Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
sm_make_chunk.c
Go to the documentation of this file.
1 /* SCTP kernel implementation
2  * (C) Copyright IBM Corp. 2001, 2004
3  * Copyright (c) 1999-2000 Cisco, Inc.
4  * Copyright (c) 1999-2001 Motorola, Inc.
5  * Copyright (c) 2001-2002 Intel Corp.
6  *
7  * This file is part of the SCTP kernel implementation
8  *
9  * These functions work with the state functions in sctp_sm_statefuns.c
10  * to implement the state operations. These functions implement the
11  * steps which require modifying existing data structures.
12  *
13  * This SCTP implementation is free software;
14  * you can redistribute it and/or modify it under the terms of
15  * the GNU General Public License as published by
16  * the Free Software Foundation; either version 2, or (at your option)
17  * any later version.
18  *
19  * This SCTP implementation is distributed in the hope that it
20  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
21  * ************************
22  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
23  * See the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with GNU CC; see the file COPYING. If not, write to
27  * the Free Software Foundation, 59 Temple Place - Suite 330,
28  * Boston, MA 02111-1307, USA.
29  *
30  * Please send any bug reports or fixes you make to the
31  * email address(es):
32  * lksctp developers <[email protected]>
33  *
34  * Or submit a bug report through the following website:
35  * http://www.sf.net/projects/lksctp
36  *
37  * Written or modified by:
38  * La Monte H.P. Yarroll <[email protected]>
39  * Karl Knutson <[email protected]>
40  * C. Robin <[email protected]>
41  * Jon Grimm <[email protected]>
42  * Xingang Guo <[email protected]>
43  * Dajiang Zhang <[email protected]>
44  * Sridhar Samudrala <[email protected]>
45  * Daisy Chang <[email protected]>
46  * Ardelle Fan <[email protected]>
47  * Kevin Gao <[email protected]>
48  *
49  * Any bugs reported given to us we will try to fix... any fixes shared will
50  * be incorporated into the next SCTP release.
51  */
52 
53 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
54 
55 #include <linux/types.h>
56 #include <linux/kernel.h>
57 #include <linux/ip.h>
58 #include <linux/ipv6.h>
59 #include <linux/net.h>
60 #include <linux/inet.h>
61 #include <linux/scatterlist.h>
62 #include <linux/crypto.h>
63 #include <linux/slab.h>
64 #include <net/sock.h>
65 
66 #include <linux/skbuff.h>
67 #include <linux/random.h> /* for get_random_bytes */
68 #include <net/sctp/sctp.h>
69 #include <net/sctp/sm.h>
70 
72 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
73  __u8 type, __u8 flags, int paylen);
74 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
75  const struct sctp_association *asoc,
76  const struct sctp_chunk *init_chunk,
77  int *cookie_len,
78  const __u8 *raw_addrs, int addrs_len);
79 static int sctp_process_param(struct sctp_association *asoc,
80  union sctp_params param,
81  const union sctp_addr *peer_addr,
82  gfp_t gfp);
83 static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
84  const void *data);
85 
86 /* What was the inbound interface for this chunk? */
87 int sctp_chunk_iif(const struct sctp_chunk *chunk)
88 {
89  struct sctp_af *af;
90  int iif = 0;
91 
92  af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version));
93  if (af)
94  iif = af->skb_iif(chunk->skb);
95 
96  return iif;
97 }
98 
99 /* RFC 2960 3.3.2 Initiation (INIT) (1)
100  *
101  * Note 2: The ECN capable field is reserved for future use of
102  * Explicit Congestion Notification.
103  */
104 static const struct sctp_paramhdr ecap_param = {
106  cpu_to_be16(sizeof(struct sctp_paramhdr)),
107 };
108 static const struct sctp_paramhdr prsctp_param = {
110  cpu_to_be16(sizeof(struct sctp_paramhdr)),
111 };
112 
113 /* A helper to initialize an op error inside a
114  * provided chunk, as most cause codes will be embedded inside an
115  * abort chunk.
116  */
117 void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
118  size_t paylen)
119 {
121  __u16 len;
122 
123  /* Cause code constants are now defined in network order. */
124  err.cause = cause_code;
125  len = sizeof(sctp_errhdr_t) + paylen;
126  err.length = htons(len);
127  chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
128 }
129 
130 /* A helper to initialize an op error inside a
131  * provided chunk, as most cause codes will be embedded inside an
132  * abort chunk. Differs from sctp_init_cause in that it won't oops
133  * if there isn't enough space in the op error chunk
134  */
135 static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
136  size_t paylen)
137 {
139  __u16 len;
140 
141  /* Cause code constants are now defined in network order. */
142  err.cause = cause_code;
143  len = sizeof(sctp_errhdr_t) + paylen;
144  err.length = htons(len);
145 
146  if (skb_tailroom(chunk->skb) < len)
147  return -ENOSPC;
148  chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk,
149  sizeof(sctp_errhdr_t),
150  &err);
151  return 0;
152 }
153 /* 3.3.2 Initiation (INIT) (1)
154  *
155  * This chunk is used to initiate a SCTP association between two
156  * endpoints. The format of the INIT chunk is shown below:
157  *
158  * 0 1 2 3
159  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
160  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
161  * | Type = 1 | Chunk Flags | Chunk Length |
162  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
163  * | Initiate Tag |
164  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
165  * | Advertised Receiver Window Credit (a_rwnd) |
166  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
167  * | Number of Outbound Streams | Number of Inbound Streams |
168  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
169  * | Initial TSN |
170  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
171  * \ \
172  * / Optional/Variable-Length Parameters /
173  * \ \
174  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
175  *
176  *
177  * The INIT chunk contains the following parameters. Unless otherwise
178  * noted, each parameter MUST only be included once in the INIT chunk.
179  *
180  * Fixed Parameters Status
181  * ----------------------------------------------
182  * Initiate Tag Mandatory
183  * Advertised Receiver Window Credit Mandatory
184  * Number of Outbound Streams Mandatory
185  * Number of Inbound Streams Mandatory
186  * Initial TSN Mandatory
187  *
188  * Variable Parameters Status Type Value
189  * -------------------------------------------------------------
190  * IPv4 Address (Note 1) Optional 5
191  * IPv6 Address (Note 1) Optional 6
192  * Cookie Preservative Optional 9
193  * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000)
194  * Host Name Address (Note 3) Optional 11
195  * Supported Address Types (Note 4) Optional 12
196  */
198  const struct sctp_bind_addr *bp,
199  gfp_t gfp, int vparam_len)
200 {
201  struct net *net = sock_net(asoc->base.sk);
203  union sctp_params addrs;
204  size_t chunksize;
205  struct sctp_chunk *retval = NULL;
206  int num_types, addrs_len = 0;
207  struct sctp_sock *sp;
209  __be16 types[2];
211  sctp_supported_ext_param_t ext_param;
212  int num_ext = 0;
213  __u8 extensions[3];
214  sctp_paramhdr_t *auth_chunks = NULL,
215  *auth_hmacs = NULL;
216 
217  /* RFC 2960 3.3.2 Initiation (INIT) (1)
218  *
219  * Note 1: The INIT chunks can contain multiple addresses that
220  * can be IPv4 and/or IPv6 in any combination.
221  */
222  retval = NULL;
223 
224  /* Convert the provided bind address list to raw format. */
225  addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
226 
227  init.init_tag = htonl(asoc->c.my_vtag);
228  init.a_rwnd = htonl(asoc->rwnd);
229  init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
230  init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
231  init.initial_tsn = htonl(asoc->c.initial_tsn);
232 
233  /* How many address types are needed? */
234  sp = sctp_sk(asoc->base.sk);
235  num_types = sp->pf->supported_addrs(sp, types);
236 
237  chunksize = sizeof(init) + addrs_len;
238  chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types));
239  chunksize += sizeof(ecap_param);
240 
241  if (net->sctp.prsctp_enable)
242  chunksize += sizeof(prsctp_param);
243 
244  /* ADDIP: Section 4.2.7:
245  * An implementation supporting this extension [ADDIP] MUST list
246  * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and
247  * INIT-ACK parameters.
248  */
249  if (net->sctp.addip_enable) {
250  extensions[num_ext] = SCTP_CID_ASCONF;
251  extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
252  num_ext += 2;
253  }
254 
255  if (sp->adaptation_ind)
256  chunksize += sizeof(aiparam);
257 
258  chunksize += vparam_len;
259 
260  /* Account for AUTH related parameters */
261  if (net->sctp.auth_enable) {
262  /* Add random parameter length*/
263  chunksize += sizeof(asoc->c.auth_random);
264 
265  /* Add HMACS parameter length if any were defined */
266  auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
267  if (auth_hmacs->length)
268  chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
269  else
270  auth_hmacs = NULL;
271 
272  /* Add CHUNKS parameter length */
273  auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
274  if (auth_chunks->length)
275  chunksize += WORD_ROUND(ntohs(auth_chunks->length));
276  else
277  auth_chunks = NULL;
278 
279  extensions[num_ext] = SCTP_CID_AUTH;
280  num_ext += 1;
281  }
282 
283  /* If we have any extensions to report, account for that */
284  if (num_ext)
285  chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
286  num_ext);
287 
288  /* RFC 2960 3.3.2 Initiation (INIT) (1)
289  *
290  * Note 3: An INIT chunk MUST NOT contain more than one Host
291  * Name address parameter. Moreover, the sender of the INIT
292  * MUST NOT combine any other address types with the Host Name
293  * address in the INIT. The receiver of INIT MUST ignore any
294  * other address types if the Host Name address parameter is
295  * present in the received INIT chunk.
296  *
297  * PLEASE DO NOT FIXME [This version does not support Host Name.]
298  */
299 
300  retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize);
301  if (!retval)
302  goto nodata;
303 
304  retval->subh.init_hdr =
305  sctp_addto_chunk(retval, sizeof(init), &init);
306  retval->param_hdr.v =
307  sctp_addto_chunk(retval, addrs_len, addrs.v);
308 
309  /* RFC 2960 3.3.2 Initiation (INIT) (1)
310  *
311  * Note 4: This parameter, when present, specifies all the
312  * address types the sending endpoint can support. The absence
313  * of this parameter indicates that the sending endpoint can
314  * support any address type.
315  */
317  sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
318  sctp_addto_chunk(retval, sizeof(sat), &sat);
319  sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
320 
321  sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
322 
323  /* Add the supported extensions parameter. Be nice and add this
324  * fist before addiding the parameters for the extensions themselves
325  */
326  if (num_ext) {
327  ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
328  ext_param.param_hdr.length =
329  htons(sizeof(sctp_supported_ext_param_t) + num_ext);
331  &ext_param);
332  sctp_addto_param(retval, num_ext, extensions);
333  }
334 
335  if (net->sctp.prsctp_enable)
336  sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
337 
338  if (sp->adaptation_ind) {
340  aiparam.param_hdr.length = htons(sizeof(aiparam));
341  aiparam.adaptation_ind = htonl(sp->adaptation_ind);
342  sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
343  }
344 
345  /* Add SCTP-AUTH chunks to the parameter list */
346  if (net->sctp.auth_enable) {
347  sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
348  asoc->c.auth_random);
349  if (auth_hmacs)
350  sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
351  auth_hmacs);
352  if (auth_chunks)
353  sctp_addto_chunk(retval, ntohs(auth_chunks->length),
354  auth_chunks);
355  }
356 nodata:
357  kfree(addrs.v);
358  return retval;
359 }
360 
362  const struct sctp_chunk *chunk,
363  gfp_t gfp, int unkparam_len)
364 {
365  sctp_inithdr_t initack;
366  struct sctp_chunk *retval;
367  union sctp_params addrs;
368  struct sctp_sock *sp;
369  int addrs_len;
371  int cookie_len;
372  size_t chunksize;
374  sctp_supported_ext_param_t ext_param;
375  int num_ext = 0;
376  __u8 extensions[3];
377  sctp_paramhdr_t *auth_chunks = NULL,
378  *auth_hmacs = NULL,
379  *auth_random = NULL;
380 
381  retval = NULL;
382 
383  /* Note: there may be no addresses to embed. */
384  addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
385 
386  initack.init_tag = htonl(asoc->c.my_vtag);
387  initack.a_rwnd = htonl(asoc->rwnd);
388  initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
389  initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
390  initack.initial_tsn = htonl(asoc->c.initial_tsn);
391 
392  /* FIXME: We really ought to build the cookie right
393  * into the packet instead of allocating more fresh memory.
394  */
395  cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
396  addrs.v, addrs_len);
397  if (!cookie)
398  goto nomem_cookie;
399 
400  /* Calculate the total size of allocation, include the reserved
401  * space for reporting unknown parameters if it is specified.
402  */
403  sp = sctp_sk(asoc->base.sk);
404  chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
405 
406  /* Tell peer that we'll do ECN only if peer advertised such cap. */
407  if (asoc->peer.ecn_capable)
408  chunksize += sizeof(ecap_param);
409 
410  if (asoc->peer.prsctp_capable)
411  chunksize += sizeof(prsctp_param);
412 
413  if (asoc->peer.asconf_capable) {
414  extensions[num_ext] = SCTP_CID_ASCONF;
415  extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
416  num_ext += 2;
417  }
418 
419  if (sp->adaptation_ind)
420  chunksize += sizeof(aiparam);
421 
422  if (asoc->peer.auth_capable) {
423  auth_random = (sctp_paramhdr_t *)asoc->c.auth_random;
424  chunksize += ntohs(auth_random->length);
425 
426  auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
427  if (auth_hmacs->length)
428  chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
429  else
430  auth_hmacs = NULL;
431 
432  auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
433  if (auth_chunks->length)
434  chunksize += WORD_ROUND(ntohs(auth_chunks->length));
435  else
436  auth_chunks = NULL;
437 
438  extensions[num_ext] = SCTP_CID_AUTH;
439  num_ext += 1;
440  }
441 
442  if (num_ext)
443  chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
444  num_ext);
445 
446  /* Now allocate and fill out the chunk. */
447  retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
448  if (!retval)
449  goto nomem_chunk;
450 
451  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
452  *
453  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
454  * HEARTBEAT ACK, * etc.) to the same destination transport
455  * address from which it received the DATA or control chunk
456  * to which it is replying.
