1 /* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53 #include <linux/types.h> 54 #include <linux/kernel.h> 55 #include <linux/ip.h> 56 #include <linux/ipv6.h> 57 #include <linux/net.h> 58 #include <linux/inet.h> 59 #include <linux/scatterlist.h> 60 #include <linux/crypto.h> 61 #include <linux/slab.h> 62 #include <net/sock.h> 63 64 #include <linux/skbuff.h> 65 #include <linux/random.h> /* for get_random_bytes */ 66 #include <net/sctp/sctp.h> 67 #include <net/sctp/sm.h> 68 69 SCTP_STATIC 70 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 71 __u8 type, __u8 flags, int paylen); 72 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 73 const struct sctp_association *asoc, 74 const struct sctp_chunk *init_chunk, 75 int *cookie_len, 76 const __u8 *raw_addrs, int addrs_len); 77 static int sctp_process_param(struct sctp_association *asoc, 78 union sctp_params param, 79 const union sctp_addr *peer_addr, 80 gfp_t gfp); 81 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 82 const void *data); 83 84 /* What was the inbound interface for this chunk? */ 85 int sctp_chunk_iif(const struct sctp_chunk *chunk) 86 { 87 struct sctp_af *af; 88 int iif = 0; 89 90 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 91 if (af) 92 iif = af->skb_iif(chunk->skb); 93 94 return iif; 95 } 96 97 /* RFC 2960 3.3.2 Initiation (INIT) (1) 98 * 99 * Note 2: The ECN capable field is reserved for future use of 100 * Explicit Congestion Notification. 101 */ 102 static const struct sctp_paramhdr ecap_param = { 103 SCTP_PARAM_ECN_CAPABLE, 104 cpu_to_be16(sizeof(struct sctp_paramhdr)), 105 }; 106 static const struct sctp_paramhdr prsctp_param = { 107 SCTP_PARAM_FWD_TSN_SUPPORT, 108 cpu_to_be16(sizeof(struct sctp_paramhdr)), 109 }; 110 111 /* A helper to initialize an op error inside a 112 * provided chunk, as most cause codes will be embedded inside an 113 * abort chunk. 114 */ 115 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 116 size_t paylen) 117 { 118 sctp_errhdr_t err; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 err.length = htons(len); 125 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 126 } 127 128 /* A helper to initialize an op error inside a 129 * provided chunk, as most cause codes will be embedded inside an 130 * abort chunk. Differs from sctp_init_cause in that it won't oops 131 * if there isn't enough space in the op error chunk 132 */ 133 int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 134 size_t paylen) 135 { 136 sctp_errhdr_t err; 137 __u16 len; 138 139 /* Cause code constants are now defined in network order. */ 140 err.cause = cause_code; 141 len = sizeof(sctp_errhdr_t) + paylen; 142 err.length = htons(len); 143 144 if (skb_tailroom(chunk->skb) > len) 145 return -ENOSPC; 146 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 147 sizeof(sctp_errhdr_t), 148 &err); 149 return 0; 150 } 151 /* 3.3.2 Initiation (INIT) (1) 152 * 153 * This chunk is used to initiate a SCTP association between two 154 * endpoints. The format of the INIT chunk is shown below: 155 * 156 * 0 1 2 3 157 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 158 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 * | Type = 1 | Chunk Flags | Chunk Length | 160 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 * | Initiate Tag | 162 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 * | Advertised Receiver Window Credit (a_rwnd) | 164 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 * | Number of Outbound Streams | Number of Inbound Streams | 166 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 167 * | Initial TSN | 168 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 * \ \ 170 * / Optional/Variable-Length Parameters / 171 * \ \ 172 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 * 174 * 175 * The INIT chunk contains the following parameters. Unless otherwise 176 * noted, each parameter MUST only be included once in the INIT chunk. 177 * 178 * Fixed Parameters Status 179 * ---------------------------------------------- 180 * Initiate Tag Mandatory 181 * Advertised Receiver Window Credit Mandatory 182 * Number of Outbound Streams Mandatory 183 * Number of Inbound Streams Mandatory 184 * Initial TSN Mandatory 185 * 186 * Variable Parameters Status Type Value 187 * ------------------------------------------------------------- 188 * IPv4 Address (Note 1) Optional 5 189 * IPv6 Address (Note 1) Optional 6 190 * Cookie Preservative Optional 9 191 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 192 * Host Name Address (Note 3) Optional 11 193 * Supported Address Types (Note 4) Optional 12 194 */ 195 struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 196 const struct sctp_bind_addr *bp, 197 gfp_t gfp, int vparam_len) 198 { 199 sctp_inithdr_t init; 200 union sctp_params addrs; 201 size_t chunksize; 202 struct sctp_chunk *retval = NULL; 203 int num_types, addrs_len = 0; 204 struct sctp_sock *sp; 205 sctp_supported_addrs_param_t sat; 206 __be16 types[2]; 207 sctp_adaptation_ind_param_t aiparam; 208 sctp_supported_ext_param_t ext_param; 209 int num_ext = 0; 210 __u8 extensions[3]; 211 sctp_paramhdr_t *auth_chunks = NULL, 212 *auth_hmacs = NULL; 213 214 /* RFC 2960 3.3.2 Initiation (INIT) (1) 215 * 216 * Note 1: The INIT chunks can contain multiple addresses that 217 * can be IPv4 and/or IPv6 in any combination. 218 */ 219 retval = NULL; 220 221 /* Convert the provided bind address list to raw format. */ 222 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 223 224 init.init_tag = htonl(asoc->c.my_vtag); 225 init.a_rwnd = htonl(asoc->rwnd); 226 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 227 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 228 init.initial_tsn = htonl(asoc->c.initial_tsn); 229 230 /* How many address types are needed? */ 231 sp = sctp_sk(asoc->base.sk); 232 num_types = sp->pf->supported_addrs(sp, types); 233 234 chunksize = sizeof(init) + addrs_len; 235 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 236 chunksize += sizeof(ecap_param); 237 238 if (sctp_prsctp_enable) 239 chunksize += sizeof(prsctp_param); 240 241 /* ADDIP: Section 4.2.7: 242 * An implementation supporting this extension [ADDIP] MUST list 243 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 244 * INIT-ACK parameters. 245 */ 246 if (sctp_addip_enable) { 247 extensions[num_ext] = SCTP_CID_ASCONF; 248 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 249 num_ext += 2; 250 } 251 252 if (sp->adaptation_ind) 253 chunksize += sizeof(aiparam); 254 255 chunksize += vparam_len; 256 257 /* Account for AUTH related parameters */ 258 if (sctp_auth_enable) { 259 /* Add random parameter length*/ 260 chunksize += sizeof(asoc->c.auth_random); 261 262 /* Add HMACS parameter length if any were defined */ 263 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 264 if (auth_hmacs->length) 265 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 266 else 267 auth_hmacs = NULL; 268 269 /* Add CHUNKS parameter length */ 270 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 271 if (auth_chunks->length) 272 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 273 else 274 auth_chunks = NULL; 275 276 extensions[num_ext] = SCTP_CID_AUTH; 277 num_ext += 1; 278 } 279 280 /* If we have any extensions to report, account for that */ 281 if (num_ext) 282 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 283 num_ext); 284 285 /* RFC 2960 3.3.2 Initiation (INIT) (1) 286 * 287 * Note 3: An INIT chunk MUST NOT contain more than one Host 288 * Name address parameter. Moreover, the sender of the INIT 289 * MUST NOT combine any other address types with the Host Name 290 * address in the INIT. The receiver of INIT MUST ignore any 291 * other address types if the Host Name address parameter is 292 * present in the received INIT chunk. 293 * 294 * PLEASE DO NOT FIXME [This version does not support Host Name.] 295 */ 296 297 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 298 if (!retval) 299 goto nodata; 300 301 retval->subh.init_hdr = 302 sctp_addto_chunk(retval, sizeof(init), &init); 303 retval->param_hdr.v = 304 sctp_addto_chunk(retval, addrs_len, addrs.v); 305 306 /* RFC 2960 3.3.2 Initiation (INIT) (1) 307 * 308 * Note 4: This parameter, when present, specifies all the 309 * address types the sending endpoint can support. The absence 310 * of this parameter indicates that the sending endpoint can 311 * support any address type. 312 */ 313 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 314 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 315 sctp_addto_chunk(retval, sizeof(sat), &sat); 316 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 317 318 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 319 320 /* Add the supported extensions parameter. Be nice and add this 321 * fist before addiding the parameters for the extensions themselves 322 */ 323 if (num_ext) { 324 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 325 ext_param.param_hdr.length = 326 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 327 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 328 &ext_param); 329 sctp_addto_param(retval, num_ext, extensions); 330 } 331 332 if (sctp_prsctp_enable) 333 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 334 335 if (sp->adaptation_ind) { 336 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 337 aiparam.param_hdr.length = htons(sizeof(aiparam)); 338 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 339 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 340 } 341 342 /* Add SCTP-AUTH chunks to the parameter list */ 343 if (sctp_auth_enable) { 344 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 345 asoc->c.auth_random); 346 if (auth_hmacs) 347 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 348 auth_hmacs); 349 if (auth_chunks) 350 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 351 auth_chunks); 352 } 353 nodata: 354 kfree(addrs.v); 355 return retval; 356 } 357 358 struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 359 const struct sctp_chunk *chunk, 360 gfp_t gfp, int unkparam_len) 361 { 362 sctp_inithdr_t initack; 363 struct sctp_chunk *retval; 364 union sctp_params addrs; 365 struct sctp_sock *sp; 366 int addrs_len; 367 sctp_cookie_param_t *cookie; 368 int cookie_len; 369 size_t chunksize; 370 sctp_adaptation_ind_param_t aiparam; 371 sctp_supported_ext_param_t ext_param; 372 int num_ext = 0; 373 __u8 extensions[3]; 374 sctp_paramhdr_t *auth_chunks = NULL, 375 *auth_hmacs = NULL, 376 *auth_random = NULL; 377 378 retval = NULL; 379 380 /* Note: there may be no addresses to embed. */ 381 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 382 383 initack.init_tag = htonl(asoc->c.my_vtag); 384 initack.a_rwnd = htonl(asoc->rwnd); 385 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 386 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 387 initack.initial_tsn = htonl(asoc->c.initial_tsn); 388 389 /* FIXME: We really ought to build the cookie right 390 * into the packet instead of allocating more fresh memory. 391 */ 392 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 393 addrs.v, addrs_len); 394 if (!cookie) 395 goto nomem_cookie; 396 397 /* Calculate the total size of allocation, include the reserved 398 * space for reporting unknown parameters if it is specified. 399 */ 400 sp = sctp_sk(asoc->base.sk); 401 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 402 403 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 404 if (asoc->peer.ecn_capable) 405 chunksize += sizeof(ecap_param); 406 407 if (asoc->peer.prsctp_capable) 408 chunksize += sizeof(prsctp_param); 409 410 if (asoc->peer.asconf_capable) { 411 extensions[num_ext] = SCTP_CID_ASCONF; 412 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 413 num_ext += 2; 414 } 415 416 if (sp->adaptation_ind) 417 chunksize += sizeof(aiparam); 418 419 if (asoc->peer.auth_capable) { 420 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 421 chunksize += ntohs(auth_random->length); 422 423 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 424 if (auth_hmacs->length) 425 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 426 else 427 auth_hmacs = NULL; 428 429 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 430 if (auth_chunks->length) 431 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 432 else 433 auth_chunks = NULL; 434 435 extensions[num_ext] = SCTP_CID_AUTH; 436 num_ext += 1; 437 } 438 439 if (num_ext) 440 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 441 num_ext); 442 443 /* Now allocate and fill out the chunk. */ 444 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 445 if (!retval) 446 goto nomem_chunk; 447 448 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 449 * 450 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 451 * HEARTBEAT ACK, * etc.) to the same destination transport 452 * address from which it received the DATA or control chunk 453 * to which it is replying. 