1915 { 1916 /* Invalid Mandatory Parameter Error has no payload. */ 1917 1918 if (!*errp) 1919 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1920 1921 if (*errp) 1922 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1923 1924 /* Stop processing this chunk. */ 1925 return 0; 1926 } 1927 1928 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1929 struct sctp_paramhdr *param, 1930 const struct sctp_chunk *chunk, 1931 struct sctp_chunk **errp) 1932 { 1933 /* This is a fatal error. Any accumulated non-fatal errors are 1934 * not reported. 1935 */ 1936 if (*errp) 1937 sctp_chunk_free(*errp); 1938 1939 /* Create an error chunk and fill it in with our payload. */ 1940 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1941 1942 return 0; 1943 } 1944 1945 1946 /* Do not attempt to handle the HOST_NAME parm. However, do 1947 * send back an indicator to the peer. 1948 */ 1949 static int sctp_process_hn_param(const struct sctp_association *asoc, 1950 union sctp_params param, 1951 struct sctp_chunk *chunk, 1952 struct sctp_chunk **errp) 1953 { 1954 __u16 len = ntohs(param.p->length); 1955 1956 /* Processing of the HOST_NAME parameter will generate an 1957 * ABORT. If we've accumulated any non-fatal errors, they 1958 * would be unrecognized parameters and we should not include 1959 * them in the ABORT. 1960 */ 1961 if (*errp) 1962 sctp_chunk_free(*errp); 1963 1964 *errp = sctp_make_op_error_space(asoc, chunk, len); 1965 1966 if (*errp) { 1967 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1968 sctp_addto_chunk(*errp, len, param.v); 1969 } 1970 1971 /* Stop processing this chunk. */ 1972 return 0; 1973 } 1974 1975 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1976 { 1977 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1978 int have_auth = 0; 1979 int have_asconf = 0; 1980 int i; 1981 1982 for (i = 0; i < num_ext; i++) { 1983 switch (param.ext->chunks[i]) { 1984 case SCTP_CID_AUTH: 1985 have_auth = 1; 1986 break; 1987 case SCTP_CID_ASCONF: 1988 case SCTP_CID_ASCONF_ACK: 1989 have_asconf = 1; 1990 break; 1991 } 1992 } 1993 1994 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1995 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1996 * only if ADD-IP is turned on and we are not backward-compatible 1997 * mode. 1998 */ 1999 if (net->sctp.addip_noauth) 2000 return 1; 2001 2002 if (net->sctp.addip_enable && !have_auth && have_asconf) 2003 return 0; 2004 2005 return 1; 2006 } 2007 2008 static void sctp_process_ext_param(struct sctp_association *asoc, 2009 union sctp_params param) 2010 { 2011 struct net *net = sock_net(asoc->base.sk); 2012 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2013 int i; 2014 2015 for (i = 0; i < num_ext; i++) { 2016 switch (param.ext->chunks[i]) { 2017 case SCTP_CID_FWD_TSN: 2018 if (net->sctp.prsctp_enable && 2019 !asoc->peer.prsctp_capable) 2020 asoc->peer.prsctp_capable = 1; 2021 break; 2022 case SCTP_CID_AUTH: 2023 /* if the peer reports AUTH, assume that he 2024 * supports AUTH. 2025 */ 2026 if (net->sctp.auth_enable) 2027 asoc->peer.auth_capable = 1; 2028 break; 2029 case SCTP_CID_ASCONF: 2030 case SCTP_CID_ASCONF_ACK: 2031 if (net->sctp.addip_enable) 2032 asoc->peer.asconf_capable = 1; 2033 break; 2034 default: 2035 break; 2036 } 2037 } 2038 } 2039 2040 /* RFC 3.2.1 & the Implementers Guide 2.2. 2041 * 2042 * The Parameter Types are encoded such that the 2043 * highest-order two bits specify the action that must be 2044 * taken if the processing endpoint does not recognize the 2045 * Parameter Type. 2046 * 2047 * 00 - Stop processing this parameter; do not process any further 2048 * parameters within this chunk 2049 * 2050 * 01 - Stop processing this parameter, do not process any further 2051 * parameters within this chunk, and report the unrecognized 2052 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2053 * 2054 * 10 - Skip this parameter and continue processing. 2055 * 2056 * 11 - Skip this parameter and continue processing but 2057 * report the unrecognized parameter in an 2058 * 'Unrecognized Parameter' ERROR chunk. 2059 * 2060 * Return value: 2061 * SCTP_IERROR_NO_ERROR - continue with the chunk 2062 * SCTP_IERROR_ERROR - stop and report an error. 2063 * SCTP_IERROR_NOMEME - out of memory. 2064 */ 2065 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2066 union sctp_params param, 2067 struct sctp_chunk *chunk, 2068 struct sctp_chunk **errp) 2069 { 2070 int retval = SCTP_IERROR_NO_ERROR; 2071 2072 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2073 case SCTP_PARAM_ACTION_DISCARD: 2074 retval = SCTP_IERROR_ERROR; 2075 break; 2076 case SCTP_PARAM_ACTION_SKIP: 2077 break; 2078 case SCTP_PARAM_ACTION_DISCARD_ERR: 2079 retval = SCTP_IERROR_ERROR; 2080 /* Fall through */ 2081 case SCTP_PARAM_ACTION_SKIP_ERR: 2082 /* Make an ERROR chunk, preparing enough room for 2083 * returning multiple unknown parameters. 2084 */ 2085 if (NULL == *errp) 2086 *errp = sctp_make_op_error_fixed(asoc, chunk); 2087 2088 if (*errp) { 2089 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2090 WORD_ROUND(ntohs(param.p->length)))) 2091 sctp_addto_chunk_fixed(*errp, 2092 WORD_ROUND(ntohs(param.p->length)), 2093 param.v); 2094 } else { 2095 /* If there is no memory for generating the ERROR 2096 * report as specified, an ABORT will be triggered 2097 * to the peer and the association won't be 2098 * established. 