457  *
458  * [INIT ACK back to where the INIT came from.]
459  */
460  retval->transport = chunk->transport;
461 
462  retval->subh.init_hdr =
463  sctp_addto_chunk(retval, sizeof(initack), &initack);
464  retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
465  sctp_addto_chunk(retval, cookie_len, cookie);
466  if (asoc->peer.ecn_capable)
467  sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
468  if (num_ext) {
469  ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
470  ext_param.param_hdr.length =
471  htons(sizeof(sctp_supported_ext_param_t) + num_ext);
473  &ext_param);
474  sctp_addto_param(retval, num_ext, extensions);
475  }
476  if (asoc->peer.prsctp_capable)
477  sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
478 
479  if (sp->adaptation_ind) {
481  aiparam.param_hdr.length = htons(sizeof(aiparam));
482  aiparam.adaptation_ind = htonl(sp->adaptation_ind);
483  sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
484  }
485 
486  if (asoc->peer.auth_capable) {
487  sctp_addto_chunk(retval, ntohs(auth_random->length),
488  auth_random);
489  if (auth_hmacs)
490  sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
491  auth_hmacs);
492  if (auth_chunks)
493  sctp_addto_chunk(retval, ntohs(auth_chunks->length),
494  auth_chunks);
495  }
496 
497  /* We need to remove the const qualifier at this point. */
498  retval->asoc = (struct sctp_association *) asoc;
499 
500 nomem_chunk:
501  kfree(cookie);
502 nomem_cookie:
503  kfree(addrs.v);
504  return retval;
505 }
506 
507 /* 3.3.11 Cookie Echo (COOKIE ECHO) (10):
508  *
509  * This chunk is used only during the initialization of an association.
510  * It is sent by the initiator of an association to its peer to complete
511  * the initialization process. This chunk MUST precede any DATA chunk
512  * sent within the association, but MAY be bundled with one or more DATA
513  * chunks in the same packet.
514  *
515  * 0 1 2 3
516  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
517  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
518  * | Type = 10 |Chunk Flags | Length |
519  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
520  * / Cookie /
521  * \ \
522  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
523  *
524  * Chunk Flags: 8 bit
525  *
526  * Set to zero on transmit and ignored on receipt.
527  *
528  * Length: 16 bits (unsigned integer)
529  *
530  * Set to the size of the chunk in bytes, including the 4 bytes of
531  * the chunk header and the size of the Cookie.
532  *
533  * Cookie: variable size
534  *
535  * This field must contain the exact cookie received in the
536  * State Cookie parameter from the previous INIT ACK.
537  *
538  * An implementation SHOULD make the cookie as small as possible
539  * to insure interoperability.
540  */
542  const struct sctp_chunk *chunk)
543 {
544  struct sctp_chunk *retval;
545  void *cookie;
546  int cookie_len;
547 
548  cookie = asoc->peer.cookie;
549  cookie_len = asoc->peer.cookie_len;
550 
551  /* Build a cookie echo chunk. */
552  retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len);
553  if (!retval)
554  goto nodata;
555  retval->subh.cookie_hdr =
556  sctp_addto_chunk(retval, cookie_len, cookie);
557 
558  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
559  *
560  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
561  * HEARTBEAT ACK, * etc.) to the same destination transport
562  * address from which it * received the DATA or control chunk
563  * to which it is replying.
564  *
565  * [COOKIE ECHO back to where the INIT ACK came from.]
566  */
567  if (chunk)
568  retval->transport = chunk->transport;
569 
570 nodata:
571  return retval;
572 }
573 
574 /* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11):
575  *
576  * This chunk is used only during the initialization of an
577  * association. It is used to acknowledge the receipt of a COOKIE
578  * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent
579  * within the association, but MAY be bundled with one or more DATA
580  * chunks or SACK chunk in the same SCTP packet.
581  *
582  * 0 1 2 3
583  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
584  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
585  * | Type = 11 |Chunk Flags | Length = 4 |
586  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
587  *
588  * Chunk Flags: 8 bits
589  *
590  * Set to zero on transmit and ignored on receipt.
591  */
593  const struct sctp_chunk *chunk)
594 {
595  struct sctp_chunk *retval;
596 
597  retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0);
598 
599  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
600  *
601  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
602  * HEARTBEAT ACK, * etc.) to the same destination transport
603  * address from which it * received the DATA or control chunk
604  * to which it is replying.
605  *
606  * [COOKIE ACK back to where the COOKIE ECHO came from.]
607  */
608  if (retval && chunk)
609  retval->transport = chunk->transport;
610 
611  return retval;
612 }
613 
614 /*
615  * Appendix A: Explicit Congestion Notification:
616  * CWR:
617  *
618  * RFC 2481 details a specific bit for a sender to send in the header of
619  * its next outbound TCP segment to indicate to its peer that it has
620  * reduced its congestion window. This is termed the CWR bit. For
621  * SCTP the same indication is made by including the CWR chunk.
622  * This chunk contains one data element, i.e. the TSN number that
623  * was sent in the ECNE chunk. This element represents the lowest
624  * TSN number in the datagram that was originally marked with the
625  * CE bit.
626  *
627  * 0 1 2 3
628  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
629  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
630  * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 |
631  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
632  * | Lowest TSN Number |
633  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
634  *
635  * Note: The CWR is considered a Control chunk.
636  */
638  const __u32 lowest_tsn,
639  const struct sctp_chunk *chunk)
640 {
641  struct sctp_chunk *retval;
642  sctp_cwrhdr_t cwr;
643 
644  cwr.lowest_tsn = htonl(lowest_tsn);
645  retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0,
646  sizeof(sctp_cwrhdr_t));
647 
648  if (!retval)
649  goto nodata;
650 
651  retval->subh.ecn_cwr_hdr =
652  sctp_addto_chunk(retval, sizeof(cwr), &cwr);
653 
654  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
655  *
656  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
657  * HEARTBEAT ACK, * etc.) to the same destination transport
658  * address from which it * received the DATA or control chunk
659  * to which it is replying.
660  *
661  * [Report a reduced congestion window back to where the ECNE
662  * came from.]
663  */
664  if (chunk)
665  retval->transport = chunk->transport;
666 
667 nodata:
668  return retval;
669 }
670 
671 /* Make an ECNE chunk. This is a congestion experienced report. */
673  const __u32 lowest_tsn)
674 {
675  struct sctp_chunk *retval;
676  sctp_ecnehdr_t ecne;
677 
678  ecne.lowest_tsn = htonl(lowest_tsn);
679  retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0,
680  sizeof(sctp_ecnehdr_t));
681  if (!retval)
682  goto nodata;
683  retval->subh.ecne_hdr =
684  sctp_addto_chunk(retval, sizeof(ecne), &ecne);
685 
686 nodata:
687  return retval;
688 }
689 
690 /* Make a DATA chunk for the given association from the provided
691  * parameters. However, do not populate the data payload.
692  */
694  const struct sctp_sndrcvinfo *sinfo,
695  int data_len, __u8 flags, __u16 ssn)
696 {
697  struct sctp_chunk *retval;
698  struct sctp_datahdr dp;
699  int chunk_len;
700 
701  /* We assign the TSN as LATE as possible, not here when
702  * creating the chunk.
703  */
704  dp.tsn = 0;
705  dp.stream = htons(sinfo->sinfo_stream);
706  dp.ppid = sinfo->sinfo_ppid;
707 
708  /* Set the flags for an unordered send. */
709  if (sinfo->sinfo_flags & SCTP_UNORDERED) {
710  flags |= SCTP_DATA_UNORDERED;
711  dp.ssn = 0;
712  } else
713  dp.ssn = htons(ssn);
714 
715  chunk_len = sizeof(dp) + data_len;
716  retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len);
717  if (!retval)
718  goto nodata;
719 
720  retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
721  memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
722 
723 nodata:
724  return retval;
725 }
726 
727 /* Create a selective ackowledgement (SACK) for the given
728  * association. This reports on which TSN's we've seen to date,
729  * including duplicates and gaps.
730  */
732 {
733  struct sctp_chunk *retval;
734  struct sctp_sackhdr sack;
735  int len;
736  __u32 ctsn;
737  __u16 num_gabs, num_dup_tsns;
738  struct sctp_association *aptr = (struct sctp_association *)asoc;
739  struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
740  struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
741  struct sctp_transport *trans;
742 
743  memset(gabs, 0, sizeof(gabs));
744  ctsn = sctp_tsnmap_get_ctsn(map);
745  SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn);
746 
747  /* How much room is needed in the chunk? */
748  num_gabs = sctp_tsnmap_num_gabs(map, gabs);
749  num_dup_tsns = sctp_tsnmap_num_dups(map);
750 
751  /* Initialize the SACK header. */
752  sack.cum_tsn_ack = htonl(ctsn);
753  sack.a_rwnd = htonl(asoc->a_rwnd);
754  sack.num_gap_ack_blocks = htons(num_gabs);
755  sack.num_dup_tsns = htons(num_dup_tsns);
756 
757  len = sizeof(sack)
758  + sizeof(struct sctp_gap_ack_block) * num_gabs
759  + sizeof(__u32) * num_dup_tsns;
760 
761  /* Create the chunk. */
762  retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len);
763  if (!retval)
764  goto nodata;
765 
766  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
767  *
768  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
769  * HEARTBEAT ACK, etc.) to the same destination transport
770  * address from which it received the DATA or control chunk to
771  * which it is replying. This rule should also be followed if
772  * the endpoint is bundling DATA chunks together with the
773  * reply chunk.
774  *
775  * However, when acknowledging multiple DATA chunks received
776  * in packets from different source addresses in a single
777  * SACK, the SACK chunk may be transmitted to one of the
778  * destination transport addresses from which the DATA or
779  * control chunks being acknowledged were received.
780  *
781  * [BUG: We do not implement the following paragraph.
782  * Perhaps we should remember the last transport we used for a
783  * SACK and avoid that (if possible) if we have seen any
784  * duplicates. --piggy]
785  *
786  * When a receiver of a duplicate DATA chunk sends a SACK to a
787  * multi- homed endpoint it MAY be beneficial to vary the
788  * destination address and not use the source address of the
789  * DATA chunk. The reason being that receiving a duplicate
790  * from a multi-homed endpoint might indicate that the return
791  * path (as specified in the source address of the DATA chunk)
792  * for the SACK is broken.
793  *
794  * [Send to the address from which we last received a DATA chunk.]
795  */
796  retval->transport = asoc->peer.last_data_from;
797 
798  retval->subh.sack_hdr =
799  sctp_addto_chunk(retval, sizeof(sack), &sack);
800 
801  /* Add the gap ack block information. */
802  if (num_gabs)
803  sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
804  gabs);
805 
806  /* Add the duplicate TSN information. */
807  if (num_dup_tsns)
808  sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
809  sctp_tsnmap_get_dups(map));
810 
811  /* Once we have a sack generated, check to see what our sack
812  * generation is, if its 0, reset the transports to 0, and reset
813  * the association generation to 1
814  *
815  * The idea is that zero is never used as a valid generation for the
816  * association so no transport will match after a wrap event like this,
817  * Until the next sack
818  */
819  if (++aptr->peer.sack_generation == 0) {
820  list_for_each_entry(trans, &asoc->peer.transport_addr_list,
821  transports)
822  trans->sack_generation = 0;
823  aptr->peer.sack_generation = 1;
824  }
825 nodata:
826  return retval;
827 }
828 
829 /* Make a SHUTDOWN chunk. */
831  const struct sctp_chunk *chunk)
832 {
833  struct sctp_chunk *retval;
834  sctp_shutdownhdr_t shut;
835  __u32 ctsn;
836 
837  ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
838  shut.cum_tsn_ack = htonl(ctsn);
839 
840  retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0,
841  sizeof(sctp_shutdownhdr_t));
842  if (!retval)
843  goto nodata;
844 
845  retval->subh.shutdown_hdr =
846  sctp_addto_chunk(retval, sizeof(shut), &shut);
847 
848  if (chunk)
849  retval->transport = chunk->transport;
850 nodata:
851  return retval;
852 }
853 
855  const struct sctp_chunk *chunk)
856 {
857  struct sctp_chunk *retval;
858 
859  retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0);
860 
861  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
862  *
863  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
864  * HEARTBEAT ACK, * etc.) to the same destination transport
865  * address from which it * received the DATA or control chunk
866  * to which it is replying.
867  *
868  * [ACK back to where the SHUTDOWN came from.]
869  */
870  if (retval && chunk)
871  retval->transport = chunk->transport;
872 
873  return retval;
874 }
875 
877  const struct sctp_association *asoc,
878  const struct sctp_chunk *chunk)
879 {
880  struct sctp_chunk *retval;
881  __u8 flags = 0;
882 
883  /* Set the T-bit if we have no association (vtag will be
884  * reflected)
885  */
886  flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
887 
888  retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0);
889 
890  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
891  *
892  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
893  * HEARTBEAT ACK, * etc.) to the same destination transport
894  * address from which it * received the DATA or control chunk
895  * to which it is replying.
