1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 54 55 #include <linux/types.h> 56 #include <linux/kernel.h> 57 #include <linux/ip.h> 58 #include <linux/ipv6.h> 59 #include <linux/net.h> 60 #include <linux/inet.h> 61 #include <linux/scatterlist.h> 62 #include <linux/crypto.h> 63 #include <linux/slab.h> 64 #include <net/sock.h> 65 66 #include <linux/skbuff.h> 67 #include <linux/random.h> /* for get_random_bytes */ 68 #include <net/sctp/sctp.h> 69 #include <net/sctp/sm.h> 70 71 static struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 72 __u8 type, __u8 flags, int paylen); 73 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 74 const struct sctp_association *asoc, 75 const struct sctp_chunk *init_chunk, 76 int *cookie_len, 77 const __u8 *raw_addrs, int addrs_len); 78 static int sctp_process_param(struct sctp_association *asoc, 79 union sctp_params param, 80 const union sctp_addr *peer_addr, 81 gfp_t gfp); 82 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 83 const void *data); 84 85 /* What was the inbound interface for this chunk? */ 86 int sctp_chunk_iif(const struct sctp_chunk *chunk) 87 { 88 struct sctp_af *af; 89 int iif = 0; 90 91 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 92 if (af) 93 iif = af->skb_iif(chunk->skb); 94 95 return iif; 96 } 97 98 /* RFC 2960 3.3.2 Initiation (INIT) (1) 99 * 100 * Note 2: The ECN capable field is reserved for future use of 101 * Explicit Congestion Notification. 102 */ 103 static const struct sctp_paramhdr ecap_param = { 104 SCTP_PARAM_ECN_CAPABLE, 105 cpu_to_be16(sizeof(struct sctp_paramhdr)), 106 }; 107 static const struct sctp_paramhdr prsctp_param = { 108 SCTP_PARAM_FWD_TSN_SUPPORT, 109 cpu_to_be16(sizeof(struct sctp_paramhdr)), 110 }; 111 112 /* A helper to initialize an op error inside a 113 * provided chunk, as most cause codes will be embedded inside an 114 * abort chunk. 115 */ 116 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 117 size_t paylen) 118 { 119 sctp_errhdr_t err; 120 __u16 len; 121 122 /* Cause code constants are now defined in network order. */ 123 err.cause = cause_code; 124 len = sizeof(sctp_errhdr_t) + paylen; 125 err.length = htons(len); 126 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 127 } 128 129 /* A helper to initialize an op error inside a 130 * provided chunk, as most cause codes will be embedded inside an 131 * abort chunk. Differs from sctp_init_cause in that it won't oops 132 * if there isn't enough space in the op error chunk 133 */ 134 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 135 size_t paylen) 136 { 137 sctp_errhdr_t err; 138 __u16 len; 139 140 /* Cause code constants are now defined in network order. */ 141 err.cause = cause_code; 142 len = sizeof(sctp_errhdr_t) + paylen; 143 err.length = htons(len); 144 145 if (skb_tailroom(chunk->skb) < len) 146 return -ENOSPC; 147 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 148 sizeof(sctp_errhdr_t), 149 &err); 150 return 0; 151 } 152 /* 3.3.2 Initiation (INIT) (1) 153 * 154 * This chunk is used to initiate a SCTP association between two 155 * endpoints. The format of the INIT chunk is shown below: 156 * 157 * 0 1 2 3 158 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 159 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 160 * | Type = 1 | Chunk Flags | Chunk Length | 161 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 162 * | Initiate Tag | 163 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 164 * | Advertised Receiver Window Credit (a_rwnd) | 165 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 * | Number of Outbound Streams | Number of Inbound Streams | 167 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 * | Initial TSN | 169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 * \ \ 171 * / Optional/Variable-Length Parameters / 172 * \ \ 173 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 * 175 * 176 * The INIT chunk contains the following parameters. Unless otherwise 177 * noted, each parameter MUST only be included once in the INIT chunk. 178 * 179 * Fixed Parameters Status 180 * ---------------------------------------------- 181 * Initiate Tag Mandatory 182 * Advertised Receiver Window Credit Mandatory 183 * Number of Outbound Streams Mandatory 184 * Number of Inbound Streams Mandatory 185 * Initial TSN Mandatory 186 * 187 * Variable Parameters Status Type Value 188 * ------------------------------------------------------------- 189 * IPv4 Address (Note 1) Optional 5 190 * IPv6 Address (Note 1) Optional 6 191 * Cookie Preservative Optional 9 192 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 193 * Host Name Address (Note 3) Optional 11 194 * Supported Address Types (Note 4) Optional 12 195 */ 196 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 197 const struct sctp_bind_addr *bp, 198 gfp_t gfp, int vparam_len) 199 { 200 struct net *net = sock_net(asoc->base.sk); 201 sctp_inithdr_t init; 202 union sctp_params addrs; 203 size_t chunksize; 204 struct sctp_chunk *retval = NULL; 205 int num_types, addrs_len = 0; 206 struct sctp_sock *sp; 207 sctp_supported_addrs_param_t sat; 208 __be16 types[2]; 209 sctp_adaptation_ind_param_t aiparam; 210 sctp_supported_ext_param_t ext_param; 211 int num_ext = 0; 212 __u8 extensions[3]; 213 sctp_paramhdr_t *auth_chunks = NULL, 214 *auth_hmacs = NULL; 215 216 /* RFC 2960 3.3.2 Initiation (INIT) (1) 217 * 218 * Note 1: The INIT chunks can contain multiple addresses that 219 * can be IPv4 and/or IPv6 in any combination. 220 */ 221 retval = NULL; 222 223 /* Convert the provided bind address list to raw format. */ 224 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 225 226 init.init_tag = htonl(asoc->c.my_vtag); 227 init.a_rwnd = htonl(asoc->rwnd); 228 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 229 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 230 init.initial_tsn = htonl(asoc->c.initial_tsn); 231 232 /* How many address types are needed? */ 233 sp = sctp_sk(asoc->base.sk); 234 num_types = sp->pf->supported_addrs(sp, types); 235 236 chunksize = sizeof(init) + addrs_len; 237 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 238 chunksize += sizeof(ecap_param); 239 240 if (net->sctp.prsctp_enable) 241 chunksize += sizeof(prsctp_param); 242 243 /* ADDIP: Section 4.2.7: 244 * An implementation supporting this extension [ADDIP] MUST list 245 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 246 * INIT-ACK parameters. 247 */ 248 if (net->sctp.addip_enable) { 249 extensions[num_ext] = SCTP_CID_ASCONF; 250 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 251 num_ext += 2; 252 } 253 254 if (sp->adaptation_ind) 255 chunksize += sizeof(aiparam); 256 257 chunksize += vparam_len; 258 259 /* Account for AUTH related parameters */ 260 if (net->sctp.auth_enable) { 261 /* Add random parameter length*/ 262 chunksize += sizeof(asoc->c.auth_random); 263 264 /* Add HMACS parameter length if any were defined */ 265 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 266 if (auth_hmacs->length) 267 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 268 else 269 auth_hmacs = NULL; 270 271 /* Add CHUNKS parameter length */ 272 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 273 if (auth_chunks->length) 274 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 275 else 276 auth_chunks = NULL; 277 278 extensions[num_ext] = SCTP_CID_AUTH; 279 num_ext += 1; 280 } 281 282 /* If we have any extensions to report, account for that */ 283 if (num_ext) 284 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 285 num_ext); 286 287 /* RFC 2960 3.3.2 Initiation (INIT) (1) 288 * 289 * Note 3: An INIT chunk MUST NOT contain more than one Host 290 * Name address parameter. Moreover, the sender of the INIT 291 * MUST NOT combine any other address types with the Host Name 292 * address in the INIT. The receiver of INIT MUST ignore any 293 * other address types if the Host Name address parameter is 294 * present in the received INIT chunk. 295 * 296 * PLEASE DO NOT FIXME [This version does not support Host Name.] 297 */ 298 299 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 300 if (!retval) 301 goto nodata; 302 303 retval->subh.init_hdr = 304 sctp_addto_chunk(retval, sizeof(init), &init); 305 retval->param_hdr.v = 306 sctp_addto_chunk(retval, addrs_len, addrs.v); 307 308 /* RFC 2960 3.3.2 Initiation (INIT) (1) 309 * 310 * Note 4: This parameter, when present, specifies all the 311 * address types the sending endpoint can support. The absence 312 * of this parameter indicates that the sending endpoint can 313 * support any address type. 314 */ 315 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 316 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 317 sctp_addto_chunk(retval, sizeof(sat), &sat); 318 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 319 320 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 321 322 /* Add the supported extensions parameter. Be nice and add this 323 * fist before addiding the parameters for the extensions themselves 324 */ 325 if (num_ext) { 326 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 327 ext_param.param_hdr.length = 328 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 329 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 330 &ext_param); 331 sctp_addto_param(retval, num_ext, extensions); 332 } 333 334 if (net->sctp.prsctp_enable) 335 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 336 337 if (sp->adaptation_ind) { 338 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 339 aiparam.param_hdr.length = htons(sizeof(aiparam)); 340 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 341 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 342 } 343 344 /* Add SCTP-AUTH chunks to the parameter list */ 345 if (net->sctp.auth_enable) { 346 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 347 asoc->c.auth_random); 348 if (auth_hmacs) 349 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 350 auth_hmacs); 351 if (auth_chunks) 352 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 353 auth_chunks); 354 } 355 nodata: 356 kfree(addrs.v); 357 return retval; 358 } 359 360 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 361 const struct sctp_chunk *chunk, 362 gfp_t gfp, int unkparam_len) 363 { 364 sctp_inithdr_t initack; 365 struct sctp_chunk *retval; 366 union sctp_params addrs; 367 struct sctp_sock *sp; 368 int addrs_len; 369 sctp_cookie_param_t *cookie; 370 int cookie_len; 371 size_t chunksize; 372 sctp_adaptation_ind_param_t aiparam; 373 sctp_supported_ext_param_t ext_param; 374 int num_ext = 0; 375 __u8 extensions[3]; 376 sctp_paramhdr_t *auth_chunks = NULL, 377 *auth_hmacs = NULL, 378 *auth_random = NULL; 379 380 retval = NULL; 381 382 /* Note: there may be no addresses to embed. */ 383 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 384 385 initack.init_tag = htonl(asoc->c.my_vtag); 386 initack.a_rwnd = htonl(asoc->rwnd); 387 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 388 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 389 initack.initial_tsn = htonl(asoc->c.initial_tsn); 390 391 /* FIXME: We really ought to build the cookie right 392 * into the packet instead of allocating more fresh memory. 393 */ 394 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 395 addrs.v, addrs_len); 396 if (!cookie) 397 goto nomem_cookie; 398 399 /* Calculate the total size of allocation, include the reserved 400 * space for reporting unknown parameters if it is specified. 401 */ 402 sp = sctp_sk(asoc->base.sk); 403 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 404 405 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 406 if (asoc->peer.ecn_capable) 407 chunksize += sizeof(ecap_param); 408 409 if (asoc->peer.prsctp_capable) 410 chunksize += sizeof(prsctp_param); 411 412 if (asoc->peer.asconf_capable) { 413 extensions[num_ext] = SCTP_CID_ASCONF; 414 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 415 num_ext += 2; 416 } 417 418 if (sp->adaptation_ind) 419 chunksize += sizeof(aiparam); 420 421 if (asoc->peer.auth_capable) { 422 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 423 chunksize += ntohs(auth_random->length); 424 425 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 426 if (auth_hmacs->length) 427 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 428 else 429 auth_hmacs = NULL; 430 431 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 432 if (auth_chunks->length) 433 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 434 else 435 auth_chunks = NULL; 436 437 extensions[num_ext] = SCTP_CID_AUTH; 438 num_ext += 1; 439 } 440 441 if (num_ext) 442 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 443 num_ext); 444 445 /* Now allocate and fill out the chunk. */ 446 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 447 if (!retval) 448 goto nomem_chunk; 449 450 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 451 * 452 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 453 * HEARTBEAT ACK, * etc.) to the same destination transport 454 * address from which it received the DATA or control chunk 455 * to which it is replying. 