1/* SCTP kernel implementation 2 * (C) Copyright IBM Corp. 2001, 2004 3 * Copyright (c) 1999-2000 Cisco, Inc. 4 * Copyright (c) 1999-2001 Motorola, Inc. 5 * Copyright (c) 2001-2002 Intel Corp. 6 * 7 * This file is part of the SCTP kernel implementation 8 * 9 * These functions work with the state functions in sctp_sm_statefuns.c 10 * to implement the state operations. These functions implement the 11 * steps which require modifying existing data structures. 12 * 13 * This SCTP implementation is free software; 14 * you can redistribute it and/or modify it under the terms of 15 * the GNU General Public License as published by 16 * the Free Software Foundation; either version 2, or (at your option) 17 * any later version. 18 * 19 * This SCTP implementation is distributed in the hope that it 20 * will be useful, but WITHOUT ANY WARRANTY; without even the implied 21 * ************************ 22 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 23 * See the GNU General Public License for more details. 24 * 25 * You should have received a copy of the GNU General Public License 26 * along with GNU CC; see the file COPYING. If not, write to 27 * the Free Software Foundation, 59 Temple Place - Suite 330, 28 * Boston, MA 02111-1307, USA. 29 * 30 * Please send any bug reports or fixes you make to the 31 * email address(es): 32 * lksctp developers <lksctp-developers@lists.sourceforge.net> 33 * 34 * Or submit a bug report through the following website: 35 * http://www.sf.net/projects/lksctp 36 * 37 * Written or modified by: 38 * La Monte H.P. Yarroll <piggy@acm.org> 39 * Karl Knutson <karl@athena.chicago.il.us> 40 * C. Robin <chris@hundredacre.ac.uk> 41 * Jon Grimm <jgrimm@us.ibm.com> 42 * Xingang Guo <xingang.guo@intel.com> 43 * Dajiang Zhang <dajiang.zhang@nokia.com> 44 * Sridhar Samudrala <sri@us.ibm.com> 45 * Daisy Chang <daisyc@us.ibm.com> 46 * Ardelle Fan <ardelle.fan@intel.com> 47 * Kevin Gao <kevin.gao@intel.com> 48 * 49 * Any bugs reported given to us we will try to fix... any fixes shared will 50 * be incorporated into the next SCTP release. 51 */ 52 53#include <linux/types.h> 54#include <linux/kernel.h> 55#include <linux/ip.h> 56#include <linux/ipv6.h> 57#include <linux/net.h> 58#include <linux/inet.h> 59#include <linux/scatterlist.h> 60#include <linux/crypto.h> 61#include <linux/slab.h> 62#include <net/sock.h> 63 64#include <linux/skbuff.h> 65#include <linux/random.h> /* for get_random_bytes */ 66#include <net/sctp/sctp.h> 67#include <net/sctp/sm.h> 68 69SCTP_STATIC 70struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 71 __u8 type, __u8 flags, int paylen); 72static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 73 const struct sctp_association *asoc, 74 const struct sctp_chunk *init_chunk, 75 int *cookie_len, 76 const __u8 *raw_addrs, int addrs_len); 77static int sctp_process_param(struct sctp_association *asoc, 78 union sctp_params param, 79 const union sctp_addr *peer_addr, 80 gfp_t gfp); 81static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 82 const void *data); 83 84/* What was the inbound interface for this chunk? */ 85int sctp_chunk_iif(const struct sctp_chunk *chunk) 86{ 87 struct sctp_af *af; 88 int iif = 0; 89 90 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version)); 91 if (af) 92 iif = af->skb_iif(chunk->skb); 93 94 return iif; 95} 96 97/* RFC 2960 3.3.2 Initiation (INIT) (1) 98 * 99 * Note 2: The ECN capable field is reserved for future use of 100 * Explicit Congestion Notification. 101 */ 102static const struct sctp_paramhdr ecap_param = { 103 SCTP_PARAM_ECN_CAPABLE, 104 cpu_to_be16(sizeof(struct sctp_paramhdr)), 105}; 106static const struct sctp_paramhdr prsctp_param = { 107 SCTP_PARAM_FWD_TSN_SUPPORT, 108 cpu_to_be16(sizeof(struct sctp_paramhdr)), 109}; 110 111/* A helper to initialize an op error inside a 112 * provided chunk, as most cause codes will be embedded inside an 113 * abort chunk. 114 */ 115void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 116 size_t paylen) 117{ 118 sctp_errhdr_t err; 119 __u16 len; 120 121 /* Cause code constants are now defined in network order. */ 122 err.cause = cause_code; 123 len = sizeof(sctp_errhdr_t) + paylen; 124 err.length = htons(len); 125 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err); 126} 127 128/* A helper to initialize an op error inside a 129 * provided chunk, as most cause codes will be embedded inside an 130 * abort chunk. Differs from sctp_init_cause in that it won't oops 131 * if there isn't enough space in the op error chunk 132 */ 133int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code, 134 size_t paylen) 135{ 136 sctp_errhdr_t err; 137 __u16 len; 138 139 /* Cause code constants are now defined in network order. */ 140 err.cause = cause_code; 141 len = sizeof(sctp_errhdr_t) + paylen; 142 err.length = htons(len); 143 144 if (skb_tailroom(chunk->skb) < len) 145 return -ENOSPC; 146 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk, 147 sizeof(sctp_errhdr_t), 148 &err); 149 return 0; 150} 151/* 3.3.2 Initiation (INIT) (1) 152 * 153 * This chunk is used to initiate a SCTP association between two 154 * endpoints. The format of the INIT chunk is shown below: 155 * 156 * 0 1 2 3 157 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 158 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 * | Type = 1 | Chunk Flags | Chunk Length | 160 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 * | Initiate Tag | 162 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 * | Advertised Receiver Window Credit (a_rwnd) | 164 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 * | Number of Outbound Streams | Number of Inbound Streams | 166 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 167 * | Initial TSN | 168 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 169 * \ \ 170 * / Optional/Variable-Length Parameters / 171 * \ \ 172 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 173 * 174 * 175 * The INIT chunk contains the following parameters. Unless otherwise 176 * noted, each parameter MUST only be included once in the INIT chunk. 177 * 178 * Fixed Parameters Status 179 * ---------------------------------------------- 180 * Initiate Tag Mandatory 181 * Advertised Receiver Window Credit Mandatory 182 * Number of Outbound Streams Mandatory 183 * Number of Inbound Streams Mandatory 184 * Initial TSN Mandatory 185 * 186 * Variable Parameters Status Type Value 187 * ------------------------------------------------------------- 188 * IPv4 Address (Note 1) Optional 5 189 * IPv6 Address (Note 1) Optional 6 190 * Cookie Preservative Optional 9 191 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 192 * Host Name Address (Note 3) Optional 11 193 * Supported Address Types (Note 4) Optional 12 194 */ 195struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 196 const struct sctp_bind_addr *bp, 197 gfp_t gfp, int vparam_len) 198{ 199 sctp_inithdr_t init; 200 union sctp_params addrs; 201 size_t chunksize; 202 struct sctp_chunk *retval = NULL; 203 int num_types, addrs_len = 0; 204 struct sctp_sock *sp; 205 sctp_supported_addrs_param_t sat; 206 __be16 types[2]; 207 sctp_adaptation_ind_param_t aiparam; 208 sctp_supported_ext_param_t ext_param; 209 int num_ext = 0; 210 __u8 extensions[3]; 211 sctp_paramhdr_t *auth_chunks = NULL, 212 *auth_hmacs = NULL; 213 214 /* RFC 2960 3.3.2 Initiation (INIT) (1) 215 * 216 * Note 1: The INIT chunks can contain multiple addresses that 217 * can be IPv4 and/or IPv6 in any combination. 218 */ 219 retval = NULL; 220 221 /* Convert the provided bind address list to raw format. */ 222 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 223 224 init.init_tag = htonl(asoc->c.my_vtag); 225 init.a_rwnd = htonl(asoc->rwnd); 226 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 227 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 228 init.initial_tsn = htonl(asoc->c.initial_tsn); 229 230 /* How many address types are needed? */ 231 sp = sctp_sk(asoc->base.sk); 232 num_types = sp->pf->supported_addrs(sp, types); 233 234 chunksize = sizeof(init) + addrs_len; 235 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types)); 236 chunksize += sizeof(ecap_param); 237 238 if (sctp_prsctp_enable) 239 chunksize += sizeof(prsctp_param); 240 241 /* ADDIP: Section 4.2.7: 242 * An implementation supporting this extension [ADDIP] MUST list 243 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 244 * INIT-ACK parameters. 245 */ 246 if (sctp_addip_enable) { 247 extensions[num_ext] = SCTP_CID_ASCONF; 248 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 249 num_ext += 2; 250 } 251 252 if (sp->adaptation_ind) 253 chunksize += sizeof(aiparam); 254 255 chunksize += vparam_len; 256 257 /* Account for AUTH related parameters */ 258 if (sctp_auth_enable) { 259 /* Add random parameter length*/ 260 chunksize += sizeof(asoc->c.auth_random); 261 262 /* Add HMACS parameter length if any were defined */ 263 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 264 if (auth_hmacs->length) 265 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 266 else 267 auth_hmacs = NULL; 268 269 /* Add CHUNKS parameter length */ 270 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 271 if (auth_chunks->length) 272 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 273 else 274 auth_chunks = NULL; 275 276 extensions[num_ext] = SCTP_CID_AUTH; 277 num_ext += 1; 278 } 279 280 /* If we have any extensions to report, account for that */ 281 if (num_ext) 282 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 283 num_ext); 284 285 286 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize); 287 if (!retval) 288 goto nodata; 289 290 retval->subh.init_hdr = 291 sctp_addto_chunk(retval, sizeof(init), &init); 292 retval->param_hdr.v = 293 sctp_addto_chunk(retval, addrs_len, addrs.v); 294 295 /* RFC 2960 3.3.2 Initiation (INIT) (1) 296 * 297 * Note 4: This parameter, when present, specifies all the 298 * address types the sending endpoint can support. The absence 299 * of this parameter indicates that the sending endpoint can 300 * support any address type. 301 */ 302 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 303 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 304 sctp_addto_chunk(retval, sizeof(sat), &sat); 305 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 306 307 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 308 309 /* Add the supported extensions parameter. Be nice and add this 310 * fist before addiding the parameters for the extensions themselves 311 */ 312 if (num_ext) { 313 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 314 ext_param.param_hdr.length = 315 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 316 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 317 &ext_param); 318 sctp_addto_param(retval, num_ext, extensions); 319 } 320 321 if (sctp_prsctp_enable) 322 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 323 324 if (sp->adaptation_ind) { 325 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 326 aiparam.param_hdr.length = htons(sizeof(aiparam)); 327 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 328 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 329 } 330 331 /* Add SCTP-AUTH chunks to the parameter list */ 332 if (sctp_auth_enable) { 333 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 334 asoc->c.auth_random); 335 if (auth_hmacs) 336 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 337 auth_hmacs); 338 if (auth_chunks) 339 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 340 auth_chunks); 341 } 342nodata: 343 kfree(addrs.v); 344 return retval; 345} 346 347struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 348 const struct sctp_chunk *chunk, 349 gfp_t gfp, int unkparam_len) 350{ 351 sctp_inithdr_t initack; 352 struct sctp_chunk *retval; 353 union sctp_params addrs; 354 struct sctp_sock *sp; 355 int addrs_len; 356 sctp_cookie_param_t *cookie; 357 int cookie_len; 358 size_t chunksize; 359 sctp_adaptation_ind_param_t aiparam; 360 sctp_supported_ext_param_t ext_param; 361 int num_ext = 0; 362 __u8 extensions[3]; 363 sctp_paramhdr_t *auth_chunks = NULL, 364 *auth_hmacs = NULL, 365 *auth_random = NULL; 366 367 retval = NULL; 368 369 /* Note: there may be no addresses to embed. */ 370 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 371 372 initack.init_tag = htonl(asoc->c.my_vtag); 373 initack.a_rwnd = htonl(asoc->rwnd); 374 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 375 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 376 initack.initial_tsn = htonl(asoc->c.initial_tsn); 377 378 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 379 addrs.v, addrs_len); 380 if (!cookie) 381 goto nomem_cookie; 382 383 /* Calculate the total size of allocation, include the reserved 384 * space for reporting unknown parameters if it is specified. 