896  *
897  * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK
898  * came from.]
899  */
900  if (retval && chunk)
901  retval->transport = chunk->transport;
902 
903  return retval;
904 }
905 
906 /* Create an ABORT. Note that we set the T bit if we have no
907  * association, except when responding to an INIT (sctpimpguide 2.41).
908  */
910  const struct sctp_chunk *chunk,
911  const size_t hint)
912 {
913  struct sctp_chunk *retval;
914  __u8 flags = 0;
915 
916  /* Set the T-bit if we have no association and 'chunk' is not
917  * an INIT (vtag will be reflected).
918  */
919  if (!asoc) {
920  if (chunk && chunk->chunk_hdr &&
921  chunk->chunk_hdr->type == SCTP_CID_INIT)
922  flags = 0;
923  else
924  flags = SCTP_CHUNK_FLAG_T;
925  }
926 
927  retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint);
928 
929  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
930  *
931  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
932  * HEARTBEAT ACK, * etc.) to the same destination transport
933  * address from which it * received the DATA or control chunk
934  * to which it is replying.
935  *
936  * [ABORT back to where the offender came from.]
937  */
938  if (retval && chunk)
939  retval->transport = chunk->transport;
940 
941  return retval;
942 }
943 
944 /* Helper to create ABORT with a NO_USER_DATA error. */
946  const struct sctp_association *asoc,
947  const struct sctp_chunk *chunk, __u32 tsn)
948 {
949  struct sctp_chunk *retval;
950  __be32 payload;
951 
952  retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
953  + sizeof(tsn));
954 
955  if (!retval)
956  goto no_mem;
957 
958  /* Put the tsn back into network byte order. */
959  payload = htonl(tsn);
960  sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
961  sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
962 
963  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
964  *
965  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
966  * HEARTBEAT ACK, * etc.) to the same destination transport
967  * address from which it * received the DATA or control chunk
968  * to which it is replying.
969  *
970  * [ABORT back to where the offender came from.]
971  */
972  if (chunk)
973  retval->transport = chunk->transport;
974 
975 no_mem:
976  return retval;
977 }
978 
979 /* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */
981  const struct msghdr *msg,
982  size_t paylen)
983 {
984  struct sctp_chunk *retval;
985  void *payload = NULL;
986  int err;
987 
988  retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen);
989  if (!retval)
990  goto err_chunk;
991 
992  if (paylen) {
993  /* Put the msg_iov together into payload. */
994  payload = kmalloc(paylen, GFP_KERNEL);
995  if (!payload)
996  goto err_payload;
997 
998  err = memcpy_fromiovec(payload, msg->msg_iov, paylen);
999  if (err < 0)
1000  goto err_copy;
1001  }
1002 
1003  sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
1004  sctp_addto_chunk(retval, paylen, payload);
1005 
1006  if (paylen)
1007  kfree(payload);
1008 
1009  return retval;
1010 
1011 err_copy:
1012  kfree(payload);
1013 err_payload:
1014  sctp_chunk_free(retval);
1015  retval = NULL;
1016 err_chunk:
1017  return retval;
1018 }
1019 
1020 /* Append bytes to the end of a parameter. Will panic if chunk is not big
1021  * enough.
1022  */
1023 static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1024  const void *data)
1025 {
1026  void *target;
1027  int chunklen = ntohs(chunk->chunk_hdr->length);
1028 
1029  target = skb_put(chunk->skb, len);
1030 
1031  if (data)
1032  memcpy(target, data, len);
1033  else
1034  memset(target, 0, len);
1035 
1036  /* Adjust the chunk length field. */
1037  chunk->chunk_hdr->length = htons(chunklen + len);
1038  chunk->chunk_end = skb_tail_pointer(chunk->skb);
1039 
1040  return target;
1041 }
1042 
1043 /* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */
1045  const struct sctp_association *asoc,
1046  const struct sctp_chunk *chunk,
1047  const __u8 *payload,
1048  const size_t paylen)
1049 {
1050  struct sctp_chunk *retval;
1051  struct sctp_paramhdr phdr;
1052 
1053  retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen
1054  + sizeof(sctp_paramhdr_t));
1055  if (!retval)
1056  goto end;
1057 
1059  + sizeof(sctp_paramhdr_t));
1060 
1061  phdr.type = htons(chunk->chunk_hdr->type);
1062  phdr.length = chunk->chunk_hdr->length;
1063  sctp_addto_chunk(retval, paylen, payload);
1064  sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr);
1065 
1066 end:
1067  return retval;
1068 }
1069 
1071  const struct sctp_association *asoc,
1072  const struct sctp_chunk *chunk,
1073  struct sctp_paramhdr *param)
1074 {
1075  struct sctp_chunk *retval;
1076  static const char error[] = "The following parameter had invalid length:";
1077  size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
1078  sizeof(sctp_paramhdr_t);
1079 
1080  retval = sctp_make_abort(asoc, chunk, payload_len);
1081  if (!retval)
1082  goto nodata;
1083 
1085  sizeof(error) + sizeof(sctp_paramhdr_t));
1086  sctp_addto_chunk(retval, sizeof(error), error);
1087  sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param);
1088 
1089 nodata:
1090  return retval;
1091 }
1092 
1093 /* Make a HEARTBEAT chunk. */
1095  const struct sctp_transport *transport)
1096 {
1097  struct sctp_chunk *retval;
1098  sctp_sender_hb_info_t hbinfo;
1099 
1100  retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo));
1101 
1102  if (!retval)
1103  goto nodata;
1104 
1105  hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
1106  hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
1107  hbinfo.daddr = transport->ipaddr;
1108  hbinfo.sent_at = jiffies;
1109  hbinfo.hb_nonce = transport->hb_nonce;
1110 
1111  /* Cast away the 'const', as this is just telling the chunk
1112  * what transport it belongs to.
1113  */
1114  retval->transport = (struct sctp_transport *) transport;
1115  retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
1116  &hbinfo);
1117 
1118 nodata:
1119  return retval;
1120 }
1121 
1123  const struct sctp_chunk *chunk,
1124  const void *payload, const size_t paylen)
1125 {
1126  struct sctp_chunk *retval;
1127 
1128  retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen);
1129  if (!retval)
1130  goto nodata;
1131 
1132  retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1133 
1134  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
1135  *
1136  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
1137  * HEARTBEAT ACK, * etc.) to the same destination transport
1138  * address from which it * received the DATA or control chunk
1139  * to which it is replying.
1140  *
1141  * [HBACK back to where the HEARTBEAT came from.]
1142  */
1143  if (chunk)
1144  retval->transport = chunk->transport;
1145 
1146 nodata:
1147  return retval;
1148 }
1149 
1150 /* Create an Operation Error chunk with the specified space reserved.
1151  * This routine can be used for containing multiple causes in the chunk.
1152  */
1153 static struct sctp_chunk *sctp_make_op_error_space(
1154  const struct sctp_association *asoc,
1155  const struct sctp_chunk *chunk,
1156  size_t size)
1157 {
1158  struct sctp_chunk *retval;
1159 
1160  retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0,
1161  sizeof(sctp_errhdr_t) + size);
1162  if (!retval)
1163  goto nodata;
1164 
1165  /* RFC 2960 6.4 Multi-homed SCTP Endpoints
1166  *
1167  * An endpoint SHOULD transmit reply chunks (e.g., SACK,
1168  * HEARTBEAT ACK, etc.) to the same destination transport
1169  * address from which it received the DATA or control chunk
1170  * to which it is replying.
1171  *
1172  */
1173  if (chunk)
1174  retval->transport = chunk->transport;
1175 
1176 nodata:
1177  return retval;
1178 }
1179 
1180 /* Create an Operation Error chunk of a fixed size,
1181  * specifically, max(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT)
1182  * This is a helper function to allocate an error chunk for
1183  * for those invalid parameter codes in which we may not want
1184  * to report all the errors, if the incomming chunk is large
1185  */
1186 static inline struct sctp_chunk *sctp_make_op_error_fixed(
1187  const struct sctp_association *asoc,
1188  const struct sctp_chunk *chunk)
1189 {
1190  size_t size = asoc ? asoc->pathmtu : 0;
1191 
1192  if (!size)
1193  size = SCTP_DEFAULT_MAXSEGMENT;
1194 
1195  return sctp_make_op_error_space(asoc, chunk, size);
1196 }
1197 
1198 /* Create an Operation Error chunk. */
1200  const struct sctp_chunk *chunk,
1201  __be16 cause_code, const void *payload,
1202  size_t paylen, size_t reserve_tail)
1203 {
1204  struct sctp_chunk *retval;
1205 
1206  retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1207  if (!retval)
1208  goto nodata;
1209 
1210  sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1211  sctp_addto_chunk(retval, paylen, payload);
1212  if (reserve_tail)
1213  sctp_addto_param(retval, reserve_tail, NULL);
1214 
1215 nodata:
1216  return retval;
1217 }
1218 
1219 struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1220 {
1221  struct sctp_chunk *retval;
1222  struct sctp_hmac *hmac_desc;
1223  struct sctp_authhdr auth_hdr;
1224  __u8 *hmac;
1225 
1226  /* Get the first hmac that the peer told us to use */
1227  hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1228  if (unlikely(!hmac_desc))
1229  return NULL;
1230 
1231  retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
1232  hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
1233  if (!retval)
1234  return NULL;
1235 
1236  auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1237  auth_hdr.shkey_id = htons(asoc->active_key_id);
1238 
1239  retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1240  &auth_hdr);
1241 
1242  hmac = skb_put(retval->skb, hmac_desc->hmac_len);
1243  memset(hmac, 0, hmac_desc->hmac_len);
1244 
1245  /* Adjust the chunk header to include the empty MAC */
1246  retval->chunk_hdr->length =
1247  htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1248  retval->chunk_end = skb_tail_pointer(retval->skb);
1249 
1250  return retval;
1251 }
1252 
1253 
1254 /********************************************************************
1255  * 2nd Level Abstractions
1256  ********************************************************************/
1257 
1258 /* Turn an skb into a chunk.
1259  * FIXME: Eventually move the structure directly inside the skb->cb[].
1260  */
1262  const struct sctp_association *asoc,
1263  struct sock *sk)
1264 {
1265  struct sctp_chunk *retval;
1266 
1267  retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC);
1268 
1269  if (!retval)
1270  goto nodata;
1271 
1272  if (!sk) {
1273  SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb);
1274  }
1275 
1276  INIT_LIST_HEAD(&retval->list);
1277  retval->skb = skb;
1278  retval->asoc = (struct sctp_association *)asoc;
1279  retval->has_tsn = 0;
1280  retval->has_ssn = 0;
1281  retval->rtt_in_progress = 0;
1282  retval->sent_at = 0;
1283  retval->singleton = 1;
1284  retval->end_of_packet = 0;
1285  retval->ecn_ce_done = 0;
1286  retval->pdiscard = 0;
1287 
1288  /* sctpimpguide-05.txt Section 2.8.2
1289  * M1) Each time a new DATA chunk is transmitted
1290  * set the 'TSN.Missing.Report' count for that TSN to 0. The
1291  * 'TSN.Missing.Report' count will be used to determine missing chunks
1292  * and when to fast retransmit.
1293  */
1294  retval->tsn_missing_report = 0;
1295  retval->tsn_gap_acked = 0;
1296  retval->fast_retransmit = SCTP_CAN_FRTX;
1297 
1298  /* If this is a fragmented message, track all fragments
1299  * of the message (for SEND_FAILED).
1300  */
1301  retval->msg = NULL;
1302 
1303  /* Polish the bead hole. */
1304  INIT_LIST_HEAD(&retval->transmitted_list);
1305  INIT_LIST_HEAD(&retval->frag_list);
1306  SCTP_DBG_OBJCNT_INC(chunk);
1307  atomic_set(&retval->refcnt, 1);
1308 
1309 nodata:
1310  return retval;
1311 }
1312 
1313 /* Set chunk->source and dest based on the IP header in chunk->skb. */
1314 void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1315  union sctp_addr *dest)
1316 {
1317  memcpy(&chunk->source, src, sizeof(union sctp_addr));
1318  memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1319 }
1320 
1321 /* Extract the source address from a chunk. */
1322 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1323 {
1324  /* If we have a known transport, use that. */
1325  if (chunk->transport) {
1326  return &chunk->transport->ipaddr;
1327  } else {
1328  /* Otherwise, extract it from the IP header. */
1329  return &chunk->source;
1330  }
1331 }
1332 
1333 /* Create a new chunk, setting the type and flags headers from the
1334  * arguments, reserving enough space for a 'paylen' byte payload.