456 * 457 * [INIT ACK back to where the INIT came from.] 458 */ 459 retval->transport = chunk->transport; 460 461 retval->subh.init_hdr = 462 sctp_addto_chunk(retval, sizeof(initack), &initack); 463 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 464 sctp_addto_chunk(retval, cookie_len, cookie); 465 if (asoc->peer.ecn_capable) 466 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 467 if (num_ext) { 468 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 469 ext_param.param_hdr.length = 470 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 471 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 472 &ext_param); 473 sctp_addto_param(retval, num_ext, extensions); 474 } 475 if (asoc->peer.prsctp_capable) 476 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 477 478 if (sp->adaptation_ind) { 479 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 480 aiparam.param_hdr.length = htons(sizeof(aiparam)); 481 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 482 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 483 } 484 485 if (asoc->peer.auth_capable) { 486 sctp_addto_chunk(retval, ntohs(auth_random->length), 487 auth_random); 488 if (auth_hmacs) 489 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 490 auth_hmacs); 491 if (auth_chunks) 492 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 493 auth_chunks); 494 } 495 496 /* We need to remove the const qualifier at this point. */ 497 retval->asoc = (struct sctp_association *) asoc; 498 499 nomem_chunk: 500 kfree(cookie); 501 nomem_cookie: 502 kfree(addrs.v); 503 return retval; 504 } 505 506 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 507 * 508 * This chunk is used only during the initialization of an association. 509 * It is sent by the initiator of an association to its peer to complete 510 * the initialization process. This chunk MUST precede any DATA chunk 511 * sent within the association, but MAY be bundled with one or more DATA 512 * chunks in the same packet. 513 * 514 * 0 1 2 3 515 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 516 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 * | Type = 10 |Chunk Flags | Length | 518 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 519 * / Cookie / 520 * \ \ 521 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 522 * 523 * Chunk Flags: 8 bit 524 * 525 * Set to zero on transmit and ignored on receipt. 526 * 527 * Length: 16 bits (unsigned integer) 528 * 529 * Set to the size of the chunk in bytes, including the 4 bytes of 530 * the chunk header and the size of the Cookie. 531 * 532 * Cookie: variable size 533 * 534 * This field must contain the exact cookie received in the 535 * State Cookie parameter from the previous INIT ACK. 536 * 537 * An implementation SHOULD make the cookie as small as possible 538 * to insure interoperability. 539 */ 540 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 541 const struct sctp_chunk *chunk) 542 { 543 struct sctp_chunk *retval; 544 void *cookie; 545 int cookie_len; 546 547 cookie = asoc->peer.cookie; 548 cookie_len = asoc->peer.cookie_len; 549 550 /* Build a cookie echo chunk. */ 551 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 552 if (!retval) 553 goto nodata; 554 retval->subh.cookie_hdr = 555 sctp_addto_chunk(retval, cookie_len, cookie); 556 557 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 558 * 559 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 560 * HEARTBEAT ACK, * etc.) to the same destination transport 561 * address from which it * received the DATA or control chunk 562 * to which it is replying. 563 * 564 * [COOKIE ECHO back to where the INIT ACK came from.] 565 */ 566 if (chunk) 567 retval->transport = chunk->transport; 568 569 nodata: 570 return retval; 571 } 572 573 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 574 * 575 * This chunk is used only during the initialization of an 576 * association. It is used to acknowledge the receipt of a COOKIE 577 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 578 * within the association, but MAY be bundled with one or more DATA 579 * chunks or SACK chunk in the same SCTP packet. 580 * 581 * 0 1 2 3 582 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 583 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 584 * | Type = 11 |Chunk Flags | Length = 4 | 585 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 586 * 587 * Chunk Flags: 8 bits 588 * 589 * Set to zero on transmit and ignored on receipt. 590 */ 591 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 592 const struct sctp_chunk *chunk) 593 { 594 struct sctp_chunk *retval; 595 596 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 597 598 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 599 * 600 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 601 * HEARTBEAT ACK, * etc.) to the same destination transport 602 * address from which it * received the DATA or control chunk 603 * to which it is replying. 604 * 605 * [COOKIE ACK back to where the COOKIE ECHO came from.] 606 */ 607 if (retval && chunk) 608 retval->transport = chunk->transport; 609 610 return retval; 611 } 612 613 /* 614 * Appendix A: Explicit Congestion Notification: 615 * CWR: 616 * 617 * RFC 2481 details a specific bit for a sender to send in the header of 618 * its next outbound TCP segment to indicate to its peer that it has 619 * reduced its congestion window. This is termed the CWR bit. For 620 * SCTP the same indication is made by including the CWR chunk. 621 * This chunk contains one data element, i.e. the TSN number that 622 * was sent in the ECNE chunk. This element represents the lowest 623 * TSN number in the datagram that was originally marked with the 624 * CE bit. 625 * 626 * 0 1 2 3 627 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 628 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 629 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 630 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 631 * | Lowest TSN Number | 632 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 633 * 634 * Note: The CWR is considered a Control chunk. 635 */ 636 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 637 const __u32 lowest_tsn, 638 const struct sctp_chunk *chunk) 639 { 640 struct sctp_chunk *retval; 641 sctp_cwrhdr_t cwr; 642 643 cwr.lowest_tsn = htonl(lowest_tsn); 644 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 645 sizeof(sctp_cwrhdr_t)); 646 647 if (!retval) 648 goto nodata; 649 650 retval->subh.ecn_cwr_hdr = 651 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 652 653 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 654 * 655 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 656 * HEARTBEAT ACK, * etc.) to the same destination transport 657 * address from which it * received the DATA or control chunk 658 * to which it is replying. 659 * 660 * [Report a reduced congestion window back to where the ECNE 661 * came from.] 662 */ 663 if (chunk) 664 retval->transport = chunk->transport; 665 666 nodata: 667 return retval; 668 } 669 670 /* Make an ECNE chunk. This is a congestion experienced report. */ 671 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 672 const __u32 lowest_tsn) 673 { 674 struct sctp_chunk *retval; 675 sctp_ecnehdr_t ecne; 676 677 ecne.lowest_tsn = htonl(lowest_tsn); 678 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 679 sizeof(sctp_ecnehdr_t)); 680 if (!retval) 681 goto nodata; 682 retval->subh.ecne_hdr = 683 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 684 685 nodata: 686 return retval; 687 } 688 689 /* Make a DATA chunk for the given association from the provided 690 * parameters. However, do not populate the data payload. 691 */ 692 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 693 const struct sctp_sndrcvinfo *sinfo, 694 int data_len, __u8 flags, __u16 ssn) 695 { 696 struct sctp_chunk *retval; 697 struct sctp_datahdr dp; 698 int chunk_len; 699 700 /* We assign the TSN as LATE as possible, not here when 701 * creating the chunk. 702 */ 703 dp.tsn = 0; 704 dp.stream = htons(sinfo->sinfo_stream); 705 dp.ppid = sinfo->sinfo_ppid; 706 707 /* Set the flags for an unordered send. */ 708 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 709 flags |= SCTP_DATA_UNORDERED; 710 dp.ssn = 0; 711 } else 712 dp.ssn = htons(ssn); 713 714 chunk_len = sizeof(dp) + data_len; 715 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 716 if (!retval) 717 goto nodata; 718 719 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 720 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 721 722 nodata: 723 return retval; 724 } 725 726 /* Create a selective ackowledgement (SACK) for the given 727 * association. This reports on which TSN's we've seen to date, 728 * including duplicates and gaps. 729 */ 730 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 731 { 732 struct sctp_chunk *retval; 733 struct sctp_sackhdr sack; 734 int len; 735 __u32 ctsn; 736 __u16 num_gabs, num_dup_tsns; 737 struct sctp_association *aptr = (struct sctp_association *)asoc; 738 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 739 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 740 struct sctp_transport *trans; 741 742 memset(gabs, 0, sizeof(gabs)); 743 ctsn = sctp_tsnmap_get_ctsn(map); 744 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 745 746 /* How much room is needed in the chunk? */ 747 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 748 num_dup_tsns = sctp_tsnmap_num_dups(map); 749 750 /* Initialize the SACK header. */ 751 sack.cum_tsn_ack = htonl(ctsn); 752 sack.a_rwnd = htonl(asoc->a_rwnd); 753 sack.num_gap_ack_blocks = htons(num_gabs); 754 sack.num_dup_tsns = htons(num_dup_tsns); 755 756 len = sizeof(sack) 757 + sizeof(struct sctp_gap_ack_block) * num_gabs 758 + sizeof(__u32) * num_dup_tsns; 759 760 /* Create the chunk. */ 761 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 762 if (!retval) 763 goto nodata; 764 765 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 766 * 767 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 768 * HEARTBEAT ACK, etc.) to the same destination transport 769 * address from which it received the DATA or control chunk to 770 * which it is replying. This rule should also be followed if 771 * the endpoint is bundling DATA chunks together with the 772 * reply chunk. 773 * 774 * However, when acknowledging multiple DATA chunks received 775 * in packets from different source addresses in a single 776 * SACK, the SACK chunk may be transmitted to one of the 777 * destination transport addresses from which the DATA or 778 * control chunks being acknowledged were received. 779 * 780 * [BUG: We do not implement the following paragraph. 781 * Perhaps we should remember the last transport we used for a 782 * SACK and avoid that (if possible) if we have seen any 783 * duplicates. --piggy] 784 * 785 * When a receiver of a duplicate DATA chunk sends a SACK to a 786 * multi- homed endpoint it MAY be beneficial to vary the 787 * destination address and not use the source address of the 788 * DATA chunk. The reason being that receiving a duplicate 789 * from a multi-homed endpoint might indicate that the return 790 * path (as specified in the source address of the DATA chunk) 791 * for the SACK is broken. 792 * 793 * [Send to the address from which we last received a DATA chunk.] 794 */ 795 retval->transport = asoc->peer.last_data_from; 796 797 retval->subh.sack_hdr = 798 sctp_addto_chunk(retval, sizeof(sack), &sack); 799 800 /* Add the gap ack block information. */ 801 if (num_gabs) 802 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 803 gabs); 804 805 /* Add the duplicate TSN information. */ 806 if (num_dup_tsns) { 807 aptr->stats.idupchunks += num_dup_tsns; 808 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 809 sctp_tsnmap_get_dups(map)); 810 } 811 /* Once we have a sack generated, check to see what our sack 812 * generation is, if its 0, reset the transports to 0, and reset 813 * the association generation to 1 814 * 815 * The idea is that zero is never used as a valid generation for the 816 * association so no transport will match after a wrap event like this, 817 * Until the next sack 818 */ 819 if (++aptr->peer.sack_generation == 0) { 820 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 821 transports) 822 trans->sack_generation = 0; 823 aptr->peer.sack_generation = 1; 824 } 825 nodata: 826 return retval; 827 } 828 829 /* Make a SHUTDOWN chunk. */ 830 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 831 const struct sctp_chunk *chunk) 832 { 833 struct sctp_chunk *retval; 834 sctp_shutdownhdr_t shut; 835 __u32 ctsn; 836 837 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 838 shut.cum_tsn_ack = htonl(ctsn); 839 840 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 841 sizeof(sctp_shutdownhdr_t)); 842 if (!retval) 843 goto nodata; 844 845 retval->subh.shutdown_hdr = 846 sctp_addto_chunk(retval, sizeof(shut), &shut); 847 848 if (chunk) 849 retval->transport = chunk->transport; 850 nodata: 851 return retval; 852 } 853 854 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 855 const struct sctp_chunk *chunk) 856 { 857 struct sctp_chunk *retval; 858 859 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 860 861 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 862 * 863 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 864 * HEARTBEAT ACK, * etc.) to the same destination transport 865 * address from which it * received the DATA or control chunk 866 * to which it is replying. 