385 */ 386 sp = sctp_sk(asoc->base.sk); 387 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 388 389 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 390 if (asoc->peer.ecn_capable) 391 chunksize += sizeof(ecap_param); 392 393 if (asoc->peer.prsctp_capable) 394 chunksize += sizeof(prsctp_param); 395 396 if (asoc->peer.asconf_capable) { 397 extensions[num_ext] = SCTP_CID_ASCONF; 398 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 399 num_ext += 2; 400 } 401 402 if (sp->adaptation_ind) 403 chunksize += sizeof(aiparam); 404 405 if (asoc->peer.auth_capable) { 406 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random; 407 chunksize += ntohs(auth_random->length); 408 409 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs; 410 if (auth_hmacs->length) 411 chunksize += WORD_ROUND(ntohs(auth_hmacs->length)); 412 else 413 auth_hmacs = NULL; 414 415 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks; 416 if (auth_chunks->length) 417 chunksize += WORD_ROUND(ntohs(auth_chunks->length)); 418 else 419 auth_chunks = NULL; 420 421 extensions[num_ext] = SCTP_CID_AUTH; 422 num_ext += 1; 423 } 424 425 if (num_ext) 426 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) + 427 num_ext); 428 429 /* Now allocate and fill out the chunk. */ 430 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize); 431 if (!retval) 432 goto nomem_chunk; 433 434 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 435 * 436 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 437 * HEARTBEAT ACK, * etc.) to the same destination transport 438 * address from which it received the DATA or control chunk 439 * to which it is replying. 440 * 441 * [INIT ACK back to where the INIT came from.] 442 */ 443 retval->transport = chunk->transport; 444 445 retval->subh.init_hdr = 446 sctp_addto_chunk(retval, sizeof(initack), &initack); 447 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 448 sctp_addto_chunk(retval, cookie_len, cookie); 449 if (asoc->peer.ecn_capable) 450 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 451 if (num_ext) { 452 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 453 ext_param.param_hdr.length = 454 htons(sizeof(sctp_supported_ext_param_t) + num_ext); 455 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t), 456 &ext_param); 457 sctp_addto_param(retval, num_ext, extensions); 458 } 459 if (asoc->peer.prsctp_capable) 460 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 461 462 if (sp->adaptation_ind) { 463 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 464 aiparam.param_hdr.length = htons(sizeof(aiparam)); 465 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 466 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 467 } 468 469 if (asoc->peer.auth_capable) { 470 sctp_addto_chunk(retval, ntohs(auth_random->length), 471 auth_random); 472 if (auth_hmacs) 473 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 474 auth_hmacs); 475 if (auth_chunks) 476 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 477 auth_chunks); 478 } 479 480 /* We need to remove the const qualifier at this point. */ 481 retval->asoc = (struct sctp_association *) asoc; 482 483nomem_chunk: 484 kfree(cookie); 485nomem_cookie: 486 kfree(addrs.v); 487 return retval; 488} 489 490/* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 491 * 492 * This chunk is used only during the initialization of an association. 493 * It is sent by the initiator of an association to its peer to complete 494 * the initialization process. This chunk MUST precede any DATA chunk 495 * sent within the association, but MAY be bundled with one or more DATA 496 * chunks in the same packet. 497 * 498 * 0 1 2 3 499 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 500 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 501 * | Type = 10 |Chunk Flags | Length | 502 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 503 * / Cookie / 504 * \ \ 505 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 506 * 507 * Chunk Flags: 8 bit 508 * 509 * Set to zero on transmit and ignored on receipt. 510 * 511 * Length: 16 bits (unsigned integer) 512 * 513 * Set to the size of the chunk in bytes, including the 4 bytes of 514 * the chunk header and the size of the Cookie. 515 * 516 * Cookie: variable size 517 * 518 * This field must contain the exact cookie received in the 519 * State Cookie parameter from the previous INIT ACK. 520 * 521 * An implementation SHOULD make the cookie as small as possible 522 * to insure interoperability. 523 */ 524struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 525 const struct sctp_chunk *chunk) 526{ 527 struct sctp_chunk *retval; 528 void *cookie; 529 int cookie_len; 530 531 cookie = asoc->peer.cookie; 532 cookie_len = asoc->peer.cookie_len; 533 534 /* Build a cookie echo chunk. */ 535 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len); 536 if (!retval) 537 goto nodata; 538 retval->subh.cookie_hdr = 539 sctp_addto_chunk(retval, cookie_len, cookie); 540 541 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 542 * 543 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 544 * HEARTBEAT ACK, * etc.) to the same destination transport 545 * address from which it * received the DATA or control chunk 546 * to which it is replying. 547 * 548 * [COOKIE ECHO back to where the INIT ACK came from.] 549 */ 550 if (chunk) 551 retval->transport = chunk->transport; 552 553nodata: 554 return retval; 555} 556 557/* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 558 * 559 * This chunk is used only during the initialization of an 560 * association. It is used to acknowledge the receipt of a COOKIE 561 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 562 * within the association, but MAY be bundled with one or more DATA 563 * chunks or SACK chunk in the same SCTP packet. 564 * 565 * 0 1 2 3 566 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 567 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 * | Type = 11 |Chunk Flags | Length = 4 | 569 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 570 * 571 * Chunk Flags: 8 bits 572 * 573 * Set to zero on transmit and ignored on receipt. 574 */ 575struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 576 const struct sctp_chunk *chunk) 577{ 578 struct sctp_chunk *retval; 579 580 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0); 581 582 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 583 * 584 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 585 * HEARTBEAT ACK, * etc.) to the same destination transport 586 * address from which it * received the DATA or control chunk 587 * to which it is replying. 588 * 589 * [COOKIE ACK back to where the COOKIE ECHO came from.] 590 */ 591 if (retval && chunk) 592 retval->transport = chunk->transport; 593 594 return retval; 595} 596 597/* 598 * Appendix A: Explicit Congestion Notification: 599 * CWR: 600 * 601 * RFC 2481 details a specific bit for a sender to send in the header of 602 * its next outbound TCP segment to indicate to its peer that it has 603 * reduced its congestion window. This is termed the CWR bit. For 604 * SCTP the same indication is made by including the CWR chunk. 605 * This chunk contains one data element, i.e. the TSN number that 606 * was sent in the ECNE chunk. This element represents the lowest 607 * TSN number in the datagram that was originally marked with the 608 * CE bit. 609 * 610 * 0 1 2 3 611 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 612 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 613 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 614 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 615 * | Lowest TSN Number | 616 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 * 618 * Note: The CWR is considered a Control chunk. 619 */ 620struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 621 const __u32 lowest_tsn, 622 const struct sctp_chunk *chunk) 623{ 624 struct sctp_chunk *retval; 625 sctp_cwrhdr_t cwr; 626 627 cwr.lowest_tsn = htonl(lowest_tsn); 628 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0, 629 sizeof(sctp_cwrhdr_t)); 630 631 if (!retval) 632 goto nodata; 633 634 retval->subh.ecn_cwr_hdr = 635 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 636 637 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 638 * 639 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 640 * HEARTBEAT ACK, * etc.) to the same destination transport 641 * address from which it * received the DATA or control chunk 642 * to which it is replying. 643 * 644 * [Report a reduced congestion window back to where the ECNE 645 * came from.] 646 */ 647 if (chunk) 648 retval->transport = chunk->transport; 649 650nodata: 651 return retval; 652} 653 654/* Make an ECNE chunk. This is a congestion experienced report. */ 655struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 656 const __u32 lowest_tsn) 657{ 658 struct sctp_chunk *retval; 659 sctp_ecnehdr_t ecne; 660 661 ecne.lowest_tsn = htonl(lowest_tsn); 662 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0, 663 sizeof(sctp_ecnehdr_t)); 664 if (!retval) 665 goto nodata; 666 retval->subh.ecne_hdr = 667 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 668 669nodata: 670 return retval; 671} 672 673/* Make a DATA chunk for the given association from the provided 674 * parameters. However, do not populate the data payload. 675 */ 676struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc, 677 const struct sctp_sndrcvinfo *sinfo, 678 int data_len, __u8 flags, __u16 ssn) 679{ 680 struct sctp_chunk *retval; 681 struct sctp_datahdr dp; 682 int chunk_len; 683 684 /* We assign the TSN as LATE as possible, not here when 685 * creating the chunk. 686 */ 687 dp.tsn = 0; 688 dp.stream = htons(sinfo->sinfo_stream); 689 dp.ppid = sinfo->sinfo_ppid; 690 691 /* Set the flags for an unordered send. */ 692 if (sinfo->sinfo_flags & SCTP_UNORDERED) { 693 flags |= SCTP_DATA_UNORDERED; 694 dp.ssn = 0; 695 } else 696 dp.ssn = htons(ssn); 697 698 chunk_len = sizeof(dp) + data_len; 699 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len); 700 if (!retval) 701 goto nodata; 702 703 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 704 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 705 706nodata: 707 return retval; 708} 709 710/* Create a selective ackowledgement (SACK) for the given 711 * association. This reports on which TSN's we've seen to date, 712 * including duplicates and gaps. 713 */ 714struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc) 715{ 716 struct sctp_chunk *retval; 717 struct sctp_sackhdr sack; 718 int len; 719 __u32 ctsn; 720 __u16 num_gabs, num_dup_tsns; 721 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 722 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 723 724 memset(gabs, 0, sizeof(gabs)); 725 ctsn = sctp_tsnmap_get_ctsn(map); 726 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn); 727 728 /* How much room is needed in the chunk? */ 729 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 730 num_dup_tsns = sctp_tsnmap_num_dups(map); 731 732 /* Initialize the SACK header. */ 733 sack.cum_tsn_ack = htonl(ctsn); 734 sack.a_rwnd = htonl(asoc->a_rwnd); 735 sack.num_gap_ack_blocks = htons(num_gabs); 736 sack.num_dup_tsns = htons(num_dup_tsns); 737 738 len = sizeof(sack) 739 + sizeof(struct sctp_gap_ack_block) * num_gabs 740 + sizeof(__u32) * num_dup_tsns; 741 742 /* Create the chunk. */ 743 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len); 744 if (!retval) 745 goto nodata; 746 747 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 748 * 749 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 750 * HEARTBEAT ACK, etc.) to the same destination transport 751 * address from which it received the DATA or control chunk to 752 * which it is replying. This rule should also be followed if 753 * the endpoint is bundling DATA chunks together with the 754 * reply chunk. 755 * 756 * However, when acknowledging multiple DATA chunks received 757 * in packets from different source addresses in a single 758 * SACK, the SACK chunk may be transmitted to one of the 759 * destination transport addresses from which the DATA or 760 * control chunks being acknowledged were received. 761 * 762 * [BUG: We do not implement the following paragraph. 763 * Perhaps we should remember the last transport we used for a 764 * SACK and avoid that (if possible) if we have seen any 765 * duplicates. --piggy] 766 * 767 * When a receiver of a duplicate DATA chunk sends a SACK to a 768 * multi- homed endpoint it MAY be beneficial to vary the 769 * destination address and not use the source address of the 770 * DATA chunk. The reason being that receiving a duplicate 771 * from a multi-homed endpoint might indicate that the return 772 * path (as specified in the source address of the DATA chunk) 773 * for the SACK is broken. 774 * 775 * [Send to the address from which we last received a DATA chunk.] 