1335  */
1337 struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1338  __u8 type, __u8 flags, int paylen)
1339 {
1340  struct sctp_chunk *retval;
1342  struct sk_buff *skb;
1343  struct sock *sk;
1344 
1345  /* No need to allocate LL here, as this is only a chunk. */
1346  skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen),
1347  GFP_ATOMIC);
1348  if (!skb)
1349  goto nodata;
1350 
1351  /* Make room for the chunk header. */
1352  chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t));
1353  chunk_hdr->type = type;
1354  chunk_hdr->flags = flags;
1355  chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t));
1356 
1357  sk = asoc ? asoc->base.sk : NULL;
1358  retval = sctp_chunkify(skb, asoc, sk);
1359  if (!retval) {
1360  kfree_skb(skb);
1361  goto nodata;
1362  }
1363 
1364  retval->chunk_hdr = chunk_hdr;
1365  retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1366 
1367  /* Determine if the chunk needs to be authenticated */
1368  if (sctp_auth_send_cid(type, asoc))
1369  retval->auth = 1;
1370 
1371  /* Set the skb to the belonging sock for accounting. */
1372  skb->sk = sk;
1373 
1374  return retval;
1375 nodata:
1376  return NULL;
1377 }
1378 
1379 
1380 /* Release the memory occupied by a chunk. */
1381 static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1382 {
1383  BUG_ON(!list_empty(&chunk->list));
1384  list_del_init(&chunk->transmitted_list);
1385 
1386  /* Free the chunk skb data and the SCTP_chunk stub itself. */
1387  dev_kfree_skb(chunk->skb);
1388 
1389  SCTP_DBG_OBJCNT_DEC(chunk);
1390  kmem_cache_free(sctp_chunk_cachep, chunk);
1391 }
1392 
1393 /* Possibly, free the chunk. */
1394 void sctp_chunk_free(struct sctp_chunk *chunk)
1395 {
1396  /* Release our reference on the message tracker. */
1397  if (chunk->msg)
1398  sctp_datamsg_put(chunk->msg);
1399 
1400  sctp_chunk_put(chunk);
1401 }
1402 
1403 /* Grab a reference to the chunk. */
1404 void sctp_chunk_hold(struct sctp_chunk *ch)
1405 {
1406  atomic_inc(&ch->refcnt);
1407 }
1408 
1409 /* Release a reference to the chunk. */
1410 void sctp_chunk_put(struct sctp_chunk *ch)
1411 {
1412  if (atomic_dec_and_test(&ch->refcnt))
1413  sctp_chunk_destroy(ch);
1414 }
1415 
1416 /* Append bytes to the end of a chunk. Will panic if chunk is not big
1417  * enough.
1418  */
1419 void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1420 {
1421  void *target;
1422  void *padding;
1423  int chunklen = ntohs(chunk->chunk_hdr->length);
1424  int padlen = WORD_ROUND(chunklen) - chunklen;
1425 
1426  padding = skb_put(chunk->skb, padlen);
1427  target = skb_put(chunk->skb, len);
1428 
1429  memset(padding, 0, padlen);
1430  memcpy(target, data, len);
1431 
1432  /* Adjust the chunk length field. */
1433  chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1434  chunk->chunk_end = skb_tail_pointer(chunk->skb);
1435 
1436  return target;
1437 }
1438 
1439 /* Append bytes to the end of a chunk. Returns NULL if there isn't sufficient
1440  * space in the chunk
1441  */
1443  int len, const void *data)
1444 {
1445  if (skb_tailroom(chunk->skb) >= len)
1446  return sctp_addto_chunk(chunk, len, data);
1447  else
1448  return NULL;
1449 }
1450 
1451 /* Append bytes from user space to the end of a chunk. Will panic if
1452  * chunk is not big enough.
1453  * Returns a kernel err value.
1454  */
1455 int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len,
1456  struct iovec *data)
1457 {
1458  __u8 *target;
1459  int err = 0;
1460 
1461  /* Make room in chunk for data. */
1462  target = skb_put(chunk->skb, len);
1463 
1464  /* Copy data (whole iovec) into chunk */
1465  if ((err = memcpy_fromiovecend(target, data, off, len)))
1466  goto out;
1467 
1468  /* Adjust the chunk length field. */
1469  chunk->chunk_hdr->length =
1470  htons(ntohs(chunk->chunk_hdr->length) + len);
1471  chunk->chunk_end = skb_tail_pointer(chunk->skb);
1472 
1473 out:
1474  return err;
1475 }
1476 
1477 /* Helper function to assign a TSN if needed. This assumes that both
1478  * the data_hdr and association have already been assigned.
1479  */
1481 {
1482  struct sctp_datamsg *msg;
1483  struct sctp_chunk *lchunk;
1484  struct sctp_stream *stream;
1485  __u16 ssn;
1486  __u16 sid;
1487 
1488  if (chunk->has_ssn)
1489  return;
1490 
1491  /* All fragments will be on the same stream */
1492  sid = ntohs(chunk->subh.data_hdr->stream);
1493  stream = &chunk->asoc->ssnmap->out;
1494 
1495  /* Now assign the sequence number to the entire message.
1496  * All fragments must have the same stream sequence number.
1497  */
1498  msg = chunk->msg;
1499  list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1500  if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1501  ssn = 0;
1502  } else {
1503  if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1504  ssn = sctp_ssn_next(stream, sid);
1505  else
1506  ssn = sctp_ssn_peek(stream, sid);
1507  }
1508 
1509  lchunk->subh.data_hdr->ssn = htons(ssn);
1510  lchunk->has_ssn = 1;
1511  }
1512 }
1513 
1514 /* Helper function to assign a TSN if needed. This assumes that both
1515  * the data_hdr and association have already been assigned.
1516  */
1518 {
1519  if (!chunk->has_tsn) {
1520  /* This is the last possible instant to
1521  * assign a TSN.
1522  */
1523  chunk->subh.data_hdr->tsn =
1525  chunk->has_tsn = 1;
1526  }
1527 }
1528 
1529 /* Create a CLOSED association to use with an incoming packet. */
1531  struct sctp_chunk *chunk,
1532  gfp_t gfp)
1533 {
1534  struct sctp_association *asoc;
1535  struct sk_buff *skb;
1537  struct sctp_af *af;
1538 
1539  /* Create the bare association. */
1540  scope = sctp_scope(sctp_source(chunk));
1541  asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1542  if (!asoc)
1543  goto nodata;
1544  asoc->temp = 1;
1545  skb = chunk->skb;
1546  /* Create an entry for the source address of the packet. */
1547  af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version));
1548  if (unlikely(!af))
1549  goto fail;
1550  af->from_skb(&asoc->c.peer_addr, skb, 1);
1551 nodata:
1552  return asoc;
1553 
1554 fail:
1555  sctp_association_free(asoc);
1556  return NULL;
1557 }
1558 
1559 /* Build a cookie representing asoc.
1560  * This INCLUDES the param header needed to put the cookie in the INIT ACK.
1561  */
1562 static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1563  const struct sctp_association *asoc,
1564  const struct sctp_chunk *init_chunk,
1565  int *cookie_len,
1566  const __u8 *raw_addrs, int addrs_len)
1567 {
1569  struct sctp_signed_cookie *cookie;
1570  struct scatterlist sg;
1571  int headersize, bodysize;
1572  unsigned int keylen;
1573  char *key;
1574 
1575  /* Header size is static data prior to the actual cookie, including
1576  * any padding.
1577  */
1578  headersize = sizeof(sctp_paramhdr_t) +
1579  (sizeof(struct sctp_signed_cookie) -
1580  sizeof(struct sctp_cookie));
1581  bodysize = sizeof(struct sctp_cookie)
1582  + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1583 
1584  /* Pad out the cookie to a multiple to make the signature
1585  * functions simpler to write.
1586  */
1587  if (bodysize % SCTP_COOKIE_MULTIPLE)
1588  bodysize += SCTP_COOKIE_MULTIPLE
1589  - (bodysize % SCTP_COOKIE_MULTIPLE);
1590  *cookie_len = headersize + bodysize;
1591 
1592  /* Clear this memory since we are sending this data structure
1593  * out on the network.
1594  */
1595  retval = kzalloc(*cookie_len, GFP_ATOMIC);
1596  if (!retval)
1597  goto nodata;
1598 
1599  cookie = (struct sctp_signed_cookie *) retval->body;
1600 
1601  /* Set up the parameter header. */
1602  retval->p.type = SCTP_PARAM_STATE_COOKIE;
1603  retval->p.length = htons(*cookie_len);
1604 
1605  /* Copy the cookie part of the association itself. */
1606  cookie->c = asoc->c;
1607  /* Save the raw address list length in the cookie. */
1608  cookie->c.raw_addr_list_len = addrs_len;
1609 
1610  /* Remember PR-SCTP capability. */
1611  cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1612 
1613  /* Save adaptation indication in the cookie. */
1614  cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1615 
1616  /* Set an expiration time for the cookie. */
1617  do_gettimeofday(&cookie->c.expiration);
1618  TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration);
1619 
1620  /* Copy the peer's init packet. */
1621  memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1622  ntohs(init_chunk->chunk_hdr->length));
1623 
1624  /* Copy the raw local address list of the association. */
1625  memcpy((__u8 *)&cookie->c.peer_init[0] +
1626  ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1627 
1628  if (sctp_sk(ep->base.sk)->hmac) {
1629  struct hash_desc desc;
1630 
1631  /* Sign the message. */
1632  sg_init_one(&sg, &cookie->c, bodysize);
1633  keylen = SCTP_SECRET_SIZE;
1634  key = (char *)ep->secret_key[ep->current_key];
1635  desc.tfm = sctp_sk(ep->base.sk)->hmac;
1636  desc.flags = 0;
1637 
1638  if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1639  crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
1640  goto free_cookie;
1641  }
1642 
1643  return retval;
1644 
1645 free_cookie:
1646  kfree(retval);
1647 nodata:
1648  *cookie_len = 0;
1649  return NULL;
1650 }
1651 
1652 /* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */
1654  const struct sctp_endpoint *ep,
1655  const struct sctp_association *asoc,
1656  struct sctp_chunk *chunk, gfp_t gfp,
1657  int *error, struct sctp_chunk **errp)
1658 {
1659  struct sctp_association *retval = NULL;
1660  struct sctp_signed_cookie *cookie;
1661  struct sctp_cookie *bear_cookie;
1662  int headersize, bodysize, fixed_size;
1663  __u8 *digest = ep->digest;
1664  struct scatterlist sg;
1665  unsigned int keylen, len;
1666  char *key;
1668  struct sk_buff *skb = chunk->skb;
1669  struct timeval tv;
1670  struct hash_desc desc;
1671 
1672  /* Header size is static data prior to the actual cookie, including
1673  * any padding.
1674  */
1675  headersize = sizeof(sctp_chunkhdr_t) +
1676  (sizeof(struct sctp_signed_cookie) -
1677  sizeof(struct sctp_cookie));
1678  bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1679  fixed_size = headersize + sizeof(struct sctp_cookie);
1680 
1681  /* Verify that the chunk looks like it even has a cookie.
1682  * There must be enough room for our cookie and our peer's
1683  * INIT chunk.
1684  */
1685  len = ntohs(chunk->chunk_hdr->length);
1686  if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1687  goto malformed;
1688 
1689  /* Verify that the cookie has been padded out. */
1690  if (bodysize % SCTP_COOKIE_MULTIPLE)
1691  goto malformed;
1692 
1693  /* Process the cookie. */
1694  cookie = chunk->subh.cookie_hdr;
1695  bear_cookie = &cookie->c;
1696 
1697  if (!sctp_sk(ep->base.sk)->hmac)
1698  goto no_hmac;
1699 
1700  /* Check the signature. */
1701  keylen = SCTP_SECRET_SIZE;
1702  sg_init_one(&sg, bear_cookie, bodysize);
1703  key = (char *)ep->secret_key[ep->current_key];
1704  desc.tfm = sctp_sk(ep->base.sk)->hmac;
1705  desc.flags = 0;
1706 
1707  memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1708  if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1709  crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1710  *error = -SCTP_IERROR_NOMEM;
1711  goto fail;
1712  }
1713 
1714  if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1715  /* Try the previous key. */
1716  key = (char *)ep->secret_key[ep->last_key];
1717  memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1718  if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1719  crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1720  *error = -SCTP_IERROR_NOMEM;
1721  goto fail;
1722  }
1723 
1724  if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1725  /* Yikes! Still bad signature! */
1726  *error = -SCTP_IERROR_BAD_SIG;
1727  goto fail;
1728  }
1729  }
1730 
1731 no_hmac:
1732  /* IG Section 2.35.2:
1733  * 3) Compare the port numbers and the verification tag contained
1734  * within the COOKIE ECHO chunk to the actual port numbers and the
1735  * verification tag within the SCTP common header of the received
1736  * packet. If these values do not match the packet MUST be silently
1737  * discarded,
1738  */
1739  if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1740  *error = -SCTP_IERROR_BAD_TAG;
1741  goto fail;
1742  }
1743 
1744  if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1745  ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1746  *error = -SCTP_IERROR_BAD_PORTS;
1747  goto fail;
1748  }
1749 
1750  /* Check to see if the cookie is stale. If there is already
1751  * an association, there is no need to check cookie's expiration
1752  * for init collision case of lost COOKIE ACK.
1753  * If skb has been timestamped, then use the stamp, otherwise
1754  * use current time. This introduces a small possibility that
1755  * that a cookie may be considered expired, but his would only slow
1756  * down the new association establishment instead of every packet.
1757  */
1758  if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1759  skb_get_timestamp(skb, &tv);
1760  else
1761  do_gettimeofday(&tv);
1762 
1763  if (!asoc && tv_lt(bear_cookie->expiration, tv)) {
1764  /*
1765  * Section 3.3.10.3 Stale Cookie Error (3)
1766  *
1767  * Cause of error
1768  * ---------------
1769  * Stale Cookie Error: Indicates the receipt of a valid State
1770  * Cookie that has expired.