2099 */ 2100 retval = SCTP_IERROR_NOMEM; 2101 } 2102 break; 2103 default: 2104 break; 2105 } 2106 2107 return retval; 2108 } 2109 2110 /* Verify variable length parameters 2111 * Return values: 2112 * SCTP_IERROR_ABORT - trigger an ABORT 2113 * SCTP_IERROR_NOMEM - out of memory (abort) 2114 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2115 * SCTP_IERROR_NO_ERROR - continue with the chunk 2116 */ 2117 static sctp_ierror_t sctp_verify_param(struct net *net, 2118 const struct sctp_association *asoc, 2119 union sctp_params param, 2120 sctp_cid_t cid, 2121 struct sctp_chunk *chunk, 2122 struct sctp_chunk **err_chunk) 2123 { 2124 struct sctp_hmac_algo_param *hmacs; 2125 int retval = SCTP_IERROR_NO_ERROR; 2126 __u16 n_elt, id = 0; 2127 int i; 2128 2129 /* FIXME - This routine is not looking at each parameter per the 2130 * chunk type, i.e., unrecognized parameters should be further 2131 * identified based on the chunk id. 2132 */ 2133 2134 switch (param.p->type) { 2135 case SCTP_PARAM_IPV4_ADDRESS: 2136 case SCTP_PARAM_IPV6_ADDRESS: 2137 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2138 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2139 case SCTP_PARAM_STATE_COOKIE: 2140 case SCTP_PARAM_HEARTBEAT_INFO: 2141 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2142 case SCTP_PARAM_ECN_CAPABLE: 2143 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2144 break; 2145 2146 case SCTP_PARAM_SUPPORTED_EXT: 2147 if (!sctp_verify_ext_param(net, param)) 2148 return SCTP_IERROR_ABORT; 2149 break; 2150 2151 case SCTP_PARAM_SET_PRIMARY: 2152 if (net->sctp.addip_enable) 2153 break; 2154 goto fallthrough; 2155 2156 case SCTP_PARAM_HOST_NAME_ADDRESS: 2157 /* Tell the peer, we won't support this param. */ 2158 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2159 retval = SCTP_IERROR_ABORT; 2160 break; 2161 2162 case SCTP_PARAM_FWD_TSN_SUPPORT: 2163 if (net->sctp.prsctp_enable) 2164 break; 2165 goto fallthrough; 2166 2167 case SCTP_PARAM_RANDOM: 2168 if (!net->sctp.auth_enable) 2169 goto fallthrough; 2170 2171 /* SCTP-AUTH: Secion 6.1 2172 * If the random number is not 32 byte long the association 2173 * MUST be aborted. The ABORT chunk SHOULD contain the error 2174 * cause 'Protocol Violation'. 2175 */ 2176 if (SCTP_AUTH_RANDOM_LENGTH != 2177 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2178 sctp_process_inv_paramlength(asoc, param.p, 2179 chunk, err_chunk); 2180 retval = SCTP_IERROR_ABORT; 2181 } 2182 break; 2183 2184 case SCTP_PARAM_CHUNKS: 2185 if (!net->sctp.auth_enable) 2186 goto fallthrough; 2187 2188 /* SCTP-AUTH: Section 3.2 2189 * The CHUNKS parameter MUST be included once in the INIT or 2190 * INIT-ACK chunk if the sender wants to receive authenticated 2191 * chunks. Its maximum length is 260 bytes. 2192 */ 2193 if (260 < ntohs(param.p->length)) { 2194 sctp_process_inv_paramlength(asoc, param.p, 2195 chunk, err_chunk); 2196 retval = SCTP_IERROR_ABORT; 2197 } 2198 break; 2199 2200 case SCTP_PARAM_HMAC_ALGO: 2201 if (!net->sctp.auth_enable) 2202 goto fallthrough; 2203 2204 hmacs = (struct sctp_hmac_algo_param *)param.p; 2205 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2206 2207 /* SCTP-AUTH: Section 6.1 2208 * The HMAC algorithm based on SHA-1 MUST be supported and 2209 * included in the HMAC-ALGO parameter. 2210 */ 2211 for (i = 0; i < n_elt; i++) { 2212 id = ntohs(hmacs->hmac_ids[i]); 2213 2214 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2215 break; 2216 } 2217 2218 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2219 sctp_process_inv_paramlength(asoc, param.p, chunk, 2220 err_chunk); 2221 retval = SCTP_IERROR_ABORT; 2222 } 2223 break; 2224 fallthrough: 2225 default: 2226 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2227 __func__, ntohs(param.p->type), cid); 2228 2229 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2230 break; 2231 } 2232 return retval; 2233 } 2234 2235 /* Verify the INIT packet before we process it. */ 2236 int sctp_verify_init(struct net *net, const struct sctp_association *asoc, 2237 sctp_cid_t cid, 2238 sctp_init_chunk_t *peer_init, 2239 struct sctp_chunk *chunk, 2240 struct sctp_chunk **errp) 2241 { 2242 union sctp_params param; 2243 bool has_cookie = false; 2244 int result; 2245 2246 /* Check for missing mandatory parameters. Note: Initial TSN is 2247 * also mandatory, but is not checked here since the valid range 2248 * is 0..2**32-1. RFC4960, section 3.3.3. 2249 */ 2250 if (peer_init->init_hdr.num_outbound_streams == 0 || 2251 peer_init->init_hdr.num_inbound_streams == 0 || 2252 peer_init->init_hdr.init_tag == 0 || 2253 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2254 return sctp_process_inv_mandatory(asoc, chunk, errp); 2255 2256 sctp_walk_params(param, peer_init, init_hdr.params) { 2257 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2258 has_cookie = true; 2259 } 2260 2261 /* There is a possibility that a parameter length was bad and 2262 * in that case we would have stoped walking the parameters. 2263 * The current param.p would point at the bad one. 2264 * Current consensus on the mailing list is to generate a PROTOCOL 2265 * VIOLATION error. We build the ERROR chunk here and let the normal 2266 * error handling code build and send the packet. 2267 */ 2268 if (param.v != (void*)chunk->chunk_end) 2269 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2270 2271 /* The only missing mandatory param possible today is 2272 * the state cookie for an INIT-ACK chunk. 2273 */ 2274 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2275 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2276 chunk, errp); 2277 2278 /* Verify all the variable length parameters */ 2279 sctp_walk_params(param, peer_init, init_hdr.params) { 2280 2281 result = sctp_verify_param(net, asoc, param, cid, chunk, errp); 2282 switch (result) { 2283 case SCTP_IERROR_ABORT: 2284 case SCTP_IERROR_NOMEM: 2285 return 0; 2286 case SCTP_IERROR_ERROR: 2287 return 1; 2288 case SCTP_IERROR_NO_ERROR: 2289 default: 2290 break; 2291 } 2292 2293 } /* for (loop through all parameters) */ 2294 2295 return 1; 2296 } 2297 2298 /* Unpack the parameters in an INIT packet into an association. 2299 * Returns 0 on failure, else success. 2300 * FIXME: This is an association method. 2301 */ 2302 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2303 const union sctp_addr *peer_addr, 2304 sctp_init_chunk_t *peer_init, gfp_t gfp) 2305 { 2306 struct net *net = sock_net(asoc->base.sk); 2307 union sctp_params param; 2308 struct sctp_transport *transport; 2309 struct list_head *pos, *temp; 2310 struct sctp_af *af; 2311 union sctp_addr addr; 2312 char *cookie; 2313 int src_match = 0; 2314 2315 /* We must include the address that the INIT packet came from. 2316 * This is the only address that matters for an INIT packet. 2317 * When processing a COOKIE ECHO, we retrieve the from address 2318 * of the INIT from the cookie. 