776 */ 777 retval->transport = asoc->peer.last_data_from; 778 779 retval->subh.sack_hdr = 780 sctp_addto_chunk(retval, sizeof(sack), &sack); 781 782 /* Add the gap ack block information. */ 783 if (num_gabs) 784 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 785 gabs); 786 787 /* Add the duplicate TSN information. */ 788 if (num_dup_tsns) 789 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 790 sctp_tsnmap_get_dups(map)); 791 792nodata: 793 return retval; 794} 795 796/* Make a SHUTDOWN chunk. */ 797struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 798 const struct sctp_chunk *chunk) 799{ 800 struct sctp_chunk *retval; 801 sctp_shutdownhdr_t shut; 802 __u32 ctsn; 803 804 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 805 shut.cum_tsn_ack = htonl(ctsn); 806 807 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0, 808 sizeof(sctp_shutdownhdr_t)); 809 if (!retval) 810 goto nodata; 811 812 retval->subh.shutdown_hdr = 813 sctp_addto_chunk(retval, sizeof(shut), &shut); 814 815 if (chunk) 816 retval->transport = chunk->transport; 817nodata: 818 return retval; 819} 820 821struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 822 const struct sctp_chunk *chunk) 823{ 824 struct sctp_chunk *retval; 825 826 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0); 827 828 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 829 * 830 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 831 * HEARTBEAT ACK, * etc.) to the same destination transport 832 * address from which it * received the DATA or control chunk 833 * to which it is replying. 834 * 835 * [ACK back to where the SHUTDOWN came from.] 836 */ 837 if (retval && chunk) 838 retval->transport = chunk->transport; 839 840 return retval; 841} 842 843struct sctp_chunk *sctp_make_shutdown_complete( 844 const struct sctp_association *asoc, 845 const struct sctp_chunk *chunk) 846{ 847 struct sctp_chunk *retval; 848 __u8 flags = 0; 849 850 /* Set the T-bit if we have no association (vtag will be 851 * reflected) 852 */ 853 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 854 855 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0); 856 857 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 858 * 859 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 860 * HEARTBEAT ACK, * etc.) to the same destination transport 861 * address from which it * received the DATA or control chunk 862 * to which it is replying. 863 * 864 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 865 * came from.] 866 */ 867 if (retval && chunk) 868 retval->transport = chunk->transport; 869 870 return retval; 871} 872 873/* Create an ABORT. Note that we set the T bit if we have no 874 * association, except when responding to an INIT (sctpimpguide 2.41). 875 */ 876struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 877 const struct sctp_chunk *chunk, 878 const size_t hint) 879{ 880 struct sctp_chunk *retval; 881 __u8 flags = 0; 882 883 /* Set the T-bit if we have no association and 'chunk' is not 884 * an INIT (vtag will be reflected). 885 */ 886 if (!asoc) { 887 if (chunk && chunk->chunk_hdr && 888 chunk->chunk_hdr->type == SCTP_CID_INIT) 889 flags = 0; 890 else 891 flags = SCTP_CHUNK_FLAG_T; 892 } 893 894 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint); 895 896 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 897 * 898 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 899 * HEARTBEAT ACK, * etc.) to the same destination transport 900 * address from which it * received the DATA or control chunk 901 * to which it is replying. 902 * 903 * [ABORT back to where the offender came from.] 904 */ 905 if (retval && chunk) 906 retval->transport = chunk->transport; 907 908 return retval; 909} 910 911/* Helper to create ABORT with a NO_USER_DATA error. */ 912struct sctp_chunk *sctp_make_abort_no_data( 913 const struct sctp_association *asoc, 914 const struct sctp_chunk *chunk, __u32 tsn) 915{ 916 struct sctp_chunk *retval; 917 __be32 payload; 918 919 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) 920 + sizeof(tsn)); 921 922 if (!retval) 923 goto no_mem; 924 925 /* Put the tsn back into network byte order. */ 926 payload = htonl(tsn); 927 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 928 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 929 930 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 931 * 932 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 933 * HEARTBEAT ACK, * etc.) to the same destination transport 934 * address from which it * received the DATA or control chunk 935 * to which it is replying. 936 * 937 * [ABORT back to where the offender came from.] 938 */ 939 if (chunk) 940 retval->transport = chunk->transport; 941 942no_mem: 943 return retval; 944} 945 946/* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 947struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 948 const struct msghdr *msg, 949 size_t paylen) 950{ 951 struct sctp_chunk *retval; 952 void *payload = NULL; 953 int err; 954 955 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen); 956 if (!retval) 957 goto err_chunk; 958 959 if (paylen) { 960 /* Put the msg_iov together into payload. */ 961 payload = kmalloc(paylen, GFP_KERNEL); 962 if (!payload) 963 goto err_payload; 964 965 err = memcpy_fromiovec(payload, msg->msg_iov, paylen); 966 if (err < 0) 967 goto err_copy; 968 } 969 970 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 971 sctp_addto_chunk(retval, paylen, payload); 972 973 if (paylen) 974 kfree(payload); 975 976 return retval; 977 978err_copy: 979 kfree(payload); 980err_payload: 981 sctp_chunk_free(retval); 982 retval = NULL; 983err_chunk: 984 return retval; 985} 986 987/* Append bytes to the end of a parameter. Will panic if chunk is not big 988 * enough. 989 */ 990static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 991 const void *data) 992{ 993 void *target; 994 int chunklen = ntohs(chunk->chunk_hdr->length); 995 996 target = skb_put(chunk->skb, len); 997 998 if (data) 999 memcpy(target, data, len); 1000 else 1001 memset(target, 0, len); 1002 1003 /* Adjust the chunk length field. */ 1004 chunk->chunk_hdr->length = htons(chunklen + len); 1005 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1006 1007 return target; 1008} 1009 1010/* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1011struct sctp_chunk *sctp_make_abort_violation( 1012 const struct sctp_association *asoc, 1013 const struct sctp_chunk *chunk, 1014 const __u8 *payload, 1015 const size_t paylen) 1016{ 1017 struct sctp_chunk *retval; 1018 struct sctp_paramhdr phdr; 1019 1020 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen 1021 + sizeof(sctp_paramhdr_t)); 1022 if (!retval) 1023 goto end; 1024 1025 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen 1026 + sizeof(sctp_paramhdr_t)); 1027 1028 phdr.type = htons(chunk->chunk_hdr->type); 1029 phdr.length = chunk->chunk_hdr->length; 1030 sctp_addto_chunk(retval, paylen, payload); 1031 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr); 1032 1033end: 1034 return retval; 1035} 1036 1037struct sctp_chunk *sctp_make_violation_paramlen( 1038 const struct sctp_association *asoc, 1039 const struct sctp_chunk *chunk, 1040 struct sctp_paramhdr *param) 1041{ 1042 struct sctp_chunk *retval; 1043 static const char error[] = "The following parameter had invalid length:"; 1044 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) + 1045 sizeof(sctp_paramhdr_t); 1046 1047 retval = sctp_make_abort(asoc, chunk, payload_len); 1048 if (!retval) 1049 goto nodata; 1050 1051 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1052 sizeof(error) + sizeof(sctp_paramhdr_t)); 1053 sctp_addto_chunk(retval, sizeof(error), error); 1054 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param); 1055 1056nodata: 1057 return retval; 1058} 1059 1060/* Make a HEARTBEAT chunk. */ 1061struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1062 const struct sctp_transport *transport, 1063 const void *payload, const size_t paylen) 1064{ 1065 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 1066 0, paylen); 1067 1068 if (!retval) 1069 goto nodata; 1070 1071 /* Cast away the 'const', as this is just telling the chunk 1072 * what transport it belongs to. 1073 */ 1074 retval->transport = (struct sctp_transport *) transport; 1075 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1076 1077nodata: 1078 return retval; 1079} 1080 1081struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1082 const struct sctp_chunk *chunk, 1083 const void *payload, const size_t paylen) 1084{ 1085 struct sctp_chunk *retval; 1086 1087 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen); 1088 if (!retval) 1089 goto nodata; 1090 1091 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1092 1093 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1094 * 1095 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1096 * HEARTBEAT ACK, * etc.) to the same destination transport 1097 * address from which it * received the DATA or control chunk 1098 * to which it is replying. 1099 * 1100 * [HBACK back to where the HEARTBEAT came from.] 1101 */ 1102 if (chunk) 1103 retval->transport = chunk->transport; 1104 1105nodata: 1106 return retval; 1107} 1108 1109/* Create an Operation Error chunk with the specified space reserved. 1110 * This routine can be used for containing multiple causes in the chunk. 1111 */ 1112static struct sctp_chunk *sctp_make_op_error_space( 1113 const struct sctp_association *asoc, 1114 const struct sctp_chunk *chunk, 1115 size_t size) 1116{ 1117 struct sctp_chunk *retval; 1118 1119 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0, 1120 sizeof(sctp_errhdr_t) + size); 1121 if (!retval) 1122 goto nodata; 1123 1124 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1125 * 1126 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1127 * HEARTBEAT ACK, etc.) to the same destination transport 1128 * address from which it received the DATA or control chunk 1129 * to which it is replying. 1130 * 1131 */ 1132 if (chunk) 1133 retval->transport = chunk->transport; 1134 1135nodata: 1136 return retval; 1137} 1138 1139/* Create an Operation Error chunk of a fixed size, 1140 * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) 1141 * This is a helper function to allocate an error chunk for 1142 * for those invalid parameter codes in which we may not want 1143 * to report all the errors, if the incomming chunk is large 1144 */ 1145static inline struct sctp_chunk *sctp_make_op_error_fixed( 1146 const struct sctp_association *asoc, 1147 const struct sctp_chunk *chunk) 1148{ 1149 size_t size = asoc ? asoc->pathmtu : 0; 1150 1151 if (!size) 1152 size = SCTP_DEFAULT_MAXSEGMENT; 1153 1154 return sctp_make_op_error_space(asoc, chunk, size); 1155} 1156 1157/* Create an Operation Error chunk. */ 1158struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1159 const struct sctp_chunk *chunk, 1160 __be16 cause_code, const void *payload, 1161 size_t paylen, size_t reserve_tail) 1162{ 1163 struct sctp_chunk *retval; 1164 1165 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1166 if (!retval) 1167 goto nodata; 1168 1169 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1170 sctp_addto_chunk(retval, paylen, payload); 1171 if (reserve_tail) 1172 sctp_addto_param(retval, reserve_tail, NULL); 1173 1174nodata: 1175 return retval; 1176} 1177 1178struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc) 1179{ 1180 struct sctp_chunk *retval; 1181 struct sctp_hmac *hmac_desc; 1182 struct sctp_authhdr auth_hdr; 1183 __u8 *hmac; 1184 1185 /* Get the first hmac that the peer told us to use */ 1186 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1187 if (unlikely(!hmac_desc)) 1188 return NULL; 1189 1190 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0, 1191 hmac_desc->hmac_len + sizeof(sctp_authhdr_t)); 1192 if (!retval) 1193 return NULL; 1194 1195 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1196 auth_hdr.shkey_id = htons(asoc->active_key_id); 1197 1198 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t), 1199 &auth_hdr); 1200 1201 hmac = skb_put(retval->skb, hmac_desc->hmac_len); 1202 memset(hmac, 0, hmac_desc->hmac_len); 1203 1204 /* Adjust the chunk header to include the empty MAC */ 1205 retval->chunk_hdr->length = 1206 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1207 retval->chunk_end = skb_tail_pointer(retval->skb); 1208 1209 return retval; 1210} 1211 1212 1213/******************************************************************** 1214 * 2nd Level Abstractions 1215 ********************************************************************/ 1216 1217struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1218 const struct sctp_association *asoc, 1219 struct sock *sk) 1220{ 1221 struct sctp_chunk *retval; 1222 1223 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC); 1224 1225 if (!retval) 1226 goto nodata; 1227 1228 if (!sk) { 1229 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb); 1230 } 1231 1232 INIT_LIST_HEAD(&retval->list); 1233 retval->skb = skb; 1234 retval->asoc = (struct sctp_association *)asoc; 1235 retval->has_tsn = 0; 1236 retval->has_ssn = 0; 1237 retval->rtt_in_progress = 0; 1238 retval->sent_at = 0; 1239 retval->singleton = 1; 1240 retval->end_of_packet = 0; 1241 retval->ecn_ce_done = 0; 1242 retval->pdiscard = 0; 1243 1244 /* sctpimpguide-05.txt Section 2.8.2 1245 * M1) Each time a new DATA chunk is transmitted 1246 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1247 * 'TSN.Missing.Report' count will be used to determine missing chunks 1248 * and when to fast retransmit. 