454 * 455 * [INIT ACK back to where the INIT came from.] 456 */ 457 retval->transport = chunk->transport; 458 459 retval->subh.init_hdr = 460 sctp_addto_chunk(retval, sizeof(initack), &initack); 461 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 462 sctp_addto_chunk(retval, cookie_len, cookie); 463 if (asoc->peer.ecn_capable) 464 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 465 if (num_ext) { 466 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 467 ext_param.param_hdr.length = 468 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 469 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 470 &ext_param); 471 sctp_addto_param(retval, num_ext, extensions); 472 } 473 if (asoc->peer.prsctp_capable) 474 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 475 476 if (sp->adaptation_ind) { 477 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 478 aiparam.param_hdr.length = htons(sizeof(aiparam)); 479 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 480 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 481 } 482 483 if (asoc->peer.auth_capable) { 484 sctp_addto_chunk(retval, ntohs(auth_random->length), 485 auth_random); 486 if (auth_hmacs) 487 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 488 auth_hmacs); 489 if (auth_chunks) 490 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 491 auth_chunks); 492 } 493 494 /* We need to remove the const qualifier at this point. */ 495 retval->asoc = (struct sctp_association *) asoc; 496 497 nomem_chunk: 498 kfree(cookie); 499 nomem_cookie: 500 kfree(addrs.v); 501 return retval; 502 } 503 504 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 505 * 506 * This chunk is used only during the initialization of an association. 507 * It is sent by the initiator of an association to its peer to complete 508 * the initialization process. This chunk MUST precede any DATA chunk 509 * sent within the association, but MAY be bundled with one or more DATA 510 * chunks in the same packet. 511 * 512 * 0 1 2 3 513 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 514 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 515 * | Type = 10 |Chunk Flags | Length | 516 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 517 * / Cookie / 518 * \ \ 519 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 520 * 521 * Chunk Flags: 8 bit 522 * 523 * Set to zero on transmit and ignored on receipt. 524 * 525 * Length: 16 bits (unsigned integer) 526 * 527 * Set to the size of the chunk in bytes, including the 4 bytes of 528 * the chunk header and the size of the Cookie. 529 * 530 * Cookie: variable size 531 * 532 * This field must contain the exact cookie received in the 533 * State Cookie parameter from the previous INIT ACK. 534 * 535 * An implementation SHOULD make the cookie as small as possible 536 * to insure interoperability. 537 */ 538 struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 539 const struct sctp_chunk *chunk) 540 { 541 struct sctp_chunk *retval; 542 void *cookie; 543 int cookie_len; 544 545 cookie = asoc->peer.cookie; 546 cookie_len = asoc->peer.cookie_len; 547 548 /* Build a cookie echo chunk. */ 549 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 550 if (!retval) 551 goto nodata; 552 retval->subh.cookie_hdr = 553 sctp_addto_chunk(retval, cookie_len, cookie); 554 555 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 556 * 557 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 558 * HEARTBEAT ACK, * etc.) to the same destination transport 559 * address from which it * received the DATA or control chunk 560 * to which it is replying. 561 * 562 * [COOKIE ECHO back to where the INIT ACK came from.] 563 */ 564 if (chunk) 565 retval->transport = chunk->transport; 566 567 nodata: 568 return retval; 569 } 570 571 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 572 * 573 * This chunk is used only during the initialization of an 574 * association. It is used to acknowledge the receipt of a COOKIE 575 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 576 * within the association, but MAY be bundled with one or more DATA 577 * chunks or SACK chunk in the same SCTP packet. 578 * 579 * 0 1 2 3 580 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 581 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 582 * | Type = 11 |Chunk Flags | Length = 4 | 583 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 584 * 585 * Chunk Flags: 8 bits 586 * 587 * Set to zero on transmit and ignored on receipt. 588 */ 589 struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 590 const struct sctp_chunk *chunk) 591 { 592 struct sctp_chunk *retval; 593 594 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 595 596 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 597 * 598 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 599 * HEARTBEAT ACK, * etc.) to the same destination transport 600 * address from which it * received the DATA or control chunk 601 * to which it is replying. 602 * 603 * [COOKIE ACK back to where the COOKIE ECHO came from.] 604 */ 605 if (retval && chunk) 606 retval->transport = chunk->transport; 607 608 return retval; 609 } 610 611 /* 612 * Appendix A: Explicit Congestion Notification: 613 * CWR: 614 * 615 * RFC 2481 details a specific bit for a sender to send in the header of 616 * its next outbound TCP segment to indicate to its peer that it has 617 * reduced its congestion window. This is termed the CWR bit. For 618 * SCTP the same indication is made by including the CWR chunk. 619 * This chunk contains one data element, i.e. the TSN number that 620 * was sent in the ECNE chunk. This element represents the lowest 621 * TSN number in the datagram that was originally marked with the 622 * CE bit. 623 * 624 * 0 1 2 3 625 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 626 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 627 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 628 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 629 * | Lowest TSN Number | 630 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 631 * 632 * Note: The CWR is considered a Control chunk. 633 */ 634 struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 635 const __u32 lowest_tsn, 636 const struct sctp_chunk *chunk) 637 { 638 struct sctp_chunk *retval; 639 sctp_cwrhdr_t cwr; 640 641 cwr.lowest_tsn = htonl(lowest_tsn); 642 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 643 sizeof(sctp_cwrhdr_t)); 644 645 if (!retval) 646 goto nodata; 647 648 retval->subh.ecn_cwr_hdr = 649 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 650 651 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 652 * 653 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 654 * HEARTBEAT ACK, * etc.) to the same destination transport 655 * address from which it * received the DATA or control chunk 656 * to which it is replying. 657 * 658 * [Report a reduced congestion window back to where the ECNE 659 * came from.] 660 */ 661 if (chunk) 662 retval->transport = chunk->transport; 663 664 nodata: 665 return retval; 666 } 667 668 /* Make an ECNE chunk. This is a congestion experienced report. */ 669 struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 670 const __u32 lowest_tsn) 671 { 672 struct sctp_chunk *retval; 673 sctp_ecnehdr_t ecne; 674 675 ecne.lowest_tsn = htonl(lowest_tsn); 676 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 677 sizeof(sctp_ecnehdr_t)); 678 if (!retval) 679 goto nodata; 680 retval->subh.ecne_hdr = 681 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 682 683 nodata: 684 return retval; 685 } 686 687 /* Make a DATA chunk for the given association from the provided 688 * parameters. However, do not populate the data payload. 689 */ 690 struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 691 const struct sctp_sndrcvinfo *sinfo, 692 int data_len, __u8 flags, __u16 ssn) 693 { 694 struct sctp_chunk *retval; 695 struct sctp_datahdr dp; 696 int chunk_len; 697 698 /* We assign the TSN as LATE as possible, not here when 699 * creating the chunk. 700 */ 701 dp.tsn = 0; 702 dp.stream = htons(sinfo->sinfo_stream); 703 dp.ppid = sinfo->sinfo_ppid; 704 705 /* Set the flags for an unordered send. */ 706 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 707 flags |= SCTP_DATA_UNORDERED; 708 dp.ssn = 0; 709 } else 710 dp.ssn = htons(ssn); 711 712 chunk_len = sizeof(dp) + data_len; 713 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 714 if (!retval) 715 goto nodata; 716 717 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 718 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 719 720 nodata: 721 return retval; 722 } 723 724 /* Create a selective ackowledgement (SACK) for the given 725 * association. This reports on which TSN's we've seen to date, 726 * including duplicates and gaps. 727 */ 728 struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 729 { 730 struct sctp_chunk *retval; 731 struct sctp_sackhdr sack; 732 int len; 733 __u32 ctsn; 734 __u16 num_gabs, num_dup_tsns; 735 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 736 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 737 738 memset(gabs, 0, sizeof(gabs)); 739 ctsn = sctp_tsnmap_get_ctsn(map); 740 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 741 742 /* How much room is needed in the chunk? */ 743 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 744 num_dup_tsns = sctp_tsnmap_num_dups(map); 745 746 /* Initialize the SACK header. */ 747 sack.cum_tsn_ack = htonl(ctsn); 748 sack.a_rwnd = htonl(asoc->a_rwnd); 749 sack.num_gap_ack_blocks = htons(num_gabs); 750 sack.num_dup_tsns = htons(num_dup_tsns); 751 752 len = sizeof(sack) 753 + sizeof(struct sctp_gap_ack_block) * num_gabs 754 + sizeof(__u32) * num_dup_tsns; 755 756 /* Create the chunk. */ 757 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 758 if (!retval) 759 goto nodata; 760 761 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 762 * 763 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 764 * HEARTBEAT ACK, etc.) to the same destination transport 765 * address from which it received the DATA or control chunk to 766 * which it is replying. This rule should also be followed if 767 * the endpoint is bundling DATA chunks together with the 768 * reply chunk. 769 * 770 * However, when acknowledging multiple DATA chunks received 771 * in packets from different source addresses in a single 772 * SACK, the SACK chunk may be transmitted to one of the 773 * destination transport addresses from which the DATA or 774 * control chunks being acknowledged were received. 775 * 776 * [BUG: We do not implement the following paragraph. 777 * Perhaps we should remember the last transport we used for a 778 * SACK and avoid that (if possible) if we have seen any 779 * duplicates. --piggy] 780 * 781 * When a receiver of a duplicate DATA chunk sends a SACK to a 782 * multi- homed endpoint it MAY be beneficial to vary the 783 * destination address and not use the source address of the 784 * DATA chunk. The reason being that receiving a duplicate 785 * from a multi-homed endpoint might indicate that the return 786 * path (as specified in the source address of the DATA chunk) 787 * for the SACK is broken. 788 * 789 * [Send to the address from which we last received a DATA chunk.] 790 */ 791 retval->transport = asoc->peer.last_data_from; 792 793 retval->subh.sack_hdr = 794 sctp_addto_chunk(retval, sizeof(sack), &sack); 795 796 /* Add the gap ack block information. */ 797 if (num_gabs) 798 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 799 gabs); 800 801 /* Add the duplicate TSN information. */ 802 if (num_dup_tsns) 803 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 804 sctp_tsnmap_get_dups(map)); 805 806 nodata: 807 return retval; 808 } 809 810 /* Make a SHUTDOWN chunk. */ 811 struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 812 const struct sctp_chunk *chunk) 813 { 814 struct sctp_chunk *retval; 815 sctp_shutdownhdr_t shut; 816 __u32 ctsn; 817 818 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 819 shut.cum_tsn_ack = htonl(ctsn); 820 821 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 822 sizeof(sctp_shutdownhdr_t)); 823 if (!retval) 824 goto nodata; 825 826 retval->subh.shutdown_hdr = 827 sctp_addto_chunk(retval, sizeof(shut), &shut); 828 829 if (chunk) 830 retval->transport = chunk->transport; 831 nodata: 832 return retval; 833 } 834 835 struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 836 const struct sctp_chunk *chunk) 837 { 838 struct sctp_chunk *retval; 839 840 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 841 842 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 843 * 844 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 845 * HEARTBEAT ACK, * etc.) to the same destination transport 846 * address from which it * received the DATA or control chunk 847 * to which it is replying. 