1771  */
1772  len = ntohs(chunk->chunk_hdr->length);
1773  *errp = sctp_make_op_error_space(asoc, chunk, len);
1774  if (*errp) {
1775  suseconds_t usecs = (tv.tv_sec -
1776  bear_cookie->expiration.tv_sec) * 1000000L +
1777  tv.tv_usec - bear_cookie->expiration.tv_usec;
1778  __be32 n = htonl(usecs);
1779 
1781  sizeof(n));
1782  sctp_addto_chunk(*errp, sizeof(n), &n);
1783  *error = -SCTP_IERROR_STALE_COOKIE;
1784  } else
1785  *error = -SCTP_IERROR_NOMEM;
1786 
1787  goto fail;
1788  }
1789 
1790  /* Make a new base association. */
1791  scope = sctp_scope(sctp_source(chunk));
1792  retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1793  if (!retval) {
1794  *error = -SCTP_IERROR_NOMEM;
1795  goto fail;
1796  }
1797 
1798  /* Set up our peer's port number. */
1799  retval->peer.port = ntohs(chunk->sctp_hdr->source);
1800 
1801  /* Populate the association from the cookie. */
1802  memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1803 
1804  if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1805  GFP_ATOMIC) < 0) {
1806  *error = -SCTP_IERROR_NOMEM;
1807  goto fail;
1808  }
1809 
1810  /* Also, add the destination address. */
1811  if (list_empty(&retval->base.bind_addr.address_list)) {
1812  sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1814  }
1815 
1816  retval->next_tsn = retval->c.initial_tsn;
1817  retval->ctsn_ack_point = retval->next_tsn - 1;
1818  retval->addip_serial = retval->c.initial_tsn;
1819  retval->adv_peer_ack_point = retval->ctsn_ack_point;
1820  retval->peer.prsctp_capable = retval->c.prsctp_capable;
1821  retval->peer.adaptation_ind = retval->c.adaptation_ind;
1822 
1823  /* The INIT stuff will be done by the side effects. */
1824  return retval;
1825 
1826 fail:
1827  if (retval)
1828  sctp_association_free(retval);
1829 
1830  return NULL;
1831 
1832 malformed:
1833  /* Yikes! The packet is either corrupt or deliberately
1834  * malformed.
1835  */
1836  *error = -SCTP_IERROR_MALFORMED;
1837  goto fail;
1838 }
1839 
1840 /********************************************************************
1841  * 3rd Level Abstractions
1842  ********************************************************************/
1843 
1847 } __packed;
1848 
1849 /*
1850  * Report a missing mandatory parameter.
1851  */
1852 static int sctp_process_missing_param(const struct sctp_association *asoc,
1853  sctp_param_t paramtype,
1854  struct sctp_chunk *chunk,
1855  struct sctp_chunk **errp)
1856 {
1857  struct __sctp_missing report;
1858  __u16 len;
1859 
1860  len = WORD_ROUND(sizeof(report));
1861 
1862  /* Make an ERROR chunk, preparing enough room for
1863  * returning multiple unknown parameters.
1864  */
1865  if (!*errp)
1866  *errp = sctp_make_op_error_space(asoc, chunk, len);
1867 
1868  if (*errp) {
1869  report.num_missing = htonl(1);
1870  report.type = paramtype;
1872  sizeof(report));
1873  sctp_addto_chunk(*errp, sizeof(report), &report);
1874  }
1875 
1876  /* Stop processing this chunk. */
1877  return 0;
1878 }
1879 
1880 /* Report an Invalid Mandatory Parameter. */
1881 static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1882  struct sctp_chunk *chunk,
1883  struct sctp_chunk **errp)
1884 {
1885  /* Invalid Mandatory Parameter Error has no payload. */
1886 
1887  if (!*errp)
1888  *errp = sctp_make_op_error_space(asoc, chunk, 0);
1889 
1890  if (*errp)
1892 
1893  /* Stop processing this chunk. */
1894  return 0;
1895 }
1896 
1897 static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1898  struct sctp_paramhdr *param,
1899  const struct sctp_chunk *chunk,
1900  struct sctp_chunk **errp)
1901 {
1902  /* This is a fatal error. Any accumulated non-fatal errors are
1903  * not reported.
1904  */
1905  if (*errp)
1906  sctp_chunk_free(*errp);
1907 
1908  /* Create an error chunk and fill it in with our payload. */
1909  *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1910 
1911  return 0;
1912 }
1913 
1914 
1915 /* Do not attempt to handle the HOST_NAME parm. However, do
1916  * send back an indicator to the peer.
1917  */
1918 static int sctp_process_hn_param(const struct sctp_association *asoc,
1919  union sctp_params param,
1920  struct sctp_chunk *chunk,
1921  struct sctp_chunk **errp)
1922 {
1923  __u16 len = ntohs(param.p->length);
1924 
1925  /* Processing of the HOST_NAME parameter will generate an
1926  * ABORT. If we've accumulated any non-fatal errors, they
1927  * would be unrecognized parameters and we should not include
1928  * them in the ABORT.
1929  */
1930  if (*errp)
1931  sctp_chunk_free(*errp);
1932 
1933  *errp = sctp_make_op_error_space(asoc, chunk, len);
1934 
1935  if (*errp) {
1937  sctp_addto_chunk(*errp, len, param.v);
1938  }
1939 
1940  /* Stop processing this chunk. */
1941  return 0;
1942 }
1943 
1944 static int sctp_verify_ext_param(struct net *net, union sctp_params param)
1945 {
1946  __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1947  int have_auth = 0;
1948  int have_asconf = 0;
1949  int i;
1950 
1951  for (i = 0; i < num_ext; i++) {
1952  switch (param.ext->chunks[i]) {
1953  case SCTP_CID_AUTH:
1954  have_auth = 1;
1955  break;
1956  case SCTP_CID_ASCONF:
1957  case SCTP_CID_ASCONF_ACK:
1958  have_asconf = 1;
1959  break;
1960  }
1961  }
1962 
1963  /* ADD-IP Security: The draft requires us to ABORT or ignore the
1964  * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this
1965  * only if ADD-IP is turned on and we are not backward-compatible
1966  * mode.
1967  */
1968  if (net->sctp.addip_noauth)
1969  return 1;
1970 
1971  if (net->sctp.addip_enable && !have_auth && have_asconf)
1972  return 0;
1973 
1974  return 1;
1975 }
1976 
1977 static void sctp_process_ext_param(struct sctp_association *asoc,
1978  union sctp_params param)
1979 {
1980  struct net *net = sock_net(asoc->base.sk);
1981  __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1982  int i;
1983 
1984  for (i = 0; i < num_ext; i++) {
1985  switch (param.ext->chunks[i]) {
1986  case SCTP_CID_FWD_TSN:
1987  if (net->sctp.prsctp_enable &&
1988  !asoc->peer.prsctp_capable)
1989  asoc->peer.prsctp_capable = 1;
1990  break;
1991  case SCTP_CID_AUTH:
1992  /* if the peer reports AUTH, assume that he
1993  * supports AUTH.
1994  */
1995  if (net->sctp.auth_enable)
1996  asoc->peer.auth_capable = 1;
1997  break;
1998  case SCTP_CID_ASCONF:
1999  case SCTP_CID_ASCONF_ACK:
2000  if (net->sctp.addip_enable)
2001  asoc->peer.asconf_capable = 1;
2002  break;
2003  default:
2004  break;
2005  }
2006  }
2007 }
2008 
2009 /* RFC 3.2.1 & the Implementers Guide 2.2.
2010  *
2011  * The Parameter Types are encoded such that the
2012  * highest-order two bits specify the action that must be
2013  * taken if the processing endpoint does not recognize the
2014  * Parameter Type.
2015  *
2016  * 00 - Stop processing this parameter; do not process any further
2017  * parameters within this chunk
2018  *
2019  * 01 - Stop processing this parameter, do not process any further
2020  * parameters within this chunk, and report the unrecognized
2021  * parameter in an 'Unrecognized Parameter' ERROR chunk.
2022  *
2023  * 10 - Skip this parameter and continue processing.
2024  *
2025  * 11 - Skip this parameter and continue processing but
2026  * report the unrecognized parameter in an
2027  * 'Unrecognized Parameter' ERROR chunk.
2028  *
2029  * Return value:
2030  * SCTP_IERROR_NO_ERROR - continue with the chunk
2031  * SCTP_IERROR_ERROR - stop and report an error.
2032  * SCTP_IERROR_NOMEME - out of memory.
2033  */
2034 static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
2035  union sctp_params param,
2036  struct sctp_chunk *chunk,
2037  struct sctp_chunk **errp)
2038 {
2039  int retval = SCTP_IERROR_NO_ERROR;
2040 
2041  switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2043  retval = SCTP_IERROR_ERROR;
2044  break;
2046  break;
2048  retval = SCTP_IERROR_ERROR;
2049  /* Fall through */
2051  /* Make an ERROR chunk, preparing enough room for
2052  * returning multiple unknown parameters.
2053  */
2054  if (NULL == *errp)
2055  *errp = sctp_make_op_error_fixed(asoc, chunk);
2056 
2057  if (*errp) {
2058  if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2059  WORD_ROUND(ntohs(param.p->length))))
2060  sctp_addto_chunk_fixed(*errp,
2061  WORD_ROUND(ntohs(param.p->length)),
2062  param.v);
2063  } else {
2064  /* If there is no memory for generating the ERROR
2065  * report as specified, an ABORT will be triggered
2066  * to the peer and the association won't be
2067  * established.
2068  */
2069  retval = SCTP_IERROR_NOMEM;
2070  }
2071  break;
2072  default:
2073  break;
2074  }
2075 
2076  return retval;
2077 }
2078 
2079 /* Verify variable length parameters
2080  * Return values:
2081  * SCTP_IERROR_ABORT - trigger an ABORT
2082  * SCTP_IERROR_NOMEM - out of memory (abort)
2083  * SCTP_IERROR_ERROR - stop processing, trigger an ERROR
2084  * SCTP_IERROR_NO_ERROR - continue with the chunk
2085  */
2086 static sctp_ierror_t sctp_verify_param(struct net *net,
2087  const struct sctp_association *asoc,
2088  union sctp_params param,
2089  sctp_cid_t cid,
2090  struct sctp_chunk *chunk,
2091  struct sctp_chunk **err_chunk)
2092 {
2093  struct sctp_hmac_algo_param *hmacs;
2094  int retval = SCTP_IERROR_NO_ERROR;
2095  __u16 n_elt, id = 0;
2096  int i;
2097 
2098  /* FIXME - This routine is not looking at each parameter per the
2099  * chunk type, i.e., unrecognized parameters should be further
2100  * identified based on the chunk id.
2101  */
2102 
2103  switch (param.p->type) {
2113  break;
2114 
2116  if (!sctp_verify_ext_param(net, param))
2117  return SCTP_IERROR_ABORT;
2118  break;
2119 
2121  if (net->sctp.addip_enable)
2122  break;
2123  goto fallthrough;
2124 
2126  /* Tell the peer, we won't support this param. */
2127  sctp_process_hn_param(asoc, param, chunk, err_chunk);
2128  retval = SCTP_IERROR_ABORT;
2129  break;
2130 
2132  if (net->sctp.prsctp_enable)
2133  break;
2134  goto fallthrough;
2135 
2136  case SCTP_PARAM_RANDOM:
2137  if (!net->sctp.auth_enable)
2138  goto fallthrough;
2139 
2140  /* SCTP-AUTH: Secion 6.1
2141  * If the random number is not 32 byte long the association
2142  * MUST be aborted. The ABORT chunk SHOULD contain the error
2143  * cause 'Protocol Violation'.
2144  */
2146  ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) {
2147  sctp_process_inv_paramlength(asoc, param.p,
2148  chunk, err_chunk);
2149  retval = SCTP_IERROR_ABORT;
2150  }
2151  break;
2152 
2153  case SCTP_PARAM_CHUNKS:
2154  if (!net->sctp.auth_enable)
2155  goto fallthrough;
2156 
2157  /* SCTP-AUTH: Section 3.2
2158  * The CHUNKS parameter MUST be included once in the INIT or
2159  * INIT-ACK chunk if the sender wants to receive authenticated
2160  * chunks. Its maximum length is 260 bytes.
2161  */
2162  if (260 < ntohs(param.p->length)) {
2163  sctp_process_inv_paramlength(asoc, param.p,
2164  chunk, err_chunk);
2165  retval = SCTP_IERROR_ABORT;
2166  }
2167  break;
2168 
2169  case SCTP_PARAM_HMAC_ALGO:
2170  if (!net->sctp.auth_enable)
2171  goto fallthrough;
2172 
2173  hmacs = (struct sctp_hmac_algo_param *)param.p;
2174  n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
2175 
2176  /* SCTP-AUTH: Section 6.1
2177  * The HMAC algorithm based on SHA-1 MUST be supported and
2178  * included in the HMAC-ALGO parameter.