1249 */ 1250 retval->tsn_missing_report = 0; 1251 retval->tsn_gap_acked = 0; 1252 retval->fast_retransmit = SCTP_CAN_FRTX; 1253 1254 /* If this is a fragmented message, track all fragments 1255 * of the message (for SEND_FAILED). 1256 */ 1257 retval->msg = NULL; 1258 1259 /* Polish the bead hole. */ 1260 INIT_LIST_HEAD(&retval->transmitted_list); 1261 INIT_LIST_HEAD(&retval->frag_list); 1262 SCTP_DBG_OBJCNT_INC(chunk); 1263 atomic_set(&retval->refcnt, 1); 1264 1265nodata: 1266 return retval; 1267} 1268 1269/* Set chunk->source and dest based on the IP header in chunk->skb. */ 1270void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1271 union sctp_addr *dest) 1272{ 1273 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1274 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1275} 1276 1277/* Extract the source address from a chunk. */ 1278const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1279{ 1280 /* If we have a known transport, use that. */ 1281 if (chunk->transport) { 1282 return &chunk->transport->ipaddr; 1283 } else { 1284 /* Otherwise, extract it from the IP header. */ 1285 return &chunk->source; 1286 } 1287} 1288 1289/* Create a new chunk, setting the type and flags headers from the 1290 * arguments, reserving enough space for a 'paylen' byte payload. 1291 */ 1292SCTP_STATIC 1293struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc, 1294 __u8 type, __u8 flags, int paylen) 1295{ 1296 struct sctp_chunk *retval; 1297 sctp_chunkhdr_t *chunk_hdr; 1298 struct sk_buff *skb; 1299 struct sock *sk; 1300 1301 /* No need to allocate LL here, as this is only a chunk. */ 1302 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen), 1303 GFP_ATOMIC); 1304 if (!skb) 1305 goto nodata; 1306 1307 /* Make room for the chunk header. */ 1308 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t)); 1309 chunk_hdr->type = type; 1310 chunk_hdr->flags = flags; 1311 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t)); 1312 1313 sk = asoc ? asoc->base.sk : NULL; 1314 retval = sctp_chunkify(skb, asoc, sk); 1315 if (!retval) { 1316 kfree_skb(skb); 1317 goto nodata; 1318 } 1319 1320 retval->chunk_hdr = chunk_hdr; 1321 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr); 1322 1323 /* Determine if the chunk needs to be authenticated */ 1324 if (sctp_auth_send_cid(type, asoc)) 1325 retval->auth = 1; 1326 1327 /* Set the skb to the belonging sock for accounting. */ 1328 skb->sk = sk; 1329 1330 return retval; 1331nodata: 1332 return NULL; 1333} 1334 1335 1336/* Release the memory occupied by a chunk. */ 1337static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1338{ 1339 BUG_ON(!list_empty(&chunk->list)); 1340 list_del_init(&chunk->transmitted_list); 1341 1342 /* Free the chunk skb data and the SCTP_chunk stub itself. */ 1343 dev_kfree_skb(chunk->skb); 1344 1345 SCTP_DBG_OBJCNT_DEC(chunk); 1346 kmem_cache_free(sctp_chunk_cachep, chunk); 1347} 1348 1349/* Possibly, free the chunk. */ 1350void sctp_chunk_free(struct sctp_chunk *chunk) 1351{ 1352 /* Release our reference on the message tracker. */ 1353 if (chunk->msg) 1354 sctp_datamsg_put(chunk->msg); 1355 1356 sctp_chunk_put(chunk); 1357} 1358 1359/* Grab a reference to the chunk. */ 1360void sctp_chunk_hold(struct sctp_chunk *ch) 1361{ 1362 atomic_inc(&ch->refcnt); 1363} 1364 1365/* Release a reference to the chunk. */ 1366void sctp_chunk_put(struct sctp_chunk *ch) 1367{ 1368 if (atomic_dec_and_test(&ch->refcnt)) 1369 sctp_chunk_destroy(ch); 1370} 1371 1372/* Append bytes to the end of a chunk. Will panic if chunk is not big 1373 * enough. 1374 */ 1375void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1376{ 1377 void *target; 1378 void *padding; 1379 int chunklen = ntohs(chunk->chunk_hdr->length); 1380 int padlen = WORD_ROUND(chunklen) - chunklen; 1381 1382 padding = skb_put(chunk->skb, padlen); 1383 target = skb_put(chunk->skb, len); 1384 1385 memset(padding, 0, padlen); 1386 memcpy(target, data, len); 1387 1388 /* Adjust the chunk length field. */ 1389 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1390 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1391 1392 return target; 1393} 1394 1395/* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient 1396 * space in the chunk 1397 */ 1398void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk, 1399 int len, const void *data) 1400{ 1401 if (skb_tailroom(chunk->skb) >= len) 1402 return sctp_addto_chunk(chunk, len, data); 1403 else 1404 return NULL; 1405} 1406 1407/* Append bytes from user space to the end of a chunk. Will panic if 1408 * chunk is not big enough. 1409 * Returns a kernel err value. 1410 */ 1411int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len, 1412 struct iovec *data) 1413{ 1414 __u8 *target; 1415 int err = 0; 1416 1417 /* Make room in chunk for data. */ 1418 target = skb_put(chunk->skb, len); 1419 1420 /* Copy data (whole iovec) into chunk */ 1421 if ((err = memcpy_fromiovecend(target, data, off, len))) 1422 goto out; 1423 1424 /* Adjust the chunk length field. */ 1425 chunk->chunk_hdr->length = 1426 htons(ntohs(chunk->chunk_hdr->length) + len); 1427 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1428 1429out: 1430 return err; 1431} 1432 1433/* Helper function to assign a TSN if needed. This assumes that both 1434 * the data_hdr and association have already been assigned. 1435 */ 1436void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1437{ 1438 struct sctp_datamsg *msg; 1439 struct sctp_chunk *lchunk; 1440 struct sctp_stream *stream; 1441 __u16 ssn; 1442 __u16 sid; 1443 1444 if (chunk->has_ssn) 1445 return; 1446 1447 /* All fragments will be on the same stream */ 1448 sid = ntohs(chunk->subh.data_hdr->stream); 1449 stream = &chunk->asoc->ssnmap->out; 1450 1451 /* Now assign the sequence number to the entire message. 1452 * All fragments must have the same stream sequence number. 1453 */ 1454 msg = chunk->msg; 1455 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1456 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1457 ssn = 0; 1458 } else { 1459 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1460 ssn = sctp_ssn_next(stream, sid); 1461 else 1462 ssn = sctp_ssn_peek(stream, sid); 1463 } 1464 1465 lchunk->subh.data_hdr->ssn = htons(ssn); 1466 lchunk->has_ssn = 1; 1467 } 1468} 1469 1470/* Helper function to assign a TSN if needed. This assumes that both 1471 * the data_hdr and association have already been assigned. 1472 */ 1473void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1474{ 1475 if (!chunk->has_tsn) { 1476 /* This is the last possible instant to 1477 * assign a TSN. 1478 */ 1479 chunk->subh.data_hdr->tsn = 1480 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1481 chunk->has_tsn = 1; 1482 } 1483} 1484 1485/* Create a CLOSED association to use with an incoming packet. */ 1486struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1487 struct sctp_chunk *chunk, 1488 gfp_t gfp) 1489{ 1490 struct sctp_association *asoc; 1491 struct sk_buff *skb; 1492 sctp_scope_t scope; 1493 struct sctp_af *af; 1494 1495 /* Create the bare association. */ 1496 scope = sctp_scope(sctp_source(chunk)); 1497 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1498 if (!asoc) 1499 goto nodata; 1500 asoc->temp = 1; 1501 skb = chunk->skb; 1502 /* Create an entry for the source address of the packet. */ 1503 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version)); 1504 if (unlikely(!af)) 1505 goto fail; 1506 af->from_skb(&asoc->c.peer_addr, skb, 1); 1507nodata: 1508 return asoc; 1509 1510fail: 1511 sctp_association_free(asoc); 1512 return NULL; 1513} 1514 1515/* Build a cookie representing asoc. 1516 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1517 */ 1518static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep, 1519 const struct sctp_association *asoc, 1520 const struct sctp_chunk *init_chunk, 1521 int *cookie_len, 1522 const __u8 *raw_addrs, int addrs_len) 1523{ 1524 sctp_cookie_param_t *retval; 1525 struct sctp_signed_cookie *cookie; 1526 struct scatterlist sg; 1527 int headersize, bodysize; 1528 unsigned int keylen; 1529 char *key; 1530 1531 /* Header size is static data prior to the actual cookie, including 1532 * any padding. 1533 */ 1534 headersize = sizeof(sctp_paramhdr_t) + 1535 (sizeof(struct sctp_signed_cookie) - 1536 sizeof(struct sctp_cookie)); 1537 bodysize = sizeof(struct sctp_cookie) 1538 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1539 1540 /* Pad out the cookie to a multiple to make the signature 1541 * functions simpler to write. 1542 */ 1543 if (bodysize % SCTP_COOKIE_MULTIPLE) 1544 bodysize += SCTP_COOKIE_MULTIPLE 1545 - (bodysize % SCTP_COOKIE_MULTIPLE); 1546 *cookie_len = headersize + bodysize; 1547 1548 /* Clear this memory since we are sending this data structure 1549 * out on the network. 1550 */ 1551 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1552 if (!retval) 1553 goto nodata; 1554 1555 cookie = (struct sctp_signed_cookie *) retval->body; 1556 1557 /* Set up the parameter header. */ 1558 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1559 retval->p.length = htons(*cookie_len); 1560 1561 /* Copy the cookie part of the association itself. */ 1562 cookie->c = asoc->c; 1563 /* Save the raw address list length in the cookie. */ 1564 cookie->c.raw_addr_list_len = addrs_len; 1565 1566 /* Remember PR-SCTP capability. */ 1567 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1568 1569 /* Save adaptation indication in the cookie. */ 1570 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1571 1572 /* Set an expiration time for the cookie. */ 1573 do_gettimeofday(&cookie->c.expiration); 1574 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration); 1575 1576 /* Copy the peer's init packet. */ 1577 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1578 ntohs(init_chunk->chunk_hdr->length)); 1579 1580 /* Copy the raw local address list of the association. */ 1581 memcpy((__u8 *)&cookie->c.peer_init[0] + 1582 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1583 1584 if (sctp_sk(ep->base.sk)->hmac) { 1585 struct hash_desc desc; 1586 1587 /* Sign the message. */ 1588 sg_init_one(&sg, &cookie->c, bodysize); 1589 keylen = SCTP_SECRET_SIZE; 1590 key = (char *)ep->secret_key[ep->current_key]; 1591 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1592 desc.flags = 0; 1593 1594 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1595 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature)) 1596 goto free_cookie; 1597 } 1598 1599 return retval; 1600 1601free_cookie: 1602 kfree(retval); 1603nodata: 1604 *cookie_len = 0; 1605 return NULL; 1606} 1607 1608/* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1609struct sctp_association *sctp_unpack_cookie( 1610 const struct sctp_endpoint *ep, 1611 const struct sctp_association *asoc, 1612 struct sctp_chunk *chunk, gfp_t gfp, 1613 int *error, struct sctp_chunk **errp) 1614{ 1615 struct sctp_association *retval = NULL; 1616 struct sctp_signed_cookie *cookie; 1617 struct sctp_cookie *bear_cookie; 1618 int headersize, bodysize, fixed_size; 1619 __u8 *digest = ep->digest; 1620 struct scatterlist sg; 1621 unsigned int keylen, len; 1622 char *key; 1623 sctp_scope_t scope; 1624 struct sk_buff *skb = chunk->skb; 1625 struct timeval tv; 1626 struct hash_desc desc; 1627 1628 /* Header size is static data prior to the actual cookie, including 1629 * any padding. 1630 */ 1631 headersize = sizeof(sctp_chunkhdr_t) + 1632 (sizeof(struct sctp_signed_cookie) - 1633 sizeof(struct sctp_cookie)); 1634 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1635 fixed_size = headersize + sizeof(struct sctp_cookie); 1636 1637 /* Verify that the chunk looks like it even has a cookie. 1638 * There must be enough room for our cookie and our peer's 1639 * INIT chunk. 