867 * 868 * [ACK back to where the SHUTDOWN came from.] 869 */ 870 if (retval && chunk) 871 retval->transport = chunk->transport; 872 873 return retval; 874 } 875 876 struct sctp_chunk *sctp_make_shutdown_complete( 877 const struct sctp_association *asoc, 878 const struct sctp_chunk *chunk) 879 { 880 struct sctp_chunk *retval; 881 __u8 flags = 0; 882 883 /* Set the T-bit if we have no association (vtag will be 884 * reflected) 885 */ 886 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 887 888 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 889 890 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 891 * 892 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 893 * HEARTBEAT ACK, * etc.) to the same destination transport 894 * address from which it * received the DATA or control chunk 895 * to which it is replying. 896 * 897 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 898 * came from.] 899 */ 900 if (retval && chunk) 901 retval->transport = chunk->transport; 902 903 return retval; 904 } 905 906 /* Create an ABORT. Note that we set the T bit if we have no 907 * association, except when responding to an INIT (sctpimpguide 2.41). 908 */ 909 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 910 const struct sctp_chunk *chunk, 911 const size_t hint) 912 { 913 struct sctp_chunk *retval; 914 __u8 flags = 0; 915 916 /* Set the T-bit if we have no association and 'chunk' is not 917 * an INIT (vtag will be reflected). 918 */ 919 if (!asoc) { 920 if (chunk && chunk->chunk_hdr && 921 chunk->chunk_hdr->type == SCTP_CID_INIT) 922 flags = 0; 923 else 924 flags = SCTP_CHUNK_FLAG_T; 925 } 926 927 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 928 929 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 930 * 931 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 932 * HEARTBEAT ACK, * etc.) to the same destination transport 933 * address from which it * received the DATA or control chunk 934 * to which it is replying. 935 * 936 * [ABORT back to where the offender came from.] 937 */ 938 if (retval && chunk) 939 retval->transport = chunk->transport; 940 941 return retval; 942 } 943 944 /* Helper to create ABORT with a NO_USER_DATA error. */ 945 struct sctp_chunk *sctp_make_abort_no_data( 946 const struct sctp_association *asoc, 947 const struct sctp_chunk *chunk, __u32 tsn) 948 { 949 struct sctp_chunk *retval; 950 __be32 payload; 951 952 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 953 + sizeof(tsn)); 954 955 if (!retval) 956 goto no_mem; 957 958 /* Put the tsn back into network byte order. */ 959 payload = htonl(tsn); 960 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 961 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 962 963 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 964 * 965 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 966 * HEARTBEAT ACK, * etc.) to the same destination transport 967 * address from which it * received the DATA or control chunk 968 * to which it is replying. 969 * 970 * [ABORT back to where the offender came from.] 971 */ 972 if (chunk) 973 retval->transport = chunk->transport; 974 975 no_mem: 976 return retval; 977 } 978 979 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 980 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 981 const struct msghdr *msg, 982 size_t paylen) 983 { 984 struct sctp_chunk *retval; 985 void *payload = NULL; 986 int err; 987 988 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 989 if (!retval) 990 goto err_chunk; 991 992 if (paylen) { 993 /* Put the msg_iov together into payload. */ 994 payload = kmalloc(paylen, GFP_KERNEL); 995 if (!payload) 996 goto err_payload; 997 998 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 999 if (err < 0) 1000 goto err_copy; 1001 } 1002 1003 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1004 sctp_addto_chunk(retval, paylen, payload); 1005 1006 if (paylen) 1007 kfree(payload); 1008 1009 return retval; 1010 1011 err_copy: 1012 kfree(payload); 1013 err_payload: 1014 sctp_chunk_free(retval); 1015 retval = NULL; 1016 err_chunk: 1017 return retval; 1018 } 1019 1020 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1021 * enough. 1022 */ 1023 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1024 const void *data) 1025 { 1026 void *target; 1027 int chunklen = ntohs(chunk->chunk_hdr->length); 1028 1029 target = skb_put(chunk->skb, len); 1030 1031 if (data) 1032 memcpy(target, data, len); 1033 else 1034 memset(target, 0, len); 1035 1036 /* Adjust the chunk length field. */ 1037 chunk->chunk_hdr->length = htons(chunklen + len); 1038 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1039 1040 return target; 1041 } 1042 1043 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1044 struct sctp_chunk *sctp_make_abort_violation( 1045 const struct sctp_association *asoc, 1046 const struct sctp_chunk *chunk, 1047 const __u8 *payload, 1048 const size_t paylen) 1049 { 1050 struct sctp_chunk *retval; 1051 struct sctp_paramhdr phdr; 1052 1053 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1054 + sizeof(sctp_paramhdr_t)); 1055 if (!retval) 1056 goto end; 1057 1058 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1059 + sizeof(sctp_paramhdr_t)); 1060 1061 phdr.type = htons(chunk->chunk_hdr->type); 1062 phdr.length = chunk->chunk_hdr->length; 1063 sctp_addto_chunk(retval, paylen, payload); 1064 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1065 1066 end: 1067 return retval; 1068 } 1069 1070 struct sctp_chunk *sctp_make_violation_paramlen( 1071 const struct sctp_association *asoc, 1072 const struct sctp_chunk *chunk, 1073 struct sctp_paramhdr *param) 1074 { 1075 struct sctp_chunk *retval; 1076 static const char error[] = "The following parameter had invalid length:"; 1077 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1078 sizeof(sctp_paramhdr_t); 1079 1080 retval = sctp_make_abort(asoc, chunk, payload_len); 1081 if (!retval) 1082 goto nodata; 1083 1084 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1085 sizeof(error) + sizeof(sctp_paramhdr_t)); 1086 sctp_addto_chunk(retval, sizeof(error), error); 1087 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1088 1089 nodata: 1090 return retval; 1091 } 1092 1093 struct sctp_chunk *sctp_make_violation_max_retrans( 1094 const struct sctp_association *asoc, 1095 const struct sctp_chunk *chunk) 1096 { 1097 struct sctp_chunk *retval; 1098 static const char error[] = "Association exceeded its max_retans count"; 1099 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t); 1100 1101 retval = sctp_make_abort(asoc, chunk, payload_len); 1102 if (!retval) 1103 goto nodata; 1104 1105 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1106 sctp_addto_chunk(retval, sizeof(error), error); 1107 1108 nodata: 1109 return retval; 1110 } 1111 1112 /* Make a HEARTBEAT chunk. */ 1113 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1114 const struct sctp_transport *transport) 1115 { 1116 struct sctp_chunk *retval; 1117 sctp_sender_hb_info_t hbinfo; 1118 1119 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo)); 1120 1121 if (!retval) 1122 goto nodata; 1123 1124 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1125 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t)); 1126 hbinfo.daddr = transport->ipaddr; 1127 hbinfo.sent_at = jiffies; 1128 hbinfo.hb_nonce = transport->hb_nonce; 1129 1130 /* Cast away the 'const', as this is just telling the chunk 1131 * what transport it belongs to. 1132 */ 1133 retval->transport = (struct sctp_transport *) transport; 1134 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1135 &hbinfo); 1136 1137 nodata: 1138 return retval; 1139 } 1140 1141 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1142 const struct sctp_chunk *chunk, 1143 const void *payload, const size_t paylen) 1144 { 1145 struct sctp_chunk *retval; 1146 1147 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1148 if (!retval) 1149 goto nodata; 1150 1151 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1152 1153 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1154 * 1155 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1156 * HEARTBEAT ACK, * etc.) to the same destination transport 1157 * address from which it * received the DATA or control chunk 1158 * to which it is replying. 1159 * 1160 * [HBACK back to where the HEARTBEAT came from.] 1161 */ 1162 if (chunk) 1163 retval->transport = chunk->transport; 1164 1165 nodata: 1166 return retval; 1167 } 1168 1169 /* Create an Operation Error chunk with the specified space reserved. 1170 * This routine can be used for containing multiple causes in the chunk. 1171 */ 1172 static struct sctp_chunk *sctp_make_op_error_space( 1173 const struct sctp_association *asoc, 1174 const struct sctp_chunk *chunk, 1175 size_t size) 1176 { 1177 struct sctp_chunk *retval; 1178 1179 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1180 sizeof(sctp_errhdr_t) + size); 1181 if (!retval) 1182 goto nodata; 1183 1184 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1185 * 1186 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1187 * HEARTBEAT ACK, etc.) to the same destination transport 1188 * address from which it received the DATA or control chunk 1189 * to which it is replying. 1190 * 1191 */ 1192 if (chunk) 1193 retval->transport = chunk->transport; 1194 1195 nodata: 1196 return retval; 1197 } 1198 1199 /* Create an Operation Error chunk of a fixed size, 1200 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1201 * This is a helper function to allocate an error chunk for 1202 * for those invalid parameter codes in which we may not want 1203 * to report all the errors, if the incoming chunk is large 1204 */ 1205 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1206 const struct sctp_association *asoc, 1207 const struct sctp_chunk *chunk) 1208 { 1209 size_t size = asoc ? asoc->pathmtu : 0; 1210 1211 if (!size) 1212 size = SCTP_DEFAULT_MAXSEGMENT; 1213 1214 return sctp_make_op_error_space(asoc, chunk, size); 1215 } 1216 1217 /* Create an Operation Error chunk. */ 1218 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1219 const struct sctp_chunk *chunk, 1220 __be16 cause_code, const void *payload, 1221 size_t paylen, size_t reserve_tail) 1222 { 1223 struct sctp_chunk *retval; 1224 1225 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1226 if (!retval) 1227 goto nodata; 1228 1229 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1230 sctp_addto_chunk(retval, paylen, payload); 1231 if (reserve_tail) 1232 sctp_addto_param(retval, reserve_tail, NULL); 1233 1234 nodata: 1235 return retval; 1236 } 1237 1238 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1239 { 1240 struct sctp_chunk *retval; 1241 struct sctp_hmac *hmac_desc; 1242 struct sctp_authhdr auth_hdr; 1243 __u8 *hmac; 1244 1245 /* Get the first hmac that the peer told us to use */ 1246 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1247 if (unlikely(!hmac_desc)) 1248 return NULL; 1249 1250 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1251 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1252 if (!retval) 1253 return NULL; 1254 1255 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1256 auth_hdr.shkey_id = htons(asoc->active_key_id); 1257 1258 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1259 &auth_hdr); 1260 1261 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1262 memset(hmac, 0, hmac_desc->hmac_len); 1263 1264 /* Adjust the chunk header to include the empty MAC */ 1265 retval->chunk_hdr->length = 1266 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1267 retval->chunk_end = skb_tail_pointer(retval->skb); 1268 1269 return retval; 1270 } 1271 1272 1273 /******************************************************************** 1274 * 2nd Level Abstractions 1275 ********************************************************************/ 1276 1277 /* Turn an skb into a chunk. 1278 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1279 */ 1280 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1281 const struct sctp_association *asoc, 1282 struct sock *sk) 1283 { 1284 struct sctp_chunk *retval; 1285 1286 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1287 1288 if (!retval) 1289 goto nodata; 1290 1291 if (!sk) { 1292 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1293 } 1294 1295 INIT_LIST_HEAD(&retval->list); 1296 retval->skb = skb; 1297 retval->asoc = (struct sctp_association *)asoc; 1298 retval->has_tsn = 0; 1299 retval->has_ssn = 0; 1300 retval->rtt_in_progress = 0; 1301 retval->sent_at = 0; 1302 retval->singleton = 1; 1303 retval->end_of_packet = 0; 1304 retval->ecn_ce_done = 0; 1305 retval->pdiscard = 0; 1306 1307 /* sctpimpguide-05.txt Section 2.8.2 1308 * M1) Each time a new DATA chunk is transmitted 1309 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1310 * 'TSN.Missing.Report' count will be used to determine missing chunks 1311 * and when to fast retransmit. 1312 */ 1313 retval->tsn_missing_report = 0; 1314 retval->tsn_gap_acked = 0; 1315 retval->fast_retransmit = SCTP_CAN_FRTX; 1316 1317 /* If this is a fragmented message, track all fragments 1318 * of the message (for SEND_FAILED). 