848 * 849 * [ACK back to where the SHUTDOWN came from.] 850 */ 851 if (retval && chunk) 852 retval->transport = chunk->transport; 853 854 return retval; 855 } 856 857 struct sctp_chunk *sctp_make_shutdown_complete( 858 const struct sctp_association *asoc, 859 const struct sctp_chunk *chunk) 860 { 861 struct sctp_chunk *retval; 862 __u8 flags = 0; 863 864 /* Set the T-bit if we have no association (vtag will be 865 * reflected) 866 */ 867 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 868 869 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 870 871 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 872 * 873 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 874 * HEARTBEAT ACK, * etc.) to the same destination transport 875 * address from which it * received the DATA or control chunk 876 * to which it is replying. 877 * 878 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 879 * came from.] 880 */ 881 if (retval && chunk) 882 retval->transport = chunk->transport; 883 884 return retval; 885 } 886 887 /* Create an ABORT. Note that we set the T bit if we have no 888 * association, except when responding to an INIT (sctpimpguide 2.41). 889 */ 890 struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 891 const struct sctp_chunk *chunk, 892 const size_t hint) 893 { 894 struct sctp_chunk *retval; 895 __u8 flags = 0; 896 897 /* Set the T-bit if we have no association and 'chunk' is not 898 * an INIT (vtag will be reflected). 899 */ 900 if (!asoc) { 901 if (chunk && chunk->chunk_hdr && 902 chunk->chunk_hdr->type == SCTP_CID_INIT) 903 flags = 0; 904 else 905 flags = SCTP_CHUNK_FLAG_T; 906 } 907 908 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 909 910 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 911 * 912 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 913 * HEARTBEAT ACK, * etc.) to the same destination transport 914 * address from which it * received the DATA or control chunk 915 * to which it is replying. 916 * 917 * [ABORT back to where the offender came from.] 918 */ 919 if (retval && chunk) 920 retval->transport = chunk->transport; 921 922 return retval; 923 } 924 925 /* Helper to create ABORT with a NO_USER_DATA error. */ 926 struct sctp_chunk *sctp_make_abort_no_data( 927 const struct sctp_association *asoc, 928 const struct sctp_chunk *chunk, __u32 tsn) 929 { 930 struct sctp_chunk *retval; 931 __be32 payload; 932 933 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 934 + sizeof(tsn)); 935 936 if (!retval) 937 goto no_mem; 938 939 /* Put the tsn back into network byte order. */ 940 payload = htonl(tsn); 941 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 942 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 943 944 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 945 * 946 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 947 * HEARTBEAT ACK, * etc.) to the same destination transport 948 * address from which it * received the DATA or control chunk 949 * to which it is replying. 950 * 951 * [ABORT back to where the offender came from.] 952 */ 953 if (chunk) 954 retval->transport = chunk->transport; 955 956 no_mem: 957 return retval; 958 } 959 960 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 961 struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 962 const struct msghdr *msg, 963 size_t paylen) 964 { 965 struct sctp_chunk *retval; 966 void *payload = NULL; 967 int err; 968 969 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 970 if (!retval) 971 goto err_chunk; 972 973 if (paylen) { 974 /* Put the msg_iov together into payload. */ 975 payload = kmalloc(paylen, GFP_KERNEL); 976 if (!payload) 977 goto err_payload; 978 979 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 980 if (err < 0) 981 goto err_copy; 982 } 983 984 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 985 sctp_addto_chunk(retval, paylen, payload); 986 987 if (paylen) 988 kfree(payload); 989 990 return retval; 991 992 err_copy: 993 kfree(payload); 994 err_payload: 995 sctp_chunk_free(retval); 996 retval = NULL; 997 err_chunk: 998 return retval; 999 } 1000 1001 /* Append bytes to the end of a parameter. Will panic if chunk is not big 1002 * enough. 1003 */ 1004 static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1005 const void *data) 1006 { 1007 void *target; 1008 int chunklen = ntohs(chunk->chunk_hdr->length); 1009 1010 target = skb_put(chunk->skb, len); 1011 1012 if (data) 1013 memcpy(target, data, len); 1014 else 1015 memset(target, 0, len); 1016 1017 /* Adjust the chunk length field. */ 1018 chunk->chunk_hdr->length = htons(chunklen + len); 1019 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1020 1021 return target; 1022 } 1023 1024 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1025 struct sctp_chunk *sctp_make_abort_violation( 1026 const struct sctp_association *asoc, 1027 const struct sctp_chunk *chunk, 1028 const __u8 *payload, 1029 const size_t paylen) 1030 { 1031 struct sctp_chunk *retval; 1032 struct sctp_paramhdr phdr; 1033 1034 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1035 + sizeof(sctp_paramhdr_t)); 1036 if (!retval) 1037 goto end; 1038 1039 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1040 + sizeof(sctp_paramhdr_t)); 1041 1042 phdr.type = htons(chunk->chunk_hdr->type); 1043 phdr.length = chunk->chunk_hdr->length; 1044 sctp_addto_chunk(retval, paylen, payload); 1045 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1046 1047 end: 1048 return retval; 1049 } 1050 1051 struct sctp_chunk *sctp_make_violation_paramlen( 1052 const struct sctp_association *asoc, 1053 const struct sctp_chunk *chunk, 1054 struct sctp_paramhdr *param) 1055 { 1056 struct sctp_chunk *retval; 1057 static const char error[] = "The following parameter had invalid length:"; 1058 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1059 sizeof(sctp_paramhdr_t); 1060 1061 retval = sctp_make_abort(asoc, chunk, payload_len); 1062 if (!retval) 1063 goto nodata; 1064 1065 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1066 sizeof(error) + sizeof(sctp_paramhdr_t)); 1067 sctp_addto_chunk(retval, sizeof(error), error); 1068 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1069 1070 nodata: 1071 return retval; 1072 } 1073 1074 /* Make a HEARTBEAT chunk. */ 1075 struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1076 const struct sctp_transport *transport, 1077 const void *payload, const size_t paylen) 1078 { 1079 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1080 0, paylen); 1081 1082 if (!retval) 1083 goto nodata; 1084 1085 /* Cast away the 'const', as this is just telling the chunk 1086 * what transport it belongs to. 1087 */ 1088 retval->transport = (struct sctp_transport *) transport; 1089 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1090 1091 nodata: 1092 return retval; 1093 } 1094 1095 struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1096 const struct sctp_chunk *chunk, 1097 const void *payload, const size_t paylen) 1098 { 1099 struct sctp_chunk *retval; 1100 1101 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1102 if (!retval) 1103 goto nodata; 1104 1105 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1106 1107 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1108 * 1109 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1110 * HEARTBEAT ACK, * etc.) to the same destination transport 1111 * address from which it * received the DATA or control chunk 1112 * to which it is replying. 1113 * 1114 * [HBACK back to where the HEARTBEAT came from.] 1115 */ 1116 if (chunk) 1117 retval->transport = chunk->transport; 1118 1119 nodata: 1120 return retval; 1121 } 1122 1123 /* Create an Operation Error chunk with the specified space reserved. 1124 * This routine can be used for containing multiple causes in the chunk. 1125 */ 1126 static struct sctp_chunk *sctp_make_op_error_space( 1127 const struct sctp_association *asoc, 1128 const struct sctp_chunk *chunk, 1129 size_t size) 1130 { 1131 struct sctp_chunk *retval; 1132 1133 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1134 sizeof(sctp_errhdr_t) + size); 1135 if (!retval) 1136 goto nodata; 1137 1138 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1139 * 1140 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1141 * HEARTBEAT ACK, etc.) to the same destination transport 1142 * address from which it received the DATA or control chunk 1143 * to which it is replying. 1144 * 1145 */ 1146 if (chunk) 1147 retval->transport = chunk->transport; 1148 1149 nodata: 1150 return retval; 1151 } 1152 1153 /* Create an Operation Error chunk of a fixed size, 1154 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1155 * This is a helper function to allocate an error chunk for 1156 * for those invalid parameter codes in which we may not want 1157 * to report all the errors, if the incomming chunk is large 1158 */ 1159 static inline struct sctp_chunk *sctp_make_op_error_fixed( 1160 const struct sctp_association *asoc, 1161 const struct sctp_chunk *chunk) 1162 { 1163 size_t size = asoc ? asoc->pathmtu : 0; 1164 1165 if (!size) 1166 size = SCTP_DEFAULT_MAXSEGMENT; 1167 1168 return sctp_make_op_error_space(asoc, chunk, size); 1169 } 1170 1171 /* Create an Operation Error chunk. */ 1172 struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1173 const struct sctp_chunk *chunk, 1174 __be16 cause_code, const void *payload, 1175 size_t paylen, size_t reserve_tail) 1176 { 1177 struct sctp_chunk *retval; 1178 1179 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1180 if (!retval) 1181 goto nodata; 1182 1183 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1184 sctp_addto_chunk(retval, paylen, payload); 1185 if (reserve_tail) 1186 sctp_addto_param(retval, reserve_tail, NULL); 1187 1188 nodata: 1189 return retval; 1190 } 1191 1192 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1193 { 1194 struct sctp_chunk *retval; 1195 struct sctp_hmac *hmac_desc; 1196 struct sctp_authhdr auth_hdr; 1197 __u8 *hmac; 1198 1199 /* Get the first hmac that the peer told us to use */ 1200 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1201 if (unlikely(!hmac_desc)) 1202 return NULL; 1203 1204 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1205 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1206 if (!retval) 1207 return NULL; 1208 1209 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1210 auth_hdr.shkey_id = htons(asoc->active_key_id); 1211 1212 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1213 &auth_hdr); 1214 1215 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1216 memset(hmac, 0, hmac_desc->hmac_len); 1217 1218 /* Adjust the chunk header to include the empty MAC */ 1219 retval->chunk_hdr->length = 1220 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1221 retval->chunk_end = skb_tail_pointer(retval->skb); 1222 1223 return retval; 1224 } 1225 1226 1227 /******************************************************************** 1228 * 2nd Level Abstractions 1229 ********************************************************************/ 1230 1231 /* Turn an skb into a chunk. 1232 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1233 */ 1234 struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1235 const struct sctp_association *asoc, 1236 struct sock *sk) 1237 { 1238 struct sctp_chunk *retval; 1239 1240 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1241 1242 if (!retval) 1243 goto nodata; 1244 1245 if (!sk) { 1246 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1247 } 1248 1249 INIT_LIST_HEAD(&retval->list); 1250 retval->skb = skb; 1251 retval->asoc = (struct sctp_association *)asoc; 1252 retval->has_tsn = 0; 1253 retval->has_ssn = 0; 1254 retval->rtt_in_progress = 0; 1255 retval->sent_at = 0; 1256 retval->singleton = 1; 1257 retval->end_of_packet = 0; 1258 retval->ecn_ce_done = 0; 1259 retval->pdiscard = 0; 1260 1261 /* sctpimpguide-05.txt Section 2.8.2 1262 * M1) Each time a new DATA chunk is transmitted 1263 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1264 * 'TSN.Missing.Report' count will be used to determine missing chunks 1265 * and when to fast retransmit. 1266 */ 1267 retval->tsn_missing_report = 0; 1268 retval->tsn_gap_acked = 0; 1269 retval->fast_retransmit = SCTP_CAN_FRTX; 1270 1271 /* If this is a fragmented message, track all fragments 1272 * of the message (for SEND_FAILED). 1273 */ 1274 retval->msg = NULL; 1275 1276 /* Polish the bead hole. */ 1277 INIT_LIST_HEAD(&retval->transmitted_list); 1278 INIT_LIST_HEAD(&retval->frag_list); 1279 SCTP_DBG_OBJCNT_INC(chunk); 1280 atomic_set(&retval->refcnt, 1); 1281 1282 nodata: 1283 return retval; 1284 } 1285 1286 /* Set chunk->source and dest based on the IP header in chunk->skb. */ 1287 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1288 union sctp_addr *dest) 1289 { 1290 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1291 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1292 } 1293 1294 /* Extract the source address from a chunk. */ 1295 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1296 { 1297 /* If we have a known transport, use that. */ 1298 if (chunk->transport) { 1299 return &chunk->transport->ipaddr; 1300 } else { 1301 /* Otherwise, extract it from the IP header. */ 1302 return &chunk->source; 1303 } 1304 } 1305 1306 /* Create a new chunk, setting the type and flags headers from the 1307 * arguments, reserving enough space for a 'paylen' byte payload. 