2179  */
2180  for (i = 0; i < n_elt; i++) {
2181  id = ntohs(hmacs->hmac_ids[i]);
2182 
2183  if (id == SCTP_AUTH_HMAC_ID_SHA1)
2184  break;
2185  }
2186 
2187  if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2188  sctp_process_inv_paramlength(asoc, param.p, chunk,
2189  err_chunk);
2190  retval = SCTP_IERROR_ABORT;
2191  }
2192  break;
2193 fallthrough:
2194  default:
2195  SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
2196  ntohs(param.p->type), cid);
2197  retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2198  break;
2199  }
2200  return retval;
2201 }
2202 
2203 /* Verify the INIT packet before we process it. */
2204 int sctp_verify_init(struct net *net, const struct sctp_association *asoc,
2205  sctp_cid_t cid,
2206  sctp_init_chunk_t *peer_init,
2207  struct sctp_chunk *chunk,
2208  struct sctp_chunk **errp)
2209 {
2210  union sctp_params param;
2211  int has_cookie = 0;
2212  int result;
2213 
2214  /* Verify stream values are non-zero. */
2215  if ((0 == peer_init->init_hdr.num_outbound_streams) ||
2216  (0 == peer_init->init_hdr.num_inbound_streams) ||
2217  (0 == peer_init->init_hdr.init_tag) ||
2218  (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
2219 
2220  return sctp_process_inv_mandatory(asoc, chunk, errp);
2221  }
2222 
2223  /* Check for missing mandatory parameters. */
2224  sctp_walk_params(param, peer_init, init_hdr.params) {
2225 
2226  if (SCTP_PARAM_STATE_COOKIE == param.p->type)
2227  has_cookie = 1;
2228 
2229  } /* for (loop through all parameters) */
2230 
2231  /* There is a possibility that a parameter length was bad and
2232  * in that case we would have stoped walking the parameters.
2233  * The current param.p would point at the bad one.
2234  * Current consensus on the mailing list is to generate a PROTOCOL
2235  * VIOLATION error. We build the ERROR chunk here and let the normal
2236  * error handling code build and send the packet.
2237  */
2238  if (param.v != (void*)chunk->chunk_end)
2239  return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2240 
2241  /* The only missing mandatory param possible today is
2242  * the state cookie for an INIT-ACK chunk.
2243  */
2244  if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2245  return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2246  chunk, errp);
2247 
2248  /* Verify all the variable length parameters */
2249  sctp_walk_params(param, peer_init, init_hdr.params) {
2250 
2251  result = sctp_verify_param(net, asoc, param, cid, chunk, errp);
2252  switch (result) {
2253  case SCTP_IERROR_ABORT:
2254  case SCTP_IERROR_NOMEM:
2255  return 0;
2256  case SCTP_IERROR_ERROR:
2257  return 1;
2258  case SCTP_IERROR_NO_ERROR:
2259  default:
2260  break;
2261  }
2262 
2263  } /* for (loop through all parameters) */
2264 
2265  return 1;
2266 }
2267 
2268 /* Unpack the parameters in an INIT packet into an association.
2269  * Returns 0 on failure, else success.
2270  * FIXME: This is an association method.
2271  */
2272 int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
2273  const union sctp_addr *peer_addr,
2274  sctp_init_chunk_t *peer_init, gfp_t gfp)
2275 {
2276  struct net *net = sock_net(asoc->base.sk);
2277  union sctp_params param;
2278  struct sctp_transport *transport;
2279  struct list_head *pos, *temp;
2280  struct sctp_af *af;
2281  union sctp_addr addr;
2282  char *cookie;
2283  int src_match = 0;
2284 
2285  /* We must include the address that the INIT packet came from.
2286  * This is the only address that matters for an INIT packet.
2287  * When processing a COOKIE ECHO, we retrieve the from address
2288  * of the INIT from the cookie.
2289  */
2290 
2291  /* This implementation defaults to making the first transport
2292  * added as the primary transport. The source address seems to
2293  * be a a better choice than any of the embedded addresses.
2294  */
2295  if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2296  goto nomem;
2297 
2298  if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
2299  src_match = 1;
2300 
2301  /* Process the initialization parameters. */
2302  sctp_walk_params(param, peer_init, init_hdr.params) {
2303  if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
2304  param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
2305  af = sctp_get_af_specific(param_type2af(param.p->type));
2306  af->from_addr_param(&addr, param.addr,
2307  chunk->sctp_hdr->source, 0);
2308  if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
2309  src_match = 1;
2310  }
2311 
2312  if (!sctp_process_param(asoc, param, peer_addr, gfp))
2313  goto clean_up;
2314  }
2315 
2316  /* source address of chunk may not match any valid address */
2317  if (!src_match)
2318  goto clean_up;
2319 
2320  /* AUTH: After processing the parameters, make sure that we
2321  * have all the required info to potentially do authentications.
2322  */
2323  if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2324  !asoc->peer.peer_hmacs))
2325  asoc->peer.auth_capable = 0;
2326 
2327  /* In a non-backward compatible mode, if the peer claims
2328  * support for ADD-IP but not AUTH, the ADD-IP spec states
2329  * that we MUST ABORT the association. Section 6. The section
2330  * also give us an option to silently ignore the packet, which
2331  * is what we'll do here.
2332  */
2333  if (!net->sctp.addip_noauth &&
2334  (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2335  asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2338  asoc->peer.asconf_capable = 0;
2339  goto clean_up;
2340  }
2341 
2342  /* Walk list of transports, removing transports in the UNKNOWN state. */
2343  list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2344  transport = list_entry(pos, struct sctp_transport, transports);
2345  if (transport->state == SCTP_UNKNOWN) {
2346  sctp_assoc_rm_peer(asoc, transport);
2347  }
2348  }
2349 
2350  /* The fixed INIT headers are always in network byte
2351  * order.
2352  */
2353  asoc->peer.i.init_tag =
2354  ntohl(peer_init->init_hdr.init_tag);
2355  asoc->peer.i.a_rwnd =
2356  ntohl(peer_init->init_hdr.a_rwnd);
2357  asoc->peer.i.num_outbound_streams =
2358  ntohs(peer_init->init_hdr.num_outbound_streams);
2359  asoc->peer.i.num_inbound_streams =
2360  ntohs(peer_init->init_hdr.num_inbound_streams);
2361  asoc->peer.i.initial_tsn =
2362  ntohl(peer_init->init_hdr.initial_tsn);
2363 
2364  /* Apply the upper bounds for output streams based on peer's
2365  * number of inbound streams.
2366  */
2367  if (asoc->c.sinit_num_ostreams >
2368  ntohs(peer_init->init_hdr.num_inbound_streams)) {
2369  asoc->c.sinit_num_ostreams =
2370  ntohs(peer_init->init_hdr.num_inbound_streams);
2371  }
2372 
2373  if (asoc->c.sinit_max_instreams >
2374  ntohs(peer_init->init_hdr.num_outbound_streams)) {
2375  asoc->c.sinit_max_instreams =
2376  ntohs(peer_init->init_hdr.num_outbound_streams);
2377  }
2378 
2379  /* Copy Initiation tag from INIT to VT_peer in cookie. */
2380  asoc->c.peer_vtag = asoc->peer.i.init_tag;
2381 
2382  /* Peer Rwnd : Current calculated value of the peer's rwnd. */
2383  asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2384 
2385  /* Copy cookie in case we need to resend COOKIE-ECHO. */
2386  cookie = asoc->peer.cookie;
2387  if (cookie) {
2388  asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2389  if (!asoc->peer.cookie)
2390  goto clean_up;
2391  }
2392 
2393  /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily
2394  * high (for example, implementations MAY use the size of the receiver
2395  * advertised window).
2396  */
2397  list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2398  transports) {
2399  transport->ssthresh = asoc->peer.i.a_rwnd;
2400  }
2401 
2402  /* Set up the TSN tracking pieces. */
2403  if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2404  asoc->peer.i.initial_tsn, gfp))
2405  goto clean_up;
2406 
2407  /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number
2408  *
2409  * The stream sequence number in all the streams shall start
2410  * from 0 when the association is established. Also, when the
2411  * stream sequence number reaches the value 65535 the next
2412  * stream sequence number shall be set to 0.
2413  */
2414 
2415  /* Allocate storage for the negotiated streams if it is not a temporary
2416  * association.
2417  */
2418  if (!asoc->temp) {
2419  int error;
2420 
2421  asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams,
2422  asoc->c.sinit_num_ostreams, gfp);
2423  if (!asoc->ssnmap)
2424  goto clean_up;
2425 
2426  error = sctp_assoc_set_id(asoc, gfp);
2427  if (error)
2428  goto clean_up;
2429  }
2430 
2431  /* ADDIP Section 4.1 ASCONF Chunk Procedures
2432  *
2433  * When an endpoint has an ASCONF signaled change to be sent to the
2434  * remote endpoint it should do the following:
2435  * ...
2436  * A2) A serial number should be assigned to the Chunk. The serial
2437  * number should be a monotonically increasing number. All serial
2438  * numbers are defined to be initialized at the start of the
2439  * association to the same value as the Initial TSN.
2440  */
2441  asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2442  return 1;
2443 
2444 clean_up:
2445  /* Release the transport structures. */
2446  list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2447  transport = list_entry(pos, struct sctp_transport, transports);
2448  if (transport->state != SCTP_ACTIVE)
2449  sctp_assoc_rm_peer(asoc, transport);
2450  }
2451 
2452 nomem:
2453  return 0;
2454 }
2455 
2456 
2457 /* Update asoc with the option described in param.
2458  *
2459  * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT
2460  *
2461  * asoc is the association to update.
2462  * param is the variable length parameter to use for update.
2463  * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO.
2464  * If the current packet is an INIT we want to minimize the amount of
2465  * work we do. In particular, we should not build transport
2466  * structures for the addresses.
2467  */
2468 static int sctp_process_param(struct sctp_association *asoc,
2469  union sctp_params param,
2470  const union sctp_addr *peer_addr,
2471  gfp_t gfp)
2472 {
2473  struct net *net = sock_net(asoc->base.sk);
2474  union sctp_addr addr;
2475  int i;
2476  __u16 sat;
2477  int retval = 1;
2479  time_t stale;
2480  struct sctp_af *af;
2481  union sctp_addr_param *addr_param;
2482  struct sctp_transport *t;
2483 
2484  /* We maintain all INIT parameters in network byte order all the
2485  * time. This allows us to not worry about whether the parameters
2486  * came from a fresh INIT, and INIT ACK, or were stored in a cookie.
2487  */
2488  switch (param.p->type) {
2490  if (PF_INET6 != asoc->base.sk->sk_family)
2491  break;
2492  goto do_addr_param;
2493 
2495  /* v4 addresses are not allowed on v6-only socket */
2496  if (ipv6_only_sock(asoc->base.sk))
2497  break;
2498 do_addr_param:
2499  af = sctp_get_af_specific(param_type2af(param.p->type));
2500  af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2501  scope = sctp_scope(peer_addr);
2502  if (sctp_in_scope(net, &addr, scope))
2503  if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2504  return 0;
2505  break;
2506 
2508  if (!net->sctp.cookie_preserve_enable)
2509  break;
2510 
2511  stale = ntohl(param.life->lifespan_increment);
2512 
2513  /* Suggested Cookie Life span increment's unit is msec,
2514  * (1/1000sec).
2515  */
2516  asoc->cookie_life.tv_sec += stale / 1000;
2517  asoc->cookie_life.tv_usec += (stale % 1000) * 1000;
2518  break;
2519 
2521  SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n");
2522  break;
2523 
2525  /* Turn off the default values first so we'll know which
2526  * ones are really set by the peer.
2527  */
2528  asoc->peer.ipv4_address = 0;
2529  asoc->peer.ipv6_address = 0;
2530 
2531  /* Assume that peer supports the address family
2532  * by which it sends a packet.
2533  */
2534  if (peer_addr->sa.sa_family == AF_INET6)
2535  asoc->peer.ipv6_address = 1;
2536  else if (peer_addr->sa.sa_family == AF_INET)
2537  asoc->peer.ipv4_address = 1;
2538 
2539  /* Cycle through address types; avoid divide by 0. */
2540  sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2541  if (sat)
2542  sat /= sizeof(__u16);
2543 
2544  for (i = 0; i < sat; ++i) {
2545  switch (param.sat->types[i]) {
2547  asoc->peer.ipv4_address = 1;
2548  break;
2549 
2551  if (PF_INET6 == asoc->base.sk->sk_family)
2552  asoc->peer.ipv6_address = 1;
2553  break;
2554 
2556  asoc->peer.hostname_address = 1;
2557  break;
2558 
2559  default: /* Just ignore anything else. */
2560  break;
2561  }
2562  }
2563  break;
2564 
2566  asoc->peer.cookie_len =
2567  ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2568  asoc->peer.cookie = param.cookie->body;
2569  break;
2570 
2572  /* Would be odd to receive, but it causes no problems. */
2573  break;
2574 
2576  /* Rejected during verify stage. */
2577  break;
2578 
2580  asoc->peer.ecn_capable = 1;
2581  break;
2582 
2584  asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2585  break;
2586 
2588  if (!net->sctp.addip_enable)
2589  goto fall_through;
2590 
2591  addr_param = param.v + sizeof(sctp_addip_param_t);
2592 
2593  af = sctp_get_af_specific(param_type2af(param.p->type));
2594  af->from_addr_param(&addr, addr_param,
2595  htons(asoc->peer.port), 0);
2596 
2597  /* if the address is invalid, we can't process it.
2598  * XXX: see spec for what to do.