1319 */ 1320 retval->msg = NULL; 1321 1322 /* Polish the bead hole. */ 1323 INIT_LIST_HEAD(&retval->transmitted_list); 1324 INIT_LIST_HEAD(&retval->frag_list); 1325 SCTP_DBG_OBJCNT_INC(chunk); 1326 atomic_set(&retval->refcnt, 1); 1327 1328 nodata: 1329 return retval; 1330 } 1331 1332 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1333 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1334 union sctp_addr *dest) 1335 { 1336 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1337 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1338 } 1339 1340 /* Extract the source address from a chunk. */ 1341 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1342 { 1343 /* If we have a known transport, use that. */ 1344 if (chunk->transport) { 1345 return &chunk->transport->ipaddr; 1346 } else { 1347 /* Otherwise, extract it from the IP header. */ 1348 return &chunk->source; 1349 } 1350 } 1351 1352 /* Create a new chunk, setting the type and flags headers from the 1353 * arguments, reserving enough space for a 'paylen' byte payload. 1354 */ 1355 static struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1356 __u8 type, __u8 flags, int paylen) 1357 { 1358 struct sctp_chunk *retval; 1359 sctp_chunkhdr_t *chunk_hdr; 1360 struct sk_buff *skb; 1361 struct sock *sk; 1362 1363 /* No need to allocate LL here, as this is only a chunk. */ 1364 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1365 GFP_ATOMIC); 1366 if (!skb) 1367 goto nodata; 1368 1369 /* Make room for the chunk header. */ 1370 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1371 chunk_hdr->type = type; 1372 chunk_hdr->flags = flags; 1373 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1374 1375 sk = asoc ? asoc->base.sk : NULL; 1376 retval = sctp_chunkify(skb, asoc, sk); 1377 if (!retval) { 1378 kfree_skb(skb); 1379 goto nodata; 1380 } 1381 1382 retval->chunk_hdr = chunk_hdr; 1383 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1384 1385 /* Determine if the chunk needs to be authenticated */ 1386 if (sctp_auth_send_cid(type, asoc)) 1387 retval->auth = 1; 1388 1389 /* Set the skb to the belonging sock for accounting. */ 1390 skb->sk = sk; 1391 1392 return retval; 1393 nodata: 1394 return NULL; 1395 } 1396 1397 1398 /* Release the memory occupied by a chunk. */ 1399 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1400 { 1401 BUG_ON(!list_empty(&chunk->list)); 1402 list_del_init(&chunk->transmitted_list); 1403 1404 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1405 dev_kfree_skb(chunk->skb); 1406 1407 SCTP_DBG_OBJCNT_DEC(chunk); 1408 kmem_cache_free(sctp_chunk_cachep, chunk); 1409 } 1410 1411 /* Possibly, free the chunk. */ 1412 void sctp_chunk_free(struct sctp_chunk *chunk) 1413 { 1414 /* Release our reference on the message tracker. */ 1415 if (chunk->msg) 1416 sctp_datamsg_put(chunk->msg); 1417 1418 sctp_chunk_put(chunk); 1419 } 1420 1421 /* Grab a reference to the chunk. */ 1422 void sctp_chunk_hold(struct sctp_chunk *ch) 1423 { 1424 atomic_inc(&ch->refcnt); 1425 } 1426 1427 /* Release a reference to the chunk. */ 1428 void sctp_chunk_put(struct sctp_chunk *ch) 1429 { 1430 if (atomic_dec_and_test(&ch->refcnt)) 1431 sctp_chunk_destroy(ch); 1432 } 1433 1434 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1435 * enough. 1436 */ 1437 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1438 { 1439 void *target; 1440 void *padding; 1441 int chunklen = ntohs(chunk->chunk_hdr->length); 1442 int padlen = WORD_ROUND(chunklen) - chunklen; 1443 1444 padding = skb_put(chunk->skb, padlen); 1445 target = skb_put(chunk->skb, len); 1446 1447 memset(padding, 0, padlen); 1448 memcpy(target, data, len); 1449 1450 /* Adjust the chunk length field. */ 1451 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1452 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1453 1454 return target; 1455 } 1456 1457 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1458 * space in the chunk 1459 */ 1460 void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1461 int len, const void *data) 1462 { 1463 if (skb_tailroom(chunk->skb) >= len) 1464 return sctp_addto_chunk(chunk, len, data); 1465 else 1466 return NULL; 1467 } 1468 1469 /* Append bytes from user space to the end of a chunk. Will panic if 1470 * chunk is not big enough. 1471 * Returns a kernel err value. 1472 */ 1473 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1474 struct iovec *data) 1475 { 1476 __u8 *target; 1477 int err = 0; 1478 1479 /* Make room in chunk for data. */ 1480 target = skb_put(chunk->skb, len); 1481 1482 /* Copy data (whole iovec) into chunk */ 1483 if ((err = memcpy_fromiovecend(target, data, off, len))) 1484 goto out; 1485 1486 /* Adjust the chunk length field. */ 1487 chunk->chunk_hdr->length = 1488 htons(ntohs(chunk->chunk_hdr->length) + len); 1489 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1490 1491 out: 1492 return err; 1493 } 1494 1495 /* Helper function to assign a TSN if needed. This assumes that both 1496 * the data_hdr and association have already been assigned. 1497 */ 1498 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1499 { 1500 struct sctp_datamsg *msg; 1501 struct sctp_chunk *lchunk; 1502 struct sctp_stream *stream; 1503 __u16 ssn; 1504 __u16 sid; 1505 1506 if (chunk->has_ssn) 1507 return; 1508 1509 /* All fragments will be on the same stream */ 1510 sid = ntohs(chunk->subh.data_hdr->stream); 1511 stream = &chunk->asoc->ssnmap->out; 1512 1513 /* Now assign the sequence number to the entire message. 1514 * All fragments must have the same stream sequence number. 1515 */ 1516 msg = chunk->msg; 1517 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1518 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1519 ssn = 0; 1520 } else { 1521 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1522 ssn = sctp_ssn_next(stream, sid); 1523 else 1524 ssn = sctp_ssn_peek(stream, sid); 1525 } 1526 1527 lchunk->subh.data_hdr->ssn = htons(ssn); 1528 lchunk->has_ssn = 1; 1529 } 1530 } 1531 1532 /* Helper function to assign a TSN if needed. This assumes that both 1533 * the data_hdr and association have already been assigned. 1534 */ 1535 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1536 { 1537 if (!chunk->has_tsn) { 1538 /* This is the last possible instant to 1539 * assign a TSN. 1540 */ 1541 chunk->subh.data_hdr->tsn = 1542 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1543 chunk->has_tsn = 1; 1544 } 1545 } 1546 1547 /* Create a CLOSED association to use with an incoming packet. */ 1548 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1549 struct sctp_chunk *chunk, 1550 gfp_t gfp) 1551 { 1552 struct sctp_association *asoc; 1553 struct sk_buff *skb; 1554 sctp_scope_t scope; 1555 struct sctp_af *af; 1556 1557 /* Create the bare association. */ 1558 scope = sctp_scope(sctp_source(chunk)); 1559 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1560 if (!asoc) 1561 goto nodata; 1562 asoc->temp = 1; 1563 skb = chunk->skb; 1564 /* Create an entry for the source address of the packet. */ 1565 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1566 if (unlikely(!af)) 1567 goto fail; 1568 af->from_skb(&asoc->c.peer_addr, skb, 1); 1569 nodata: 1570 return asoc; 1571 1572 fail: 1573 sctp_association_free(asoc); 1574 return NULL; 1575 } 1576 1577 /* Build a cookie representing asoc. 1578 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1579 */ 1580 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1581 const struct sctp_association *asoc, 1582 const struct sctp_chunk *init_chunk, 1583 int *cookie_len, 1584 const __u8 *raw_addrs, int addrs_len) 1585 { 1586 sctp_cookie_param_t *retval; 1587 struct sctp_signed_cookie *cookie; 1588 struct scatterlist sg; 1589 int headersize, bodysize; 1590 1591 /* Header size is static data prior to the actual cookie, including 1592 * any padding. 1593 */ 1594 headersize = sizeof(sctp_paramhdr_t) + 1595 (sizeof(struct sctp_signed_cookie) - 1596 sizeof(struct sctp_cookie)); 1597 bodysize = sizeof(struct sctp_cookie) 1598 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1599 1600 /* Pad out the cookie to a multiple to make the signature 1601 * functions simpler to write. 1602 */ 1603 if (bodysize % SCTP_COOKIE_MULTIPLE) 1604 bodysize += SCTP_COOKIE_MULTIPLE 1605 - (bodysize % SCTP_COOKIE_MULTIPLE); 1606 *cookie_len = headersize + bodysize; 1607 1608 /* Clear this memory since we are sending this data structure 1609 * out on the network. 1610 */ 1611 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1612 if (!retval) 1613 goto nodata; 1614 1615 cookie = (struct sctp_signed_cookie *) retval->body; 1616 1617 /* Set up the parameter header. */ 1618 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1619 retval->p.length = htons(*cookie_len); 1620 1621 /* Copy the cookie part of the association itself. */ 1622 cookie->c = asoc->c; 1623 /* Save the raw address list length in the cookie. */ 1624 cookie->c.raw_addr_list_len = addrs_len; 1625 1626 /* Remember PR-SCTP capability. */ 1627 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1628 1629 /* Save adaptation indication in the cookie. */ 1630 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1631 1632 /* Set an expiration time for the cookie. */ 1633 do_gettimeofday(&cookie->c.expiration); 1634 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1635 1636 /* Copy the peer's init packet. */ 1637 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1638 ntohs(init_chunk->chunk_hdr->length)); 1639 1640 /* Copy the raw local address list of the association. */ 1641 memcpy((__u8 *)&cookie->c.peer_init[0] + 1642 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1643 1644 if (sctp_sk(ep->base.sk)->hmac) { 1645 struct hash_desc desc; 1646 1647 /* Sign the message. */ 1648 sg_init_one(&sg, &cookie->c, bodysize); 1649 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1650 desc.flags = 0; 1651 1652 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1653 sizeof(ep->secret_key)) || 1654 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1655 goto free_cookie; 1656 } 1657 1658 return retval; 1659 1660 free_cookie: 1661 kfree(retval); 1662 nodata: 1663 *cookie_len = 0; 1664 return NULL; 1665 } 1666 1667 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1668 struct sctp_association *sctp_unpack_cookie( 1669 const struct sctp_endpoint *ep, 1670 const struct sctp_association *asoc, 1671 struct sctp_chunk *chunk, gfp_t gfp, 1672 int *error, struct sctp_chunk **errp) 1673 { 1674 struct sctp_association *retval = NULL; 1675 struct sctp_signed_cookie *cookie; 1676 struct sctp_cookie *bear_cookie; 1677 int headersize, bodysize, fixed_size; 1678 __u8 *digest = ep->digest; 1679 struct scatterlist sg; 1680 unsigned int len; 1681 sctp_scope_t scope; 1682 struct sk_buff *skb = chunk->skb; 1683 struct timeval tv; 1684 struct hash_desc desc; 1685 1686 /* Header size is static data prior to the actual cookie, including 1687 * any padding. 1688 */ 1689 headersize = sizeof(sctp_chunkhdr_t) + 1690 (sizeof(struct sctp_signed_cookie) - 1691 sizeof(struct sctp_cookie)); 1692 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1693 fixed_size = headersize + sizeof(struct sctp_cookie); 1694 1695 /* Verify that the chunk looks like it even has a cookie. 1696 * There must be enough room for our cookie and our peer's 1697 * INIT chunk. 1698 */ 1699 len = ntohs(chunk->chunk_hdr->length); 1700 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1701 goto malformed; 1702 1703 /* Verify that the cookie has been padded out. */ 1704 if (bodysize % SCTP_COOKIE_MULTIPLE) 1705 goto malformed; 1706 1707 /* Process the cookie. */ 1708 cookie = chunk->subh.cookie_hdr; 1709 bear_cookie = &cookie->c; 1710 1711 if (!sctp_sk(ep->base.sk)->hmac) 1712 goto no_hmac; 1713 1714 /* Check the signature. */ 1715 sg_init_one(&sg, bear_cookie, bodysize); 1716 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1717 desc.flags = 0; 1718 1719 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1720 if (crypto_hash_setkey(desc.tfm, ep->secret_key, 1721 sizeof(ep->secret_key)) || 1722 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1723 *error = -SCTP_IERROR_NOMEM; 1724 goto fail; 1725 } 1726 1727 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1728 *error = -SCTP_IERROR_BAD_SIG; 1729 goto fail; 1730 } 1731 1732 no_hmac: 1733 /* IG Section 2.35.2: 1734 * 3) Compare the port numbers and the verification tag contained 1735 * within the COOKIE ECHO chunk to the actual port numbers and the 1736 * verification tag within the SCTP common header of the received 1737 * packet. If these values do not match the packet MUST be silently 1738 * discarded, 1739 */ 1740 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1741 *error = -SCTP_IERROR_BAD_TAG; 1742 goto fail; 1743 } 1744 1745 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1746 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1747 *error = -SCTP_IERROR_BAD_PORTS; 1748 goto fail; 1749 } 1750 1751 /* Check to see if the cookie is stale. If there is already 1752 * an association, there is no need to check cookie's expiration 1753 * for init collision case of lost COOKIE ACK. 1754 * If skb has been timestamped, then use the stamp, otherwise 1755 * use current time. This introduces a small possibility that 1756 * that a cookie may be considered expired, but his would only slow 1757 * down the new association establishment instead of every packet. 