1308 */ 1309 SCTP_STATIC 1310 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1311 __u8 type, __u8 flags, int paylen) 1312 { 1313 struct sctp_chunk *retval; 1314 sctp_chunkhdr_t *chunk_hdr; 1315 struct sk_buff *skb; 1316 struct sock *sk; 1317 1318 /* No need to allocate LL here, as this is only a chunk. */ 1319 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1320 GFP_ATOMIC); 1321 if (!skb) 1322 goto nodata; 1323 1324 /* Make room for the chunk header. */ 1325 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1326 chunk_hdr->type = type; 1327 chunk_hdr->flags = flags; 1328 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1329 1330 sk = asoc ? asoc->base.sk : NULL; 1331 retval = sctp_chunkify(skb, asoc, sk); 1332 if (!retval) { 1333 kfree_skb(skb); 1334 goto nodata; 1335 } 1336 1337 retval->chunk_hdr = chunk_hdr; 1338 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1339 1340 /* Determine if the chunk needs to be authenticated */ 1341 if (sctp_auth_send_cid(type, asoc)) 1342 retval->auth = 1; 1343 1344 /* Set the skb to the belonging sock for accounting. */ 1345 skb->sk = sk; 1346 1347 return retval; 1348 nodata: 1349 return NULL; 1350 } 1351 1352 1353 /* Release the memory occupied by a chunk. */ 1354 static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1355 { 1356 BUG_ON(!list_empty(&chunk->list)); 1357 list_del_init(&chunk->transmitted_list); 1358 1359 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1360 dev_kfree_skb(chunk->skb); 1361 1362 SCTP_DBG_OBJCNT_DEC(chunk); 1363 kmem_cache_free(sctp_chunk_cachep, chunk); 1364 } 1365 1366 /* Possibly, free the chunk. */ 1367 void sctp_chunk_free(struct sctp_chunk *chunk) 1368 { 1369 /* Release our reference on the message tracker. */ 1370 if (chunk->msg) 1371 sctp_datamsg_put(chunk->msg); 1372 1373 sctp_chunk_put(chunk); 1374 } 1375 1376 /* Grab a reference to the chunk. */ 1377 void sctp_chunk_hold(struct sctp_chunk *ch) 1378 { 1379 atomic_inc(&ch->refcnt); 1380 } 1381 1382 /* Release a reference to the chunk. */ 1383 void sctp_chunk_put(struct sctp_chunk *ch) 1384 { 1385 if (atomic_dec_and_test(&ch->refcnt)) 1386 sctp_chunk_destroy(ch); 1387 } 1388 1389 /* Append bytes to the end of a chunk. Will panic if chunk is not big 1390 * enough. 1391 */ 1392 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1393 { 1394 void *target; 1395 void *padding; 1396 int chunklen = ntohs(chunk->chunk_hdr->length); 1397 int padlen = WORD_ROUND(chunklen) - chunklen; 1398 1399 padding = skb_put(chunk->skb, padlen); 1400 target = skb_put(chunk->skb, len); 1401 1402 memset(padding, 0, padlen); 1403 memcpy(target, data, len); 1404 1405 /* Adjust the chunk length field. */ 1406 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1407 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1408 1409 return target; 1410 } 1411 1412 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1413 * space in the chunk 1414 */ 1415 void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1416 int len, const void *data) 1417 { 1418 if (skb_tailroom(chunk->skb) > len) 1419 return sctp_addto_chunk(chunk, len, data); 1420 else 1421 return NULL; 1422 } 1423 1424 /* Append bytes from user space to the end of a chunk. Will panic if 1425 * chunk is not big enough. 1426 * Returns a kernel err value. 1427 */ 1428 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1429 struct iovec *data) 1430 { 1431 __u8 *target; 1432 int err = 0; 1433 1434 /* Make room in chunk for data. */ 1435 target = skb_put(chunk->skb, len); 1436 1437 /* Copy data (whole iovec) into chunk */ 1438 if ((err = memcpy_fromiovecend(target, data, off, len))) 1439 goto out; 1440 1441 /* Adjust the chunk length field. */ 1442 chunk->chunk_hdr->length = 1443 htons(ntohs(chunk->chunk_hdr->length) + len); 1444 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1445 1446 out: 1447 return err; 1448 } 1449 1450 /* Helper function to assign a TSN if needed. This assumes that both 1451 * the data_hdr and association have already been assigned. 1452 */ 1453 void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1454 { 1455 struct sctp_datamsg *msg; 1456 struct sctp_chunk *lchunk; 1457 struct sctp_stream *stream; 1458 __u16 ssn; 1459 __u16 sid; 1460 1461 if (chunk->has_ssn) 1462 return; 1463 1464 /* All fragments will be on the same stream */ 1465 sid = ntohs(chunk->subh.data_hdr->stream); 1466 stream = &chunk->asoc->ssnmap->out; 1467 1468 /* Now assign the sequence number to the entire message. 1469 * All fragments must have the same stream sequence number. 1470 */ 1471 msg = chunk->msg; 1472 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1473 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1474 ssn = 0; 1475 } else { 1476 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1477 ssn = sctp_ssn_next(stream, sid); 1478 else 1479 ssn = sctp_ssn_peek(stream, sid); 1480 } 1481 1482 lchunk->subh.data_hdr->ssn = htons(ssn); 1483 lchunk->has_ssn = 1; 1484 } 1485 } 1486 1487 /* Helper function to assign a TSN if needed. This assumes that both 1488 * the data_hdr and association have already been assigned. 1489 */ 1490 void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1491 { 1492 if (!chunk->has_tsn) { 1493 /* This is the last possible instant to 1494 * assign a TSN. 1495 */ 1496 chunk->subh.data_hdr->tsn = 1497 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1498 chunk->has_tsn = 1; 1499 } 1500 } 1501 1502 /* Create a CLOSED association to use with an incoming packet. */ 1503 struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1504 struct sctp_chunk *chunk, 1505 gfp_t gfp) 1506 { 1507 struct sctp_association *asoc; 1508 struct sk_buff *skb; 1509 sctp_scope_t scope; 1510 struct sctp_af *af; 1511 1512 /* Create the bare association. */ 1513 scope = sctp_scope(sctp_source(chunk)); 1514 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1515 if (!asoc) 1516 goto nodata; 1517 asoc->temp = 1; 1518 skb = chunk->skb; 1519 /* Create an entry for the source address of the packet. */ 1520 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1521 if (unlikely(!af)) 1522 goto fail; 1523 af->from_skb(&asoc->c.peer_addr, skb, 1); 1524 nodata: 1525 return asoc; 1526 1527 fail: 1528 sctp_association_free(asoc); 1529 return NULL; 1530 } 1531 1532 /* Build a cookie representing asoc. 1533 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1534 */ 1535 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1536 const struct sctp_association *asoc, 1537 const struct sctp_chunk *init_chunk, 1538 int *cookie_len, 1539 const __u8 *raw_addrs, int addrs_len) 1540 { 1541 sctp_cookie_param_t *retval; 1542 struct sctp_signed_cookie *cookie; 1543 struct scatterlist sg; 1544 int headersize, bodysize; 1545 unsigned int keylen; 1546 char *key; 1547 1548 /* Header size is static data prior to the actual cookie, including 1549 * any padding. 1550 */ 1551 headersize = sizeof(sctp_paramhdr_t) + 1552 (sizeof(struct sctp_signed_cookie) - 1553 sizeof(struct sctp_cookie)); 1554 bodysize = sizeof(struct sctp_cookie) 1555 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1556 1557 /* Pad out the cookie to a multiple to make the signature 1558 * functions simpler to write. 1559 */ 1560 if (bodysize % SCTP_COOKIE_MULTIPLE) 1561 bodysize += SCTP_COOKIE_MULTIPLE 1562 - (bodysize % SCTP_COOKIE_MULTIPLE); 1563 *cookie_len = headersize + bodysize; 1564 1565 /* Clear this memory since we are sending this data structure 1566 * out on the network. 1567 */ 1568 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1569 if (!retval) 1570 goto nodata; 1571 1572 cookie = (struct sctp_signed_cookie *) retval->body; 1573 1574 /* Set up the parameter header. */ 1575 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1576 retval->p.length = htons(*cookie_len); 1577 1578 /* Copy the cookie part of the association itself. */ 1579 cookie->c = asoc->c; 1580 /* Save the raw address list length in the cookie. */ 1581 cookie->c.raw_addr_list_len = addrs_len; 1582 1583 /* Remember PR-SCTP capability. */ 1584 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1585 1586 /* Save adaptation indication in the cookie. */ 1587 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1588 1589 /* Set an expiration time for the cookie. */ 1590 do_gettimeofday(&cookie->c.expiration); 1591 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1592 1593 /* Copy the peer's init packet. */ 1594 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1595 ntohs(init_chunk->chunk_hdr->length)); 1596 1597 /* Copy the raw local address list of the association. */ 1598 memcpy((__u8 *)&cookie->c.peer_init[0] + 1599 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1600 1601 if (sctp_sk(ep->base.sk)->hmac) { 1602 struct hash_desc desc; 1603 1604 /* Sign the message. */ 1605 sg_init_one(&sg, &cookie->c, bodysize); 1606 keylen = SCTP_SECRET_SIZE; 1607 key = (char *)ep->secret_key[ep->current_key]; 1608 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1609 desc.flags = 0; 1610 1611 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1612 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1613 goto free_cookie; 1614 } 1615 1616 return retval; 1617 1618 free_cookie: 1619 kfree(retval); 1620 nodata: 1621 *cookie_len = 0; 1622 return NULL; 1623 } 1624 1625 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1626 struct sctp_association *sctp_unpack_cookie( 1627 const struct sctp_endpoint *ep, 1628 const struct sctp_association *asoc, 1629 struct sctp_chunk *chunk, gfp_t gfp, 1630 int *error, struct sctp_chunk **errp) 1631 { 1632 struct sctp_association *retval = NULL; 1633 struct sctp_signed_cookie *cookie; 1634 struct sctp_cookie *bear_cookie; 1635 int headersize, bodysize, fixed_size; 1636 __u8 *digest = ep->digest; 1637 struct scatterlist sg; 1638 unsigned int keylen, len; 1639 char *key; 1640 sctp_scope_t scope; 1641 struct sk_buff *skb = chunk->skb; 1642 struct timeval tv; 1643 struct hash_desc desc; 1644 1645 /* Header size is static data prior to the actual cookie, including 1646 * any padding. 1647 */ 1648 headersize = sizeof(sctp_chunkhdr_t) + 1649 (sizeof(struct sctp_signed_cookie) - 1650 sizeof(struct sctp_cookie)); 1651 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1652 fixed_size = headersize + sizeof(struct sctp_cookie); 1653 1654 /* Verify that the chunk looks like it even has a cookie. 1655 * There must be enough room for our cookie and our peer's 1656 * INIT chunk. 1657 */ 1658 len = ntohs(chunk->chunk_hdr->length); 1659 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1660 goto malformed; 1661 1662 /* Verify that the cookie has been padded out. */ 1663 if (bodysize % SCTP_COOKIE_MULTIPLE) 1664 goto malformed; 1665 1666 /* Process the cookie. */ 1667 cookie = chunk->subh.cookie_hdr; 1668 bear_cookie = &cookie->c; 1669 1670 if (!sctp_sk(ep->base.sk)->hmac) 1671 goto no_hmac; 1672 1673 /* Check the signature. */ 1674 keylen = SCTP_SECRET_SIZE; 1675 sg_init_one(&sg, bear_cookie, bodysize); 1676 key = (char *)ep->secret_key[ep->current_key]; 1677 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1678 desc.flags = 0; 1679 1680 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1681 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1682 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1683 *error = -SCTP_IERROR_NOMEM; 1684 goto fail; 1685 } 1686 1687 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1688 /* Try the previous key. */ 1689 key = (char *)ep->secret_key[ep->last_key]; 1690 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1691 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1692 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1693 *error = -SCTP_IERROR_NOMEM; 1694 goto fail; 1695 } 1696 1697 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1698 /* Yikes! Still bad signature! */ 1699 *error = -SCTP_IERROR_BAD_SIG; 1700 goto fail; 1701 } 1702 } 1703 1704 no_hmac: 1705 /* IG Section 2.35.2: 1706 * 3) Compare the port numbers and the verification tag contained 1707 * within the COOKIE ECHO chunk to the actual port numbers and the 1708 * verification tag within the SCTP common header of the received 1709 * packet. If these values do not match the packet MUST be silently 1710 * discarded, 1711 */ 1712 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1713 *error = -SCTP_IERROR_BAD_TAG; 1714 goto fail; 1715 } 1716 1717 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1718 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1719 *error = -SCTP_IERROR_BAD_PORTS; 1720 goto fail; 1721 } 1722 1723 /* Check to see if the cookie is stale. If there is already 1724 * an association, there is no need to check cookie's expiration 1725 * for init collision case of lost COOKIE ACK. 1726 * If skb has been timestamped, then use the stamp, otherwise 1727 * use current time. This introduces a small possibility that 1728 * that a cookie may be considered expired, but his would only slow 1729 * down the new association establishment instead of every packet. 