2599  */
2600  if (!af->addr_valid(&addr, NULL, NULL))
2601  break;
2602 
2603  t = sctp_assoc_lookup_paddr(asoc, &addr);
2604  if (!t)
2605  break;
2606 
2607  sctp_assoc_set_primary(asoc, t);
2608  break;
2609 
2611  sctp_process_ext_param(asoc, param);
2612  break;
2613 
2615  if (net->sctp.prsctp_enable) {
2616  asoc->peer.prsctp_capable = 1;
2617  break;
2618  }
2619  /* Fall Through */
2620  goto fall_through;
2621 
2622  case SCTP_PARAM_RANDOM:
2623  if (!net->sctp.auth_enable)
2624  goto fall_through;
2625 
2626  /* Save peer's random parameter */
2627  asoc->peer.peer_random = kmemdup(param.p,
2628  ntohs(param.p->length), gfp);
2629  if (!asoc->peer.peer_random) {
2630  retval = 0;
2631  break;
2632  }
2633  break;
2634 
2635  case SCTP_PARAM_HMAC_ALGO:
2636  if (!net->sctp.auth_enable)
2637  goto fall_through;
2638 
2639  /* Save peer's HMAC list */
2640  asoc->peer.peer_hmacs = kmemdup(param.p,
2641  ntohs(param.p->length), gfp);
2642  if (!asoc->peer.peer_hmacs) {
2643  retval = 0;
2644  break;
2645  }
2646 
2647  /* Set the default HMAC the peer requested*/
2649  break;
2650 
2651  case SCTP_PARAM_CHUNKS:
2652  if (!net->sctp.auth_enable)
2653  goto fall_through;
2654 
2655  asoc->peer.peer_chunks = kmemdup(param.p,
2656  ntohs(param.p->length), gfp);
2657  if (!asoc->peer.peer_chunks)
2658  retval = 0;
2659  break;
2660 fall_through:
2661  default:
2662  /* Any unrecognized parameters should have been caught
2663  * and handled by sctp_verify_param() which should be
2664  * called prior to this routine. Simply log the error
2665  * here.
2666  */
2667  SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n",
2668  ntohs(param.p->type), asoc);
2669  break;
2670  }
2671 
2672  return retval;
2673 }
2674 
2675 /* Select a new verification tag. */
2677 {
2678  /* I believe that this random number generator complies with RFC1750.
2679  * A tag of 0 is reserved for special cases (e.g. INIT).
2680  */
2681  __u32 x;
2682 
2683  do {
2684  get_random_bytes(&x, sizeof(__u32));
2685  } while (x == 0);
2686 
2687  return x;
2688 }
2689 
2690 /* Select an initial TSN to send during startup. */
2692 {
2693  __u32 retval;
2694 
2695  get_random_bytes(&retval, sizeof(__u32));
2696  return retval;
2697 }
2698 
2699 /*
2700  * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF)
2701  * 0 1 2 3
2702  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2703  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2704  * | Type = 0xC1 | Chunk Flags | Chunk Length |
2705  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2706  * | Serial Number |
2707  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2708  * | Address Parameter |
2709  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2710  * | ASCONF Parameter #1 |
2711  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2712  * \ \
2713  * / .... /
2714  * \ \
2715  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2716  * | ASCONF Parameter #N |
2717  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2718  *
2719  * Address Parameter and other parameter will not be wrapped in this function
2720  */
2721 static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2722  union sctp_addr *addr,
2723  int vparam_len)
2724 {
2725  sctp_addiphdr_t asconf;
2726  struct sctp_chunk *retval;
2727  int length = sizeof(asconf) + vparam_len;
2728  union sctp_addr_param addrparam;
2729  int addrlen;
2730  struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2731 
2732  addrlen = af->to_addr_param(addr, &addrparam);
2733  if (!addrlen)
2734  return NULL;
2735  length += addrlen;
2736 
2737  /* Create the chunk. */
2738  retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length);
2739  if (!retval)
2740  return NULL;
2741 
2742  asconf.serial = htonl(asoc->addip_serial++);
2743 
2744  retval->subh.addip_hdr =
2745  sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2746  retval->param_hdr.v =
2747  sctp_addto_chunk(retval, addrlen, &addrparam);
2748 
2749  return retval;
2750 }
2751 
2752 /* ADDIP
2753  * 3.2.1 Add IP Address
2754  * 0 1 2 3
2755  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2756  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2757  * | Type = 0xC001 | Length = Variable |
2758  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2759  * | ASCONF-Request Correlation ID |
2760  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2761  * | Address Parameter |
2762  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2763  *
2764  * 3.2.2 Delete IP Address
2765  * 0 1 2 3
2766  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2767  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2768  * | Type = 0xC002 | Length = Variable |
2769  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2770  * | ASCONF-Request Correlation ID |
2771  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2772  * | Address Parameter |
2773  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2774  *
2775  */
2777  union sctp_addr *laddr,
2778  struct sockaddr *addrs,
2779  int addrcnt,
2780  __be16 flags)
2781 {
2783  struct sctp_chunk *retval;
2784  union sctp_addr_param addr_param;
2785  union sctp_addr *addr;
2786  void *addr_buf;
2787  struct sctp_af *af;
2788  int paramlen = sizeof(param);
2789  int addr_param_len = 0;
2790  int totallen = 0;
2791  int i;
2792  int del_pickup = 0;
2793 
2794  /* Get total length of all the address parameters. */
2795  addr_buf = addrs;
2796  for (i = 0; i < addrcnt; i++) {
2797  addr = addr_buf;
2798  af = sctp_get_af_specific(addr->v4.sin_family);
2799  addr_param_len = af->to_addr_param(addr, &addr_param);
2800 
2801  totallen += paramlen;
2802  totallen += addr_param_len;
2803 
2804  addr_buf += af->sockaddr_len;
2805  if (asoc->asconf_addr_del_pending && !del_pickup) {
2806  /* reuse the parameter length from the same scope one */
2807  totallen += paramlen;
2808  totallen += addr_param_len;
2809  del_pickup = 1;
2810  SCTP_DEBUG_PRINTK("mkasconf_update_ip: picked same-scope del_pending addr, totallen for all addresses is %d\n", totallen);
2811  }
2812  }
2813 
2814  /* Create an asconf chunk with the required length. */
2815  retval = sctp_make_asconf(asoc, laddr, totallen);
2816  if (!retval)
2817  return NULL;
2818 
2819  /* Add the address parameters to the asconf chunk. */
2820  addr_buf = addrs;
2821  for (i = 0; i < addrcnt; i++) {
2822  addr = addr_buf;
2823  af = sctp_get_af_specific(addr->v4.sin_family);
2824  addr_param_len = af->to_addr_param(addr, &addr_param);
2825  param.param_hdr.type = flags;
2826  param.param_hdr.length = htons(paramlen + addr_param_len);
2827  param.crr_id = i;
2828 
2829  sctp_addto_chunk(retval, paramlen, &param);
2830  sctp_addto_chunk(retval, addr_param_len, &addr_param);
2831 
2832  addr_buf += af->sockaddr_len;
2833  }
2834  if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
2835  addr = asoc->asconf_addr_del_pending;
2836  af = sctp_get_af_specific(addr->v4.sin_family);
2837  addr_param_len = af->to_addr_param(addr, &addr_param);
2839  param.param_hdr.length = htons(paramlen + addr_param_len);
2840  param.crr_id = i;
2841 
2842  sctp_addto_chunk(retval, paramlen, &param);
2843  sctp_addto_chunk(retval, addr_param_len, &addr_param);
2844  }
2845  return retval;
2846 }
2847 
2848 /* ADDIP
2849  * 3.2.4 Set Primary IP Address
2850  * 0 1 2 3
2851  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2852  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2853  * | Type =0xC004 | Length = Variable |
2854  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2855  * | ASCONF-Request Correlation ID |
2856  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2857  * | Address Parameter |
2858  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2859  *
2860  * Create an ASCONF chunk with Set Primary IP address parameter.
2861  */
2863  union sctp_addr *addr)
2864 {
2866  struct sctp_chunk *retval;
2867  int len = sizeof(param);
2868  union sctp_addr_param addrparam;
2869  int addrlen;
2870  struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2871 
2872  addrlen = af->to_addr_param(addr, &addrparam);
2873  if (!addrlen)
2874  return NULL;
2875  len += addrlen;
2876 
2877  /* Create the chunk and make asconf header. */
2878  retval = sctp_make_asconf(asoc, addr, len);
2879  if (!retval)
2880  return NULL;
2881 
2883  param.param_hdr.length = htons(len);
2884  param.crr_id = 0;
2885 
2886  sctp_addto_chunk(retval, sizeof(param), &param);
2887  sctp_addto_chunk(retval, addrlen, &addrparam);
2888 
2889  return retval;
2890 }
2891 
2892 /* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK)
2893  * 0 1 2 3
2894  * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2895  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2896  * | Type = 0x80 | Chunk Flags | Chunk Length |
2897  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2898  * | Serial Number |
2899  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2900  * | ASCONF Parameter Response#1 |
2901  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2902  * \ \
2903  * / .... /
2904  * \ \
2905  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2906  * | ASCONF Parameter Response#N |
2907  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2908  *
2909  * Create an ASCONF_ACK chunk with enough space for the parameter responses.
2910  */
2911 static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2912  __u32 serial, int vparam_len)
2913 {
2914  sctp_addiphdr_t asconf;
2915  struct sctp_chunk *retval;
2916  int length = sizeof(asconf) + vparam_len;
2917 
2918  /* Create the chunk. */
2919  retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length);
2920  if (!retval)
2921  return NULL;
2922 
2923  asconf.serial = htonl(serial);
2924 
2925  retval->subh.addip_hdr =
2926  sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2927 
2928  return retval;
2929 }
2930 
2931 /* Add response parameters to an ASCONF_ACK chunk. */
2932 static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2933  __be16 err_code, sctp_addip_param_t *asconf_param)
2934 {
2935  sctp_addip_param_t ack_param;
2936  sctp_errhdr_t err_param;
2937  int asconf_param_len = 0;
2938  int err_param_len = 0;
2940 
2941  if (SCTP_ERROR_NO_ERROR == err_code) {
2942  response_type = SCTP_PARAM_SUCCESS_REPORT;
2943  } else {
2944  response_type = SCTP_PARAM_ERR_CAUSE;
2945  err_param_len = sizeof(err_param);
2946  if (asconf_param)
2947  asconf_param_len =
2948  ntohs(asconf_param->param_hdr.length);
2949  }
2950 
2951  /* Add Success Indication or Error Cause Indication parameter. */
2952  ack_param.param_hdr.type = response_type;
2953  ack_param.param_hdr.length = htons(sizeof(ack_param) +
2954  err_param_len +
2955  asconf_param_len);
2956  ack_param.crr_id = crr_id;
2957  sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2958 
2959  if (SCTP_ERROR_NO_ERROR == err_code)
2960  return;
2961 
2962  /* Add Error Cause parameter. */
2963  err_param.cause = err_code;
2964  err_param.length = htons(err_param_len + asconf_param_len);
2965  sctp_addto_chunk(chunk, err_param_len, &err_param);
2966 
2967  /* Add the failed TLV copied from ASCONF chunk. */
2968  if (asconf_param)
2969  sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
2970 }
2971 
2972 /* Process a asconf parameter. */
2973 static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
2974  struct sctp_chunk *asconf,
2975  sctp_addip_param_t *asconf_param)
2976 {
2977  struct sctp_transport *peer;
2978  struct sctp_af *af;
2979  union sctp_addr addr;
2980  union sctp_addr_param *addr_param;
2981 
2982  addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
2983 
2984  if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
2985  asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
2986  asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
2987  return SCTP_ERROR_UNKNOWN_PARAM;
2988 
2989  switch (addr_param->p.type) {
2991  if (!asoc->peer.ipv6_address)
2992  return SCTP_ERROR_DNS_FAILED;
2993  break;
2995  if (!asoc->peer.ipv4_address)
2996  return SCTP_ERROR_DNS_FAILED;
2997  break;
2998  default:
2999  return SCTP_ERROR_DNS_FAILED;
3000  }
3001 
3002  af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3003  if (unlikely(!af))
3004  return SCTP_ERROR_DNS_FAILED;
3005 
3006  af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
3007 
3008  /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast
3009  * or multicast address.
3010  * (note: wildcard is permitted and requires special handling so
3011  * make sure we check for that)
3012  */
3013  if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
3014  return SCTP_ERROR_DNS_FAILED;
3015 
3016  switch (asconf_param->param_hdr.type) {
3017  case SCTP_PARAM_ADD_IP:
3018  /* Section 4.2.1:
3019  * If the address 0.0.0.0 or ::0 is provided, the source
3020  * address of the packet MUST be added.
3021  */
3022  if (af->is_any(&addr))
3023  memcpy(&addr, &asconf->source, sizeof(addr));
3024 
3025  /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address
3026  * request and does not have the local resources to add this
3027  * new address to the association, it MUST return an Error
3028  * Cause TLV set to the new error code 'Operation Refused
3029  * Due to Resource Shortage'.
3030  */
3031 
3032  peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
3033  if (!peer)
3034  return SCTP_ERROR_RSRC_LOW;
3035 
3036  /* Start the heartbeat timer. */
3037  if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
3038  sctp_transport_hold(peer);
3039  asoc->new_transport = peer;
3040  break;
3041  case SCTP_PARAM_DEL_IP:
3042  /* ADDIP 4.3 D7) If a request is received to delete the
3043  * last remaining IP address of a peer endpoint, the receiver
3044  * MUST send an Error Cause TLV with the error cause set to the
3045  * new error code 'Request to Delete Last Remaining IP Address'.
3046  */
3047  if (asoc->peer.transport_count == 1)
3048  return SCTP_ERROR_DEL_LAST_IP;
3049 
3050  /* ADDIP 4.3 D8) If a request is received to delete an IP
3051  * address which is also the source address of the IP packet
3052  * which contained the ASCONF chunk, the receiver MUST reject
3053  * this request. To reject the request the receiver MUST send
3054  * an Error Cause TLV set to the new error code 'Request to
3055  * Delete Source IP Address'
3056  */
3057  if (sctp_cmp_addr_exact(&asconf->source, &addr))
3058  return SCTP_ERROR_DEL_SRC_IP;
3059 
3060  /* Section 4.2.2
3061  * If the address 0.0.0.0 or ::0 is provided, all
3062  * addresses of the peer except the source address of the
3063  * packet MUST be deleted.