2319 */ 2320 2321 /* This implementation defaults to making the first transport 2322 * added as the primary transport. The source address seems to 2323 * be a a better choice than any of the embedded addresses. 2324 */ 2325 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2326 goto nomem; 2327 2328 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2329 src_match = 1; 2330 2331 /* Process the initialization parameters. */ 2332 sctp_walk_params(param, peer_init, init_hdr.params) { 2333 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2334 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2335 af = sctp_get_af_specific(param_type2af(param.p->type)); 2336 af->from_addr_param(&addr, param.addr, 2337 chunk->sctp_hdr->source, 0); 2338 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2339 src_match = 1; 2340 } 2341 2342 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2343 goto clean_up; 2344 } 2345 2346 /* source address of chunk may not match any valid address */ 2347 if (!src_match) 2348 goto clean_up; 2349 2350 /* AUTH: After processing the parameters, make sure that we 2351 * have all the required info to potentially do authentications. 2352 */ 2353 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2354 !asoc->peer.peer_hmacs)) 2355 asoc->peer.auth_capable = 0; 2356 2357 /* In a non-backward compatible mode, if the peer claims 2358 * support for ADD-IP but not AUTH, the ADD-IP spec states 2359 * that we MUST ABORT the association. Section 6. The section 2360 * also give us an option to silently ignore the packet, which 2361 * is what we'll do here. 2362 */ 2363 if (!net->sctp.addip_noauth && 2364 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2365 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2366 SCTP_PARAM_DEL_IP | 2367 SCTP_PARAM_SET_PRIMARY); 2368 asoc->peer.asconf_capable = 0; 2369 goto clean_up; 2370 } 2371 2372 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2373 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2374 transport = list_entry(pos, struct sctp_transport, transports); 2375 if (transport->state == SCTP_UNKNOWN) { 2376 sctp_assoc_rm_peer(asoc, transport); 2377 } 2378 } 2379 2380 /* The fixed INIT headers are always in network byte 2381 * order. 2382 */ 2383 asoc->peer.i.init_tag = 2384 ntohl(peer_init->init_hdr.init_tag); 2385 asoc->peer.i.a_rwnd = 2386 ntohl(peer_init->init_hdr.a_rwnd); 2387 asoc->peer.i.num_outbound_streams = 2388 ntohs(peer_init->init_hdr.num_outbound_streams); 2389 asoc->peer.i.num_inbound_streams = 2390 ntohs(peer_init->init_hdr.num_inbound_streams); 2391 asoc->peer.i.initial_tsn = 2392 ntohl(peer_init->init_hdr.initial_tsn); 2393 2394 /* Apply the upper bounds for output streams based on peer's 2395 * number of inbound streams. 2396 */ 2397 if (asoc->c.sinit_num_ostreams > 2398 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2399 asoc->c.sinit_num_ostreams = 2400 ntohs(peer_init->init_hdr.num_inbound_streams); 2401 } 2402 2403 if (asoc->c.sinit_max_instreams > 2404 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2405 asoc->c.sinit_max_instreams = 2406 ntohs(peer_init->init_hdr.num_outbound_streams); 2407 } 2408 2409 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2410 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2411 2412 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2413 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2414 2415 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2416 cookie = asoc->peer.cookie; 2417 if (cookie) { 2418 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2419 if (!asoc->peer.cookie) 2420 goto clean_up; 2421 } 2422 2423 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2424 * high (for example, implementations MAY use the size of the receiver 2425 * advertised window). 2426 */ 2427 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2428 transports) { 2429 transport->ssthresh = asoc->peer.i.a_rwnd; 2430 } 2431 2432 /* Set up the TSN tracking pieces. */ 2433 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2434 asoc->peer.i.initial_tsn, gfp)) 2435 goto clean_up; 2436 2437 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2438 * 2439 * The stream sequence number in all the streams shall start 2440 * from 0 when the association is established. Also, when the 2441 * stream sequence number reaches the value 65535 the next 2442 * stream sequence number shall be set to 0. 2443 */ 2444 2445 /* Allocate storage for the negotiated streams if it is not a temporary 2446 * association. 2447 */ 2448 if (!asoc->temp) { 2449 int error; 2450 2451 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2452 asoc->c.sinit_num_ostreams, gfp); 2453 if (!asoc->ssnmap) 2454 goto clean_up; 2455 2456 error = sctp_assoc_set_id(asoc, gfp); 2457 if (error) 2458 goto clean_up; 2459 } 2460 2461 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2462 * 2463 * When an endpoint has an ASCONF signaled change to be sent to the 2464 * remote endpoint it should do the following: 2465 * ... 2466 * A2) A serial number should be assigned to the Chunk. The serial 2467 * number should be a monotonically increasing number. All serial 2468 * numbers are defined to be initialized at the start of the 2469 * association to the same value as the Initial TSN. 2470 */ 2471 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2472 return 1; 2473 2474 clean_up: 2475 /* Release the transport structures. */ 2476 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2477 transport = list_entry(pos, struct sctp_transport, transports); 2478 if (transport->state != SCTP_ACTIVE) 2479 sctp_assoc_rm_peer(asoc, transport); 2480 } 2481 2482 nomem: 2483 return 0; 2484 } 2485 2486 2487 /* Update asoc with the option described in param. 2488 * 2489 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2490 * 2491 * asoc is the association to update. 2492 * param is the variable length parameter to use for update. 2493 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2494 * If the current packet is an INIT we want to minimize the amount of 2495 * work we do. In particular, we should not build transport 2496 * structures for the addresses. 