1758 */ 1759 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1760 skb_get_timestamp(skb, &tv); 1761 else 1762 do_gettimeofday(&tv); 1763 1764 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1765 /* 1766 * Section 3.3.10.3 Stale Cookie Error (3) 1767 * 1768 * Cause of error 1769 * --------------- 1770 * Stale Cookie Error: Indicates the receipt of a valid State 1771 * Cookie that has expired. 1772 */ 1773 len = ntohs(chunk->chunk_hdr->length); 1774 *errp = sctp_make_op_error_space(asoc, chunk, len); 1775 if (*errp) { 1776 suseconds_t usecs = (tv.tv_sec - 1777 bear_cookie->expiration.tv_sec) * 1000000L + 1778 tv.tv_usec - bear_cookie->expiration.tv_usec; 1779 __be32 n = htonl(usecs); 1780 1781 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1782 sizeof(n)); 1783 sctp_addto_chunk(*errp, sizeof(n), &n); 1784 *error = -SCTP_IERROR_STALE_COOKIE; 1785 } else 1786 *error = -SCTP_IERROR_NOMEM; 1787 1788 goto fail; 1789 } 1790 1791 /* Make a new base association. */ 1792 scope = sctp_scope(sctp_source(chunk)); 1793 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1794 if (!retval) { 1795 *error = -SCTP_IERROR_NOMEM; 1796 goto fail; 1797 } 1798 1799 /* Set up our peer's port number. */ 1800 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1801 1802 /* Populate the association from the cookie. */ 1803 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1804 1805 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1806 GFP_ATOMIC) < 0) { 1807 *error = -SCTP_IERROR_NOMEM; 1808 goto fail; 1809 } 1810 1811 /* Also, add the destination address. */ 1812 if (list_empty(&retval->base.bind_addr.address_list)) { 1813 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1814 SCTP_ADDR_SRC, GFP_ATOMIC); 1815 } 1816 1817 retval->next_tsn = retval->c.initial_tsn; 1818 retval->ctsn_ack_point = retval->next_tsn - 1; 1819 retval->addip_serial = retval->c.initial_tsn; 1820 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1821 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1822 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1823 1824 /* The INIT stuff will be done by the side effects. */ 1825 return retval; 1826 1827 fail: 1828 if (retval) 1829 sctp_association_free(retval); 1830 1831 return NULL; 1832 1833 malformed: 1834 /* Yikes! The packet is either corrupt or deliberately 1835 * malformed. 1836 */ 1837 *error = -SCTP_IERROR_MALFORMED; 1838 goto fail; 1839 } 1840 1841 /******************************************************************** 1842 * 3rd Level Abstractions 1843 ********************************************************************/ 1844 1845 struct __sctp_missing { 1846 __be32 num_missing; 1847 __be16 type; 1848 } __packed; 1849 1850 /* 1851 * Report a missing mandatory parameter. 1852 */ 1853 static int sctp_process_missing_param(const struct sctp_association *asoc, 1854 sctp_param_t paramtype, 1855 struct sctp_chunk *chunk, 1856 struct sctp_chunk **errp) 1857 { 1858 struct __sctp_missing report; 1859 __u16 len; 1860 1861 len = WORD_ROUND(sizeof(report)); 1862 1863 /* Make an ERROR chunk, preparing enough room for 1864 * returning multiple unknown parameters. 1865 */ 1866 if (!*errp) 1867 *errp = sctp_make_op_error_space(asoc, chunk, len); 1868 1869 if (*errp) { 1870 report.num_missing = htonl(1); 1871 report.type = paramtype; 1872 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1873 sizeof(report)); 1874 sctp_addto_chunk(*errp, sizeof(report), &report); 1875 } 1876 1877 /* Stop processing this chunk. */ 1878 return 0; 1879 } 1880 1881 /* Report an Invalid Mandatory Parameter. */ 1882 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1883 struct sctp_chunk *chunk, 1884 struct sctp_chunk **errp) 1885 { 1886 /* Invalid Mandatory Parameter Error has no payload. */ 1887 1888 if (!*errp) 1889 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1890 1891 if (*errp) 1892 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1893 1894 /* Stop processing this chunk. */ 1895 return 0; 1896 } 1897 1898 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1899 struct sctp_paramhdr *param, 1900 const struct sctp_chunk *chunk, 1901 struct sctp_chunk **errp) 1902 { 1903 /* This is a fatal error. Any accumulated non-fatal errors are 1904 * not reported. 1905 */ 1906 if (*errp) 1907 sctp_chunk_free(*errp); 1908 1909 /* Create an error chunk and fill it in with our payload. */ 1910 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1911 1912 return 0; 1913 } 1914 1915 1916 /* Do not attempt to handle the HOST_NAME parm. However, do 1917 * send back an indicator to the peer. 1918 */ 1919 static int sctp_process_hn_param(const struct sctp_association *asoc, 1920 union sctp_params param, 1921 struct sctp_chunk *chunk, 1922 struct sctp_chunk **errp) 1923 { 1924 __u16 len = ntohs(param.p->length); 1925 1926 /* Processing of the HOST_NAME parameter will generate an 1927 * ABORT. If we've accumulated any non-fatal errors, they 1928 * would be unrecognized parameters and we should not include 1929 * them in the ABORT. 1930 */ 1931 if (*errp) 1932 sctp_chunk_free(*errp); 1933 1934 *errp = sctp_make_op_error_space(asoc, chunk, len); 1935 1936 if (*errp) { 1937 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1938 sctp_addto_chunk(*errp, len, param.v); 1939 } 1940 1941 /* Stop processing this chunk. */ 1942 return 0; 1943 } 1944 1945 static int sctp_verify_ext_param(struct net *net, union sctp_params param) 1946 { 1947 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1948 int have_auth = 0; 1949 int have_asconf = 0; 1950 int i; 1951 1952 for (i = 0; i < num_ext; i++) { 1953 switch (param.ext->chunks[i]) { 1954 case SCTP_CID_AUTH: 1955 have_auth = 1; 1956 break; 1957 case SCTP_CID_ASCONF: 1958 case SCTP_CID_ASCONF_ACK: 1959 have_asconf = 1; 1960 break; 1961 } 1962 } 1963 1964 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1965 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1966 * only if ADD-IP is turned on and we are not backward-compatible 1967 * mode. 1968 */ 1969 if (net->sctp.addip_noauth) 1970 return 1; 1971 1972 if (net->sctp.addip_enable && !have_auth && have_asconf) 1973 return 0; 1974 1975 return 1; 1976 } 1977 1978 static void sctp_process_ext_param(struct sctp_association *asoc, 1979 union sctp_params param) 1980 { 1981 struct net *net = sock_net(asoc->base.sk); 1982 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1983 int i; 1984 1985 for (i = 0; i < num_ext; i++) { 1986 switch (param.ext->chunks[i]) { 1987 case SCTP_CID_FWD_TSN: 1988 if (net->sctp.prsctp_enable && 1989 !asoc->peer.prsctp_capable) 1990 asoc->peer.prsctp_capable = 1; 1991 break; 1992 case SCTP_CID_AUTH: 1993 /* if the peer reports AUTH, assume that he 1994 * supports AUTH. 1995 */ 1996 if (net->sctp.auth_enable) 1997 asoc->peer.auth_capable = 1; 1998 break; 1999 case SCTP_CID_ASCONF: 2000 case SCTP_CID_ASCONF_ACK: 2001 if (net->sctp.addip_enable) 2002 asoc->peer.asconf_capable = 1; 2003 break; 2004 default: 2005 break; 2006 } 2007 } 2008 } 2009 2010 /* RFC 3.2.1 & the Implementers Guide 2.2. 2011 * 2012 * The Parameter Types are encoded such that the 2013 * highest-order two bits specify the action that must be 2014 * taken if the processing endpoint does not recognize the 2015 * Parameter Type. 2016 * 2017 * 00 - Stop processing this parameter; do not process any further 2018 * parameters within this chunk 2019 * 2020 * 01 - Stop processing this parameter, do not process any further 2021 * parameters within this chunk, and report the unrecognized 2022 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2023 * 2024 * 10 - Skip this parameter and continue processing. 2025 * 2026 * 11 - Skip this parameter and continue processing but 2027 * report the unrecognized parameter in an 2028 * 'Unrecognized Parameter' ERROR chunk. 2029 * 2030 * Return value: 2031 * SCTP_IERROR_NO_ERROR - continue with the chunk 2032 * SCTP_IERROR_ERROR - stop and report an error. 2033 * SCTP_IERROR_NOMEME - out of memory. 2034 */ 2035 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2036 union sctp_params param, 2037 struct sctp_chunk *chunk, 2038 struct sctp_chunk **errp) 2039 { 2040 int retval = SCTP_IERROR_NO_ERROR; 2041 2042 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2043 case SCTP_PARAM_ACTION_DISCARD: 2044 retval = SCTP_IERROR_ERROR; 2045 break; 2046 case SCTP_PARAM_ACTION_SKIP: 2047 break; 2048 case SCTP_PARAM_ACTION_DISCARD_ERR: 2049 retval = SCTP_IERROR_ERROR; 2050 /* Fall through */ 2051 case SCTP_PARAM_ACTION_SKIP_ERR: 2052 /* Make an ERROR chunk, preparing enough room for 2053 * returning multiple unknown parameters. 2054 */ 2055 if (NULL == *errp) 2056 *errp = sctp_make_op_error_fixed(asoc, chunk); 2057 2058 if (*errp) { 2059 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2060 WORD_ROUND(ntohs(param.p->length)))) 2061 sctp_addto_chunk_fixed(*errp, 2062 WORD_ROUND(ntohs(param.p->length)), 2063 param.v); 2064 } else { 2065 /* If there is no memory for generating the ERROR 2066 * report as specified, an ABORT will be triggered 2067 * to the peer and the association won't be 2068 * established. 2069 */ 2070 retval = SCTP_IERROR_NOMEM; 2071 } 2072 break; 2073 default: 2074 break; 2075 } 2076 2077 return retval; 2078 } 2079 2080 /* Verify variable length parameters 2081 * Return values: 2082 * SCTP_IERROR_ABORT - trigger an ABORT 2083 * SCTP_IERROR_NOMEM - out of memory (abort) 2084 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2085 * SCTP_IERROR_NO_ERROR - continue with the chunk 2086 */ 2087 static sctp_ierror_t sctp_verify_param(struct net *net, 2088 const struct sctp_association *asoc, 2089 union sctp_params param, 2090 sctp_cid_t cid, 2091 struct sctp_chunk *chunk, 2092 struct sctp_chunk **err_chunk) 2093 { 2094 struct sctp_hmac_algo_param *hmacs; 2095 int retval = SCTP_IERROR_NO_ERROR; 2096 __u16 n_elt, id = 0; 2097 int i; 2098 2099 /* FIXME - This routine is not looking at each parameter per the 2100 * chunk type, i.e., unrecognized parameters should be further 2101 * identified based on the chunk id. 2102 */ 2103 2104 switch (param.p->type) { 2105 case SCTP_PARAM_IPV4_ADDRESS: 2106 case SCTP_PARAM_IPV6_ADDRESS: 2107 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2108 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2109 case SCTP_PARAM_STATE_COOKIE: 2110 case SCTP_PARAM_HEARTBEAT_INFO: 2111 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2112 case SCTP_PARAM_ECN_CAPABLE: 2113 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2114 break; 2115 2116 case SCTP_PARAM_SUPPORTED_EXT: 2117 if (!sctp_verify_ext_param(net, param)) 2118 return SCTP_IERROR_ABORT; 2119 break; 2120 2121 case SCTP_PARAM_SET_PRIMARY: 2122 if (net->sctp.addip_enable) 2123 break; 2124 goto fallthrough; 2125 2126 case SCTP_PARAM_HOST_NAME_ADDRESS: 2127 /* Tell the peer, we won't support this param. */ 2128 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2129 retval = SCTP_IERROR_ABORT; 2130 break; 2131 2132 case SCTP_PARAM_FWD_TSN_SUPPORT: 2133 if (net->sctp.prsctp_enable) 2134 break; 2135 goto fallthrough; 2136 2137 case SCTP_PARAM_RANDOM: 2138 if (!net->sctp.auth_enable) 2139 goto fallthrough; 2140 2141 /* SCTP-AUTH: Secion 6.1 2142 * If the random number is not 32 byte long the association 2143 * MUST be aborted. The ABORT chunk SHOULD contain the error 2144 * cause 'Protocol Violation'. 2145 */ 2146 if (SCTP_AUTH_RANDOM_LENGTH != 2147 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2148 sctp_process_inv_paramlength(asoc, param.p, 2149 chunk, err_chunk); 2150 retval = SCTP_IERROR_ABORT; 2151 } 2152 break; 2153 2154 case SCTP_PARAM_CHUNKS: 2155 if (!net->sctp.auth_enable) 2156 goto fallthrough; 2157 2158 /* SCTP-AUTH: Section 3.2 2159 * The CHUNKS parameter MUST be included once in the INIT or 2160 * INIT-ACK chunk if the sender wants to receive authenticated 2161 * chunks. Its maximum length is 260 bytes. 2162 */ 2163 if (260 < ntohs(param.p->length)) { 2164 sctp_process_inv_paramlength(asoc, param.p, 2165 chunk, err_chunk); 2166 retval = SCTP_IERROR_ABORT; 2167 } 2168 break; 2169 2170 case SCTP_PARAM_HMAC_ALGO: 2171 if (!net->sctp.auth_enable) 2172 goto fallthrough; 2173 2174 hmacs = (struct sctp_hmac_algo_param *)param.p; 2175 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2176 2177 /* SCTP-AUTH: Section 6.1 2178 * The HMAC algorithm based on SHA-1 MUST be supported and 2179 * included in the HMAC-ALGO parameter. 