1640 */ 1641 len = ntohs(chunk->chunk_hdr->length); 1642 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1643 goto malformed; 1644 1645 /* Verify that the cookie has been padded out. */ 1646 if (bodysize % SCTP_COOKIE_MULTIPLE) 1647 goto malformed; 1648 1649 /* Process the cookie. */ 1650 cookie = chunk->subh.cookie_hdr; 1651 bear_cookie = &cookie->c; 1652 1653 if (!sctp_sk(ep->base.sk)->hmac) 1654 goto no_hmac; 1655 1656 /* Check the signature. */ 1657 keylen = SCTP_SECRET_SIZE; 1658 sg_init_one(&sg, bear_cookie, bodysize); 1659 key = (char *)ep->secret_key[ep->current_key]; 1660 desc.tfm = sctp_sk(ep->base.sk)->hmac; 1661 desc.flags = 0; 1662 1663 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1664 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1665 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1666 *error = -SCTP_IERROR_NOMEM; 1667 goto fail; 1668 } 1669 1670 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1671 /* Try the previous key. */ 1672 key = (char *)ep->secret_key[ep->last_key]; 1673 memset(digest, 0x00, SCTP_SIGNATURE_SIZE); 1674 if (crypto_hash_setkey(desc.tfm, key, keylen) || 1675 crypto_hash_digest(&desc, &sg, bodysize, digest)) { 1676 *error = -SCTP_IERROR_NOMEM; 1677 goto fail; 1678 } 1679 1680 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1681 /* Yikes! Still bad signature! */ 1682 *error = -SCTP_IERROR_BAD_SIG; 1683 goto fail; 1684 } 1685 } 1686 1687no_hmac: 1688 /* IG Section 2.35.2: 1689 * 3) Compare the port numbers and the verification tag contained 1690 * within the COOKIE ECHO chunk to the actual port numbers and the 1691 * verification tag within the SCTP common header of the received 1692 * packet. If these values do not match the packet MUST be silently 1693 * discarded, 1694 */ 1695 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1696 *error = -SCTP_IERROR_BAD_TAG; 1697 goto fail; 1698 } 1699 1700 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1701 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1702 *error = -SCTP_IERROR_BAD_PORTS; 1703 goto fail; 1704 } 1705 1706 /* Check to see if the cookie is stale. If there is already 1707 * an association, there is no need to check cookie's expiration 1708 * for init collision case of lost COOKIE ACK. 1709 * If skb has been timestamped, then use the stamp, otherwise 1710 * use current time. This introduces a small possibility that 1711 * that a cookie may be considered expired, but his would only slow 1712 * down the new association establishment instead of every packet. 1713 */ 1714 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1715 skb_get_timestamp(skb, &tv); 1716 else 1717 do_gettimeofday(&tv); 1718 1719 if (!asoc && tv_lt(bear_cookie->expiration, tv)) { 1720 /* 1721 * Section 3.3.10.3 Stale Cookie Error (3) 1722 * 1723 * Cause of error 1724 * --------------- 1725 * Stale Cookie Error: Indicates the receipt of a valid State 1726 * Cookie that has expired. 1727 */ 1728 len = ntohs(chunk->chunk_hdr->length); 1729 *errp = sctp_make_op_error_space(asoc, chunk, len); 1730 if (*errp) { 1731 suseconds_t usecs = (tv.tv_sec - 1732 bear_cookie->expiration.tv_sec) * 1000000L + 1733 tv.tv_usec - bear_cookie->expiration.tv_usec; 1734 __be32 n = htonl(usecs); 1735 1736 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE, 1737 sizeof(n)); 1738 sctp_addto_chunk(*errp, sizeof(n), &n); 1739 *error = -SCTP_IERROR_STALE_COOKIE; 1740 } else 1741 *error = -SCTP_IERROR_NOMEM; 1742 1743 goto fail; 1744 } 1745 1746 /* Make a new base association. */ 1747 scope = sctp_scope(sctp_source(chunk)); 1748 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1749 if (!retval) { 1750 *error = -SCTP_IERROR_NOMEM; 1751 goto fail; 1752 } 1753 1754 /* Set up our peer's port number. */ 1755 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1756 1757 /* Populate the association from the cookie. */ 1758 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1759 1760 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1761 GFP_ATOMIC) < 0) { 1762 *error = -SCTP_IERROR_NOMEM; 1763 goto fail; 1764 } 1765 1766 /* Also, add the destination address. */ 1767 if (list_empty(&retval->base.bind_addr.address_list)) { 1768 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1769 SCTP_ADDR_SRC, GFP_ATOMIC); 1770 } 1771 1772 retval->next_tsn = retval->c.initial_tsn; 1773 retval->ctsn_ack_point = retval->next_tsn - 1; 1774 retval->addip_serial = retval->c.initial_tsn; 1775 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1776 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1777 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1778 1779 /* The INIT stuff will be done by the side effects. */ 1780 return retval; 1781 1782fail: 1783 if (retval) 1784 sctp_association_free(retval); 1785 1786 return NULL; 1787 1788malformed: 1789 /* Yikes! The packet is either corrupt or deliberately 1790 * malformed. 1791 */ 1792 *error = -SCTP_IERROR_MALFORMED; 1793 goto fail; 1794} 1795 1796/******************************************************************** 1797 * 3rd Level Abstractions 1798 ********************************************************************/ 1799 1800struct __sctp_missing { 1801 __be32 num_missing; 1802 __be16 type; 1803} __packed; 1804 1805/* 1806 * Report a missing mandatory parameter. 1807 */ 1808static int sctp_process_missing_param(const struct sctp_association *asoc, 1809 sctp_param_t paramtype, 1810 struct sctp_chunk *chunk, 1811 struct sctp_chunk **errp) 1812{ 1813 struct __sctp_missing report; 1814 __u16 len; 1815 1816 len = WORD_ROUND(sizeof(report)); 1817 1818 /* Make an ERROR chunk, preparing enough room for 1819 * returning multiple unknown parameters. 1820 */ 1821 if (!*errp) 1822 *errp = sctp_make_op_error_space(asoc, chunk, len); 1823 1824 if (*errp) { 1825 report.num_missing = htonl(1); 1826 report.type = paramtype; 1827 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1828 sizeof(report)); 1829 sctp_addto_chunk(*errp, sizeof(report), &report); 1830 } 1831 1832 /* Stop processing this chunk. */ 1833 return 0; 1834} 1835 1836/* Report an Invalid Mandatory Parameter. */ 1837static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1838 struct sctp_chunk *chunk, 1839 struct sctp_chunk **errp) 1840{ 1841 /* Invalid Mandatory Parameter Error has no payload. */ 1842 1843 if (!*errp) 1844 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1845 1846 if (*errp) 1847 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1848 1849 /* Stop processing this chunk. */ 1850 return 0; 1851} 1852 1853static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1854 struct sctp_paramhdr *param, 1855 const struct sctp_chunk *chunk, 1856 struct sctp_chunk **errp) 1857{ 1858 /* This is a fatal error. Any accumulated non-fatal errors are 1859 * not reported. 1860 */ 1861 if (*errp) 1862 sctp_chunk_free(*errp); 1863 1864 /* Create an error chunk and fill it in with our payload. */ 1865 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1866 1867 return 0; 1868} 1869 1870 1871/* Do not attempt to handle the HOST_NAME parm. However, do 1872 * send back an indicator to the peer. 1873 */ 1874static int sctp_process_hn_param(const struct sctp_association *asoc, 1875 union sctp_params param, 1876 struct sctp_chunk *chunk, 1877 struct sctp_chunk **errp) 1878{ 1879 __u16 len = ntohs(param.p->length); 1880 1881 /* Processing of the HOST_NAME parameter will generate an 1882 * ABORT. If we've accumulated any non-fatal errors, they 1883 * would be unrecognized parameters and we should not include 1884 * them in the ABORT. 1885 */ 1886 if (*errp) 1887 sctp_chunk_free(*errp); 1888 1889 *errp = sctp_make_op_error_space(asoc, chunk, len); 1890 1891 if (*errp) { 1892 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len); 1893 sctp_addto_chunk(*errp, len, param.v); 1894 } 1895 1896 /* Stop processing this chunk. */ 1897 return 0; 1898} 1899 1900static int sctp_verify_ext_param(union sctp_params param) 1901{ 1902 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1903 int have_auth = 0; 1904 int have_asconf = 0; 1905 int i; 1906 1907 for (i = 0; i < num_ext; i++) { 1908 switch (param.ext->chunks[i]) { 1909 case SCTP_CID_AUTH: 1910 have_auth = 1; 1911 break; 1912 case SCTP_CID_ASCONF: 1913 case SCTP_CID_ASCONF_ACK: 1914 have_asconf = 1; 1915 break; 1916 } 1917 } 1918 1919 /* ADD-IP Security: The draft requires us to ABORT or ignore the 1920 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 1921 * only if ADD-IP is turned on and we are not backward-compatible 1922 * mode. 1923 */ 1924 if (sctp_addip_noauth) 1925 return 1; 1926 1927 if (sctp_addip_enable && !have_auth && have_asconf) 1928 return 0; 1929 1930 return 1; 1931} 1932 1933static void sctp_process_ext_param(struct sctp_association *asoc, 1934 union sctp_params param) 1935{ 1936 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 1937 int i; 1938 1939 for (i = 0; i < num_ext; i++) { 1940 switch (param.ext->chunks[i]) { 1941 case SCTP_CID_FWD_TSN: 1942 if (sctp_prsctp_enable && 1943 !asoc->peer.prsctp_capable) 1944 asoc->peer.prsctp_capable = 1; 1945 break; 1946 case SCTP_CID_AUTH: 1947 /* if the peer reports AUTH, assume that he 1948 * supports AUTH. 1949 */ 1950 if (sctp_auth_enable) 1951 asoc->peer.auth_capable = 1; 1952 break; 1953 case SCTP_CID_ASCONF: 1954 case SCTP_CID_ASCONF_ACK: 1955 if (sctp_addip_enable) 1956 asoc->peer.asconf_capable = 1; 1957 break; 1958 default: 1959 break; 1960 } 1961 } 1962} 1963 1964/* RFC 3.2.1 & the Implementers Guide 2.2. 1965 * 1966 * The Parameter Types are encoded such that the 1967 * highest-order two bits specify the action that must be 1968 * taken if the processing endpoint does not recognize the 1969 * Parameter Type. 1970 * 1971 * 00 - Stop processing this parameter; do not process any further 1972 * parameters within this chunk 1973 * 1974 * 01 - Stop processing this parameter, do not process any further 1975 * parameters within this chunk, and report the unrecognized 1976 * parameter in an 'Unrecognized Parameter' ERROR chunk. 1977 * 1978 * 10 - Skip this parameter and continue processing. 1979 * 1980 * 11 - Skip this parameter and continue processing but 1981 * report the unrecognized parameter in an 1982 * 'Unrecognized Parameter' ERROR chunk. 1983 * 1984 * Return value: 1985 * SCTP_IERROR_NO_ERROR - continue with the chunk 1986 * SCTP_IERROR_ERROR - stop and report an error. 1987 * SCTP_IERROR_NOMEME - out of memory. 1988 */ 1989static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc, 1990 union sctp_params param, 1991 struct sctp_chunk *chunk, 1992 struct sctp_chunk **errp) 1993{ 1994 int retval = SCTP_IERROR_NO_ERROR; 1995 1996 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 1997 case SCTP_PARAM_ACTION_DISCARD: 1998 retval = SCTP_IERROR_ERROR; 1999 break; 2000 case SCTP_PARAM_ACTION_SKIP: 2001 break; 2002 case SCTP_PARAM_ACTION_DISCARD_ERR: 2003 retval = SCTP_IERROR_ERROR; 2004 /* Fall through */ 2005 case SCTP_PARAM_ACTION_SKIP_ERR: 2006 /* Make an ERROR chunk, preparing enough room for 2007 * returning multiple unknown parameters. 2008 */ 2009 if (NULL == *errp) 2010 *errp = sctp_make_op_error_fixed(asoc, chunk); 2011 2012 if (*errp) { 2013 sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2014 WORD_ROUND(ntohs(param.p->length))); 2015 sctp_addto_chunk_fixed(*errp, 2016 WORD_ROUND(ntohs(param.p->length)), 2017 param.v); 2018 } else { 2019 /* If there is no memory for generating the ERROR 2020 * report as specified, an ABORT will be triggered 2021 * to the peer and the association won't be 2022 * established. 2023 */ 2024 retval = SCTP_IERROR_NOMEM; 2025 } 2026 break; 2027 default: 2028 break; 2029 } 2030 2031 return retval; 2032} 2033 2034/* Verify variable length parameters 2035 * Return values: 2036 * SCTP_IERROR_ABORT - trigger an ABORT 2037 * SCTP_IERROR_NOMEM - out of memory (abort) 2038 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2039 * SCTP_IERROR_NO_ERROR - continue with the chunk 2040 */ 2041static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc, 2042 union sctp_params param, 2043 sctp_cid_t cid, 2044 struct sctp_chunk *chunk, 2045 struct sctp_chunk **err_chunk) 2046{ 2047 struct sctp_hmac_algo_param *hmacs; 2048 int retval = SCTP_IERROR_NO_ERROR; 2049 __u16 n_elt, id = 0; 2050 int i; 2051 2052 2053 switch (param.p->type) { 2054 case SCTP_PARAM_IPV4_ADDRESS: 2055 case SCTP_PARAM_IPV6_ADDRESS: 2056 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2057 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2058 case SCTP_PARAM_STATE_COOKIE: 2059 case SCTP_PARAM_HEARTBEAT_INFO: 2060 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2061 case SCTP_PARAM_ECN_CAPABLE: 2062 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2063 break; 2064 2065 case SCTP_PARAM_SUPPORTED_EXT: 2066 if (!sctp_verify_ext_param(param)) 2067 return SCTP_IERROR_ABORT; 2068 break; 2069 2070 case SCTP_PARAM_SET_PRIMARY: 2071 if (sctp_addip_enable) 2072 break; 2073 goto fallthrough; 2074 2075 case SCTP_PARAM_HOST_NAME_ADDRESS: 2076 /* Tell the peer, we won't support this param. */ 2077 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2078 retval = SCTP_IERROR_ABORT; 2079 break; 2080 2081 case SCTP_PARAM_FWD_TSN_SUPPORT: 2082 if (sctp_prsctp_enable) 2083 break; 2084 goto fallthrough; 2085 2086 case SCTP_PARAM_RANDOM: 2087 if (!sctp_auth_enable) 2088 goto fallthrough; 2089 2090 /* SCTP-AUTH: Secion 6.1 2091 * If the random number is not 32 byte long the association 2092 * MUST be aborted. The ABORT chunk SHOULD contain the error 2093 * cause 'Protocol Violation'. 2094 */ 2095 if (SCTP_AUTH_RANDOM_LENGTH != 2096 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) { 2097 sctp_process_inv_paramlength(asoc, param.p, 2098 chunk, err_chunk); 2099 retval = SCTP_IERROR_ABORT; 2100 } 2101 break; 2102 2103 case SCTP_PARAM_CHUNKS: 2104 if (!sctp_auth_enable) 2105 goto fallthrough; 2106 2107 /* SCTP-AUTH: Section 3.2 2108 * The CHUNKS parameter MUST be included once in the INIT or 2109 * INIT-ACK chunk if the sender wants to receive authenticated 2110 * chunks. Its maximum length is 260 bytes. 