2497 */ 2498 static int sctp_process_param(struct sctp_association *asoc, 2499 union sctp_params param, 2500 const union sctp_addr *peer_addr, 2501 gfp_t gfp) 2502 { 2503 struct net *net = sock_net(asoc->base.sk); 2504 union sctp_addr addr; 2505 int i; 2506 __u16 sat; 2507 int retval = 1; 2508 sctp_scope_t scope; 2509 time_t stale; 2510 struct sctp_af *af; 2511 union sctp_addr_param *addr_param; 2512 struct sctp_transport *t; 2513 2514 /* We maintain all INIT parameters in network byte order all the 2515 * time. This allows us to not worry about whether the parameters 2516 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2517 */ 2518 switch (param.p->type) { 2519 case SCTP_PARAM_IPV6_ADDRESS: 2520 if (PF_INET6 != asoc->base.sk->sk_family) 2521 break; 2522 goto do_addr_param; 2523 2524 case SCTP_PARAM_IPV4_ADDRESS: 2525 /* v4 addresses are not allowed on v6-only socket */ 2526 if (ipv6_only_sock(asoc->base.sk)) 2527 break; 2528 do_addr_param: 2529 af = sctp_get_af_specific(param_type2af(param.p->type)); 2530 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2531 scope = sctp_scope(peer_addr); 2532 if (sctp_in_scope(net, &addr, scope)) 2533 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2534 return 0; 2535 break; 2536 2537 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2538 if (!net->sctp.cookie_preserve_enable) 2539 break; 2540 2541 stale = ntohl(param.life->lifespan_increment); 2542 2543 /* Suggested Cookie Life span increment's unit is msec, 2544 * (1/1000sec). 2545 */ 2546 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2547 break; 2548 2549 case SCTP_PARAM_HOST_NAME_ADDRESS: 2550 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2551 break; 2552 2553 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2554 /* Turn off the default values first so we'll know which 2555 * ones are really set by the peer. 2556 */ 2557 asoc->peer.ipv4_address = 0; 2558 asoc->peer.ipv6_address = 0; 2559 2560 /* Assume that peer supports the address family 2561 * by which it sends a packet. 2562 */ 2563 if (peer_addr->sa.sa_family == AF_INET6) 2564 asoc->peer.ipv6_address = 1; 2565 else if (peer_addr->sa.sa_family == AF_INET) 2566 asoc->peer.ipv4_address = 1; 2567 2568 /* Cycle through address types; avoid divide by 0. */ 2569 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2570 if (sat) 2571 sat /= sizeof(__u16); 2572 2573 for (i = 0; i < sat; ++i) { 2574 switch (param.sat->types[i]) { 2575 case SCTP_PARAM_IPV4_ADDRESS: 2576 asoc->peer.ipv4_address = 1; 2577 break; 2578 2579 case SCTP_PARAM_IPV6_ADDRESS: 2580 if (PF_INET6 == asoc->base.sk->sk_family) 2581 asoc->peer.ipv6_address = 1; 2582 break; 2583 2584 case SCTP_PARAM_HOST_NAME_ADDRESS: 2585 asoc->peer.hostname_address = 1; 2586 break; 2587 2588 default: /* Just ignore anything else. */ 2589 break; 2590 } 2591 } 2592 break; 2593 2594 case SCTP_PARAM_STATE_COOKIE: 2595 asoc->peer.cookie_len = 2596 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2597 asoc->peer.cookie = param.cookie->body; 2598 break; 2599 2600 case SCTP_PARAM_HEARTBEAT_INFO: 2601 /* Would be odd to receive, but it causes no problems. */ 2602 break; 2603 2604 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2605 /* Rejected during verify stage. */ 2606 break; 2607 2608 case SCTP_PARAM_ECN_CAPABLE: 2609 asoc->peer.ecn_capable = 1; 2610 break; 2611 2612 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2613 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2614 break; 2615 2616 case SCTP_PARAM_SET_PRIMARY: 2617 if (!net->sctp.addip_enable) 2618 goto fall_through; 2619 2620 addr_param = param.v + sizeof(sctp_addip_param_t); 2621 2622 af = sctp_get_af_specific(param_type2af(param.p->type)); 2623 af->from_addr_param(&addr, addr_param, 2624 htons(asoc->peer.port), 0); 2625 2626 /* if the address is invalid, we can't process it. 2627 * XXX: see spec for what to do. 2628 */ 2629 if (!af->addr_valid(&addr, NULL, NULL)) 2630 break; 2631 2632 t = sctp_assoc_lookup_paddr(asoc, &addr); 2633 if (!t) 2634 break; 2635 2636 sctp_assoc_set_primary(asoc, t); 2637 break; 2638 2639 case SCTP_PARAM_SUPPORTED_EXT: 2640 sctp_process_ext_param(asoc, param); 2641 break; 2642 2643 case SCTP_PARAM_FWD_TSN_SUPPORT: 2644 if (net->sctp.prsctp_enable) { 2645 asoc->peer.prsctp_capable = 1; 2646 break; 2647 } 2648 /* Fall Through */ 2649 goto fall_through; 2650 2651 case SCTP_PARAM_RANDOM: 2652 if (!net->sctp.auth_enable) 2653 goto fall_through; 2654 2655 /* Save peer's random parameter */ 2656 asoc->peer.peer_random = kmemdup(param.p, 2657 ntohs(param.p->length), gfp); 2658 if (!asoc->peer.peer_random) { 2659 retval = 0; 2660 break; 2661 } 2662 break; 2663 2664 case SCTP_PARAM_HMAC_ALGO: 2665 if (!net->sctp.auth_enable) 2666 goto fall_through; 2667 2668 /* Save peer's HMAC list */ 2669 asoc->peer.peer_hmacs = kmemdup(param.p, 2670 ntohs(param.p->length), gfp); 2671 if (!asoc->peer.peer_hmacs) { 2672 retval = 0; 2673 break; 2674 } 2675 2676 /* Set the default HMAC the peer requested*/ 2677 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2678 break; 2679 2680 case SCTP_PARAM_CHUNKS: 2681 if (!net->sctp.auth_enable) 2682 goto fall_through; 2683 2684 asoc->peer.peer_chunks = kmemdup(param.p, 2685 ntohs(param.p->length), gfp); 2686 if (!asoc->peer.peer_chunks) 2687 retval = 0; 2688 break; 2689 fall_through: 2690 default: 2691 /* Any unrecognized parameters should have been caught 2692 * and handled by sctp_verify_param() which should be 2693 * called prior to this routine. Simply log the error 2694 * here. 2695 */ 2696 pr_debug("%s: ignoring param:%d for association:%p.\n", 2697 __func__, ntohs(param.p->type), asoc); 2698 break; 2699 } 2700 2701 return retval; 2702 } 2703 2704 /* Select a new verification tag. */ 2705 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2706 { 2707 /* I believe that this random number generator complies with RFC1750. 2708 * A tag of 0 is reserved for special cases (e.g. INIT). 