sm_make_chunk.c (119708B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* SCTP kernel implementation 3 * (C) Copyright IBM Corp. 2001, 2004 4 * Copyright (c) 1999-2000 Cisco, Inc. 5 * Copyright (c) 1999-2001 Motorola, Inc. 6 * Copyright (c) 2001-2002 Intel Corp. 7 * 8 * This file is part of the SCTP kernel implementation 9 * 10 * These functions work with the state functions in sctp_sm_statefuns.c 11 * to implement the state operations. These functions implement the 12 * steps which require modifying existing data structures. 13 * 14 * Please send any bug reports or fixes you make to the 15 * email address(es): 16 * lksctp developers <linux-sctp@vger.kernel.org> 17 * 18 * Written or modified by: 19 * La Monte H.P. Yarroll <piggy@acm.org> 20 * Karl Knutson <karl@athena.chicago.il.us> 21 * C. Robin <chris@hundredacre.ac.uk> 22 * Jon Grimm <jgrimm@us.ibm.com> 23 * Xingang Guo <xingang.guo@intel.com> 24 * Dajiang Zhang <dajiang.zhang@nokia.com> 25 * Sridhar Samudrala <sri@us.ibm.com> 26 * Daisy Chang <daisyc@us.ibm.com> 27 * Ardelle Fan <ardelle.fan@intel.com> 28 * Kevin Gao <kevin.gao@intel.com> 29 */ 30 31#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 32 33#include <crypto/hash.h> 34#include <linux/types.h> 35#include <linux/kernel.h> 36#include <linux/ip.h> 37#include <linux/ipv6.h> 38#include <linux/net.h> 39#include <linux/inet.h> 40#include <linux/scatterlist.h> 41#include <linux/slab.h> 42#include <net/sock.h> 43 44#include <linux/skbuff.h> 45#include <linux/random.h> /* for get_random_bytes */ 46#include <net/sctp/sctp.h> 47#include <net/sctp/sm.h> 48 49static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 50 __u8 type, __u8 flags, int paylen, 51 gfp_t gfp); 52static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 53 __u8 flags, int paylen, gfp_t gfp); 54static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 55 __u8 type, __u8 flags, int paylen, 56 gfp_t gfp); 57static struct sctp_cookie_param *sctp_pack_cookie( 58 const struct sctp_endpoint *ep, 59 const struct sctp_association *asoc, 60 const struct sctp_chunk *init_chunk, 61 int *cookie_len, 62 const __u8 *raw_addrs, int addrs_len); 63static int sctp_process_param(struct sctp_association *asoc, 64 union sctp_params param, 65 const union sctp_addr *peer_addr, 66 gfp_t gfp); 67static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 68 const void *data); 69 70/* Control chunk destructor */ 71static void sctp_control_release_owner(struct sk_buff *skb) 72{ 73 struct sctp_chunk *chunk = skb_shinfo(skb)->destructor_arg; 74 75 if (chunk->shkey) { 76 struct sctp_shared_key *shkey = chunk->shkey; 77 struct sctp_association *asoc = chunk->asoc; 78 79 /* refcnt == 2 and !list_empty mean after this release, it's 80 * not being used anywhere, and it's time to notify userland 81 * that this shkey can be freed if it's been deactivated. 82 */ 83 if (shkey->deactivated && !list_empty(&shkey->key_list) && 84 refcount_read(&shkey->refcnt) == 2) { 85 struct sctp_ulpevent *ev; 86 87 ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id, 88 SCTP_AUTH_FREE_KEY, 89 GFP_KERNEL); 90 if (ev) 91 asoc->stream.si->enqueue_event(&asoc->ulpq, ev); 92 } 93 sctp_auth_shkey_release(chunk->shkey); 94 } 95} 96 97static void sctp_control_set_owner_w(struct sctp_chunk *chunk) 98{ 99 struct sctp_association *asoc = chunk->asoc; 100 struct sk_buff *skb = chunk->skb; 101 102 /* TODO: properly account for control chunks. 103 * To do it right we'll need: 104 * 1) endpoint if association isn't known. 105 * 2) proper memory accounting. 