1730 */ 1731 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1732 skb_get_timestamp(skb, &tv); 1733 else 1734 do_gettimeofday(&tv); 1735 1736 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1737 /* 1738 * Section 3.3.10.3 Stale Cookie Error (3) 1739 * 1740 * Cause of error 1741 * --------------- 1742 * Stale Cookie Error: Indicates the receipt of a valid State 1743 * Cookie that has expired. 1744 */ 1745 len = ntohs(chunk->chunk_hdr->length); 1746 *errp = sctp_make_op_error_space(asoc, chunk, len); 1747 if (*errp) { 1748 suseconds_t usecs = (tv.tv_sec - 1749 bear_cookie->expiration.tv_sec) * 1000000L + 1750 tv.tv_usec - bear_cookie->expiration.tv_usec; 1751 __be32 n = htonl(usecs); 1752 1753 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1754 sizeof(n)); 1755 sctp_addto_chunk(*errp, sizeof(n), &n); 1756 *error = -SCTP_IERROR_STALE_COOKIE; 1757 } else 1758 *error = -SCTP_IERROR_NOMEM; 1759 1760 goto fail; 1761 } 1762 1763 /* Make a new base association. */ 1764 scope = sctp_scope(sctp_source(chunk)); 1765 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1766 if (!retval) { 1767 *error = -SCTP_IERROR_NOMEM; 1768 goto fail; 1769 } 1770 1771 /* Set up our peer's port number. */ 1772 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1773 1774 /* Populate the association from the cookie. */ 1775 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1776 1777 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1778 GFP_ATOMIC) < 0) { 1779 *error = -SCTP_IERROR_NOMEM; 1780 goto fail; 1781 } 1782 1783 /* Also, add the destination address. */ 1784 if (list_empty(&retval->base.bind_addr.address_list)) { 1785 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1786 SCTP_ADDR_SRC, GFP_ATOMIC); 1787 } 1788 1789 retval->next_tsn = retval->c.initial_tsn; 1790 retval->ctsn_ack_point = retval->next_tsn - 1; 1791 retval->addip_serial = retval->c.initial_tsn; 1792 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1793 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1794 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1795 1796 /* The INIT stuff will be done by the side effects. */ 1797 return retval; 1798 1799 fail: 1800 if (retval) 1801 sctp_association_free(retval); 1802 1803 return NULL; 1804 1805 malformed: 1806 /* Yikes! The packet is either corrupt or deliberately 1807 * malformed. 1808 */ 1809 *error = -SCTP_IERROR_MALFORMED; 1810 goto fail; 1811 } 1812 1813 /******************************************************************** 1814 * 3rd Level Abstractions 1815 ********************************************************************/ 1816 1817 struct __sctp_missing { 1818 __be32 num_missing; 1819 __be16 type; 1820 } __attribute__((packed)); 1821 1822 /* 1823 * Report a missing mandatory parameter. 1824 */ 1825 static int sctp_process_missing_param(const struct sctp_association *asoc, 1826 sctp_param_t paramtype, 1827 struct sctp_chunk *chunk, 1828 struct sctp_chunk **errp) 1829 { 1830 struct __sctp_missing report; 1831 __u16 len; 1832 1833 len = WORD_ROUND(sizeof(report)); 1834 1835 /* Make an ERROR chunk, preparing enough room for 1836 * returning multiple unknown parameters. 1837 */ 1838 if (!*errp) 1839 *errp = sctp_make_op_error_space(asoc, chunk, len); 1840 1841 if (*errp) { 1842 report.num_missing = htonl(1); 1843 report.type = paramtype; 1844 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1845 sizeof(report)); 1846 sctp_addto_chunk(*errp, sizeof(report), &report); 1847 } 1848 1849 /* Stop processing this chunk. */ 1850 return 0; 1851 } 1852 1853 /* Report an Invalid Mandatory Parameter. */ 1854 static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1855 struct sctp_chunk *chunk, 1856 struct sctp_chunk **errp) 1857 { 1858 /* Invalid Mandatory Parameter Error has no payload. */ 1859 1860 if (!*errp) 1861 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1862 1863 if (*errp) 1864 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1865 1866 /* Stop processing this chunk. */ 1867 return 0; 1868 } 1869 1870 static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1871 struct sctp_paramhdr *param, 1872 const struct sctp_chunk *chunk, 1873 struct sctp_chunk **errp) 1874 { 1875 /* This is a fatal error. Any accumulated non-fatal errors are 1876 * not reported. 1877 */ 1878 if (*errp) 1879 sctp_chunk_free(*errp); 1880 1881 /* Create an error chunk and fill it in with our payload. */ 1882 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1883 1884 return 0; 1885 } 1886 1887 1888 /* Do not attempt to handle the HOST_NAME parm. However, do 1889 * send back an indicator to the peer. 1890 */ 1891 static int sctp_process_hn_param(const struct sctp_association *asoc, 1892 union sctp_params param, 1893 struct sctp_chunk *chunk, 1894 struct sctp_chunk **errp) 1895 { 1896 __u16 len = ntohs(param.p->length); 1897 1898 /* Processing of the HOST_NAME parameter will generate an 1899 * ABORT. If we've accumulated any non-fatal errors, they 1900 * would be unrecognized parameters and we should not include 1901 * them in the ABORT. 1902 */ 1903 if (*errp) 1904 sctp_chunk_free(*errp); 1905 1906 *errp = sctp_make_op_error_space(asoc, chunk, len); 1907 1908 if (*errp) { 1909 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1910 sctp_addto_chunk(*errp, len, param.v); 1911 } 1912 1913 /* Stop processing this chunk. */ 1914 return 0; 1915 } 1916 1917 static int sctp_verify_ext_param(union sctp_params param) 1918 { 1919 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1920 int have_auth = 0; 1921 int have_asconf = 0; 1922 int i; 1923 1924 for (i = 0; i < num_ext; i++) { 1925 switch (param.ext->chunks[i]) { 1926 case SCTP_CID_AUTH: 1927 have_auth = 1; 1928 break; 1929 case SCTP_CID_ASCONF: 1930 case SCTP_CID_ASCONF_ACK: 1931 have_asconf = 1; 1932 break; 1933 } 1934 } 1935 1936 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1937 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1938 * only if ADD-IP is turned on and we are not backward-compatible 1939 * mode. 1940 */ 1941 if (sctp_addip_noauth) 1942 return 1; 1943 1944 if (sctp_addip_enable && !have_auth && have_asconf) 1945 return 0; 1946 1947 return 1; 1948 } 1949 1950 static void sctp_process_ext_param(struct sctp_association *asoc, 1951 union sctp_params param) 1952 { 1953 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1954 int i; 1955 1956 for (i = 0; i < num_ext; i++) { 1957 switch (param.ext->chunks[i]) { 1958 case SCTP_CID_FWD_TSN: 1959 if (sctp_prsctp_enable && 1960 !asoc->peer.prsctp_capable) 1961 asoc->peer.prsctp_capable = 1; 1962 break; 1963 case SCTP_CID_AUTH: 1964 /* if the peer reports AUTH, assume that he 1965 * supports AUTH. 1966 */ 1967 if (sctp_auth_enable) 1968 asoc->peer.auth_capable = 1; 1969 break; 1970 case SCTP_CID_ASCONF: 1971 case SCTP_CID_ASCONF_ACK: 1972 if (sctp_addip_enable) 1973 asoc->peer.asconf_capable = 1; 1974 break; 1975 default: 1976 break; 1977 } 1978 } 1979 } 1980 1981 /* RFC 3.2.1 & the Implementers Guide 2.2. 1982 * 1983 * The Parameter Types are encoded such that the 1984 * highest-order two bits specify the action that must be 1985 * taken if the processing endpoint does not recognize the 1986 * Parameter Type. 1987 * 1988 * 00 - Stop processing this parameter; do not process any further 1989 * parameters within this chunk 1990 * 1991 * 01 - Stop processing this parameter, do not process any further 1992 * parameters within this chunk, and report the unrecognized 1993 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1994 * 1995 * 10 - Skip this parameter and continue processing. 1996 * 1997 * 11 - Skip this parameter and continue processing but 1998 * report the unrecognized parameter in an 1999 * 'Unrecognized Parameter' ERROR chunk. 2000 * 2001 * Return value: 2002 * SCTP_IERROR_NO_ERROR - continue with the chunk 2003 * SCTP_IERROR_ERROR - stop and report an error. 2004 * SCTP_IERROR_NOMEME - out of memory. 2005 */ 2006 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 2007 union sctp_params param, 2008 struct sctp_chunk *chunk, 2009 struct sctp_chunk **errp) 2010 { 2011 int retval = SCTP_IERROR_NO_ERROR; 2012 2013 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2014 case SCTP_PARAM_ACTION_DISCARD: 2015 retval = SCTP_IERROR_ERROR; 2016 break; 2017 case SCTP_PARAM_ACTION_SKIP: 2018 break; 2019 case SCTP_PARAM_ACTION_DISCARD_ERR: 2020 retval = SCTP_IERROR_ERROR; 2021 /* Fall through */ 2022 case SCTP_PARAM_ACTION_SKIP_ERR: 2023 /* Make an ERROR chunk, preparing enough room for 2024 * returning multiple unknown parameters. 2025 */ 2026 if (NULL == *errp) 2027 *errp = sctp_make_op_error_fixed(asoc, chunk); 2028 2029 if (*errp) { 2030 sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2031 WORD_ROUND(ntohs(param.p->length))); 2032 sctp_addto_chunk_fixed(*errp, 2033 WORD_ROUND(ntohs(param.p->length)), 2034 param.v); 2035 } else { 2036 /* If there is no memory for generating the ERROR 2037 * report as specified, an ABORT will be triggered 2038 * to the peer and the association won't be 2039 * established. 2040 */ 2041 retval = SCTP_IERROR_NOMEM; 2042 } 2043 break; 2044 default: 2045 break; 2046 } 2047 2048 return retval; 2049 } 2050 2051 /* Verify variable length parameters 2052 * Return values: 2053 * SCTP_IERROR_ABORT - trigger an ABORT 2054 * SCTP_IERROR_NOMEM - out of memory (abort) 2055 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2056 * SCTP_IERROR_NO_ERROR - continue with the chunk 2057 */ 2058 static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 2059 union sctp_params param, 2060 sctp_cid_t cid, 2061 struct sctp_chunk *chunk, 2062 struct sctp_chunk **err_chunk) 2063 { 2064 struct sctp_hmac_algo_param *hmacs; 2065 int retval = SCTP_IERROR_NO_ERROR; 2066 __u16 n_elt, id = 0; 2067 int i; 2068 2069 /* FIXME - This routine is not looking at each parameter per the 2070 * chunk type, i.e., unrecognized parameters should be further 2071 * identified based on the chunk id. 2072 */ 2073 2074 switch (param.p->type) { 2075 case SCTP_PARAM_IPV4_ADDRESS: 2076 case SCTP_PARAM_IPV6_ADDRESS: 2077 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2078 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2079 case SCTP_PARAM_STATE_COOKIE: 2080 case SCTP_PARAM_HEARTBEAT_INFO: 2081 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2082 case SCTP_PARAM_ECN_CAPABLE: 2083 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2084 break; 2085 2086 case SCTP_PARAM_SUPPORTED_EXT: 2087 if (!sctp_verify_ext_param(param)) 2088 return SCTP_IERROR_ABORT; 2089 break; 2090 2091 case SCTP_PARAM_SET_PRIMARY: 2092 if (sctp_addip_enable) 2093 break; 2094 goto fallthrough; 2095 2096 case SCTP_PARAM_HOST_NAME_ADDRESS: 2097 /* Tell the peer, we won't support this param. */ 2098 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2099 retval = SCTP_IERROR_ABORT; 2100 break; 2101 2102 case SCTP_PARAM_FWD_TSN_SUPPORT: 2103 if (sctp_prsctp_enable) 2104 break; 2105 goto fallthrough; 2106 2107 case SCTP_PARAM_RANDOM: 2108 if (!sctp_auth_enable) 2109 goto fallthrough; 2110 2111 /* SCTP-AUTH: Secion 6.1 2112 * If the random number is not 32 byte long the association 2113 * MUST be aborted. The ABORT chunk SHOULD contain the error 2114 * cause 'Protocol Violation'. 2115 */ 2116 if (SCTP_AUTH_RANDOM_LENGTH != 2117 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2118 sctp_process_inv_paramlength(asoc, param.p, 2119 chunk, err_chunk); 2120 retval = SCTP_IERROR_ABORT; 2121 } 2122 break; 2123 2124 case SCTP_PARAM_CHUNKS: 2125 if (!sctp_auth_enable) 2126 goto fallthrough; 2127 2128 /* SCTP-AUTH: Section 3.2 2129 * The CHUNKS parameter MUST be included once in the INIT or 2130 * INIT-ACK chunk if the sender wants to receive authenticated 2131 * chunks. Its maximum length is 260 bytes. 2132 */ 2133 if (260 < ntohs(param.p->length)) { 2134 sctp_process_inv_paramlength(asoc, param.p, 2135 chunk, err_chunk); 2136 retval = SCTP_IERROR_ABORT; 2137 } 2138 break; 2139 2140 case SCTP_PARAM_HMAC_ALGO: 2141 if (!sctp_auth_enable) 2142 goto fallthrough; 2143 2144 hmacs = (struct sctp_hmac_algo_param *)param.p; 2145 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2146 2147 /* SCTP-AUTH: Section 6.1 2148 * The HMAC algorithm based on SHA-1 MUST be supported and 2149 * included in the HMAC-ALGO parameter. 