2180 */ 2181 for (i = 0; i < n_elt; i++) { 2182 id = ntohs(hmacs->hmac_ids[i]); 2183 2184 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2185 break; 2186 } 2187 2188 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2189 sctp_process_inv_paramlength(asoc, param.p, chunk, 2190 err_chunk); 2191 retval = SCTP_IERROR_ABORT; 2192 } 2193 break; 2194 fallthrough: 2195 default: 2196 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2197 ntohs(param.p->type), cid); 2198 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2199 break; 2200 } 2201 return retval; 2202 } 2203 2204 /* Verify the INIT packet before we process it. */ 2205 int sctp_verify_init(struct net *net, const struct sctp_association *asoc, 2206 sctp_cid_t cid, 2207 sctp_init_chunk_t *peer_init, 2208 struct sctp_chunk *chunk, 2209 struct sctp_chunk **errp) 2210 { 2211 union sctp_params param; 2212 int has_cookie = 0; 2213 int result; 2214 2215 /* Verify stream values are non-zero. */ 2216 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2217 (0 == peer_init->init_hdr.num_inbound_streams) || 2218 (0 == peer_init->init_hdr.init_tag) || 2219 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2220 2221 return sctp_process_inv_mandatory(asoc, chunk, errp); 2222 } 2223 2224 /* Check for missing mandatory parameters. */ 2225 sctp_walk_params(param, peer_init, init_hdr.params) { 2226 2227 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2228 has_cookie = 1; 2229 2230 } /* for (loop through all parameters) */ 2231 2232 /* There is a possibility that a parameter length was bad and 2233 * in that case we would have stoped walking the parameters. 2234 * The current param.p would point at the bad one. 2235 * Current consensus on the mailing list is to generate a PROTOCOL 2236 * VIOLATION error. We build the ERROR chunk here and let the normal 2237 * error handling code build and send the packet. 2238 */ 2239 if (param.v != (void*)chunk->chunk_end) 2240 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2241 2242 /* The only missing mandatory param possible today is 2243 * the state cookie for an INIT-ACK chunk. 2244 */ 2245 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2246 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2247 chunk, errp); 2248 2249 /* Verify all the variable length parameters */ 2250 sctp_walk_params(param, peer_init, init_hdr.params) { 2251 2252 result = sctp_verify_param(net, asoc, param, cid, chunk, errp); 2253 switch (result) { 2254 case SCTP_IERROR_ABORT: 2255 case SCTP_IERROR_NOMEM: 2256 return 0; 2257 case SCTP_IERROR_ERROR: 2258 return 1; 2259 case SCTP_IERROR_NO_ERROR: 2260 default: 2261 break; 2262 } 2263 2264 } /* for (loop through all parameters) */ 2265 2266 return 1; 2267 } 2268 2269 /* Unpack the parameters in an INIT packet into an association. 2270 * Returns 0 on failure, else success. 2271 * FIXME: This is an association method. 2272 */ 2273 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2274 const union sctp_addr *peer_addr, 2275 sctp_init_chunk_t *peer_init, gfp_t gfp) 2276 { 2277 struct net *net = sock_net(asoc->base.sk); 2278 union sctp_params param; 2279 struct sctp_transport *transport; 2280 struct list_head *pos, *temp; 2281 struct sctp_af *af; 2282 union sctp_addr addr; 2283 char *cookie; 2284 int src_match = 0; 2285 2286 /* We must include the address that the INIT packet came from. 2287 * This is the only address that matters for an INIT packet. 2288 * When processing a COOKIE ECHO, we retrieve the from address 2289 * of the INIT from the cookie. 2290 */ 2291 2292 /* This implementation defaults to making the first transport 2293 * added as the primary transport. The source address seems to 2294 * be a a better choice than any of the embedded addresses. 2295 */ 2296 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2297 goto nomem; 2298 2299 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2300 src_match = 1; 2301 2302 /* Process the initialization parameters. */ 2303 sctp_walk_params(param, peer_init, init_hdr.params) { 2304 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2305 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2306 af = sctp_get_af_specific(param_type2af(param.p->type)); 2307 af->from_addr_param(&addr, param.addr, 2308 chunk->sctp_hdr->source, 0); 2309 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2310 src_match = 1; 2311 } 2312 2313 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2314 goto clean_up; 2315 } 2316 2317 /* source address of chunk may not match any valid address */ 2318 if (!src_match) 2319 goto clean_up; 2320 2321 /* AUTH: After processing the parameters, make sure that we 2322 * have all the required info to potentially do authentications. 2323 */ 2324 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2325 !asoc->peer.peer_hmacs)) 2326 asoc->peer.auth_capable = 0; 2327 2328 /* In a non-backward compatible mode, if the peer claims 2329 * support for ADD-IP but not AUTH, the ADD-IP spec states 2330 * that we MUST ABORT the association. Section 6. The section 2331 * also give us an option to silently ignore the packet, which 2332 * is what we'll do here. 2333 */ 2334 if (!net->sctp.addip_noauth && 2335 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2336 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2337 SCTP_PARAM_DEL_IP | 2338 SCTP_PARAM_SET_PRIMARY); 2339 asoc->peer.asconf_capable = 0; 2340 goto clean_up; 2341 } 2342 2343 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2344 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2345 transport = list_entry(pos, struct sctp_transport, transports); 2346 if (transport->state == SCTP_UNKNOWN) { 2347 sctp_assoc_rm_peer(asoc, transport); 2348 } 2349 } 2350 2351 /* The fixed INIT headers are always in network byte 2352 * order. 2353 */ 2354 asoc->peer.i.init_tag = 2355 ntohl(peer_init->init_hdr.init_tag); 2356 asoc->peer.i.a_rwnd = 2357 ntohl(peer_init->init_hdr.a_rwnd); 2358 asoc->peer.i.num_outbound_streams = 2359 ntohs(peer_init->init_hdr.num_outbound_streams); 2360 asoc->peer.i.num_inbound_streams = 2361 ntohs(peer_init->init_hdr.num_inbound_streams); 2362 asoc->peer.i.initial_tsn = 2363 ntohl(peer_init->init_hdr.initial_tsn); 2364 2365 /* Apply the upper bounds for output streams based on peer's 2366 * number of inbound streams. 2367 */ 2368 if (asoc->c.sinit_num_ostreams > 2369 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2370 asoc->c.sinit_num_ostreams = 2371 ntohs(peer_init->init_hdr.num_inbound_streams); 2372 } 2373 2374 if (asoc->c.sinit_max_instreams > 2375 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2376 asoc->c.sinit_max_instreams = 2377 ntohs(peer_init->init_hdr.num_outbound_streams); 2378 } 2379 2380 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2381 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2382 2383 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2384 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2385 2386 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2387 cookie = asoc->peer.cookie; 2388 if (cookie) { 2389 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2390 if (!asoc->peer.cookie) 2391 goto clean_up; 2392 } 2393 2394 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2395 * high (for example, implementations MAY use the size of the receiver 2396 * advertised window). 2397 */ 2398 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2399 transports) { 2400 transport->ssthresh = asoc->peer.i.a_rwnd; 2401 } 2402 2403 /* Set up the TSN tracking pieces. */ 2404 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2405 asoc->peer.i.initial_tsn, gfp)) 2406 goto clean_up; 2407 2408 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2409 * 2410 * The stream sequence number in all the streams shall start 2411 * from 0 when the association is established. Also, when the 2412 * stream sequence number reaches the value 65535 the next 2413 * stream sequence number shall be set to 0. 2414 */ 2415 2416 /* Allocate storage for the negotiated streams if it is not a temporary 2417 * association. 2418 */ 2419 if (!asoc->temp) { 2420 int error; 2421 2422 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2423 asoc->c.sinit_num_ostreams, gfp); 2424 if (!asoc->ssnmap) 2425 goto clean_up; 2426 2427 error = sctp_assoc_set_id(asoc, gfp); 2428 if (error) 2429 goto clean_up; 2430 } 2431 2432 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2433 * 2434 * When an endpoint has an ASCONF signaled change to be sent to the 2435 * remote endpoint it should do the following: 2436 * ... 2437 * A2) A serial number should be assigned to the Chunk. The serial 2438 * number should be a monotonically increasing number. All serial 2439 * numbers are defined to be initialized at the start of the 2440 * association to the same value as the Initial TSN. 2441 */ 2442 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2443 return 1; 2444 2445 clean_up: 2446 /* Release the transport structures. */ 2447 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2448 transport = list_entry(pos, struct sctp_transport, transports); 2449 if (transport->state != SCTP_ACTIVE) 2450 sctp_assoc_rm_peer(asoc, transport); 2451 } 2452 2453 nomem: 2454 return 0; 2455 } 2456 2457 2458 /* Update asoc with the option described in param. 2459 * 2460 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2461 * 2462 * asoc is the association to update. 2463 * param is the variable length parameter to use for update. 2464 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2465 * If the current packet is an INIT we want to minimize the amount of 2466 * work we do. In particular, we should not build transport 2467 * structures for the addresses. 2468 */ 2469 static int sctp_process_param(struct sctp_association *asoc, 2470 union sctp_params param, 2471 const union sctp_addr *peer_addr, 2472 gfp_t gfp) 2473 { 2474 struct net *net = sock_net(asoc->base.sk); 2475 union sctp_addr addr; 2476 int i; 2477 __u16 sat; 2478 int retval = 1; 2479 sctp_scope_t scope; 2480 time_t stale; 2481 struct sctp_af *af; 2482 union sctp_addr_param *addr_param; 2483 struct sctp_transport *t; 2484 2485 /* We maintain all INIT parameters in network byte order all the 2486 * time. This allows us to not worry about whether the parameters 2487 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2488 */ 2489 switch (param.p->type) { 2490 case SCTP_PARAM_IPV6_ADDRESS: 2491 if (PF_INET6 != asoc->base.sk->sk_family) 2492 break; 2493 goto do_addr_param; 2494 2495 case SCTP_PARAM_IPV4_ADDRESS: 2496 /* v4 addresses are not allowed on v6-only socket */ 2497 if (ipv6_only_sock(asoc->base.sk)) 2498 break; 2499 do_addr_param: 2500 af = sctp_get_af_specific(param_type2af(param.p->type)); 2501 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2502 scope = sctp_scope(peer_addr); 2503 if (sctp_in_scope(net, &addr, scope)) 2504 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2505 return 0; 2506 break; 2507 2508 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2509 if (!net->sctp.cookie_preserve_enable) 2510 break; 2511 2512 stale = ntohl(param.life->lifespan_increment); 2513 2514 /* Suggested Cookie Life span increment's unit is msec, 2515 * (1/1000sec). 2516 */ 2517 asoc->cookie_life.tv_sec += stale / 1000; 2518 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2519 break; 2520 2521 case SCTP_PARAM_HOST_NAME_ADDRESS: 2522 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2523 break; 2524 2525 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2526 /* Turn off the default values first so we'll know which 2527 * ones are really set by the peer. 2528 */ 2529 asoc->peer.ipv4_address = 0; 2530 asoc->peer.ipv6_address = 0; 2531 2532 /* Assume that peer supports the address family 2533 * by which it sends a packet. 2534 */ 2535 if (peer_addr->sa.sa_family == AF_INET6) 2536 asoc->peer.ipv6_address = 1; 2537 else if (peer_addr->sa.sa_family == AF_INET) 2538 asoc->peer.ipv4_address = 1; 2539 2540 /* Cycle through address types; avoid divide by 0. */ 2541 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2542 if (sat) 2543 sat /= sizeof(__u16); 2544 2545 for (i = 0; i < sat; ++i) { 2546 switch (param.sat->types[i]) { 2547 case SCTP_PARAM_IPV4_ADDRESS: 2548 asoc->peer.ipv4_address = 1; 2549 break; 2550 2551 case SCTP_PARAM_IPV6_ADDRESS: 2552 if (PF_INET6 == asoc->base.sk->sk_family) 2553 asoc->peer.ipv6_address = 1; 2554 break; 2555 2556 case SCTP_PARAM_HOST_NAME_ADDRESS: 2557 asoc->peer.hostname_address = 1; 2558 break; 2559 2560 default: /* Just ignore anything else. */ 2561 break; 2562 } 2563 } 2564 break; 2565 2566 case SCTP_PARAM_STATE_COOKIE: 2567 asoc->peer.cookie_len = 2568 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2569 asoc->peer.cookie = param.cookie->body; 2570 break; 2571 2572 case SCTP_PARAM_HEARTBEAT_INFO: 2573 /* Would be odd to receive, but it causes no problems. */ 2574 break; 2575 2576 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2577 /* Rejected during verify stage. */ 2578 break; 2579 2580 case SCTP_PARAM_ECN_CAPABLE: 2581 asoc->peer.ecn_capable = 1; 2582 break; 2583 2584 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2585 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2586 break; 2587 2588 case SCTP_PARAM_SET_PRIMARY: 2589 if (!net->sctp.addip_enable) 2590 goto fall_through; 2591 2592 addr_param = param.v + sizeof(sctp_addip_param_t); 2593 2594 af = sctp_get_af_specific(param_type2af(param.p->type)); 2595 af->from_addr_param(&addr, addr_param, 2596 htons(asoc->peer.port), 0); 2597 2598 /* if the address is invalid, we can't process it. 2599 * XXX: see spec for what to do. 2600 */ 2601 if (!af->addr_valid(&addr, NULL, NULL)) 2602 break; 2603 2604 t = sctp_assoc_lookup_paddr(asoc, &addr); 2605 if (!t) 2606 break; 2607 2608 sctp_assoc_set_primary(asoc, t); 2609 break; 2610 2611 case SCTP_PARAM_SUPPORTED_EXT: 2612 sctp_process_ext_param(asoc, param); 2613 break; 2614 2615 case SCTP_PARAM_FWD_TSN_SUPPORT: 2616 if (net->sctp.prsctp_enable) { 2617 asoc->peer.prsctp_capable = 1; 2618 break; 2619 } 2620 /* Fall Through */ 2621 goto fall_through; 2622 2623 case SCTP_PARAM_RANDOM: 2624 if (!net->sctp.auth_enable) 2625 goto fall_through; 2626 2627 /* Save peer's random parameter */ 2628 asoc->peer.peer_random = kmemdup(param.p, 2629 ntohs(param.p->length), gfp); 2630 if (!asoc->peer.peer_random) { 2631 retval = 0; 2632 break; 2633 } 2634 break; 2635 2636 case SCTP_PARAM_HMAC_ALGO: 2637 if (!net->sctp.auth_enable) 2638 goto fall_through; 2639 2640 /* Save peer's HMAC list */ 2641 asoc->peer.peer_hmacs = kmemdup(param.p, 2642 ntohs(param.p->length), gfp); 2643 if (!asoc->peer.peer_hmacs) { 2644 retval = 0; 2645 break; 2646 } 2647 2648 /* Set the default HMAC the peer requested*/ 2649 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2650 break; 2651 2652 case SCTP_PARAM_CHUNKS: 2653 if (!net->sctp.auth_enable) 2654 goto fall_through; 2655 2656 asoc->peer.peer_chunks = kmemdup(param.p, 2657 ntohs(param.p->length), gfp); 2658 if (!asoc->peer.peer_chunks) 2659 retval = 0; 2660 break; 2661 fall_through: 2662 default: 2663 /* Any unrecognized parameters should have been caught 2664 * and handled by sctp_verify_param() which should be 2665 * called prior to this routine. Simply log the error 2666 * here. 2667 */ 2668 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2669 ntohs(param.p->type), asoc); 2670 break; 2671 } 2672 2673 return retval; 2674 } 2675 2676 /* Select a new verification tag. */ 2677 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2678 { 2679 /* I believe that this random number generator complies with RFC1750. 