106 * 107 * For now don't do anything for now. 108 */ 109 if (chunk->auth) { 110 chunk->shkey = asoc->shkey; 111 sctp_auth_shkey_hold(chunk->shkey); 112 } 113 skb->sk = asoc ? asoc->base.sk : NULL; 114 skb_shinfo(skb)->destructor_arg = chunk; 115 skb->destructor = sctp_control_release_owner; 116} 117 118/* What was the inbound interface for this chunk? */ 119int sctp_chunk_iif(const struct sctp_chunk *chunk) 120{ 121 struct sk_buff *skb = chunk->skb; 122 123 return SCTP_INPUT_CB(skb)->af->skb_iif(skb); 124} 125 126/* RFC 2960 3.3.2 Initiation (INIT) (1) 127 * 128 * Note 2: The ECN capable field is reserved for future use of 129 * Explicit Congestion Notification. 130 */ 131static const struct sctp_paramhdr ecap_param = { 132 SCTP_PARAM_ECN_CAPABLE, 133 cpu_to_be16(sizeof(struct sctp_paramhdr)), 134}; 135static const struct sctp_paramhdr prsctp_param = { 136 SCTP_PARAM_FWD_TSN_SUPPORT, 137 cpu_to_be16(sizeof(struct sctp_paramhdr)), 138}; 139 140/* A helper to initialize an op error inside a provided chunk, as most 141 * cause codes will be embedded inside an abort chunk. 142 */ 143int sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code, 144 size_t paylen) 145{ 146 struct sctp_errhdr err; 147 __u16 len; 148 149 /* Cause code constants are now defined in network order. */ 150 err.cause = cause_code; 151 len = sizeof(err) + paylen; 152 err.length = htons(len); 153 154 if (skb_tailroom(chunk->skb) < len) 155 return -ENOSPC; 156 157 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(err), &err); 158 159 return 0; 160} 161 162/* 3.3.2 Initiation (INIT) (1) 163 * 164 * This chunk is used to initiate a SCTP association between two 165 * endpoints. The format of the INIT chunk is shown below: 166 * 167 * 0 1 2 3 168 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 169 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 * | Type = 1 | Chunk Flags | Chunk Length | 171 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 * | Initiate Tag | 173 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 * | Advertised Receiver Window Credit (a_rwnd) | 175 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 176 * | Number of Outbound Streams | Number of Inbound Streams | 177 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 178 * | Initial TSN | 179 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 180 * \ \ 181 * / Optional/Variable-Length Parameters / 182 * \ \ 183 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 * 185 * 186 * The INIT chunk contains the following parameters. Unless otherwise 187 * noted, each parameter MUST only be included once in the INIT chunk. 188 * 189 * Fixed Parameters Status 190 * ---------------------------------------------- 191 * Initiate Tag Mandatory 192 * Advertised Receiver Window Credit Mandatory 193 * Number of Outbound Streams Mandatory 194 * Number of Inbound Streams Mandatory 195 * Initial TSN Mandatory 196 * 197 * Variable Parameters Status Type Value 198 * ------------------------------------------------------------- 199 * IPv4 Address (Note 1) Optional 5 200 * IPv6 Address (Note 1) Optional 6 201 * Cookie Preservative Optional 9 202 * Reserved for ECN Capable (Note 2) Optional 32768 (0x8000) 203 * Host Name Address (Note 3) Optional 11 204 * Supported Address Types (Note 4) Optional 12 205 */ 206struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc, 207 const struct sctp_bind_addr *bp, 208 gfp_t gfp, int vparam_len) 209{ 210 struct sctp_supported_ext_param ext_param; 211 struct sctp_adaptation_ind_param aiparam; 212 struct sctp_paramhdr *auth_chunks = NULL; 213 struct sctp_paramhdr *auth_hmacs = NULL; 214 struct sctp_supported_addrs_param sat; 215 struct sctp_endpoint *ep = asoc->ep; 216 struct sctp_chunk *retval = NULL; 217 int num_types, addrs_len = 0; 218 struct sctp_inithdr init; 219 union sctp_params addrs; 220 struct sctp_sock *sp; 221 __u8 extensions[5]; 222 size_t chunksize; 223 __be16 types[2]; 224 int num_ext = 0; 225 226 /* RFC 2960 3.3.2 Initiation (INIT) (1) 227 * 228 * Note 1: The INIT chunks can contain multiple addresses that 229 * can be IPv4 and/or IPv6 in any combination. 