2111 */ 2112 if (260 < ntohs(param.p->length)) { 2113 sctp_process_inv_paramlength(asoc, param.p, 2114 chunk, err_chunk); 2115 retval = SCTP_IERROR_ABORT; 2116 } 2117 break; 2118 2119 case SCTP_PARAM_HMAC_ALGO: 2120 if (!sctp_auth_enable) 2121 goto fallthrough; 2122 2123 hmacs = (struct sctp_hmac_algo_param *)param.p; 2124 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1; 2125 2126 /* SCTP-AUTH: Section 6.1 2127 * The HMAC algorithm based on SHA-1 MUST be supported and 2128 * included in the HMAC-ALGO parameter. 2129 */ 2130 for (i = 0; i < n_elt; i++) { 2131 id = ntohs(hmacs->hmac_ids[i]); 2132 2133 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2134 break; 2135 } 2136 2137 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2138 sctp_process_inv_paramlength(asoc, param.p, chunk, 2139 err_chunk); 2140 retval = SCTP_IERROR_ABORT; 2141 } 2142 break; 2143fallthrough: 2144 default: 2145 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n", 2146 ntohs(param.p->type), cid); 2147 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2148 break; 2149 } 2150 return retval; 2151} 2152 2153/* Verify the INIT packet before we process it. */ 2154int sctp_verify_init(const struct sctp_association *asoc, 2155 sctp_cid_t cid, 2156 sctp_init_chunk_t *peer_init, 2157 struct sctp_chunk *chunk, 2158 struct sctp_chunk **errp) 2159{ 2160 union sctp_params param; 2161 int has_cookie = 0; 2162 int result; 2163 2164 /* Verify stream values are non-zero. */ 2165 if ((0 == peer_init->init_hdr.num_outbound_streams) || 2166 (0 == peer_init->init_hdr.num_inbound_streams) || 2167 (0 == peer_init->init_hdr.init_tag) || 2168 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) { 2169 2170 return sctp_process_inv_mandatory(asoc, chunk, errp); 2171 } 2172 2173 /* Check for missing mandatory parameters. */ 2174 sctp_walk_params(param, peer_init, init_hdr.params) { 2175 2176 if (SCTP_PARAM_STATE_COOKIE == param.p->type) 2177 has_cookie = 1; 2178 2179 } /* for (loop through all parameters) */ 2180 2181 /* There is a possibility that a parameter length was bad and 2182 * in that case we would have stoped walking the parameters. 2183 * The current param.p would point at the bad one. 2184 * Current consensus on the mailing list is to generate a PROTOCOL 2185 * VIOLATION error. We build the ERROR chunk here and let the normal 2186 * error handling code build and send the packet. 2187 */ 2188 if (param.v != (void*)chunk->chunk_end) 2189 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2190 2191 /* The only missing mandatory param possible today is 2192 * the state cookie for an INIT-ACK chunk. 2193 */ 2194 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2195 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2196 chunk, errp); 2197 2198 /* Verify all the variable length parameters */ 2199 sctp_walk_params(param, peer_init, init_hdr.params) { 2200 2201 result = sctp_verify_param(asoc, param, cid, chunk, errp); 2202 switch (result) { 2203 case SCTP_IERROR_ABORT: 2204 case SCTP_IERROR_NOMEM: 2205 return 0; 2206 case SCTP_IERROR_ERROR: 2207 return 1; 2208 case SCTP_IERROR_NO_ERROR: 2209 default: 2210 break; 2211 } 2212 2213 } /* for (loop through all parameters) */ 2214 2215 return 1; 2216} 2217 2218int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid, 2219 const union sctp_addr *peer_addr, 2220 sctp_init_chunk_t *peer_init, gfp_t gfp) 2221{ 2222 union sctp_params param; 2223 struct sctp_transport *transport; 2224 struct list_head *pos, *temp; 2225 char *cookie; 2226 2227 /* We must include the address that the INIT packet came from. 2228 * This is the only address that matters for an INIT packet. 2229 * When processing a COOKIE ECHO, we retrieve the from address 2230 * of the INIT from the cookie. 2231 */ 2232 2233 /* This implementation defaults to making the first transport 2234 * added as the primary transport. The source address seems to 2235 * be a a better choice than any of the embedded addresses. 2236 */ 2237 if (peer_addr) { 2238 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2239 goto nomem; 2240 } 2241 2242 /* Process the initialization parameters. */ 2243 sctp_walk_params(param, peer_init, init_hdr.params) { 2244 2245 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2246 goto clean_up; 2247 } 2248 2249 /* AUTH: After processing the parameters, make sure that we 2250 * have all the required info to potentially do authentications. 2251 */ 2252 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2253 !asoc->peer.peer_hmacs)) 2254 asoc->peer.auth_capable = 0; 2255 2256 /* In a non-backward compatible mode, if the peer claims 2257 * support for ADD-IP but not AUTH, the ADD-IP spec states 2258 * that we MUST ABORT the association. Section 6. The section 2259 * also give us an option to silently ignore the packet, which 2260 * is what we'll do here. 2261 */ 2262 if (!sctp_addip_noauth && 2263 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2264 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2265 SCTP_PARAM_DEL_IP | 2266 SCTP_PARAM_SET_PRIMARY); 2267 asoc->peer.asconf_capable = 0; 2268 goto clean_up; 2269 } 2270 2271 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2272 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2273 transport = list_entry(pos, struct sctp_transport, transports); 2274 if (transport->state == SCTP_UNKNOWN) { 2275 sctp_assoc_rm_peer(asoc, transport); 2276 } 2277 } 2278 2279 /* The fixed INIT headers are always in network byte 2280 * order. 2281 */ 2282 asoc->peer.i.init_tag = 2283 ntohl(peer_init->init_hdr.init_tag); 2284 asoc->peer.i.a_rwnd = 2285 ntohl(peer_init->init_hdr.a_rwnd); 2286 asoc->peer.i.num_outbound_streams = 2287 ntohs(peer_init->init_hdr.num_outbound_streams); 2288 asoc->peer.i.num_inbound_streams = 2289 ntohs(peer_init->init_hdr.num_inbound_streams); 2290 asoc->peer.i.initial_tsn = 2291 ntohl(peer_init->init_hdr.initial_tsn); 2292 2293 /* Apply the upper bounds for output streams based on peer's 2294 * number of inbound streams. 2295 */ 2296 if (asoc->c.sinit_num_ostreams > 2297 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2298 asoc->c.sinit_num_ostreams = 2299 ntohs(peer_init->init_hdr.num_inbound_streams); 2300 } 2301 2302 if (asoc->c.sinit_max_instreams > 2303 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2304 asoc->c.sinit_max_instreams = 2305 ntohs(peer_init->init_hdr.num_outbound_streams); 2306 } 2307 2308 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2309 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2310 2311 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2312 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2313 2314 /* Copy cookie in case we need to resend COOKIE-ECHO. */ 2315 cookie = asoc->peer.cookie; 2316 if (cookie) { 2317 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp); 2318 if (!asoc->peer.cookie) 2319 goto clean_up; 2320 } 2321 2322 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2323 * high (for example, implementations MAY use the size of the receiver 2324 * advertised window). 2325 */ 2326 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2327 transports) { 2328 transport->ssthresh = asoc->peer.i.a_rwnd; 2329 } 2330 2331 /* Set up the TSN tracking pieces. */ 2332 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2333 asoc->peer.i.initial_tsn, gfp)) 2334 goto clean_up; 2335 2336 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2337 * 2338 * The stream sequence number in all the streams shall start 2339 * from 0 when the association is established. Also, when the 2340 * stream sequence number reaches the value 65535 the next 2341 * stream sequence number shall be set to 0. 2342 */ 2343 2344 /* Allocate storage for the negotiated streams if it is not a temporary 2345 * association. 2346 */ 2347 if (!asoc->temp) { 2348 int error; 2349 2350 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams, 2351 asoc->c.sinit_num_ostreams, gfp); 2352 if (!asoc->ssnmap) 2353 goto clean_up; 2354 2355 error = sctp_assoc_set_id(asoc, gfp); 2356 if (error) 2357 goto clean_up; 2358 } 2359 2360 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2361 * 2362 * When an endpoint has an ASCONF signaled change to be sent to the 2363 * remote endpoint it should do the following: 2364 * ... 2365 * A2) A serial number should be assigned to the Chunk. The serial 2366 * number should be a monotonically increasing number. All serial 2367 * numbers are defined to be initialized at the start of the 2368 * association to the same value as the Initial TSN. 2369 */ 2370 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2371 return 1; 2372 2373clean_up: 2374 /* Release the transport structures. */ 2375 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2376 transport = list_entry(pos, struct sctp_transport, transports); 2377 if (transport->state != SCTP_ACTIVE) 2378 sctp_assoc_rm_peer(asoc, transport); 2379 } 2380 2381nomem: 2382 return 0; 2383} 2384 2385 2386/* Update asoc with the option described in param. 2387 * 2388 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2389 * 2390 * asoc is the association to update. 2391 * param is the variable length parameter to use for update. 2392 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2393 * If the current packet is an INIT we want to minimize the amount of 2394 * work we do. In particular, we should not build transport 2395 * structures for the addresses. 2396 */ 2397static int sctp_process_param(struct sctp_association *asoc, 2398 union sctp_params param, 2399 const union sctp_addr *peer_addr, 2400 gfp_t gfp) 2401{ 2402 union sctp_addr addr; 2403 int i; 2404 __u16 sat; 2405 int retval = 1; 2406 sctp_scope_t scope; 2407 time_t stale; 2408 struct sctp_af *af; 2409 union sctp_addr_param *addr_param; 2410 struct sctp_transport *t; 2411 2412 /* We maintain all INIT parameters in network byte order all the 2413 * time. This allows us to not worry about whether the parameters 2414 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2415 */ 2416 switch (param.p->type) { 2417 case SCTP_PARAM_IPV6_ADDRESS: 2418 if (PF_INET6 != asoc->base.sk->sk_family) 2419 break; 2420 goto do_addr_param; 2421 2422 case SCTP_PARAM_IPV4_ADDRESS: 2423 /* v4 addresses are not allowed on v6-only socket */ 2424 if (ipv6_only_sock(asoc->base.sk)) 2425 break; 2426do_addr_param: 2427 af = sctp_get_af_specific(param_type2af(param.p->type)); 2428 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0); 2429 scope = sctp_scope(peer_addr); 2430 if (sctp_in_scope(&addr, scope)) 2431 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2432 return 0; 2433 break; 2434 2435 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2436 if (!sctp_cookie_preserve_enable) 2437 break; 2438 2439 stale = ntohl(param.life->lifespan_increment); 2440 2441 /* Suggested Cookie Life span increment's unit is msec, 2442 * (1/1000sec). 2443 */ 2444 asoc->cookie_life.tv_sec += stale / 1000; 2445 asoc->cookie_life.tv_usec += (stale % 1000) * 1000; 2446 break; 2447 2448 case SCTP_PARAM_HOST_NAME_ADDRESS: 2449 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n"); 2450 break; 2451 2452 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2453 /* Turn off the default values first so we'll know which 2454 * ones are really set by the peer. 2455 */ 2456 asoc->peer.ipv4_address = 0; 2457 asoc->peer.ipv6_address = 0; 2458 2459 /* Assume that peer supports the address family 2460 * by which it sends a packet. 2461 */ 2462 if (peer_addr->sa.sa_family == AF_INET6) 2463 asoc->peer.ipv6_address = 1; 2464 else if (peer_addr->sa.sa_family == AF_INET) 2465 asoc->peer.ipv4_address = 1; 2466 2467 /* Cycle through address types; avoid divide by 0. */ 2468 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2469 if (sat) 2470 sat /= sizeof(__u16); 2471 2472 for (i = 0; i < sat; ++i) { 2473 switch (param.sat->types[i]) { 2474 case SCTP_PARAM_IPV4_ADDRESS: 2475 asoc->peer.ipv4_address = 1; 2476 break; 2477 2478 case SCTP_PARAM_IPV6_ADDRESS: 2479 if (PF_INET6 == asoc->base.sk->sk_family) 2480 asoc->peer.ipv6_address = 1; 2481 break; 2482 2483 case SCTP_PARAM_HOST_NAME_ADDRESS: 2484 asoc->peer.hostname_address = 1; 2485 break; 2486 2487 default: /* Just ignore anything else. */ 2488 break; 2489 } 2490 } 2491 break; 2492 2493 case SCTP_PARAM_STATE_COOKIE: 2494 asoc->peer.cookie_len = 2495 ntohs(param.p->length) - sizeof(sctp_paramhdr_t); 2496 asoc->peer.cookie = param.cookie->body; 2497 break; 2498 2499 case SCTP_PARAM_HEARTBEAT_INFO: 2500 /* Would be odd to receive, but it causes no problems. */ 2501 break; 2502 2503 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2504 /* Rejected during verify stage. */ 2505 break; 2506 2507 case SCTP_PARAM_ECN_CAPABLE: 2508 asoc->peer.ecn_capable = 1; 2509 break; 2510 2511 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2512 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2513 break; 2514 2515 case SCTP_PARAM_SET_PRIMARY: 2516 if (!sctp_addip_enable) 2517 goto fall_through; 2518 2519 addr_param = param.v + sizeof(sctp_addip_param_t); 2520 2521 af = sctp_get_af_specific(param_type2af(param.p->type)); 2522 af->from_addr_param(&addr, addr_param, 2523 htons(asoc->peer.port), 0); 2524 2525 if (!af->addr_valid(&addr, NULL, NULL)) 2526 break; 2527 2528 t = sctp_assoc_lookup_paddr(asoc, &addr); 2529 if (!t) 2530 break; 2531 2532 sctp_assoc_set_primary(asoc, t); 2533 break; 2534 2535 case SCTP_PARAM_SUPPORTED_EXT: 2536 sctp_process_ext_param(asoc, param); 2537 break; 2538 2539 case SCTP_PARAM_FWD_TSN_SUPPORT: 2540 if (sctp_prsctp_enable) { 2541 asoc->peer.prsctp_capable = 1; 2542 break; 2543 } 2544 /* Fall Through */ 2545 goto fall_through; 2546 2547 case SCTP_PARAM_RANDOM: 2548 if (!sctp_auth_enable) 2549 goto fall_through; 2550 2551 /* Save peer's random parameter */ 2552 asoc->peer.peer_random = kmemdup(param.p, 2553 ntohs(param.p->length), gfp); 2554 if (!asoc->peer.peer_random) { 2555 retval = 0; 2556 break; 2557 } 2558 break; 2559 2560 case SCTP_PARAM_HMAC_ALGO: 2561 if (!sctp_auth_enable) 2562 goto fall_through; 2563 2564 /* Save peer's HMAC list */ 2565 asoc->peer.peer_hmacs = kmemdup(param.p, 2566 ntohs(param.p->length), gfp); 2567 if (!asoc->peer.peer_hmacs) { 2568 retval = 0; 2569 break; 2570 } 2571 2572 /* Set the default HMAC the peer requested*/ 2573 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2574 break; 2575 2576 case SCTP_PARAM_CHUNKS: 2577 if (!sctp_auth_enable) 2578 goto fall_through; 2579 2580 asoc->peer.peer_chunks = kmemdup(param.p, 2581 ntohs(param.p->length), gfp); 2582 if (!asoc->peer.peer_chunks) 2583 retval = 0; 2584 break; 2585fall_through: 2586 default: 2587 /* Any unrecognized parameters should have been caught 2588 * and handled by sctp_verify_param() which should be 2589 * called prior to this routine. Simply log the error 2590 * here. 2591 */ 2592 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n", 2593 ntohs(param.p->type), asoc); 2594 break; 2595 } 2596 2597 return retval; 2598} 2599 2600/* Select a new verification tag. */ 2601__u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2602{ 2603 /* I believe that this random number generator complies with RFC1750. 