2680 * A tag of 0 is reserved for special cases (e.g. INIT). 2681 */ 2682 __u32 x; 2683 2684 do { 2685 get_random_bytes(&x, sizeof(__u32)); 2686 } while (x == 0); 2687 2688 return x; 2689 } 2690 2691 /* Select an initial TSN to send during startup. */ 2692 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2693 { 2694 __u32 retval; 2695 2696 get_random_bytes(&retval, sizeof(__u32)); 2697 return retval; 2698 } 2699 2700 /* 2701 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2702 * 0 1 2 3 2703 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2704 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2705 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2706 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2707 * | Serial Number | 2708 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2709 * | Address Parameter | 2710 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2711 * | ASCONF Parameter #1 | 2712 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2713 * \ \ 2714 * / .... / 2715 * \ \ 2716 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2717 * | ASCONF Parameter #N | 2718 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2719 * 2720 * Address Parameter and other parameter will not be wrapped in this function 2721 */ 2722 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2723 union sctp_addr *addr, 2724 int vparam_len) 2725 { 2726 sctp_addiphdr_t asconf; 2727 struct sctp_chunk *retval; 2728 int length = sizeof(asconf) + vparam_len; 2729 union sctp_addr_param addrparam; 2730 int addrlen; 2731 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2732 2733 addrlen = af->to_addr_param(addr, &addrparam); 2734 if (!addrlen) 2735 return NULL; 2736 length += addrlen; 2737 2738 /* Create the chunk. */ 2739 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2740 if (!retval) 2741 return NULL; 2742 2743 asconf.serial = htonl(asoc->addip_serial++); 2744 2745 retval->subh.addip_hdr = 2746 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2747 retval->param_hdr.v = 2748 sctp_addto_chunk(retval, addrlen, &addrparam); 2749 2750 return retval; 2751 } 2752 2753 /* ADDIP 2754 * 3.2.1 Add IP Address 2755 * 0 1 2 3 2756 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2757 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2758 * | Type = 0xC001 | Length = Variable | 2759 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2760 * | ASCONF-Request Correlation ID | 2761 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2762 * | Address Parameter | 2763 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2764 * 2765 * 3.2.2 Delete IP Address 2766 * 0 1 2 3 2767 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2768 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2769 * | Type = 0xC002 | Length = Variable | 2770 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2771 * | ASCONF-Request Correlation ID | 2772 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2773 * | Address Parameter | 2774 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2775 * 2776 */ 2777 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2778 union sctp_addr *laddr, 2779 struct sockaddr *addrs, 2780 int addrcnt, 2781 __be16 flags) 2782 { 2783 sctp_addip_param_t param; 2784 struct sctp_chunk *retval; 2785 union sctp_addr_param addr_param; 2786 union sctp_addr *addr; 2787 void *addr_buf; 2788 struct sctp_af *af; 2789 int paramlen = sizeof(param); 2790 int addr_param_len = 0; 2791 int totallen = 0; 2792 int i; 2793 int del_pickup = 0; 2794 2795 /* Get total length of all the address parameters. */ 2796 addr_buf = addrs; 2797 for (i = 0; i < addrcnt; i++) { 2798 addr = addr_buf; 2799 af = sctp_get_af_specific(addr->v4.sin_family); 2800 addr_param_len = af->to_addr_param(addr, &addr_param); 2801 2802 totallen += paramlen; 2803 totallen += addr_param_len; 2804 2805 addr_buf += af->sockaddr_len; 2806 if (asoc->asconf_addr_del_pending && !del_pickup) { 2807 /* reuse the parameter length from the same scope one */ 2808 totallen += paramlen; 2809 totallen += addr_param_len; 2810 del_pickup = 1; 2811 SCTP_DEBUG_PRINTK("mkasconf_update_ip: picked same-scope del_pending addr, totallen for all addresses is %d\n", totallen); 2812 } 2813 } 2814 2815 /* Create an asconf chunk with the required length. */ 2816 retval = sctp_make_asconf(asoc, laddr, totallen); 2817 if (!retval) 2818 return NULL; 2819 2820 /* Add the address parameters to the asconf chunk. */ 2821 addr_buf = addrs; 2822 for (i = 0; i < addrcnt; i++) { 2823 addr = addr_buf; 2824 af = sctp_get_af_specific(addr->v4.sin_family); 2825 addr_param_len = af->to_addr_param(addr, &addr_param); 2826 param.param_hdr.type = flags; 2827 param.param_hdr.length = htons(paramlen + addr_param_len); 2828 param.crr_id = i; 2829 2830 sctp_addto_chunk(retval, paramlen, ¶m); 2831 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2832 2833 addr_buf += af->sockaddr_len; 2834 } 2835 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2836 addr = asoc->asconf_addr_del_pending; 2837 af = sctp_get_af_specific(addr->v4.sin_family); 2838 addr_param_len = af->to_addr_param(addr, &addr_param); 2839 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2840 param.param_hdr.length = htons(paramlen + addr_param_len); 2841 param.crr_id = i; 2842 2843 sctp_addto_chunk(retval, paramlen, ¶m); 2844 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2845 } 2846 return retval; 2847 } 2848 2849 /* ADDIP 2850 * 3.2.4 Set Primary IP Address 2851 * 0 1 2 3 2852 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2853 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2854 * | Type =0xC004 | Length = Variable | 2855 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2856 * | ASCONF-Request Correlation ID | 2857 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2858 * | Address Parameter | 2859 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2860 * 2861 * Create an ASCONF chunk with Set Primary IP address parameter. 2862 */ 2863 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2864 union sctp_addr *addr) 2865 { 2866 sctp_addip_param_t param; 2867 struct sctp_chunk *retval; 2868 int len = sizeof(param); 2869 union sctp_addr_param addrparam; 2870 int addrlen; 2871 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2872 2873 addrlen = af->to_addr_param(addr, &addrparam); 2874 if (!addrlen) 2875 return NULL; 2876 len += addrlen; 2877 2878 /* Create the chunk and make asconf header. */ 2879 retval = sctp_make_asconf(asoc, addr, len); 2880 if (!retval) 2881 return NULL; 2882 2883 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2884 param.param_hdr.length = htons(len); 2885 param.crr_id = 0; 2886 2887 sctp_addto_chunk(retval, sizeof(param), ¶m); 2888 sctp_addto_chunk(retval, addrlen, &addrparam); 2889 2890 return retval; 2891 } 2892 2893 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2894 * 0 1 2 3 2895 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2896 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2897 * | Type = 0x80 | Chunk Flags | Chunk Length | 2898 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2899 * | Serial Number | 2900 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2901 * | ASCONF Parameter Response#1 | 2902 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2903 * \ \ 2904 * / .... / 2905 * \ \ 2906 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2907 * | ASCONF Parameter Response#N | 2908 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2909 * 2910 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2911 */ 2912 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2913 __u32 serial, int vparam_len) 2914 { 2915 sctp_addiphdr_t asconf; 2916 struct sctp_chunk *retval; 2917 int length = sizeof(asconf) + vparam_len; 2918 2919 /* Create the chunk. */ 2920 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2921 if (!retval) 2922 return NULL; 2923 2924 asconf.serial = htonl(serial); 2925 2926 retval->subh.addip_hdr = 2927 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2928 2929 return retval; 2930 } 2931 2932 /* Add response parameters to an ASCONF_ACK chunk. */ 2933 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2934 __be16 err_code, sctp_addip_param_t *asconf_param) 2935 { 2936 sctp_addip_param_t ack_param; 2937 sctp_errhdr_t err_param; 2938 int asconf_param_len = 0; 2939 int err_param_len = 0; 2940 __be16 response_type; 2941 2942 if (SCTP_ERROR_NO_ERROR == err_code) { 2943 response_type = SCTP_PARAM_SUCCESS_REPORT; 2944 } else { 2945 response_type = SCTP_PARAM_ERR_CAUSE; 2946 err_param_len = sizeof(err_param); 2947 if (asconf_param) 2948 asconf_param_len = 2949 ntohs(asconf_param->param_hdr.length); 2950 } 2951 2952 /* Add Success Indication or Error Cause Indication parameter. */ 2953 ack_param.param_hdr.type = response_type; 2954 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2955 err_param_len + 2956 asconf_param_len); 2957 ack_param.crr_id = crr_id; 2958 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2959 2960 if (SCTP_ERROR_NO_ERROR == err_code) 2961 return; 2962 2963 /* Add Error Cause parameter. */ 2964 err_param.cause = err_code; 2965 err_param.length = htons(err_param_len + asconf_param_len); 2966 sctp_addto_chunk(chunk, err_param_len, &err_param); 2967 2968 /* Add the failed TLV copied from ASCONF chunk. */ 2969 if (asconf_param) 2970 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2971 } 2972 2973 /* Process a asconf parameter. */ 2974 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2975 struct sctp_chunk *asconf, 2976 sctp_addip_param_t *asconf_param) 2977 { 2978 struct sctp_transport *peer; 2979 struct sctp_af *af; 2980 union sctp_addr addr; 2981 union sctp_addr_param *addr_param; 2982 2983 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 2984 2985 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 2986 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 2987 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 2988 return SCTP_ERROR_UNKNOWN_PARAM; 2989 2990 switch (addr_param->p.type) { 2991 case SCTP_PARAM_IPV6_ADDRESS: 2992 if (!asoc->peer.ipv6_address) 2993 return SCTP_ERROR_DNS_FAILED; 2994 break; 2995 case SCTP_PARAM_IPV4_ADDRESS: 2996 if (!asoc->peer.ipv4_address) 2997 return SCTP_ERROR_DNS_FAILED; 2998 break; 2999 default: 3000 return SCTP_ERROR_DNS_FAILED; 3001 } 3002 3003 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3004 if (unlikely(!af)) 3005 return SCTP_ERROR_DNS_FAILED; 3006 3007 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 3008 3009 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3010 * or multicast address. 3011 * (note: wildcard is permitted and requires special handling so 3012 * make sure we check for that) 3013 */ 3014 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3015 return SCTP_ERROR_DNS_FAILED; 3016 3017 switch (asconf_param->param_hdr.type) { 3018 case SCTP_PARAM_ADD_IP: 3019 /* Section 4.2.1: 3020 * If the address 0.0.0.0 or ::0 is provided, the source 3021 * address of the packet MUST be added. 3022 */ 3023 if (af->is_any(&addr)) 3024 memcpy(&addr, &asconf->source, sizeof(addr)); 3025 3026 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3027 * request and does not have the local resources to add this 3028 * new address to the association, it MUST return an Error 3029 * Cause TLV set to the new error code 'Operation Refused 3030 * Due to Resource Shortage'. 