2150 */ 2151 for (i = 0; i < n_elt; i++) { 2152 id = ntohs(hmacs->hmac_ids[i]); 2153 2154 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2155 break; 2156 } 2157 2158 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2159 sctp_process_inv_paramlength(asoc, param.p, chunk, 2160 err_chunk); 2161 retval = SCTP_IERROR_ABORT; 2162 } 2163 break; 2164 fallthrough: 2165 default: 2166 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2167 ntohs(param.p->type), cid); 2168 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2169 break; 2170 } 2171 return retval; 2172 } 2173 2174 /* Verify the INIT packet before we process it. */ 2175 int sctp_verify_init(const struct sctp_association *asoc, 2176 sctp_cid_t cid, 2177 sctp_init_chunk_t *peer_init, 2178 struct sctp_chunk *chunk, 2179 struct sctp_chunk **errp) 2180 { 2181 union sctp_params param; 2182 int has_cookie = 0; 2183 int result; 2184 2185 /* Verify stream values are non-zero. */ 2186 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2187 (0 == peer_init->init_hdr.num_inbound_streams) || 2188 (0 == peer_init->init_hdr.init_tag) || 2189 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2190 2191 return sctp_process_inv_mandatory(asoc, chunk, errp); 2192 } 2193 2194 /* Check for missing mandatory parameters. */ 2195 sctp_walk_params(param, peer_init, init_hdr.params) { 2196 2197 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2198 has_cookie = 1; 2199 2200 } /* for (loop through all parameters) */ 2201 2202 /* There is a possibility that a parameter length was bad and 2203 * in that case we would have stoped walking the parameters. 2204 * The current param.p would point at the bad one. 2205 * Current consensus on the mailing list is to generate a PROTOCOL 2206 * VIOLATION error. We build the ERROR chunk here and let the normal 2207 * error handling code build and send the packet. 2208 */ 2209 if (param.v != (void*)chunk->chunk_end) 2210 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2211 2212 /* The only missing mandatory param possible today is 2213 * the state cookie for an INIT-ACK chunk. 2214 */ 2215 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2216 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2217 chunk, errp); 2218 2219 /* Verify all the variable length parameters */ 2220 sctp_walk_params(param, peer_init, init_hdr.params) { 2221 2222 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2223 switch (result) { 2224 case SCTP_IERROR_ABORT: 2225 case SCTP_IERROR_NOMEM: 2226 return 0; 2227 case SCTP_IERROR_ERROR: 2228 return 1; 2229 case SCTP_IERROR_NO_ERROR: 2230 default: 2231 break; 2232 } 2233 2234 } /* for (loop through all parameters) */ 2235 2236 return 1; 2237 } 2238 2239 /* Unpack the parameters in an INIT packet into an association. 2240 * Returns 0 on failure, else success. 2241 * FIXME: This is an association method. 2242 */ 2243 int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2244 const union sctp_addr *peer_addr, 2245 sctp_init_chunk_t *peer_init, gfp_t gfp) 2246 { 2247 union sctp_params param; 2248 struct sctp_transport *transport; 2249 struct list_head *pos, *temp; 2250 char *cookie; 2251 2252 /* We must include the address that the INIT packet came from. 2253 * This is the only address that matters for an INIT packet. 2254 * When processing a COOKIE ECHO, we retrieve the from address 2255 * of the INIT from the cookie. 2256 */ 2257 2258 /* This implementation defaults to making the first transport 2259 * added as the primary transport. The source address seems to 2260 * be a a better choice than any of the embedded addresses. 2261 */ 2262 if (peer_addr) { 2263 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2264 goto nomem; 2265 } 2266 2267 /* Process the initialization parameters. */ 2268 sctp_walk_params(param, peer_init, init_hdr.params) { 2269 2270 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2271 goto clean_up; 2272 } 2273 2274 /* AUTH: After processing the parameters, make sure that we 2275 * have all the required info to potentially do authentications. 2276 */ 2277 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2278 !asoc->peer.peer_hmacs)) 2279 asoc->peer.auth_capable = 0; 2280 2281 /* In a non-backward compatible mode, if the peer claims 2282 * support for ADD-IP but not AUTH, the ADD-IP spec states 2283 * that we MUST ABORT the association. Section 6. The section 2284 * also give us an option to silently ignore the packet, which 2285 * is what we'll do here. 2286 */ 2287 if (!sctp_addip_noauth && 2288 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2289 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2290 SCTP_PARAM_DEL_IP | 2291 SCTP_PARAM_SET_PRIMARY); 2292 asoc->peer.asconf_capable = 0; 2293 goto clean_up; 2294 } 2295 2296 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2297 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2298 transport = list_entry(pos, struct sctp_transport, transports); 2299 if (transport->state == SCTP_UNKNOWN) { 2300 sctp_assoc_rm_peer(asoc, transport); 2301 } 2302 } 2303 2304 /* The fixed INIT headers are always in network byte 2305 * order. 2306 */ 2307 asoc->peer.i.init_tag = 2308 ntohl(peer_init->init_hdr.init_tag); 2309 asoc->peer.i.a_rwnd = 2310 ntohl(peer_init->init_hdr.a_rwnd); 2311 asoc->peer.i.num_outbound_streams = 2312 ntohs(peer_init->init_hdr.num_outbound_streams); 2313 asoc->peer.i.num_inbound_streams = 2314 ntohs(peer_init->init_hdr.num_inbound_streams); 2315 asoc->peer.i.initial_tsn = 2316 ntohl(peer_init->init_hdr.initial_tsn); 2317 2318 /* Apply the upper bounds for output streams based on peer's 2319 * number of inbound streams. 2320 */ 2321 if (asoc->c.sinit_num_ostreams > 2322 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2323 asoc->c.sinit_num_ostreams = 2324 ntohs(peer_init->init_hdr.num_inbound_streams); 2325 } 2326 2327 if (asoc->c.sinit_max_instreams > 2328 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2329 asoc->c.sinit_max_instreams = 2330 ntohs(peer_init->init_hdr.num_outbound_streams); 2331 } 2332 2333 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2334 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2335 2336 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2337 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2338 2339 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2340 cookie = asoc->peer.cookie; 2341 if (cookie) { 2342 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2343 if (!asoc->peer.cookie) 2344 goto clean_up; 2345 } 2346 2347 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2348 * high (for example, implementations MAY use the size of the receiver 2349 * advertised window). 2350 */ 2351 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2352 transports) { 2353 transport->ssthresh = asoc->peer.i.a_rwnd; 2354 } 2355 2356 /* Set up the TSN tracking pieces. */ 2357 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2358 asoc->peer.i.initial_tsn, gfp)) 2359 goto clean_up; 2360 2361 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2362 * 2363 * The stream sequence number in all the streams shall start 2364 * from 0 when the association is established. Also, when the 2365 * stream sequence number reaches the value 65535 the next 2366 * stream sequence number shall be set to 0. 2367 */ 2368 2369 /* Allocate storage for the negotiated streams if it is not a temporary 2370 * association. 2371 */ 2372 if (!asoc->temp) { 2373 int error; 2374 2375 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2376 asoc->c.sinit_num_ostreams, gfp); 2377 if (!asoc->ssnmap) 2378 goto clean_up; 2379 2380 error = sctp_assoc_set_id(asoc, gfp); 2381 if (error) 2382 goto clean_up; 2383 } 2384 2385 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2386 * 2387 * When an endpoint has an ASCONF signaled change to be sent to the 2388 * remote endpoint it should do the following: 2389 * ... 2390 * A2) A serial number should be assigned to the Chunk. The serial 2391 * number should be a monotonically increasing number. All serial 2392 * numbers are defined to be initialized at the start of the 2393 * association to the same value as the Initial TSN. 2394 */ 2395 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2396 return 1; 2397 2398 clean_up: 2399 /* Release the transport structures. */ 2400 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2401 transport = list_entry(pos, struct sctp_transport, transports); 2402 if (transport->state != SCTP_ACTIVE) 2403 sctp_assoc_rm_peer(asoc, transport); 2404 } 2405 2406 nomem: 2407 return 0; 2408 } 2409 2410 2411 /* Update asoc with the option described in param. 2412 * 2413 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2414 * 2415 * asoc is the association to update. 2416 * param is the variable length parameter to use for update. 2417 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2418 * If the current packet is an INIT we want to minimize the amount of 2419 * work we do. In particular, we should not build transport 2420 * structures for the addresses. 2421 */ 2422 static int sctp_process_param(struct sctp_association *asoc, 2423 union sctp_params param, 2424 const union sctp_addr *peer_addr, 2425 gfp_t gfp) 2426 { 2427 union sctp_addr addr; 2428 int i; 2429 __u16 sat; 2430 int retval = 1; 2431 sctp_scope_t scope; 2432 time_t stale; 2433 struct sctp_af *af; 2434 union sctp_addr_param *addr_param; 2435 struct sctp_transport *t; 2436 2437 /* We maintain all INIT parameters in network byte order all the 2438 * time. This allows us to not worry about whether the parameters 2439 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2440 */ 2441 switch (param.p->type) { 2442 case SCTP_PARAM_IPV6_ADDRESS: 2443 if (PF_INET6 != asoc->base.sk->sk_family) 2444 break; 2445 goto do_addr_param; 2446 2447 case SCTP_PARAM_IPV4_ADDRESS: 2448 /* v4 addresses are not allowed on v6-only socket */ 2449 if (ipv6_only_sock(asoc->base.sk)) 2450 break; 2451 do_addr_param: 2452 af = sctp_get_af_specific(param_type2af(param.p->type)); 2453 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2454 scope = sctp_scope(peer_addr); 2455 if (sctp_in_scope(&addr, scope)) 2456 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2457 return 0; 2458 break; 2459 2460 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2461 if (!sctp_cookie_preserve_enable) 2462 break; 2463 2464 stale = ntohl(param.life->lifespan_increment); 2465 2466 /* Suggested Cookie Life span increment's unit is msec, 2467 * (1/1000sec). 2468 */ 2469 asoc->cookie_life.tv_sec += stale / 1000; 2470 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2471 break; 2472 2473 case SCTP_PARAM_HOST_NAME_ADDRESS: 2474 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2475 break; 2476 2477 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2478 /* Turn off the default values first so we'll know which 2479 * ones are really set by the peer. 2480 */ 2481 asoc->peer.ipv4_address = 0; 2482 asoc->peer.ipv6_address = 0; 2483 2484 /* Assume that peer supports the address family 2485 * by which it sends a packet. 2486 */ 2487 if (peer_addr->sa.sa_family == AF_INET6) 2488 asoc->peer.ipv6_address = 1; 2489 else if (peer_addr->sa.sa_family == AF_INET) 2490 asoc->peer.ipv4_address = 1; 2491 2492 /* Cycle through address types; avoid divide by 0. */ 2493 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2494 if (sat) 2495 sat /= sizeof(__u16); 2496 2497 for (i = 0; i < sat; ++i) { 2498 switch (param.sat->types[i]) { 2499 case SCTP_PARAM_IPV4_ADDRESS: 2500 asoc->peer.ipv4_address = 1; 2501 break; 2502 2503 case SCTP_PARAM_IPV6_ADDRESS: 2504 if (PF_INET6 == asoc->base.sk->sk_family) 2505 asoc->peer.ipv6_address = 1; 2506 break; 2507 2508 case SCTP_PARAM_HOST_NAME_ADDRESS: 2509 asoc->peer.hostname_address = 1; 2510 break; 2511 2512 default: /* Just ignore anything else. */ 2513 break; 2514 } 2515 } 2516 break; 2517 2518 case SCTP_PARAM_STATE_COOKIE: 2519 asoc->peer.cookie_len = 2520 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2521 asoc->peer.cookie = param.cookie->body; 2522 break; 2523 2524 case SCTP_PARAM_HEARTBEAT_INFO: 2525 /* Would be odd to receive, but it causes no problems. */ 2526 break; 2527 2528 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2529 /* Rejected during verify stage. */ 2530 break; 2531 2532 case SCTP_PARAM_ECN_CAPABLE: 2533 asoc->peer.ecn_capable = 1; 2534 break; 2535 2536 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2537 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2538 break; 2539 2540 case SCTP_PARAM_SET_PRIMARY: 2541 if (!sctp_addip_enable) 2542 goto fall_through; 2543 2544 addr_param = param.v + sizeof(sctp_addip_param_t); 2545 2546 af = sctp_get_af_specific(param_type2af(param.p->type)); 2547 af->from_addr_param(&addr, addr_param, 2548 htons(asoc->peer.port), 0); 2549 2550 /* if the address is invalid, we can't process it. 2551 * XXX: see spec for what to do. 2552 */ 2553 if (!af->addr_valid(&addr, NULL, NULL)) 2554 break; 2555 2556 t = sctp_assoc_lookup_paddr(asoc, &addr); 2557 if (!t) 2558 break; 2559 2560 sctp_assoc_set_primary(asoc, t); 2561 break; 2562 2563 case SCTP_PARAM_SUPPORTED_EXT: 2564 sctp_process_ext_param(asoc, param); 2565 break; 2566 2567 case SCTP_PARAM_FWD_TSN_SUPPORT: 2568 if (sctp_prsctp_enable) { 2569 asoc->peer.prsctp_capable = 1; 2570 break; 2571 } 2572 /* Fall Through */ 2573 goto fall_through; 2574 2575 case SCTP_PARAM_RANDOM: 2576 if (!sctp_auth_enable) 2577 goto fall_through; 2578 2579 /* Save peer's random parameter */ 2580 asoc->peer.peer_random = kmemdup(param.p, 2581 ntohs(param.p->length), gfp); 2582 if (!asoc->peer.peer_random) { 2583 retval = 0; 2584 break; 2585 } 2586 break; 2587 2588 case SCTP_PARAM_HMAC_ALGO: 2589 if (!sctp_auth_enable) 2590 goto fall_through; 2591 2592 /* Save peer's HMAC list */ 2593 asoc->peer.peer_hmacs = kmemdup(param.p, 2594 ntohs(param.p->length), gfp); 2595 if (!asoc->peer.peer_hmacs) { 2596 retval = 0; 2597 break; 2598 } 2599 2600 /* Set the default HMAC the peer requested*/ 2601 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2602 break; 2603 2604 case SCTP_PARAM_CHUNKS: 2605 if (!sctp_auth_enable) 2606 goto fall_through; 2607 2608 asoc->peer.peer_chunks = kmemdup(param.p, 2609 ntohs(param.p->length), gfp); 2610 if (!asoc->peer.peer_chunks) 2611 retval = 0; 2612 break; 2613 fall_through: 2614 default: 2615 /* Any unrecognized parameters should have been caught 2616 * and handled by sctp_verify_param() which should be 2617 * called prior to this routine. Simply log the error 2618 * here. 2619 */ 2620 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2621 ntohs(param.p->type), asoc); 2622 break; 2623 } 2624 2625 return retval; 2626 } 2627 2628 /* Select a new verification tag. */ 2629 __u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2630 { 2631 /* I believe that this random number generator complies with RFC1750. 