2709 */ 2710 __u32 x; 2711 2712 do { 2713 get_random_bytes(&x, sizeof(__u32)); 2714 } while (x == 0); 2715 2716 return x; 2717 } 2718 2719 /* Select an initial TSN to send during startup. */ 2720 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2721 { 2722 __u32 retval; 2723 2724 get_random_bytes(&retval, sizeof(__u32)); 2725 return retval; 2726 } 2727 2728 /* 2729 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2730 * 0 1 2 3 2731 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2732 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2733 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2734 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2735 * | Serial Number | 2736 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2737 * | Address Parameter | 2738 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2739 * | ASCONF Parameter #1 | 2740 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2741 * \ \ 2742 * / .... / 2743 * \ \ 2744 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2745 * | ASCONF Parameter #N | 2746 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2747 * 2748 * Address Parameter and other parameter will not be wrapped in this function 2749 */ 2750 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2751 union sctp_addr *addr, 2752 int vparam_len) 2753 { 2754 sctp_addiphdr_t asconf; 2755 struct sctp_chunk *retval; 2756 int length = sizeof(asconf) + vparam_len; 2757 union sctp_addr_param addrparam; 2758 int addrlen; 2759 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2760 2761 addrlen = af->to_addr_param(addr, &addrparam); 2762 if (!addrlen) 2763 return NULL; 2764 length += addrlen; 2765 2766 /* Create the chunk. */ 2767 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length); 2768 if (!retval) 2769 return NULL; 2770 2771 asconf.serial = htonl(asoc->addip_serial++); 2772 2773 retval->subh.addip_hdr = 2774 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2775 retval->param_hdr.v = 2776 sctp_addto_chunk(retval, addrlen, &addrparam); 2777 2778 return retval; 2779 } 2780 2781 /* ADDIP 2782 * 3.2.1 Add IP Address 2783 * 0 1 2 3 2784 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2785 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2786 * | Type = 0xC001 | Length = Variable | 2787 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2788 * | ASCONF-Request Correlation ID | 2789 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2790 * | Address Parameter | 2791 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2792 * 2793 * 3.2.2 Delete IP Address 2794 * 0 1 2 3 2795 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2796 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2797 * | Type = 0xC002 | Length = Variable | 2798 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2799 * | ASCONF-Request Correlation ID | 2800 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2801 * | Address Parameter | 2802 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2803 * 2804 */ 2805 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2806 union sctp_addr *laddr, 2807 struct sockaddr *addrs, 2808 int addrcnt, 2809 __be16 flags) 2810 { 2811 sctp_addip_param_t param; 2812 struct sctp_chunk *retval; 2813 union sctp_addr_param addr_param; 2814 union sctp_addr *addr; 2815 void *addr_buf; 2816 struct sctp_af *af; 2817 int paramlen = sizeof(param); 2818 int addr_param_len = 0; 2819 int totallen = 0; 2820 int i; 2821 int del_pickup = 0; 2822 2823 /* Get total length of all the address parameters. */ 2824 addr_buf = addrs; 2825 for (i = 0; i < addrcnt; i++) { 2826 addr = addr_buf; 2827 af = sctp_get_af_specific(addr->v4.sin_family); 2828 addr_param_len = af->to_addr_param(addr, &addr_param); 2829 2830 totallen += paramlen; 2831 totallen += addr_param_len; 2832 2833 addr_buf += af->sockaddr_len; 2834 if (asoc->asconf_addr_del_pending && !del_pickup) { 2835 /* reuse the parameter length from the same scope one */ 2836 totallen += paramlen; 2837 totallen += addr_param_len; 2838 del_pickup = 1; 2839 2840 pr_debug("%s: picked same-scope del_pending addr, " 2841 "totallen for all addresses is %d\n", 2842 __func__, totallen); 2843 } 2844 } 2845 2846 /* Create an asconf chunk with the required length. */ 2847 retval = sctp_make_asconf(asoc, laddr, totallen); 2848 if (!retval) 2849 return NULL; 2850 2851 /* Add the address parameters to the asconf chunk. */ 2852 addr_buf = addrs; 2853 for (i = 0; i < addrcnt; i++) { 2854 addr = addr_buf; 2855 af = sctp_get_af_specific(addr->v4.sin_family); 2856 addr_param_len = af->to_addr_param(addr, &addr_param); 2857 param.param_hdr.type = flags; 2858 param.param_hdr.length = htons(paramlen + addr_param_len); 2859 param.crr_id = i; 2860 2861 sctp_addto_chunk(retval, paramlen, ¶m); 2862 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2863 2864 addr_buf += af->sockaddr_len; 2865 } 2866 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2867 addr = asoc->asconf_addr_del_pending; 2868 af = sctp_get_af_specific(addr->v4.sin_family); 2869 addr_param_len = af->to_addr_param(addr, &addr_param); 2870 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2871 param.param_hdr.length = htons(paramlen + addr_param_len); 2872 param.crr_id = i; 2873 2874 sctp_addto_chunk(retval, paramlen, ¶m); 2875 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2876 } 2877 return retval; 2878 } 2879 2880 /* ADDIP 2881 * 3.2.4 Set Primary IP Address 2882 * 0 1 2 3 2883 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2884 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2885 * | Type =0xC004 | Length = Variable | 2886 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2887 * | ASCONF-Request Correlation ID | 2888 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2889 * | Address Parameter | 2890 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2891 * 2892 * Create an ASCONF chunk with Set Primary IP address parameter. 