3064  */
3065  if (af->is_any(&addr)) {
3066  sctp_assoc_set_primary(asoc, asconf->transport);
3068  asconf->transport);
3069  } else
3070  sctp_assoc_del_peer(asoc, &addr);
3071  break;
3073  /* ADDIP Section 4.2.4
3074  * If the address 0.0.0.0 or ::0 is provided, the receiver
3075  * MAY mark the source address of the packet as its
3076  * primary.
3077  */
3078  if (af->is_any(&addr))
3079  memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3080 
3081  peer = sctp_assoc_lookup_paddr(asoc, &addr);
3082  if (!peer)
3083  return SCTP_ERROR_DNS_FAILED;
3084 
3085  sctp_assoc_set_primary(asoc, peer);
3086  break;
3087  }
3088 
3089  return SCTP_ERROR_NO_ERROR;
3090 }
3091 
3092 /* Verify the ASCONF packet before we process it. */
3093 int sctp_verify_asconf(const struct sctp_association *asoc,
3094  struct sctp_paramhdr *param_hdr, void *chunk_end,
3095  struct sctp_paramhdr **errp) {
3096  sctp_addip_param_t *asconf_param;
3097  union sctp_params param;
3098  int length, plen;
3099 
3100  param.v = (sctp_paramhdr_t *) param_hdr;
3101  while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
3102  length = ntohs(param.p->length);
3103  *errp = param.p;
3104 
3105  if (param.v > chunk_end - length ||
3106  length < sizeof(sctp_paramhdr_t))
3107  return 0;
3108 
3109  switch (param.p->type) {
3110  case SCTP_PARAM_ADD_IP:
3111  case SCTP_PARAM_DEL_IP:
3113  asconf_param = (sctp_addip_param_t *)param.v;
3114  plen = ntohs(asconf_param->param_hdr.length);
3115  if (plen < sizeof(sctp_addip_param_t) +
3116  sizeof(sctp_paramhdr_t))
3117  return 0;
3118  break;
3121  if (length != sizeof(sctp_addip_param_t))
3122  return 0;
3123 
3124  break;
3125  default:
3126  break;
3127  }
3128 
3129  param.v += WORD_ROUND(length);
3130  }
3131 
3132  if (param.v != chunk_end)
3133  return 0;
3134 
3135  return 1;
3136 }
3137 
3138 /* Process an incoming ASCONF chunk with the next expected serial no. and
3139  * return an ASCONF_ACK chunk to be sent in response.
3140  */
3142  struct sctp_chunk *asconf)
3143 {
3145  union sctp_addr_param *addr_param;
3146  sctp_addip_param_t *asconf_param;
3147  struct sctp_chunk *asconf_ack;
3148 
3149  __be16 err_code;
3150  int length = 0;
3151  int chunk_len;
3152  __u32 serial;
3153  int all_param_pass = 1;
3154 
3155  chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
3156  hdr = (sctp_addiphdr_t *)asconf->skb->data;
3157  serial = ntohl(hdr->serial);
3158 
3159  /* Skip the addiphdr and store a pointer to address parameter. */
3160  length = sizeof(sctp_addiphdr_t);
3161  addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3162  chunk_len -= length;
3163 
3164  /* Skip the address parameter and store a pointer to the first
3165  * asconf parameter.
3166  */
3167  length = ntohs(addr_param->p.length);
3168  asconf_param = (void *)addr_param + length;
3169  chunk_len -= length;
3170 
3171  /* create an ASCONF_ACK chunk.
3172  * Based on the definitions of parameters, we know that the size of
3173  * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF
3174  * parameters.
3175  */
3176  asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3177  if (!asconf_ack)
3178  goto done;
3179 
3180  /* Process the TLVs contained within the ASCONF chunk. */
3181  while (chunk_len > 0) {
3182  err_code = sctp_process_asconf_param(asoc, asconf,
3183  asconf_param);
3184  /* ADDIP 4.1 A7)
3185  * If an error response is received for a TLV parameter,
3186  * all TLVs with no response before the failed TLV are
3187  * considered successful if not reported. All TLVs after
3188  * the failed response are considered unsuccessful unless
3189  * a specific success indication is present for the parameter.
3190  */
3191  if (SCTP_ERROR_NO_ERROR != err_code)
3192  all_param_pass = 0;
3193 
3194  if (!all_param_pass)
3195  sctp_add_asconf_response(asconf_ack,
3196  asconf_param->crr_id, err_code,
3197  asconf_param);
3198 
3199  /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add
3200  * an IP address sends an 'Out of Resource' in its response, it
3201  * MUST also fail any subsequent add or delete requests bundled
3202  * in the ASCONF.
3203  */
3204  if (SCTP_ERROR_RSRC_LOW == err_code)
3205  goto done;
3206 
3207  /* Move to the next ASCONF param. */
3208  length = ntohs(asconf_param->param_hdr.length);
3209  asconf_param = (void *)asconf_param + length;
3210  chunk_len -= length;
3211  }
3212 
3213 done:
3214  asoc->peer.addip_serial++;
3215 
3216  /* If we are sending a new ASCONF_ACK hold a reference to it in assoc
3217  * after freeing the reference to old asconf ack if any.
3218  */
3219  if (asconf_ack) {
3220  sctp_chunk_hold(asconf_ack);
3221  list_add_tail(&asconf_ack->transmitted_list,
3222  &asoc->asconf_ack_list);
3223  }
3224 
3225  return asconf_ack;
3226 }
3227 
3228 /* Process a asconf parameter that is successfully acked. */
3229 static void sctp_asconf_param_success(struct sctp_association *asoc,
3230  sctp_addip_param_t *asconf_param)
3231 {
3232  struct sctp_af *af;
3233  union sctp_addr addr;
3234  struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3235  union sctp_addr_param *addr_param;
3236  struct sctp_transport *transport;
3237  struct sctp_sockaddr_entry *saddr;
3238 
3239  addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
3240 
3241  /* We have checked the packet before, so we do not check again. */
3242  af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3243  af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3244 
3245  switch (asconf_param->param_hdr.type) {
3246  case SCTP_PARAM_ADD_IP:
3247  /* This is always done in BH context with a socket lock
3248  * held, so the list can not change.
3249  */
3250  local_bh_disable();
3251  list_for_each_entry(saddr, &bp->address_list, list) {
3252  if (sctp_cmp_addr_exact(&saddr->a, &addr))
3253  saddr->state = SCTP_ADDR_SRC;
3254  }
3255  local_bh_enable();
3256  list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3257  transports) {
3258  dst_release(transport->dst);
3259  transport->dst = NULL;
3260  }
3261  break;
3262  case SCTP_PARAM_DEL_IP:
3263  local_bh_disable();
3264  sctp_del_bind_addr(bp, &addr);
3265  if (asoc->asconf_addr_del_pending != NULL &&
3268  asoc->asconf_addr_del_pending = NULL;
3269  }
3270  local_bh_enable();
3271  list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3272  transports) {
3273  dst_release(transport->dst);
3274  transport->dst = NULL;
3275  }
3276  break;
3277  default:
3278  break;
3279  }
3280 }
3281 
3282 /* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk
3283  * for the given asconf parameter. If there is no response for this parameter,
3284  * return the error code based on the third argument 'no_err'.
3285  * ADDIP 4.1
3286  * A7) If an error response is received for a TLV parameter, all TLVs with no
3287  * response before the failed TLV are considered successful if not reported.
3288  * All TLVs after the failed response are considered unsuccessful unless a
3289  * specific success indication is present for the parameter.
3290  */
3291 static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3292  sctp_addip_param_t *asconf_param,
3293  int no_err)
3294 {
3295  sctp_addip_param_t *asconf_ack_param;
3296  sctp_errhdr_t *err_param;
3297  int length;
3298  int asconf_ack_len;
3299  __be16 err_code;
3300 
3301  if (no_err)
3302  err_code = SCTP_ERROR_NO_ERROR;
3303  else
3304  err_code = SCTP_ERROR_REQ_REFUSED;
3305 
3306  asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3307  sizeof(sctp_chunkhdr_t);
3308 
3309  /* Skip the addiphdr from the asconf_ack chunk and store a pointer to
3310  * the first asconf_ack parameter.
3311  */
3312  length = sizeof(sctp_addiphdr_t);
3313  asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
3314  length);
3315  asconf_ack_len -= length;
3316 
3317  while (asconf_ack_len > 0) {
3318  if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3319  switch(asconf_ack_param->param_hdr.type) {
3321  return SCTP_ERROR_NO_ERROR;
3322  case SCTP_PARAM_ERR_CAUSE:
3323  length = sizeof(sctp_addip_param_t);
3324  err_param = (void *)asconf_ack_param + length;
3325  asconf_ack_len -= length;
3326  if (asconf_ack_len > 0)
3327  return err_param->cause;
3328  else
3329  return SCTP_ERROR_INV_PARAM;
3330  break;
3331  default:
3332  return SCTP_ERROR_INV_PARAM;
3333  }
3334  }
3335 
3336  length = ntohs(asconf_ack_param->param_hdr.length);
3337  asconf_ack_param = (void *)asconf_ack_param + length;
3338  asconf_ack_len -= length;
3339  }
3340 
3341  return err_code;
3342 }
3343 
3344 /* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */
3346  struct sctp_chunk *asconf_ack)
3347 {
3348  struct sctp_chunk *asconf = asoc->addip_last_asconf;
3349  union sctp_addr_param *addr_param;
3350  sctp_addip_param_t *asconf_param;
3351  int length = 0;
3352  int asconf_len = asconf->skb->len;
3353  int all_param_pass = 0;
3354  int no_err = 1;
3355  int retval = 0;
3356  __be16 err_code = SCTP_ERROR_NO_ERROR;
3357 
3358  /* Skip the chunkhdr and addiphdr from the last asconf sent and store
3359  * a pointer to address parameter.
3360  */
3361  length = sizeof(sctp_addip_chunk_t);
3362  addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3363  asconf_len -= length;
3364 
3365  /* Skip the address parameter in the last asconf sent and store a
3366  * pointer to the first asconf parameter.
3367  */
3368  length = ntohs(addr_param->p.length);
3369  asconf_param = (void *)addr_param + length;
3370  asconf_len -= length;
3371 
3372  /* ADDIP 4.1
3373  * A8) If there is no response(s) to specific TLV parameter(s), and no
3374  * failures are indicated, then all request(s) are considered
3375  * successful.
3376  */
3377  if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
3378  all_param_pass = 1;
3379 
3380  /* Process the TLVs contained in the last sent ASCONF chunk. */
3381  while (asconf_len > 0) {
3382  if (all_param_pass)
3383  err_code = SCTP_ERROR_NO_ERROR;
3384  else {
3385  err_code = sctp_get_asconf_response(asconf_ack,
3386  asconf_param,
3387  no_err);
3388  if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3389  no_err = 0;
3390  }
3391 
3392  switch (err_code) {
3393  case SCTP_ERROR_NO_ERROR:
3394  sctp_asconf_param_success(asoc, asconf_param);
3395  break;
3396 
3397  case SCTP_ERROR_RSRC_LOW:
3398  retval = 1;
3399  break;
3400 
3402  /* Disable sending this type of asconf parameter in
3403  * future.
3404  */
3405  asoc->peer.addip_disabled_mask |=
3406  asconf_param->param_hdr.type;
3407  break;
3408 
3411  case SCTP_ERROR_DEL_SRC_IP:
3412  default:
3413  break;
3414  }
3415 
3416  /* Skip the processed asconf parameter and move to the next
3417  * one.
3418  */
3419  length = ntohs(asconf_param->param_hdr.length);
3420  asconf_param = (void *)asconf_param + length;
3421  asconf_len -= length;
3422  }
3423 
3424  if (no_err && asoc->src_out_of_asoc_ok) {
3425  asoc->src_out_of_asoc_ok = 0;
3426  sctp_transport_immediate_rtx(asoc->peer.primary_path);
3427  }
3428 
3429  /* Free the cached last sent asconf chunk. */
3430  list_del_init(&asconf->transmitted_list);
3431  sctp_chunk_free(asconf);
3432  asoc->addip_last_asconf = NULL;
3433 
3434  return retval;
3435 }
3436 
3437 /* Make a FWD TSN chunk. */
3438 struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3439  __u32 new_cum_tsn, size_t nstreams,
3440  struct sctp_fwdtsn_skip *skiplist)
3441 {
3442  struct sctp_chunk *retval = NULL;
3443  struct sctp_fwdtsn_hdr ftsn_hdr;
3444  struct sctp_fwdtsn_skip skip;
3445  size_t hint;
3446  int i;
3447 
3448  hint = (nstreams + 1) * sizeof(__u32);
3449 
3450  retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint);
3451 
3452  if (!retval)
3453  return NULL;
3454 
3455  ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3456  retval->subh.fwdtsn_hdr =
3457  sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3458 
3459  for (i = 0; i < nstreams; i++) {
3460  skip.stream = skiplist[i].stream;
3461  skip.ssn = skiplist[i].ssn;
3462  sctp_addto_chunk(retval, sizeof(skip), &skip);
3463  }
3464 
3465  return retval;
3466 }