2604 * A tag of 0 is reserved for special cases (e.g. INIT). 2605 */ 2606 __u32 x; 2607 2608 do { 2609 get_random_bytes(&x, sizeof(__u32)); 2610 } while (x == 0); 2611 2612 return x; 2613} 2614 2615/* Select an initial TSN to send during startup. */ 2616__u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2617{ 2618 __u32 retval; 2619 2620 get_random_bytes(&retval, sizeof(__u32)); 2621 return retval; 2622} 2623 2624/* 2625 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2626 * 0 1 2 3 2627 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2628 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2629 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2630 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2631 * | Serial Number | 2632 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2633 * | Address Parameter | 2634 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2635 * | ASCONF Parameter #1 | 2636 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2637 * \ \ 2638 * / .... / 2639 * \ \ 2640 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2641 * | ASCONF Parameter #N | 2642 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2643 * 2644 * Address Parameter and other parameter will not be wrapped in this function 2645 */ 2646static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2647 union sctp_addr *addr, 2648 int vparam_len) 2649{ 2650 sctp_addiphdr_t asconf; 2651 struct sctp_chunk *retval; 2652 int length = sizeof(asconf) + vparam_len; 2653 union sctp_addr_param addrparam; 2654 int addrlen; 2655 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2656 2657 addrlen = af->to_addr_param(addr, &addrparam); 2658 if (!addrlen) 2659 return NULL; 2660 length += addrlen; 2661 2662 /* Create the chunk. */ 2663 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length); 2664 if (!retval) 2665 return NULL; 2666 2667 asconf.serial = htonl(asoc->addip_serial++); 2668 2669 retval->subh.addip_hdr = 2670 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2671 retval->param_hdr.v = 2672 sctp_addto_chunk(retval, addrlen, &addrparam); 2673 2674 return retval; 2675} 2676 2677/* ADDIP 2678 * 3.2.1 Add IP Address 2679 * 0 1 2 3 2680 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2681 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2682 * | Type = 0xC001 | Length = Variable | 2683 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2684 * | ASCONF-Request Correlation ID | 2685 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2686 * | Address Parameter | 2687 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2688 * 2689 * 3.2.2 Delete IP Address 2690 * 0 1 2 3 2691 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2692 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2693 * | Type = 0xC002 | Length = Variable | 2694 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2695 * | ASCONF-Request Correlation ID | 2696 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2697 * | Address Parameter | 2698 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2699 * 2700 */ 2701struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2702 union sctp_addr *laddr, 2703 struct sockaddr *addrs, 2704 int addrcnt, 2705 __be16 flags) 2706{ 2707 sctp_addip_param_t param; 2708 struct sctp_chunk *retval; 2709 union sctp_addr_param addr_param; 2710 union sctp_addr *addr; 2711 void *addr_buf; 2712 struct sctp_af *af; 2713 int paramlen = sizeof(param); 2714 int addr_param_len = 0; 2715 int totallen = 0; 2716 int i; 2717 2718 /* Get total length of all the address parameters. */ 2719 addr_buf = addrs; 2720 for (i = 0; i < addrcnt; i++) { 2721 addr = (union sctp_addr *)addr_buf; 2722 af = sctp_get_af_specific(addr->v4.sin_family); 2723 addr_param_len = af->to_addr_param(addr, &addr_param); 2724 2725 totallen += paramlen; 2726 totallen += addr_param_len; 2727 2728 addr_buf += af->sockaddr_len; 2729 } 2730 2731 /* Create an asconf chunk with the required length. */ 2732 retval = sctp_make_asconf(asoc, laddr, totallen); 2733 if (!retval) 2734 return NULL; 2735 2736 /* Add the address parameters to the asconf chunk. */ 2737 addr_buf = addrs; 2738 for (i = 0; i < addrcnt; i++) { 2739 addr = (union sctp_addr *)addr_buf; 2740 af = sctp_get_af_specific(addr->v4.sin_family); 2741 addr_param_len = af->to_addr_param(addr, &addr_param); 2742 param.param_hdr.type = flags; 2743 param.param_hdr.length = htons(paramlen + addr_param_len); 2744 param.crr_id = i; 2745 2746 sctp_addto_chunk(retval, paramlen, ¶m); 2747 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2748 2749 addr_buf += af->sockaddr_len; 2750 } 2751 return retval; 2752} 2753 2754/* ADDIP 2755 * 3.2.4 Set Primary IP Address 2756 * 0 1 2 3 2757 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2758 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2759 * | Type =0xC004 | Length = Variable | 2760 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2761 * | ASCONF-Request Correlation ID | 2762 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2763 * | Address Parameter | 2764 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2765 * 2766 * Create an ASCONF chunk with Set Primary IP address parameter. 2767 */ 2768struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2769 union sctp_addr *addr) 2770{ 2771 sctp_addip_param_t param; 2772 struct sctp_chunk *retval; 2773 int len = sizeof(param); 2774 union sctp_addr_param addrparam; 2775 int addrlen; 2776 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2777 2778 addrlen = af->to_addr_param(addr, &addrparam); 2779 if (!addrlen) 2780 return NULL; 2781 len += addrlen; 2782 2783 /* Create the chunk and make asconf header. */ 2784 retval = sctp_make_asconf(asoc, addr, len); 2785 if (!retval) 2786 return NULL; 2787 2788 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2789 param.param_hdr.length = htons(len); 2790 param.crr_id = 0; 2791 2792 sctp_addto_chunk(retval, sizeof(param), ¶m); 2793 sctp_addto_chunk(retval, addrlen, &addrparam); 2794 2795 return retval; 2796} 2797 2798/* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2799 * 0 1 2 3 2800 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2801 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2802 * | Type = 0x80 | Chunk Flags | Chunk Length | 2803 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2804 * | Serial Number | 2805 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2806 * | ASCONF Parameter Response#1 | 2807 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2808 * \ \ 2809 * / .... / 2810 * \ \ 2811 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2812 * | ASCONF Parameter Response#N | 2813 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2814 * 2815 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2816 */ 2817static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2818 __u32 serial, int vparam_len) 2819{ 2820 sctp_addiphdr_t asconf; 2821 struct sctp_chunk *retval; 2822 int length = sizeof(asconf) + vparam_len; 2823 2824 /* Create the chunk. */ 2825 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length); 2826 if (!retval) 2827 return NULL; 2828 2829 asconf.serial = htonl(serial); 2830 2831 retval->subh.addip_hdr = 2832 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2833 2834 return retval; 2835} 2836 2837/* Add response parameters to an ASCONF_ACK chunk. */ 2838static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 2839 __be16 err_code, sctp_addip_param_t *asconf_param) 2840{ 2841 sctp_addip_param_t ack_param; 2842 sctp_errhdr_t err_param; 2843 int asconf_param_len = 0; 2844 int err_param_len = 0; 2845 __be16 response_type; 2846 2847 if (SCTP_ERROR_NO_ERROR == err_code) { 2848 response_type = SCTP_PARAM_SUCCESS_REPORT; 2849 } else { 2850 response_type = SCTP_PARAM_ERR_CAUSE; 2851 err_param_len = sizeof(err_param); 2852 if (asconf_param) 2853 asconf_param_len = 2854 ntohs(asconf_param->param_hdr.length); 2855 } 2856 2857 /* Add Success Indication or Error Cause Indication parameter. */ 2858 ack_param.param_hdr.type = response_type; 2859 ack_param.param_hdr.length = htons(sizeof(ack_param) + 2860 err_param_len + 2861 asconf_param_len); 2862 ack_param.crr_id = crr_id; 2863 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 2864 2865 if (SCTP_ERROR_NO_ERROR == err_code) 2866 return; 2867 2868 /* Add Error Cause parameter. */ 2869 err_param.cause = err_code; 2870 err_param.length = htons(err_param_len + asconf_param_len); 2871 sctp_addto_chunk(chunk, err_param_len, &err_param); 2872 2873 /* Add the failed TLV copied from ASCONF chunk. */ 2874 if (asconf_param) 2875 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 2876} 2877 2878/* Process a asconf parameter. */ 2879static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 2880 struct sctp_chunk *asconf, 2881 sctp_addip_param_t *asconf_param) 2882{ 2883 struct sctp_transport *peer; 2884 struct sctp_af *af; 2885 union sctp_addr addr; 2886 union sctp_addr_param *addr_param; 2887 2888 addr_param = (union sctp_addr_param *) 2889 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 2890 2891 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 2892 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 2893 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 2894 return SCTP_ERROR_UNKNOWN_PARAM; 2895 2896 switch (addr_param->v4.param_hdr.type) { 2897 case SCTP_PARAM_IPV6_ADDRESS: 2898 if (!asoc->peer.ipv6_address) 2899 return SCTP_ERROR_DNS_FAILED; 2900 break; 2901 case SCTP_PARAM_IPV4_ADDRESS: 2902 if (!asoc->peer.ipv4_address) 2903 return SCTP_ERROR_DNS_FAILED; 2904 break; 2905 default: 2906 return SCTP_ERROR_DNS_FAILED; 2907 } 2908 2909 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 2910 if (unlikely(!af)) 2911 return SCTP_ERROR_DNS_FAILED; 2912 2913 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0); 2914 2915 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 2916 * or multicast address. 2917 * (note: wildcard is permitted and requires special handling so 2918 * make sure we check for that) 2919 */ 2920 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 2921 return SCTP_ERROR_DNS_FAILED; 2922 2923 switch (asconf_param->param_hdr.type) { 2924 case SCTP_PARAM_ADD_IP: 2925 /* Section 4.2.1: 2926 * If the address 0.0.0.0 or ::0 is provided, the source 2927 * address of the packet MUST be added. 2928 */ 2929 if (af->is_any(&addr)) 2930 memcpy(&addr, &asconf->source, sizeof(addr)); 2931 2932 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 2933 * request and does not have the local resources to add this 2934 * new address to the association, it MUST return an Error 2935 * Cause TLV set to the new error code 'Operation Refused 2936 * Due to Resource Shortage'. 2937 */ 2938 2939 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 2940 if (!peer) 2941 return SCTP_ERROR_RSRC_LOW; 2942 2943 /* Start the heartbeat timer. */ 2944 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer))) 2945 sctp_transport_hold(peer); 2946 break; 2947 case SCTP_PARAM_DEL_IP: 2948 /* ADDIP 4.3 D7) If a request is received to delete the 2949 * last remaining IP address of a peer endpoint, the receiver 2950 * MUST send an Error Cause TLV with the error cause set to the 2951 * new error code 'Request to Delete Last Remaining IP Address'. 