2893 */ 2894 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2895 union sctp_addr *addr) 2896 { 2897 sctp_addip_param_t param; 2898 struct sctp_chunk *retval; 2899 int len = sizeof(param); 2900 union sctp_addr_param addrparam; 2901 int addrlen; 2902 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2903 2904 addrlen = af->to_addr_param(addr, &addrparam); 2905 if (!addrlen) 2906 return NULL; 2907 len += addrlen; 2908 2909 /* Create the chunk and make asconf header. */ 2910 retval = sctp_make_asconf(asoc, addr, len); 2911 if (!retval) 2912 return NULL; 2913 2914 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2915 param.param_hdr.length = htons(len); 2916 param.crr_id = 0; 2917 2918 sctp_addto_chunk(retval, sizeof(param), ¶m); 2919 sctp_addto_chunk(retval, addrlen, &addrparam); 2920 2921 return retval; 2922 } 2923 2924 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2925 * 0 1 2 3 2926 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2927 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2928 * | Type = 0x80 | Chunk Flags | Chunk Length | 2929 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2930 * | Serial Number | 2931 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2932 * | ASCONF Parameter Response#1 | 2933 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2934 * \ \ 2935 * / .... / 2936 * \ \ 2937 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2938 * | ASCONF Parameter Response#N | 2939 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2940 * 2941 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2942 */ 2943 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2944 __u32 serial, int vparam_len) 2945 { 2946 sctp_addiphdr_t asconf; 2947 struct sctp_chunk *retval; 2948 int length = sizeof(asconf) + vparam_len; 2949 2950 /* Create the chunk. */ 2951 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2952 if (!retval) 2953 return NULL; 2954 2955 asconf.serial = htonl(serial); 2956 2957 retval->subh.addip_hdr = 2958 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2959 2960 return retval; 2961 } 2962 2963 /* Add response parameters to an ASCONF_ACK chunk. */ 2964 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2965 __be16 err_code, sctp_addip_param_t *asconf_param) 2966 { 2967 sctp_addip_param_t ack_param; 2968 sctp_errhdr_t err_param; 2969 int asconf_param_len = 0; 2970 int err_param_len = 0; 2971 __be16 response_type; 2972 2973 if (SCTP_ERROR_NO_ERROR == err_code) { 2974 response_type = SCTP_PARAM_SUCCESS_REPORT; 2975 } else { 2976 response_type = SCTP_PARAM_ERR_CAUSE; 2977 err_param_len = sizeof(err_param); 2978 if (asconf_param) 2979 asconf_param_len = 2980 ntohs(asconf_param->param_hdr.length); 2981 } 2982 2983 /* Add Success Indication or Error Cause Indication parameter. */ 2984 ack_param.param_hdr.type = response_type; 2985 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2986 err_param_len + 2987 asconf_param_len); 2988 ack_param.crr_id = crr_id; 2989 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2990 2991 if (SCTP_ERROR_NO_ERROR == err_code) 2992 return; 2993 2994 /* Add Error Cause parameter. */ 2995 err_param.cause = err_code; 2996 err_param.length = htons(err_param_len + asconf_param_len); 2997 sctp_addto_chunk(chunk, err_param_len, &err_param); 2998 2999 /* Add the failed TLV copied from ASCONF chunk. */ 3000 if (asconf_param) 3001 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3002 } 3003 3004 /* Process a asconf parameter. */ 3005 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3006 struct sctp_chunk *asconf, 3007 sctp_addip_param_t *asconf_param) 3008 { 3009 struct sctp_transport *peer; 3010 struct sctp_af *af; 3011 union sctp_addr addr; 3012 union sctp_addr_param *addr_param; 3013 3014 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3015 3016 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3017 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3018 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3019 return SCTP_ERROR_UNKNOWN_PARAM; 3020 3021 switch (addr_param->p.type) { 3022 case SCTP_PARAM_IPV6_ADDRESS: 3023 if (!asoc->peer.ipv6_address) 3024 return SCTP_ERROR_DNS_FAILED; 3025 break; 3026 case SCTP_PARAM_IPV4_ADDRESS: 3027 if (!asoc->peer.ipv4_address) 3028 return SCTP_ERROR_DNS_FAILED; 3029 break; 3030 default: 3031 return SCTP_ERROR_DNS_FAILED; 3032 } 3033 3034 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3035 if (unlikely(!af)) 3036 return SCTP_ERROR_DNS_FAILED; 3037 3038 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3039 3040 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3041 * or multicast address. 3042 * (note: wildcard is permitted and requires special handling so 3043 * make sure we check for that) 3044 */ 3045 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3046 return SCTP_ERROR_DNS_FAILED; 3047 3048 switch (asconf_param->param_hdr.type) { 3049 case SCTP_PARAM_ADD_IP: 3050 /* Section 4.2.1: 3051 * If the address 0.0.0.0 or ::0 is provided, the source 3052 * address of the packet MUST be added. 3053 */ 3054 if (af->is_any(&addr)) 3055 memcpy(&addr, &asconf->source, sizeof(addr)); 3056 3057 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3058 * request and does not have the local resources to add this 3059 * new address to the association, it MUST return an Error 3060 * Cause TLV set to the new error code 'Operation Refused 3061 * Due to Resource Shortage'. 3062 */ 3063 3064 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3065 if (!peer) 3066 return SCTP_ERROR_RSRC_LOW; 3067 3068 /* Start the heartbeat timer. */ 3069 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3070 sctp_transport_hold(peer); 3071 asoc->new_transport = peer; 3072 break; 3073 case SCTP_PARAM_DEL_IP: 3074 /* ADDIP 4.3 D7) If a request is received to delete the 3075 * last remaining IP address of a peer endpoint, the receiver 3076 * MUST send an Error Cause TLV with the error cause set to the 3077 * new error code 'Request to Delete Last Remaining IP Address'. 3078 */ 3079 if (asoc->peer.transport_count == 1) 3080 return SCTP_ERROR_DEL_LAST_IP; 3081 3082 /* ADDIP 4.3 D8) If a request is received to delete an IP 3083 * address which is also the source address of the IP packet 3084 * which contained the ASCONF chunk, the receiver MUST reject 3085 * this request. To reject the request the receiver MUST send 3086 * an Error Cause TLV set to the new error code 'Request to 3087 * Delete Source IP Address' 3088 */ 3089 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3090 return SCTP_ERROR_DEL_SRC_IP; 3091 3092 /* Section 4.2.2 3093 * If the address 0.0.0.0 or ::0 is provided, all 3094 * addresses of the peer except the source address of the 3095 * packet MUST be deleted. 