230 */ 231 232 /* Convert the provided bind address list to raw format. */ 233 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp); 234 235 init.init_tag = htonl(asoc->c.my_vtag); 236 init.a_rwnd = htonl(asoc->rwnd); 237 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 238 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 239 init.initial_tsn = htonl(asoc->c.initial_tsn); 240 241 /* How many address types are needed? */ 242 sp = sctp_sk(asoc->base.sk); 243 num_types = sp->pf->supported_addrs(sp, types); 244 245 chunksize = sizeof(init) + addrs_len; 246 chunksize += SCTP_PAD4(SCTP_SAT_LEN(num_types)); 247 248 if (asoc->ep->ecn_enable) 249 chunksize += sizeof(ecap_param); 250 251 if (asoc->ep->prsctp_enable) 252 chunksize += sizeof(prsctp_param); 253 254 /* ADDIP: Section 4.2.7: 255 * An implementation supporting this extension [ADDIP] MUST list 256 * the ASCONF,the ASCONF-ACK, and the AUTH chunks in its INIT and 257 * INIT-ACK parameters. 258 */ 259 if (asoc->ep->asconf_enable) { 260 extensions[num_ext] = SCTP_CID_ASCONF; 261 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 262 num_ext += 2; 263 } 264 265 if (asoc->ep->reconf_enable) { 266 extensions[num_ext] = SCTP_CID_RECONF; 267 num_ext += 1; 268 } 269 270 if (sp->adaptation_ind) 271 chunksize += sizeof(aiparam); 272 273 if (asoc->ep->intl_enable) { 274 extensions[num_ext] = SCTP_CID_I_DATA; 275 num_ext += 1; 276 } 277 278 chunksize += vparam_len; 279 280 /* Account for AUTH related parameters */ 281 if (ep->auth_enable) { 282 /* Add random parameter length*/ 283 chunksize += sizeof(asoc->c.auth_random); 284 285 /* Add HMACS parameter length if any were defined */ 286 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 287 if (auth_hmacs->length) 288 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 289 else 290 auth_hmacs = NULL; 291 292 /* Add CHUNKS parameter length */ 293 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 294 if (auth_chunks->length) 295 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 296 else 297 auth_chunks = NULL; 298 299 extensions[num_ext] = SCTP_CID_AUTH; 300 num_ext += 1; 301 } 302 303 /* If we have any extensions to report, account for that */ 304 if (num_ext) 305 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 306 307 /* RFC 2960 3.3.2 Initiation (INIT) (1) 308 * 309 * Note 3: An INIT chunk MUST NOT contain more than one Host 310 * Name address parameter. Moreover, the sender of the INIT 311 * MUST NOT combine any other address types with the Host Name 312 * address in the INIT. The receiver of INIT MUST ignore any 313 * other address types if the Host Name address parameter is 314 * present in the received INIT chunk. 315 * 316 * PLEASE DO NOT FIXME [This version does not support Host Name.] 317 */ 318 319 retval = sctp_make_control(asoc, SCTP_CID_INIT, 0, chunksize, gfp); 320 if (!retval) 321 goto nodata; 322 323 retval->subh.init_hdr = 324 sctp_addto_chunk(retval, sizeof(init), &init); 325 retval->param_hdr.v = 326 sctp_addto_chunk(retval, addrs_len, addrs.v); 327 328 /* RFC 2960 3.3.2 Initiation (INIT) (1) 329 * 330 * Note 4: This parameter, when present, specifies all the 331 * address types the sending endpoint can support. The absence 332 * of this parameter indicates that the sending endpoint can 333 * support any address