2952 */ 2953 if (asoc->peer.transport_count == 1) 2954 return SCTP_ERROR_DEL_LAST_IP; 2955 2956 /* ADDIP 4.3 D8) If a request is received to delete an IP 2957 * address which is also the source address of the IP packet 2958 * which contained the ASCONF chunk, the receiver MUST reject 2959 * this request. To reject the request the receiver MUST send 2960 * an Error Cause TLV set to the new error code 'Request to 2961 * Delete Source IP Address' 2962 */ 2963 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr)) 2964 return SCTP_ERROR_DEL_SRC_IP; 2965 2966 /* Section 4.2.2 2967 * If the address 0.0.0.0 or ::0 is provided, all 2968 * addresses of the peer except the source address of the 2969 * packet MUST be deleted. 2970 */ 2971 if (af->is_any(&addr)) { 2972 sctp_assoc_set_primary(asoc, asconf->transport); 2973 sctp_assoc_del_nonprimary_peers(asoc, 2974 asconf->transport); 2975 } else 2976 sctp_assoc_del_peer(asoc, &addr); 2977 break; 2978 case SCTP_PARAM_SET_PRIMARY: 2979 /* ADDIP Section 4.2.4 2980 * If the address 0.0.0.0 or ::0 is provided, the receiver 2981 * MAY mark the source address of the packet as its 2982 * primary. 2983 */ 2984 if (af->is_any(&addr)) 2985 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr)); 2986 2987 peer = sctp_assoc_lookup_paddr(asoc, &addr); 2988 if (!peer) 2989 return SCTP_ERROR_DNS_FAILED; 2990 2991 sctp_assoc_set_primary(asoc, peer); 2992 break; 2993 } 2994 2995 return SCTP_ERROR_NO_ERROR; 2996} 2997 2998/* Verify the ASCONF packet before we process it. */ 2999int sctp_verify_asconf(const struct sctp_association *asoc, 3000 struct sctp_paramhdr *param_hdr, void *chunk_end, 3001 struct sctp_paramhdr **errp) { 3002 sctp_addip_param_t *asconf_param; 3003 union sctp_params param; 3004 int length, plen; 3005 3006 param.v = (sctp_paramhdr_t *) param_hdr; 3007 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) { 3008 length = ntohs(param.p->length); 3009 *errp = param.p; 3010 3011 if (param.v > chunk_end - length || 3012 length < sizeof(sctp_paramhdr_t)) 3013 return 0; 3014 3015 switch (param.p->type) { 3016 case SCTP_PARAM_ADD_IP: 3017 case SCTP_PARAM_DEL_IP: 3018 case SCTP_PARAM_SET_PRIMARY: 3019 asconf_param = (sctp_addip_param_t *)param.v; 3020 plen = ntohs(asconf_param->param_hdr.length); 3021 if (plen < sizeof(sctp_addip_param_t) + 3022 sizeof(sctp_paramhdr_t)) 3023 return 0; 3024 break; 3025 case SCTP_PARAM_SUCCESS_REPORT: 3026 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3027 if (length != sizeof(sctp_addip_param_t)) 3028 return 0; 3029 3030 break; 3031 default: 3032 break; 3033 } 3034 3035 param.v += WORD_ROUND(length); 3036 } 3037 3038 if (param.v != chunk_end) 3039 return 0; 3040 3041 return 1; 3042} 3043 3044/* Process an incoming ASCONF chunk with the next expected serial no. and 3045 * return an ASCONF_ACK chunk to be sent in response. 3046 */ 3047struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3048 struct sctp_chunk *asconf) 3049{ 3050 sctp_addiphdr_t *hdr; 3051 union sctp_addr_param *addr_param; 3052 sctp_addip_param_t *asconf_param; 3053 struct sctp_chunk *asconf_ack; 3054 3055 __be16 err_code; 3056 int length = 0; 3057 int chunk_len; 3058 __u32 serial; 3059 int all_param_pass = 1; 3060 3061 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t); 3062 hdr = (sctp_addiphdr_t *)asconf->skb->data; 3063 serial = ntohl(hdr->serial); 3064 3065 /* Skip the addiphdr and store a pointer to address parameter. */ 3066 length = sizeof(sctp_addiphdr_t); 3067 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3068 chunk_len -= length; 3069 3070 /* Skip the address parameter and store a pointer to the first 3071 * asconf parameter. 3072 */ 3073 length = ntohs(addr_param->v4.param_hdr.length); 3074 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3075 chunk_len -= length; 3076 3077 /* create an ASCONF_ACK chunk. 3078 * Based on the definitions of parameters, we know that the size of 3079 * ASCONF_ACK parameters are less than or equal to the twice of ASCONF 3080 * parameters. 3081 */ 3082 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2); 3083 if (!asconf_ack) 3084 goto done; 3085 3086 /* Process the TLVs contained within the ASCONF chunk. */ 3087 while (chunk_len > 0) { 3088 err_code = sctp_process_asconf_param(asoc, asconf, 3089 asconf_param); 3090 /* ADDIP 4.1 A7) 3091 * If an error response is received for a TLV parameter, 3092 * all TLVs with no response before the failed TLV are 3093 * considered successful if not reported. All TLVs after 3094 * the failed response are considered unsuccessful unless 3095 * a specific success indication is present for the parameter. 3096 */ 3097 if (SCTP_ERROR_NO_ERROR != err_code) 3098 all_param_pass = 0; 3099 3100 if (!all_param_pass) 3101 sctp_add_asconf_response(asconf_ack, 3102 asconf_param->crr_id, err_code, 3103 asconf_param); 3104 3105 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3106 * an IP address sends an 'Out of Resource' in its response, it 3107 * MUST also fail any subsequent add or delete requests bundled 3108 * in the ASCONF. 3109 */ 3110 if (SCTP_ERROR_RSRC_LOW == err_code) 3111 goto done; 3112 3113 /* Move to the next ASCONF param. */ 3114 length = ntohs(asconf_param->param_hdr.length); 3115 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3116 length); 3117 chunk_len -= length; 3118 } 3119 3120done: 3121 asoc->peer.addip_serial++; 3122 3123 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3124 * after freeing the reference to old asconf ack if any. 3125 */ 3126 if (asconf_ack) { 3127 sctp_chunk_hold(asconf_ack); 3128 list_add_tail(&asconf_ack->transmitted_list, 3129 &asoc->asconf_ack_list); 3130 } 3131 3132 return asconf_ack; 3133} 3134 3135/* Process a asconf parameter that is successfully acked. */ 3136static void sctp_asconf_param_success(struct sctp_association *asoc, 3137 sctp_addip_param_t *asconf_param) 3138{ 3139 struct sctp_af *af; 3140 union sctp_addr addr; 3141 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3142 union sctp_addr_param *addr_param; 3143 struct sctp_transport *transport; 3144 struct sctp_sockaddr_entry *saddr; 3145 3146 addr_param = (union sctp_addr_param *) 3147 ((void *)asconf_param + sizeof(sctp_addip_param_t)); 3148 3149 /* We have checked the packet before, so we do not check again. */ 3150 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type)); 3151 af->from_addr_param(&addr, addr_param, htons(bp->port), 0); 3152 3153 switch (asconf_param->param_hdr.type) { 3154 case SCTP_PARAM_ADD_IP: 3155 /* This is always done in BH context with a socket lock 3156 * held, so the list can not change. 3157 */ 3158 local_bh_disable(); 3159 list_for_each_entry(saddr, &bp->address_list, list) { 3160 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3161 saddr->state = SCTP_ADDR_SRC; 3162 } 3163 local_bh_enable(); 3164 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3165 transports) { 3166 if (transport->state == SCTP_ACTIVE) 3167 continue; 3168 dst_release(transport->dst); 3169 sctp_transport_route(transport, NULL, 3170 sctp_sk(asoc->base.sk)); 3171 } 3172 break; 3173 case SCTP_PARAM_DEL_IP: 3174 local_bh_disable(); 3175 sctp_del_bind_addr(bp, &addr); 3176 local_bh_enable(); 3177 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3178 transports) { 3179 dst_release(transport->dst); 3180 sctp_transport_route(transport, NULL, 3181 sctp_sk(asoc->base.sk)); 3182 } 3183 break; 3184 default: 3185 break; 3186 } 3187} 3188 3189/* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3190 * for the given asconf parameter. If there is no response for this parameter, 3191 * return the error code based on the third argument 'no_err'. 3192 * ADDIP 4.1 3193 * A7) If an error response is received for a TLV parameter, all TLVs with no 3194 * response before the failed TLV are considered successful if not reported. 3195 * All TLVs after the failed response are considered unsuccessful unless a 3196 * specific success indication is present for the parameter. 3197 */ 3198static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3199 sctp_addip_param_t *asconf_param, 3200 int no_err) 3201{ 3202 sctp_addip_param_t *asconf_ack_param; 3203 sctp_errhdr_t *err_param; 3204 int length; 3205 int asconf_ack_len; 3206 __be16 err_code; 3207 3208 if (no_err) 3209 err_code = SCTP_ERROR_NO_ERROR; 3210 else 3211 err_code = SCTP_ERROR_REQ_REFUSED; 3212 3213 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3214 sizeof(sctp_chunkhdr_t); 3215 3216 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3217 * the first asconf_ack parameter. 3218 */ 3219 length = sizeof(sctp_addiphdr_t); 3220 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data + 3221 length); 3222 asconf_ack_len -= length; 3223 3224 while (asconf_ack_len > 0) { 3225 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3226 switch(asconf_ack_param->param_hdr.type) { 3227 case SCTP_PARAM_SUCCESS_REPORT: 3228 return SCTP_ERROR_NO_ERROR; 3229 case SCTP_PARAM_ERR_CAUSE: 3230 length = sizeof(sctp_addip_param_t); 3231 err_param = (sctp_errhdr_t *) 3232 ((void *)asconf_ack_param + length); 3233 asconf_ack_len -= length; 3234 if (asconf_ack_len > 0) 3235 return err_param->cause; 3236 else 3237 return SCTP_ERROR_INV_PARAM; 3238 break; 3239 default: 3240 return SCTP_ERROR_INV_PARAM; 3241 } 3242 } 3243 3244 length = ntohs(asconf_ack_param->param_hdr.length); 3245 asconf_ack_param = (sctp_addip_param_t *) 3246 ((void *)asconf_ack_param + length); 3247 asconf_ack_len -= length; 3248 } 3249 3250 return err_code; 3251} 3252 3253/* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3254int sctp_process_asconf_ack(struct sctp_association *asoc, 3255 struct sctp_chunk *asconf_ack) 3256{ 3257 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3258 union sctp_addr_param *addr_param; 3259 sctp_addip_param_t *asconf_param; 3260 int length = 0; 3261 int asconf_len = asconf->skb->len; 3262 int all_param_pass = 0; 3263 int no_err = 1; 3264 int retval = 0; 3265 __be16 err_code = SCTP_ERROR_NO_ERROR; 3266 3267 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3268 * a pointer to address parameter. 3269 */ 3270 length = sizeof(sctp_addip_chunk_t); 3271 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3272 asconf_len -= length; 3273 3274 /* Skip the address parameter in the last asconf sent and store a 3275 * pointer to the first asconf parameter. 3276 */ 3277 length = ntohs(addr_param->v4.param_hdr.length); 3278 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length); 3279 asconf_len -= length; 3280 3281 /* ADDIP 4.1 3282 * A8) If there is no response(s) to specific TLV parameter(s), and no 3283 * failures are indicated, then all request(s) are considered 3284 * successful. 3285 */ 3286 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t)) 3287 all_param_pass = 1; 3288 3289 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3290 while (asconf_len > 0) { 3291 if (all_param_pass) 3292 err_code = SCTP_ERROR_NO_ERROR; 3293 else { 3294 err_code = sctp_get_asconf_response(asconf_ack, 3295 asconf_param, 3296 no_err); 3297 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3298 no_err = 0; 3299 } 3300 3301 switch (err_code) { 3302 case SCTP_ERROR_NO_ERROR: 3303 sctp_asconf_param_success(asoc, asconf_param); 3304 break; 3305 3306 case SCTP_ERROR_RSRC_LOW: 3307 retval = 1; 3308 break; 3309 3310 case SCTP_ERROR_UNKNOWN_PARAM: 3311 /* Disable sending this type of asconf parameter in 3312 * future. 3313 */ 3314 asoc->peer.addip_disabled_mask |= 3315 asconf_param->param_hdr.type; 3316 break; 3317 3318 case SCTP_ERROR_REQ_REFUSED: 3319 case SCTP_ERROR_DEL_LAST_IP: 3320 case SCTP_ERROR_DEL_SRC_IP: 3321 default: 3322 break; 3323 } 3324 3325 /* Skip the processed asconf parameter and move to the next 3326 * one. 3327 */ 3328 length = ntohs(asconf_param->param_hdr.length); 3329 asconf_param = (sctp_addip_param_t *)((void *)asconf_param + 3330 length); 3331 asconf_len -= length; 3332 } 3333 3334 /* Free the cached last sent asconf chunk. */ 3335 list_del_init(&asconf->transmitted_list); 3336 sctp_chunk_free(asconf); 3337 asoc->addip_last_asconf = NULL; 3338 3339 return retval; 3340} 3341 3342/* Make a FWD TSN chunk. */ 3343struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3344 __u32 new_cum_tsn, size_t nstreams, 3345 struct sctp_fwdtsn_skip *skiplist) 3346{ 3347 struct sctp_chunk *retval = NULL; 3348 struct sctp_fwdtsn_chunk *ftsn_chunk; 3349 struct sctp_fwdtsn_hdr ftsn_hdr; 3350 struct sctp_fwdtsn_skip skip; 3351 size_t hint; 3352 int i; 3353 3354 hint = (nstreams + 1) * sizeof(__u32); 3355 3356 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint); 3357 3358 if (!retval) 3359 return NULL; 3360 3361 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr; 3362 3363 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3364 retval->subh.fwdtsn_hdr = 3365 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3366 3367 for (i = 0; i < nstreams; i++) { 3368 skip.stream = skiplist[i].stream; 3369 skip.ssn = skiplist[i].ssn; 3370 sctp_addto_chunk(retval, sizeof(skip), &skip); 3371 } 3372 3373 return retval; 3374} 3375