3096 */ 3097 if (af->is_any(&addr)) { 3098 sctp_assoc_set_primary(asoc, asconf->transport); 3099 sctp_assoc_del_nonprimary_peers(asoc, 3100 asconf->transport); 3101 } else 3102 sctp_assoc_del_peer(asoc, &addr); 3103 break; 3104 case SCTP_PARAM_SET_PRIMARY: 3105 /* ADDIP Section 4.2.4 3106 * If the address 0.0.0.0 or ::0 is provided, the receiver 3107 * MAY mark the source address of the packet as its 3108 * primary. 3109 */ 3110 if (af->is_any(&addr)) 3111 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3112 3113 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3114 if (!peer) 3115 return SCTP_ERROR_DNS_FAILED; 3116 3117 sctp_assoc_set_primary(asoc, peer); 3118 break; 3119 } 3120 3121 return SCTP_ERROR_NO_ERROR; 3122 } 3123 3124 /* Verify the ASCONF packet before we process it. */ 3125 int sctp_verify_asconf(const struct sctp_association *asoc, 3126 struct sctp_paramhdr *param_hdr, void *chunk_end, 3127 struct sctp_paramhdr **errp) { 3128 sctp_addip_param_t *asconf_param; 3129 union sctp_params param; 3130 int length, plen; 3131 3132 param.v = (sctp_paramhdr_t *) param_hdr; 3133 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3134 length = ntohs(param.p->length); 3135 *errp = param.p; 3136 3137 if (param.v > chunk_end - length || 3138 length < sizeof(sctp_paramhdr_t)) 3139 return 0; 3140 3141 switch (param.p->type) { 3142 case SCTP_PARAM_ADD_IP: 3143 case SCTP_PARAM_DEL_IP: 3144 case SCTP_PARAM_SET_PRIMARY: 3145 asconf_param = (sctp_addip_param_t *)param.v; 3146 plen = ntohs(asconf_param->param_hdr.length); 3147 if (plen < sizeof(sctp_addip_param_t) + 3148 sizeof(sctp_paramhdr_t)) 3149 return 0; 3150 break; 3151 case SCTP_PARAM_SUCCESS_REPORT: 3152 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3153 if (length != sizeof(sctp_addip_param_t)) 3154 return 0; 3155 3156 break; 3157 default: 3158 break; 3159 } 3160 3161 param.v += WORD_ROUND(length); 3162 } 3163 3164 if (param.v != chunk_end) 3165 return 0; 3166 3167 return 1; 3168 } 3169 3170 /* Process an incoming ASCONF chunk with the next expected serial no. and 3171 * return an ASCONF_ACK chunk to be sent in response. 3172 */ 3173 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3174 struct sctp_chunk *asconf) 3175 { 3176 sctp_addiphdr_t *hdr; 3177 union sctp_addr_param *addr_param; 3178 sctp_addip_param_t *asconf_param; 3179 struct sctp_chunk *asconf_ack; 3180 3181 __be16 err_code; 3182 int length = 0; 3183 int chunk_len; 3184 __u32 serial; 3185 int all_param_pass = 1; 3186 3187 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3188 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3189 serial = ntohl(hdr->serial); 3190 3191 /* Skip the addiphdr and store a pointer to address parameter. */ 3192 length = sizeof(sctp_addiphdr_t); 3193 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3194 chunk_len -= length; 3195 3196 /* Skip the address parameter and store a pointer to the first 3197 * asconf parameter. 3198 */ 3199 length = ntohs(addr_param->p.length); 3200 asconf_param = (void *)addr_param + length; 3201 chunk_len -= length; 3202 3203 /* create an ASCONF_ACK chunk. 3204 * Based on the definitions of parameters, we know that the size of 3205 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3206 * parameters. 3207 */ 3208 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3209 if (!asconf_ack) 3210 goto done; 3211 3212 /* Process the TLVs contained within the ASCONF chunk. */ 3213 while (chunk_len > 0) { 3214 err_code = sctp_process_asconf_param(asoc, asconf, 3215 asconf_param); 3216 /* ADDIP 4.1 A7) 3217 * If an error response is received for a TLV parameter, 3218 * all TLVs with no response before the failed TLV are 3219 * considered successful if not reported. All TLVs after 3220 * the failed response are considered unsuccessful unless 3221 * a specific success indication is present for the parameter. 3222 */ 3223 if (SCTP_ERROR_NO_ERROR != err_code) 3224 all_param_pass = 0; 3225 3226 if (!all_param_pass) 3227 sctp_add_asconf_response(asconf_ack, 3228 asconf_param->crr_id, err_code, 3229 asconf_param); 3230 3231 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3232 * an IP address sends an 'Out of Resource' in its response, it 3233 * MUST also fail any subsequent add or delete requests bundled 3234 * in the ASCONF. 3235 */ 3236 if (SCTP_ERROR_RSRC_LOW == err_code) 3237 goto done; 3238 3239 /* Move to the next ASCONF param. */ 3240 length = ntohs(asconf_param->param_hdr.length); 3241 asconf_param = (void *)asconf_param + length; 3242 chunk_len -= length; 3243 } 3244 3245 done: 3246 asoc->peer.addip_serial++; 3247 3248 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3249 * after freeing the reference to old asconf ack if any. 3250 */ 3251 if (asconf_ack) { 3252 sctp_chunk_hold(asconf_ack); 3253 list_add_tail(&asconf_ack->transmitted_list, 3254 &asoc->asconf_ack_list); 3255 } 3256 3257 return asconf_ack; 3258 } 3259 3260 /* Process a asconf parameter that is successfully acked. */ 3261 static void sctp_asconf_param_success(struct sctp_association *asoc, 3262 sctp_addip_param_t *asconf_param) 3263 { 3264 struct sctp_af *af; 3265 union sctp_addr addr; 3266 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3267 union sctp_addr_param *addr_param; 3268 struct sctp_transport *transport; 3269 struct sctp_sockaddr_entry *saddr; 3270 3271 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3272 3273 /* We have checked the packet before, so we do not check again. */ 3274 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3275 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3276 3277 switch (asconf_param->param_hdr.type) { 3278 case SCTP_PARAM_ADD_IP: 3279 /* This is always done in BH context with a socket lock 3280 * held, so the list can not change. 