type. 334 */ 335 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES; 336 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types)); 337 sctp_addto_chunk(retval, sizeof(sat), &sat); 338 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types); 339 340 if (asoc->ep->ecn_enable) 341 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 342 343 /* Add the supported extensions parameter. Be nice and add this 344 * fist before addiding the parameters for the extensions themselves 345 */ 346 if (num_ext) { 347 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 348 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 349 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 350 sctp_addto_param(retval, num_ext, extensions); 351 } 352 353 if (asoc->ep->prsctp_enable) 354 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 355 356 if (sp->adaptation_ind) { 357 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 358 aiparam.param_hdr.length = htons(sizeof(aiparam)); 359 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 360 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 361 } 362 363 /* Add SCTP-AUTH chunks to the parameter list */ 364 if (ep->auth_enable) { 365 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random), 366 asoc->c.auth_random); 367 if (auth_hmacs) 368 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 369 auth_hmacs); 370 if (auth_chunks) 371 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 372 auth_chunks); 373 } 374nodata: 375 kfree(addrs.v); 376 return retval; 377} 378 379struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc, 380 const struct sctp_chunk *chunk, 381 gfp_t gfp, int unkparam_len) 382{ 383 struct sctp_supported_ext_param ext_param; 384 struct sctp_adaptation_ind_param aiparam; 385 struct sctp_paramhdr *auth_chunks = NULL; 386 struct sctp_paramhdr *auth_random = NULL; 387 struct sctp_paramhdr *auth_hmacs = NULL; 388 struct sctp_chunk *retval = NULL; 389 struct sctp_cookie_param *cookie; 390 struct sctp_inithdr initack; 391 union sctp_params addrs; 392 struct sctp_sock *sp; 393 __u8 extensions[5]; 394 size_t chunksize; 395 int num_ext = 0; 396 int cookie_len; 397 int addrs_len; 398 399 /* Note: there may be no addresses to embed. */ 400 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp); 401 402 initack.init_tag = htonl(asoc->c.my_vtag); 403 initack.a_rwnd = htonl(asoc->rwnd); 404 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams); 405 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams); 406 initack.initial_tsn = htonl(asoc->c.initial_tsn); 407 408 /* FIXME: We really ought to build the cookie right 409 * into the packet instead of allocating more fresh memory. 410 */ 411 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len, 412 addrs.v, addrs_len); 413 if (!cookie) 414 goto nomem_cookie; 415 416 /* Calculate the total size of allocation, include the reserved 417 * space for reporting unknown parameters if it is specified. 418 */ 419 sp = sctp_sk(asoc->base.sk); 420 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len; 421 422 /* Tell peer that we'll do ECN only if peer advertised such cap. */ 423 if (asoc->peer.ecn_capable) 424 chunksize += sizeof(ecap_param); 425 426 if (asoc->peer.prsctp_capable) 427 chunksize += sizeof(prsctp_param); 428 429 if (asoc->peer.asconf_capable) { 430 extensions[num_ext] = SCTP_CID_ASCONF; 431 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK; 432 num_ext += 2; 433 } 434 435 if (asoc->peer.reconf_capable) { 436 extensions[num_ext] = SCTP_CID_RECONF; 437 num_ext += 1; 438 } 439 440 if (sp->adaptation_ind) 441 chunksize += sizeof(aiparam); 442 443 if (asoc->peer.intl_capable) { 