2632 * A tag of 0 is reserved for special cases (e.g. INIT). 2633 */ 2634 __u32 x; 2635 2636 do { 2637 get_random_bytes(&x, sizeof(__u32)); 2638 } while (x == 0); 2639 2640 return x; 2641 } 2642 2643 /* Select an initial TSN to send during startup. */ 2644 __u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2645 { 2646 __u32 retval; 2647 2648 get_random_bytes(&retval, sizeof(__u32)); 2649 return retval; 2650 } 2651 2652 /* 2653 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2654 * 0 1 2 3 2655 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2656 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2657 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2659 * | Serial Number | 2660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2661 * | Address Parameter | 2662 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2663 * | ASCONF Parameter #1 | 2664 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2665 * \ \ 2666 * / .... / 2667 * \ \ 2668 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2669 * | ASCONF Parameter #N | 2670 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2671 * 2672 * Address Parameter and other parameter will not be wrapped in this function 2673 */ 2674 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2675 union sctp_addr *addr, 2676 int vparam_len) 2677 { 2678 sctp_addiphdr_t asconf; 2679 struct sctp_chunk *retval; 2680 int length = sizeof(asconf) + vparam_len; 2681 union sctp_addr_param addrparam; 2682 int addrlen; 2683 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2684 2685 addrlen = af->to_addr_param(addr, &addrparam); 2686 if (!addrlen) 2687 return NULL; 2688 length += addrlen; 2689 2690 /* Create the chunk. */ 2691 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2692 if (!retval) 2693 return NULL; 2694 2695 asconf.serial = htonl(asoc->addip_serial++); 2696 2697 retval->subh.addip_hdr = 2698 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2699 retval->param_hdr.v = 2700 sctp_addto_chunk(retval, addrlen, &addrparam); 2701 2702 return retval; 2703 } 2704 2705 /* ADDIP 2706 * 3.2.1 Add IP Address 2707 * 0 1 2 3 2708 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2709 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2710 * | Type = 0xC001 | Length = Variable | 2711 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2712 * | ASCONF-Request Correlation ID | 2713 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2714 * | Address Parameter | 2715 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2716 * 2717 * 3.2.2 Delete IP Address 2718 * 0 1 2 3 2719 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2720 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2721 * | Type = 0xC002 | Length = Variable | 2722 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2723 * | ASCONF-Request Correlation ID | 2724 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2725 * | Address Parameter | 2726 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2727 * 2728 */ 2729 struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2730 union sctp_addr *laddr, 2731 struct sockaddr *addrs, 2732 int addrcnt, 2733 __be16 flags) 2734 { 2735 sctp_addip_param_t param; 2736 struct sctp_chunk *retval; 2737 union sctp_addr_param addr_param; 2738 union sctp_addr *addr; 2739 void *addr_buf; 2740 struct sctp_af *af; 2741 int paramlen = sizeof(param); 2742 int addr_param_len = 0; 2743 int totallen = 0; 2744 int i; 2745 2746 /* Get total length of all the address parameters. */ 2747 addr_buf = addrs; 2748 for (i = 0; i < addrcnt; i++) { 2749 addr = (union sctp_addr *)addr_buf; 2750 af = sctp_get_af_specific(addr->v4.sin_family); 2751 addr_param_len = af->to_addr_param(addr, &addr_param); 2752 2753 totallen += paramlen; 2754 totallen += addr_param_len; 2755 2756 addr_buf += af->sockaddr_len; 2757 } 2758 2759 /* Create an asconf chunk with the required length. */ 2760 retval = sctp_make_asconf(asoc, laddr, totallen); 2761 if (!retval) 2762 return NULL; 2763 2764 /* Add the address parameters to the asconf chunk. */ 2765 addr_buf = addrs; 2766 for (i = 0; i < addrcnt; i++) { 2767 addr = (union sctp_addr *)addr_buf; 2768 af = sctp_get_af_specific(addr->v4.sin_family); 2769 addr_param_len = af->to_addr_param(addr, &addr_param); 2770 param.param_hdr.type = flags; 2771 param.param_hdr.length = htons(paramlen + addr_param_len); 2772 param.crr_id = i; 2773 2774 sctp_addto_chunk(retval, paramlen, ¶m); 2775 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2776 2777 addr_buf += af->sockaddr_len; 2778 } 2779 return retval; 2780 } 2781 2782 /* ADDIP 2783 * 3.2.4 Set Primary IP Address 2784 * 0 1 2 3 2785 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2786 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2787 * | Type =0xC004 | Length = Variable | 2788 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2789 * | ASCONF-Request Correlation ID | 2790 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2791 * | Address Parameter | 2792 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2793 * 2794 * Create an ASCONF chunk with Set Primary IP address parameter. 2795 */ 2796 struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2797 union sctp_addr *addr) 2798 { 2799 sctp_addip_param_t param; 2800 struct sctp_chunk *retval; 2801 int len = sizeof(param); 2802 union sctp_addr_param addrparam; 2803 int addrlen; 2804 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2805 2806 addrlen = af->to_addr_param(addr, &addrparam); 2807 if (!addrlen) 2808 return NULL; 2809 len += addrlen; 2810 2811 /* Create the chunk and make asconf header. */ 2812 retval = sctp_make_asconf(asoc, addr, len); 2813 if (!retval) 2814 return NULL; 2815 2816 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2817 param.param_hdr.length = htons(len); 2818 param.crr_id = 0; 2819 2820 sctp_addto_chunk(retval, sizeof(param), ¶m); 2821 sctp_addto_chunk(retval, addrlen, &addrparam); 2822 2823 return retval; 2824 } 2825 2826 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2827 * 0 1 2 3 2828 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2829 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2830 * | Type = 0x80 | Chunk Flags | Chunk Length | 2831 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2832 * | Serial Number | 2833 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2834 * | ASCONF Parameter Response#1 | 2835 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2836 * \ \ 2837 * / .... / 2838 * \ \ 2839 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2840 * | ASCONF Parameter Response#N | 2841 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2842 * 2843 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2844 */ 2845 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2846 __u32 serial, int vparam_len) 2847 { 2848 sctp_addiphdr_t asconf; 2849 struct sctp_chunk *retval; 2850 int length = sizeof(asconf) + vparam_len; 2851 2852 /* Create the chunk. */ 2853 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2854 if (!retval) 2855 return NULL; 2856 2857 asconf.serial = htonl(serial); 2858 2859 retval->subh.addip_hdr = 2860 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2861 2862 return retval; 2863 } 2864 2865 /* Add response parameters to an ASCONF_ACK chunk. */ 2866 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2867 __be16 err_code, sctp_addip_param_t *asconf_param) 2868 { 2869 sctp_addip_param_t ack_param; 2870 sctp_errhdr_t err_param; 2871 int asconf_param_len = 0; 2872 int err_param_len = 0; 2873 __be16 response_type; 2874 2875 if (SCTP_ERROR_NO_ERROR == err_code) { 2876 response_type = SCTP_PARAM_SUCCESS_REPORT; 2877 } else { 2878 response_type = SCTP_PARAM_ERR_CAUSE; 2879 err_param_len = sizeof(err_param); 2880 if (asconf_param) 2881 asconf_param_len = 2882 ntohs(asconf_param->param_hdr.length); 2883 } 2884 2885 /* Add Success Indication or Error Cause Indication parameter. */ 2886 ack_param.param_hdr.type = response_type; 2887 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2888 err_param_len + 2889 asconf_param_len); 2890 ack_param.crr_id = crr_id; 2891 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2892 2893 if (SCTP_ERROR_NO_ERROR == err_code) 2894 return; 2895 2896 /* Add Error Cause parameter. */ 2897 err_param.cause = err_code; 2898 err_param.length = htons(err_param_len + asconf_param_len); 2899 sctp_addto_chunk(chunk, err_param_len, &err_param); 2900 2901 /* Add the failed TLV copied from ASCONF chunk. */ 2902 if (asconf_param) 2903 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2904 } 2905 2906 /* Process a asconf parameter. */ 2907 static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2908 struct sctp_chunk *asconf, 2909 sctp_addip_param_t *asconf_param) 2910 { 2911 struct sctp_transport *peer; 2912 struct sctp_af *af; 2913 union sctp_addr addr; 2914 union sctp_addr_param *addr_param; 2915 2916 addr_param = (union sctp_addr_param *) 2917 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2918 2919 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 2920 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 2921 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 2922 return SCTP_ERROR_UNKNOWN_PARAM; 2923 2924 switch (addr_param->v4.param_hdr.type) { 2925 case SCTP_PARAM_IPV6_ADDRESS: 2926 if (!asoc->peer.ipv6_address) 2927 return SCTP_ERROR_DNS_FAILED; 2928 break; 2929 case SCTP_PARAM_IPV4_ADDRESS: 2930 if (!asoc->peer.ipv4_address) 2931 return SCTP_ERROR_DNS_FAILED; 2932 break; 2933 default: 2934 return SCTP_ERROR_DNS_FAILED; 2935 } 2936 2937 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2938 if (unlikely(!af)) 2939 return SCTP_ERROR_DNS_FAILED; 2940 2941 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2942 2943 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 2944 * or multicast address. 2945 * (note: wildcard is permitted and requires special handling so 2946 * make sure we check for that) 2947 */ 2948 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 2949 return SCTP_ERROR_DNS_FAILED; 2950 2951 switch (asconf_param->param_hdr.type) { 2952 case SCTP_PARAM_ADD_IP: 2953 /* Section 4.2.1: 2954 * If the address 0.0.0.0 or ::0 is provided, the source 2955 * address of the packet MUST be added. 2956 */ 2957 if (af->is_any(&addr)) 2958 memcpy(&addr, &asconf->source, sizeof(addr)); 2959 2960 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2961 * request and does not have the local resources to add this 2962 * new address to the association, it MUST return an Error 2963 * Cause TLV set to the new error code 'Operation Refused 2964 * Due to Resource Shortage'. 2965 */ 2966 2967 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2968 if (!peer) 2969 return SCTP_ERROR_RSRC_LOW; 2970 2971 /* Start the heartbeat timer. */ 2972 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2973 sctp_transport_hold(peer); 2974 break; 2975 case SCTP_PARAM_DEL_IP: 2976 /* ADDIP 4.3 D7) If a request is received to delete the 2977 * last remaining IP address of a peer endpoint, the receiver 2978 * MUST send an Error Cause TLV with the error cause set to the 2979 * new error code 'Request to Delete Last Remaining IP Address'. 