3281 */ 3282 local_bh_disable(); 3283 list_for_each_entry(saddr, &bp->address_list, list) { 3284 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3285 saddr->state = SCTP_ADDR_SRC; 3286 } 3287 local_bh_enable(); 3288 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3289 transports) { 3290 dst_release(transport->dst); 3291 transport->dst = NULL; 3292 } 3293 break; 3294 case SCTP_PARAM_DEL_IP: 3295 local_bh_disable(); 3296 sctp_del_bind_addr(bp, &addr); 3297 if (asoc->asconf_addr_del_pending != NULL && 3298 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3299 kfree(asoc->asconf_addr_del_pending); 3300 asoc->asconf_addr_del_pending = NULL; 3301 } 3302 local_bh_enable(); 3303 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3304 transports) { 3305 dst_release(transport->dst); 3306 transport->dst = NULL; 3307 } 3308 break; 3309 default: 3310 break; 3311 } 3312 } 3313 3314 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3315 * for the given asconf parameter. If there is no response for this parameter, 3316 * return the error code based on the third argument 'no_err'. 3317 * ADDIP 4.1 3318 * A7) If an error response is received for a TLV parameter, all TLVs with no 3319 * response before the failed TLV are considered successful if not reported. 3320 * All TLVs after the failed response are considered unsuccessful unless a 3321 * specific success indication is present for the parameter. 3322 */ 3323 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3324 sctp_addip_param_t *asconf_param, 3325 int no_err) 3326 { 3327 sctp_addip_param_t *asconf_ack_param; 3328 sctp_errhdr_t *err_param; 3329 int length; 3330 int asconf_ack_len; 3331 __be16 err_code; 3332 3333 if (no_err) 3334 err_code = SCTP_ERROR_NO_ERROR; 3335 else 3336 err_code = SCTP_ERROR_REQ_REFUSED; 3337 3338 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3339 sizeof(sctp_chunkhdr_t); 3340 3341 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3342 * the first asconf_ack parameter. 3343 */ 3344 length = sizeof(sctp_addiphdr_t); 3345 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3346 length); 3347 asconf_ack_len -= length; 3348 3349 while (asconf_ack_len > 0) { 3350 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3351 switch(asconf_ack_param->param_hdr.type) { 3352 case SCTP_PARAM_SUCCESS_REPORT: 3353 return SCTP_ERROR_NO_ERROR; 3354 case SCTP_PARAM_ERR_CAUSE: 3355 length = sizeof(sctp_addip_param_t); 3356 err_param = (void *)asconf_ack_param + length; 3357 asconf_ack_len -= length; 3358 if (asconf_ack_len > 0) 3359 return err_param->cause; 3360 else 3361 return SCTP_ERROR_INV_PARAM; 3362 break; 3363 default: 3364 return SCTP_ERROR_INV_PARAM; 3365 } 3366 } 3367 3368 length = ntohs(asconf_ack_param->param_hdr.length); 3369 asconf_ack_param = (void *)asconf_ack_param + length; 3370 asconf_ack_len -= length; 3371 } 3372 3373 return err_code; 3374 } 3375 3376 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3377 int sctp_process_asconf_ack(struct sctp_association *asoc, 3378 struct sctp_chunk *asconf_ack) 3379 { 3380 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3381 union sctp_addr_param *addr_param; 3382 sctp_addip_param_t *asconf_param; 3383 int length = 0; 3384 int asconf_len = asconf->skb->len; 3385 int all_param_pass = 0; 3386 int no_err = 1; 3387 int retval = 0; 3388 __be16 err_code = SCTP_ERROR_NO_ERROR; 3389 3390 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3391 * a pointer to address parameter. 3392 */ 3393 length = sizeof(sctp_addip_chunk_t); 3394 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3395 asconf_len -= length; 3396 3397 /* Skip the address parameter in the last asconf sent and store a 3398 * pointer to the first asconf parameter. 3399 */ 3400 length = ntohs(addr_param->p.length); 3401 asconf_param = (void *)addr_param + length; 3402 asconf_len -= length; 3403 3404 /* ADDIP 4.1 3405 * A8) If there is no response(s) to specific TLV parameter(s), and no 3406 * failures are indicated, then all request(s) are considered 3407 * successful. 3408 */ 3409 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3410 all_param_pass = 1; 3411 3412 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3413 while (asconf_len > 0) { 3414 if (all_param_pass) 3415 err_code = SCTP_ERROR_NO_ERROR; 3416 else { 3417 err_code = sctp_get_asconf_response(asconf_ack, 3418 asconf_param, 3419 no_err); 3420 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3421 no_err = 0; 3422 } 3423 3424 switch (err_code) { 3425 case SCTP_ERROR_NO_ERROR: 3426 sctp_asconf_param_success(asoc, asconf_param); 3427 break; 3428 3429 case SCTP_ERROR_RSRC_LOW: 3430 retval = 1; 3431 break; 3432 3433 case SCTP_ERROR_UNKNOWN_PARAM: 3434 /* Disable sending this type of asconf parameter in 3435 * future. 3436 */ 3437 asoc->peer.addip_disabled_mask |= 3438 asconf_param->param_hdr.type; 3439 break; 3440 3441 case SCTP_ERROR_REQ_REFUSED: 3442 case SCTP_ERROR_DEL_LAST_IP: 3443 case SCTP_ERROR_DEL_SRC_IP: 3444 default: 3445 break; 3446 } 3447 3448 /* Skip the processed asconf parameter and move to the next 3449 * one. 3450 */ 3451 length = ntohs(asconf_param->param_hdr.length); 3452 asconf_param = (void *)asconf_param + length; 3453 asconf_len -= length; 3454 } 3455 3456 if (no_err && asoc->src_out_of_asoc_ok) { 3457 asoc->src_out_of_asoc_ok = 0; 3458 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3459 } 3460 3461 /* Free the cached last sent asconf chunk. */ 3462 list_del_init(&asconf->transmitted_list); 3463 sctp_chunk_free(asconf); 3464 asoc->addip_last_asconf = NULL; 3465 3466 return retval; 3467 } 3468 3469 /* Make a FWD TSN chunk. */ 3470 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3471 __u32 new_cum_tsn, size_t nstreams, 3472 struct sctp_fwdtsn_skip *skiplist) 3473 { 3474 struct sctp_chunk *retval = NULL; 3475 struct sctp_fwdtsn_hdr ftsn_hdr; 3476 struct sctp_fwdtsn_skip skip; 3477 size_t hint; 3478 int i; 3479 3480 hint = (nstreams + 1) * sizeof(__u32); 3481 3482 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint); 3483 3484 if (!retval) 3485 return NULL; 3486 3487 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3488 retval->subh.fwdtsn_hdr = 3489 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3490 3491 for (i = 0; i < nstreams; i++) { 3492 skip.stream = skiplist[i].stream; 3493 skip.ssn = skiplist[i].ssn; 3494 sctp_addto_chunk(retval, sizeof(skip), &skip); 3495 } 3496 3497 return retval; 3498 } 3499