3031 */ 3032 3033 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3034 if (!peer) 3035 return SCTP_ERROR_RSRC_LOW; 3036 3037 /* Start the heartbeat timer. */ 3038 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 3039 sctp_transport_hold(peer); 3040 asoc->new_transport = peer; 3041 break; 3042 case SCTP_PARAM_DEL_IP: 3043 /* ADDIP 4.3 D7) If a request is received to delete the 3044 * last remaining IP address of a peer endpoint, the receiver 3045 * MUST send an Error Cause TLV with the error cause set to the 3046 * new error code 'Request to Delete Last Remaining IP Address'. 3047 */ 3048 if (asoc->peer.transport_count == 1) 3049 return SCTP_ERROR_DEL_LAST_IP; 3050 3051 /* ADDIP 4.3 D8) If a request is received to delete an IP 3052 * address which is also the source address of the IP packet 3053 * which contained the ASCONF chunk, the receiver MUST reject 3054 * this request. To reject the request the receiver MUST send 3055 * an Error Cause TLV set to the new error code 'Request to 3056 * Delete Source IP Address' 3057 */ 3058 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3059 return SCTP_ERROR_DEL_SRC_IP; 3060 3061 /* Section 4.2.2 3062 * If the address 0.0.0.0 or ::0 is provided, all 3063 * addresses of the peer except the source address of the 3064 * packet MUST be deleted. 3065 */ 3066 if (af->is_any(&addr)) { 3067 sctp_assoc_set_primary(asoc, asconf->transport); 3068 sctp_assoc_del_nonprimary_peers(asoc, 3069 asconf->transport); 3070 } else 3071 sctp_assoc_del_peer(asoc, &addr); 3072 break; 3073 case SCTP_PARAM_SET_PRIMARY: 3074 /* ADDIP Section 4.2.4 3075 * If the address 0.0.0.0 or ::0 is provided, the receiver 3076 * MAY mark the source address of the packet as its 3077 * primary. 3078 */ 3079 if (af->is_any(&addr)) 3080 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3081 3082 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3083 if (!peer) 3084 return SCTP_ERROR_DNS_FAILED; 3085 3086 sctp_assoc_set_primary(asoc, peer); 3087 break; 3088 } 3089 3090 return SCTP_ERROR_NO_ERROR; 3091 } 3092 3093 /* Verify the ASCONF packet before we process it. */ 3094 int sctp_verify_asconf(const struct sctp_association *asoc, 3095 struct sctp_paramhdr *param_hdr, void *chunk_end, 3096 struct sctp_paramhdr **errp) { 3097 sctp_addip_param_t *asconf_param; 3098 union sctp_params param; 3099 int length, plen; 3100 3101 param.v = (sctp_paramhdr_t *) param_hdr; 3102 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3103 length = ntohs(param.p->length); 3104 *errp = param.p; 3105 3106 if (param.v > chunk_end - length || 3107 length < sizeof(sctp_paramhdr_t)) 3108 return 0; 3109 3110 switch (param.p->type) { 3111 case SCTP_PARAM_ADD_IP: 3112 case SCTP_PARAM_DEL_IP: 3113 case SCTP_PARAM_SET_PRIMARY: 3114 asconf_param = (sctp_addip_param_t *)param.v; 3115 plen = ntohs(asconf_param->param_hdr.length); 3116 if (plen < sizeof(sctp_addip_param_t) + 3117 sizeof(sctp_paramhdr_t)) 3118 return 0; 3119 break; 3120 case SCTP_PARAM_SUCCESS_REPORT: 3121 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3122 if (length != sizeof(sctp_addip_param_t)) 3123 return 0; 3124 3125 break; 3126 default: 3127 break; 3128 } 3129 3130 param.v += WORD_ROUND(length); 3131 } 3132 3133 if (param.v != chunk_end) 3134 return 0; 3135 3136 return 1; 3137 } 3138 3139 /* Process an incoming ASCONF chunk with the next expected serial no. and 3140 * return an ASCONF_ACK chunk to be sent in response. 3141 */ 3142 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3143 struct sctp_chunk *asconf) 3144 { 3145 sctp_addiphdr_t *hdr; 3146 union sctp_addr_param *addr_param; 3147 sctp_addip_param_t *asconf_param; 3148 struct sctp_chunk *asconf_ack; 3149 3150 __be16 err_code; 3151 int length = 0; 3152 int chunk_len; 3153 __u32 serial; 3154 int all_param_pass = 1; 3155 3156 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3157 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3158 serial = ntohl(hdr->serial); 3159 3160 /* Skip the addiphdr and store a pointer to address parameter. */ 3161 length = sizeof(sctp_addiphdr_t); 3162 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3163 chunk_len -= length; 3164 3165 /* Skip the address parameter and store a pointer to the first 3166 * asconf parameter. 3167 */ 3168 length = ntohs(addr_param->p.length); 3169 asconf_param = (void *)addr_param + length; 3170 chunk_len -= length; 3171 3172 /* create an ASCONF_ACK chunk. 3173 * Based on the definitions of parameters, we know that the size of 3174 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3175 * parameters. 3176 */ 3177 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3178 if (!asconf_ack) 3179 goto done; 3180 3181 /* Process the TLVs contained within the ASCONF chunk. */ 3182 while (chunk_len > 0) { 3183 err_code = sctp_process_asconf_param(asoc, asconf, 3184 asconf_param); 3185 /* ADDIP 4.1 A7) 3186 * If an error response is received for a TLV parameter, 3187 * all TLVs with no response before the failed TLV are 3188 * considered successful if not reported. All TLVs after 3189 * the failed response are considered unsuccessful unless 3190 * a specific success indication is present for the parameter. 3191 */ 3192 if (SCTP_ERROR_NO_ERROR != err_code) 3193 all_param_pass = 0; 3194 3195 if (!all_param_pass) 3196 sctp_add_asconf_response(asconf_ack, 3197 asconf_param->crr_id, err_code, 3198 asconf_param); 3199 3200 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3201 * an IP address sends an 'Out of Resource' in its response, it 3202 * MUST also fail any subsequent add or delete requests bundled 3203 * in the ASCONF. 3204 */ 3205 if (SCTP_ERROR_RSRC_LOW == err_code) 3206 goto done; 3207 3208 /* Move to the next ASCONF param. */ 3209 length = ntohs(asconf_param->param_hdr.length); 3210 asconf_param = (void *)asconf_param + length; 3211 chunk_len -= length; 3212 } 3213 3214 done: 3215 asoc->peer.addip_serial++; 3216 3217 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3218 * after freeing the reference to old asconf ack if any. 3219 */ 3220 if (asconf_ack) { 3221 sctp_chunk_hold(asconf_ack); 3222 list_add_tail(&asconf_ack->transmitted_list, 3223 &asoc->asconf_ack_list); 3224 } 3225 3226 return asconf_ack; 3227 } 3228 3229 /* Process a asconf parameter that is successfully acked. */ 3230 static void sctp_asconf_param_success(struct sctp_association *asoc, 3231 sctp_addip_param_t *asconf_param) 3232 { 3233 struct sctp_af *af; 3234 union sctp_addr addr; 3235 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3236 union sctp_addr_param *addr_param; 3237 struct sctp_transport *transport; 3238 struct sctp_sockaddr_entry *saddr; 3239 3240 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t); 3241 3242 /* We have checked the packet before, so we do not check again. */ 3243 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3244 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3245 3246 switch (asconf_param->param_hdr.type) { 3247 case SCTP_PARAM_ADD_IP: 3248 /* This is always done in BH context with a socket lock 3249 * held, so the list can not change. 3250 */ 3251 local_bh_disable(); 3252 list_for_each_entry(saddr, &bp->address_list, list) { 3253 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3254 saddr->state = SCTP_ADDR_SRC; 3255 } 3256 local_bh_enable(); 3257 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3258 transports) { 3259 dst_release(transport->dst); 3260 transport->dst = NULL; 3261 } 3262 break; 3263 case SCTP_PARAM_DEL_IP: 3264 local_bh_disable(); 3265 sctp_del_bind_addr(bp, &addr); 3266 if (asoc->asconf_addr_del_pending != NULL && 3267 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3268 kfree(asoc->asconf_addr_del_pending); 3269 asoc->asconf_addr_del_pending = NULL; 3270 } 3271 local_bh_enable(); 3272 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3273 transports) { 3274 dst_release(transport->dst); 3275 transport->dst = NULL; 3276 } 3277 break; 3278 default: 3279 break; 3280 } 3281 } 3282 3283 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3284 * for the given asconf parameter. If there is no response for this parameter, 3285 * return the error code based on the third argument 'no_err'. 3286 * ADDIP 4.1 3287 * A7) If an error response is received for a TLV parameter, all TLVs with no 3288 * response before the failed TLV are considered successful if not reported. 3289 * All TLVs after the failed response are considered unsuccessful unless a 3290 * specific success indication is present for the parameter. 3291 */ 3292 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3293 sctp_addip_param_t *asconf_param, 3294 int no_err) 3295 { 3296 sctp_addip_param_t *asconf_ack_param; 3297 sctp_errhdr_t *err_param; 3298 int length; 3299 int asconf_ack_len; 3300 __be16 err_code; 3301 3302 if (no_err) 3303 err_code = SCTP_ERROR_NO_ERROR; 3304 else 3305 err_code = SCTP_ERROR_REQ_REFUSED; 3306 3307 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3308 sizeof(sctp_chunkhdr_t); 3309 3310 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3311 * the first asconf_ack parameter. 3312 */ 3313 length = sizeof(sctp_addiphdr_t); 3314 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3315 length); 3316 asconf_ack_len -= length; 3317 3318 while (asconf_ack_len > 0) { 3319 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3320 switch(asconf_ack_param->param_hdr.type) { 3321 case SCTP_PARAM_SUCCESS_REPORT: 3322 return SCTP_ERROR_NO_ERROR; 3323 case SCTP_PARAM_ERR_CAUSE: 3324 length = sizeof(sctp_addip_param_t); 3325 err_param = (void *)asconf_ack_param + length; 3326 asconf_ack_len -= length; 3327 if (asconf_ack_len > 0) 3328 return err_param->cause; 3329 else 3330 return SCTP_ERROR_INV_PARAM; 3331 break; 3332 default: 3333 return SCTP_ERROR_INV_PARAM; 3334 } 3335 } 3336 3337 length = ntohs(asconf_ack_param->param_hdr.length); 3338 asconf_ack_param = (void *)asconf_ack_param + length; 3339 asconf_ack_len -= length; 3340 } 3341 3342 return err_code; 3343 } 3344 3345 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3346 int sctp_process_asconf_ack(struct sctp_association *asoc, 3347 struct sctp_chunk *asconf_ack) 3348 { 3349 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3350 union sctp_addr_param *addr_param; 3351 sctp_addip_param_t *asconf_param; 3352 int length = 0; 3353 int asconf_len = asconf->skb->len; 3354 int all_param_pass = 0; 3355 int no_err = 1; 3356 int retval = 0; 3357 __be16 err_code = SCTP_ERROR_NO_ERROR; 3358 3359 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3360 * a pointer to address parameter. 3361 */ 3362 length = sizeof(sctp_addip_chunk_t); 3363 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3364 asconf_len -= length; 3365 3366 /* Skip the address parameter in the last asconf sent and store a 3367 * pointer to the first asconf parameter. 3368 */ 3369 length = ntohs(addr_param->p.length); 3370 asconf_param = (void *)addr_param + length; 3371 asconf_len -= length; 3372 3373 /* ADDIP 4.1 3374 * A8) If there is no response(s) to specific TLV parameter(s), and no 3375 * failures are indicated, then all request(s) are considered 3376 * successful. 3377 */ 3378 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3379 all_param_pass = 1; 3380 3381 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3382 while (asconf_len > 0) { 3383 if (all_param_pass) 3384 err_code = SCTP_ERROR_NO_ERROR; 3385 else { 3386 err_code = sctp_get_asconf_response(asconf_ack, 3387 asconf_param, 3388 no_err); 3389 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3390 no_err = 0; 3391 } 3392 3393 switch (err_code) { 3394 case SCTP_ERROR_NO_ERROR: 3395 sctp_asconf_param_success(asoc, asconf_param); 3396 break; 3397 3398 case SCTP_ERROR_RSRC_LOW: 3399 retval = 1; 3400 break; 3401 3402 case SCTP_ERROR_UNKNOWN_PARAM: 3403 /* Disable sending this type of asconf parameter in 3404 * future. 3405 */ 3406 asoc->peer.addip_disabled_mask |= 3407 asconf_param->param_hdr.type; 3408 break; 3409 3410 case SCTP_ERROR_REQ_REFUSED: 3411 case SCTP_ERROR_DEL_LAST_IP: 3412 case SCTP_ERROR_DEL_SRC_IP: 3413 default: 3414 break; 3415 } 3416 3417 /* Skip the processed asconf parameter and move to the next 3418 * one. 3419 */ 3420 length = ntohs(asconf_param->param_hdr.length); 3421 asconf_param = (void *)asconf_param + length; 3422 asconf_len -= length; 3423 } 3424 3425 if (no_err && asoc->src_out_of_asoc_ok) { 3426 asoc->src_out_of_asoc_ok = 0; 3427 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3428 } 3429 3430 /* Free the cached last sent asconf chunk. */ 3431 list_del_init(&asconf->transmitted_list); 3432 sctp_chunk_free(asconf); 3433 asoc->addip_last_asconf = NULL; 3434 3435 return retval; 3436 } 3437 3438 /* Make a FWD TSN chunk. */ 3439 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3440 __u32 new_cum_tsn, size_t nstreams, 3441 struct sctp_fwdtsn_skip *skiplist) 3442 { 3443 struct sctp_chunk *retval = NULL; 3444 struct sctp_fwdtsn_hdr ftsn_hdr; 3445 struct sctp_fwdtsn_skip skip; 3446 size_t hint; 3447 int i; 3448 3449 hint = (nstreams + 1) * sizeof(__u32); 3450 3451 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3452 3453 if (!retval) 3454 return NULL; 3455 3456 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3457 retval->subh.fwdtsn_hdr = 3458 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3459 3460 for (i = 0; i < nstreams; i++) { 3461 skip.stream = skiplist[i].stream; 3462 skip.ssn = skiplist[i].ssn; 3463 sctp_addto_chunk(retval, sizeof(skip), &skip); 3464 } 3465 3466 return retval; 3467 } 3468