2980 */ 2981 if (asoc->peer.transport_count == 1) 2982 return SCTP_ERROR_DEL_LAST_IP; 2983 2984 /* ADDIP 4.3 D8) If a request is received to delete an IP 2985 * address which is also the source address of the IP packet 2986 * which contained the ASCONF chunk, the receiver MUST reject 2987 * this request. To reject the request the receiver MUST send 2988 * an Error Cause TLV set to the new error code 'Request to 2989 * Delete Source IP Address' 2990 */ 2991 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2992 return SCTP_ERROR_DEL_SRC_IP; 2993 2994 /* Section 4.2.2 2995 * If the address 0.0.0.0 or ::0 is provided, all 2996 * addresses of the peer except the source address of the 2997 * packet MUST be deleted. 2998 */ 2999 if (af->is_any(&addr)) { 3000 sctp_assoc_set_primary(asoc, asconf->transport); 3001 sctp_assoc_del_nonprimary_peers(asoc, 3002 asconf->transport); 3003 } else 3004 sctp_assoc_del_peer(asoc, &addr); 3005 break; 3006 case SCTP_PARAM_SET_PRIMARY: 3007 /* ADDIP Section 4.2.4 3008 * If the address 0.0.0.0 or ::0 is provided, the receiver 3009 * MAY mark the source address of the packet as its 3010 * primary. 3011 */ 3012 if (af->is_any(&addr)) 3013 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 3014 3015 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3016 if (!peer) 3017 return SCTP_ERROR_DNS_FAILED; 3018 3019 sctp_assoc_set_primary(asoc, peer); 3020 break; 3021 } 3022 3023 return SCTP_ERROR_NO_ERROR; 3024 } 3025 3026 /* Verify the ASCONF packet before we process it. */ 3027 int sctp_verify_asconf(const struct sctp_association *asoc, 3028 struct sctp_paramhdr *param_hdr, void *chunk_end, 3029 struct sctp_paramhdr **errp) { 3030 sctp_addip_param_t *asconf_param; 3031 union sctp_params param; 3032 int length, plen; 3033 3034 param.v = (sctp_paramhdr_t *) param_hdr; 3035 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3036 length = ntohs(param.p->length); 3037 *errp = param.p; 3038 3039 if (param.v > chunk_end - length || 3040 length < sizeof(sctp_paramhdr_t)) 3041 return 0; 3042 3043 switch (param.p->type) { 3044 case SCTP_PARAM_ADD_IP: 3045 case SCTP_PARAM_DEL_IP: 3046 case SCTP_PARAM_SET_PRIMARY: 3047 asconf_param = (sctp_addip_param_t *)param.v; 3048 plen = ntohs(asconf_param->param_hdr.length); 3049 if (plen < sizeof(sctp_addip_param_t) + 3050 sizeof(sctp_paramhdr_t)) 3051 return 0; 3052 break; 3053 case SCTP_PARAM_SUCCESS_REPORT: 3054 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3055 if (length != sizeof(sctp_addip_param_t)) 3056 return 0; 3057 3058 break; 3059 default: 3060 break; 3061 } 3062 3063 param.v += WORD_ROUND(length); 3064 } 3065 3066 if (param.v != chunk_end) 3067 return 0; 3068 3069 return 1; 3070 } 3071 3072 /* Process an incoming ASCONF chunk with the next expected serial no. and 3073 * return an ASCONF_ACK chunk to be sent in response. 3074 */ 3075 struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3076 struct sctp_chunk *asconf) 3077 { 3078 sctp_addiphdr_t *hdr; 3079 union sctp_addr_param *addr_param; 3080 sctp_addip_param_t *asconf_param; 3081 struct sctp_chunk *asconf_ack; 3082 3083 __be16 err_code; 3084 int length = 0; 3085 int chunk_len; 3086 __u32 serial; 3087 int all_param_pass = 1; 3088 3089 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3090 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3091 serial = ntohl(hdr->serial); 3092 3093 /* Skip the addiphdr and store a pointer to address parameter. */ 3094 length = sizeof(sctp_addiphdr_t); 3095 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3096 chunk_len -= length; 3097 3098 /* Skip the address parameter and store a pointer to the first 3099 * asconf parameter. 3100 */ 3101 length = ntohs(addr_param->v4.param_hdr.length); 3102 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3103 chunk_len -= length; 3104 3105 /* create an ASCONF_ACK chunk. 3106 * Based on the definitions of parameters, we know that the size of 3107 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 3108 * parameters. 3109 */ 3110 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 3111 if (!asconf_ack) 3112 goto done; 3113 3114 /* Process the TLVs contained within the ASCONF chunk. */ 3115 while (chunk_len > 0) { 3116 err_code = sctp_process_asconf_param(asoc, asconf, 3117 asconf_param); 3118 /* ADDIP 4.1 A7) 3119 * If an error response is received for a TLV parameter, 3120 * all TLVs with no response before the failed TLV are 3121 * considered successful if not reported. All TLVs after 3122 * the failed response are considered unsuccessful unless 3123 * a specific success indication is present for the parameter. 3124 */ 3125 if (SCTP_ERROR_NO_ERROR != err_code) 3126 all_param_pass = 0; 3127 3128 if (!all_param_pass) 3129 sctp_add_asconf_response(asconf_ack, 3130 asconf_param->crr_id, err_code, 3131 asconf_param); 3132 3133 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3134 * an IP address sends an 'Out of Resource' in its response, it 3135 * MUST also fail any subsequent add or delete requests bundled 3136 * in the ASCONF. 3137 */ 3138 if (SCTP_ERROR_RSRC_LOW == err_code) 3139 goto done; 3140 3141 /* Move to the next ASCONF param. */ 3142 length = ntohs(asconf_param->param_hdr.length); 3143 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3144 length); 3145 chunk_len -= length; 3146 } 3147 3148 done: 3149 asoc->peer.addip_serial++; 3150 3151 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3152 * after freeing the reference to old asconf ack if any. 3153 */ 3154 if (asconf_ack) { 3155 sctp_chunk_hold(asconf_ack); 3156 list_add_tail(&asconf_ack->transmitted_list, 3157 &asoc->asconf_ack_list); 3158 } 3159 3160 return asconf_ack; 3161 } 3162 3163 /* Process a asconf parameter that is successfully acked. */ 3164 static void sctp_asconf_param_success(struct sctp_association *asoc, 3165 sctp_addip_param_t *asconf_param) 3166 { 3167 struct sctp_af *af; 3168 union sctp_addr addr; 3169 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3170 union sctp_addr_param *addr_param; 3171 struct sctp_transport *transport; 3172 struct sctp_sockaddr_entry *saddr; 3173 3174 addr_param = (union sctp_addr_param *) 3175 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 3176 3177 /* We have checked the packet before, so we do not check again. */ 3178 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 3179 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3180 3181 switch (asconf_param->param_hdr.type) { 3182 case SCTP_PARAM_ADD_IP: 3183 /* This is always done in BH context with a socket lock 3184 * held, so the list can not change. 3185 */ 3186 local_bh_disable(); 3187 list_for_each_entry(saddr, &bp->address_list, list) { 3188 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3189 saddr->state = SCTP_ADDR_SRC; 3190 } 3191 local_bh_enable(); 3192 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3193 transports) { 3194 if (transport->state == SCTP_ACTIVE) 3195 continue; 3196 dst_release(transport->dst); 3197 sctp_transport_route(transport, NULL, 3198 sctp_sk(asoc->base.sk)); 3199 } 3200 break; 3201 case SCTP_PARAM_DEL_IP: 3202 local_bh_disable(); 3203 sctp_del_bind_addr(bp, &addr); 3204 local_bh_enable(); 3205 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3206 transports) { 3207 dst_release(transport->dst); 3208 sctp_transport_route(transport, NULL, 3209 sctp_sk(asoc->base.sk)); 3210 } 3211 break; 3212 default: 3213 break; 3214 } 3215 } 3216 3217 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3218 * for the given asconf parameter. If there is no response for this parameter, 3219 * return the error code based on the third argument 'no_err'. 3220 * ADDIP 4.1 3221 * A7) If an error response is received for a TLV parameter, all TLVs with no 3222 * response before the failed TLV are considered successful if not reported. 3223 * All TLVs after the failed response are considered unsuccessful unless a 3224 * specific success indication is present for the parameter. 3225 */ 3226 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3227 sctp_addip_param_t *asconf_param, 3228 int no_err) 3229 { 3230 sctp_addip_param_t *asconf_ack_param; 3231 sctp_errhdr_t *err_param; 3232 int length; 3233 int asconf_ack_len; 3234 __be16 err_code; 3235 3236 if (no_err) 3237 err_code = SCTP_ERROR_NO_ERROR; 3238 else 3239 err_code = SCTP_ERROR_REQ_REFUSED; 3240 3241 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3242 sizeof(sctp_chunkhdr_t); 3243 3244 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3245 * the first asconf_ack parameter. 3246 */ 3247 length = sizeof(sctp_addiphdr_t); 3248 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3249 length); 3250 asconf_ack_len -= length; 3251 3252 while (asconf_ack_len > 0) { 3253 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3254 switch(asconf_ack_param->param_hdr.type) { 3255 case SCTP_PARAM_SUCCESS_REPORT: 3256 return SCTP_ERROR_NO_ERROR; 3257 case SCTP_PARAM_ERR_CAUSE: 3258 length = sizeof(sctp_addip_param_t); 3259 err_param = (sctp_errhdr_t *) 3260 ((void *)asconf_ack_param + length); 3261 asconf_ack_len -= length; 3262 if (asconf_ack_len > 0) 3263 return err_param->cause; 3264 else 3265 return SCTP_ERROR_INV_PARAM; 3266 break; 3267 default: 3268 return SCTP_ERROR_INV_PARAM; 3269 } 3270 } 3271 3272 length = ntohs(asconf_ack_param->param_hdr.length); 3273 asconf_ack_param = (sctp_addip_param_t *) 3274 ((void *)asconf_ack_param + length); 3275 asconf_ack_len -= length; 3276 } 3277 3278 return err_code; 3279 } 3280 3281 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3282 int sctp_process_asconf_ack(struct sctp_association *asoc, 3283 struct sctp_chunk *asconf_ack) 3284 { 3285 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3286 union sctp_addr_param *addr_param; 3287 sctp_addip_param_t *asconf_param; 3288 int length = 0; 3289 int asconf_len = asconf->skb->len; 3290 int all_param_pass = 0; 3291 int no_err = 1; 3292 int retval = 0; 3293 __be16 err_code = SCTP_ERROR_NO_ERROR; 3294 3295 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3296 * a pointer to address parameter. 3297 */ 3298 length = sizeof(sctp_addip_chunk_t); 3299 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3300 asconf_len -= length; 3301 3302 /* Skip the address parameter in the last asconf sent and store a 3303 * pointer to the first asconf parameter. 3304 */ 3305 length = ntohs(addr_param->v4.param_hdr.length); 3306 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3307 asconf_len -= length; 3308 3309 /* ADDIP 4.1 3310 * A8) If there is no response(s) to specific TLV parameter(s), and no 3311 * failures are indicated, then all request(s) are considered 3312 * successful. 3313 */ 3314 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3315 all_param_pass = 1; 3316 3317 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3318 while (asconf_len > 0) { 3319 if (all_param_pass) 3320 err_code = SCTP_ERROR_NO_ERROR; 3321 else { 3322 err_code = sctp_get_asconf_response(asconf_ack, 3323 asconf_param, 3324 no_err); 3325 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3326 no_err = 0; 3327 } 3328 3329 switch (err_code) { 3330 case SCTP_ERROR_NO_ERROR: 3331 sctp_asconf_param_success(asoc, asconf_param); 3332 break; 3333 3334 case SCTP_ERROR_RSRC_LOW: 3335 retval = 1; 3336 break; 3337 3338 case SCTP_ERROR_UNKNOWN_PARAM: 3339 /* Disable sending this type of asconf parameter in 3340 * future. 3341 */ 3342 asoc->peer.addip_disabled_mask |= 3343 asconf_param->param_hdr.type; 3344 break; 3345 3346 case SCTP_ERROR_REQ_REFUSED: 3347 case SCTP_ERROR_DEL_LAST_IP: 3348 case SCTP_ERROR_DEL_SRC_IP: 3349 default: 3350 break; 3351 } 3352 3353 /* Skip the processed asconf parameter and move to the next 3354 * one. 3355 */ 3356 length = ntohs(asconf_param->param_hdr.length); 3357 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3358 length); 3359 asconf_len -= length; 3360 } 3361 3362 /* Free the cached last sent asconf chunk. */ 3363 list_del_init(&asconf->transmitted_list); 3364 sctp_chunk_free(asconf); 3365 asoc->addip_last_asconf = NULL; 3366 3367 return retval; 3368 } 3369 3370 /* Make a FWD TSN chunk. */ 3371 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3372 __u32 new_cum_tsn, size_t nstreams, 3373 struct sctp_fwdtsn_skip *skiplist) 3374 { 3375 struct sctp_chunk *retval = NULL; 3376 struct sctp_fwdtsn_chunk *ftsn_chunk; 3377 struct sctp_fwdtsn_hdr ftsn_hdr; 3378 struct sctp_fwdtsn_skip skip; 3379 size_t hint; 3380 int i; 3381 3382 hint = (nstreams + 1) * sizeof(__u32); 3383 3384 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3385 3386 if (!retval) 3387 return NULL; 3388 3389 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 3390 3391 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3392 retval->subh.fwdtsn_hdr = 3393 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3394 3395 for (i = 0; i < nstreams; i++) { 3396 skip.stream = skiplist[i].stream; 3397 skip.ssn = skiplist[i].ssn; 3398 sctp_addto_chunk(retval, sizeof(skip), &skip); 3399 } 3400 3401 return retval; 3402 } 3403