444 extensions[num_ext] = SCTP_CID_I_DATA; 445 num_ext += 1; 446 } 447 448 if (asoc->peer.auth_capable) { 449 auth_random = (struct sctp_paramhdr *)asoc->c.auth_random; 450 chunksize += ntohs(auth_random->length); 451 452 auth_hmacs = (struct sctp_paramhdr *)asoc->c.auth_hmacs; 453 if (auth_hmacs->length) 454 chunksize += SCTP_PAD4(ntohs(auth_hmacs->length)); 455 else 456 auth_hmacs = NULL; 457 458 auth_chunks = (struct sctp_paramhdr *)asoc->c.auth_chunks; 459 if (auth_chunks->length) 460 chunksize += SCTP_PAD4(ntohs(auth_chunks->length)); 461 else 462 auth_chunks = NULL; 463 464 extensions[num_ext] = SCTP_CID_AUTH; 465 num_ext += 1; 466 } 467 468 if (num_ext) 469 chunksize += SCTP_PAD4(sizeof(ext_param) + num_ext); 470 471 /* Now allocate and fill out the chunk. */ 472 retval = sctp_make_control(asoc, SCTP_CID_INIT_ACK, 0, chunksize, gfp); 473 if (!retval) 474 goto nomem_chunk; 475 476 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 477 * 478 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 479 * HEARTBEAT ACK, * etc.) to the same destination transport 480 * address from which it received the DATA or control chunk 481 * to which it is replying. 482 * 483 * [INIT ACK back to where the INIT came from.] 484 */ 485 if (chunk->transport) 486 retval->transport = 487 sctp_assoc_lookup_paddr(asoc, 488 &chunk->transport->ipaddr); 489 490 retval->subh.init_hdr = 491 sctp_addto_chunk(retval, sizeof(initack), &initack); 492 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v); 493 sctp_addto_chunk(retval, cookie_len, cookie); 494 if (asoc->peer.ecn_capable) 495 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param); 496 if (num_ext) { 497 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT; 498 ext_param.param_hdr.length = htons(sizeof(ext_param) + num_ext); 499 sctp_addto_chunk(retval, sizeof(ext_param), &ext_param); 500 sctp_addto_param(retval, num_ext, extensions); 501 } 502 if (asoc->peer.prsctp_capable) 503 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param); 504 505 if (sp->adaptation_ind) { 506 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND; 507 aiparam.param_hdr.length = htons(sizeof(aiparam)); 508 aiparam.adaptation_ind = htonl(sp->adaptation_ind); 509 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam); 510 } 511 512 if (asoc->peer.auth_capable) { 513 sctp_addto_chunk(retval, ntohs(auth_random->length), 514 auth_random); 515 if (auth_hmacs) 516 sctp_addto_chunk(retval, ntohs(auth_hmacs->length), 517 auth_hmacs); 518 if (auth_chunks) 519 sctp_addto_chunk(retval, ntohs(auth_chunks->length), 520 auth_chunks); 521 } 522 523 /* We need to remove the const qualifier at this point. */ 524 retval->asoc = (struct sctp_association *) asoc; 525 526nomem_chunk: 527 kfree(cookie); 528nomem_cookie: 529 kfree(addrs.v); 530 return retval; 531} 532 533/* 3.3.11 Cookie Echo (COOKIE ECHO) (10): 534 * 535 * This chunk is used only during the initialization of an association. 536 * It is sent by the initiator of an association to its peer to complete 537 * the initialization process. This chunk MUST precede any DATA chunk 538 * sent within the association, but MAY be bundled with one or more DATA 539 * chunks in the same packet. 540 * 541 * 0 1 2 3 542 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 543 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 * | Type = 10 |Chunk Flags | Length | 545 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 * / Cookie / 547 * \ \ 548 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 549 * 550 * Chunk Flags: 8 bit 551 * 552 * Set to zero on transmit and ignored on receipt. 553 * 554 * Length: 16 bits (unsigned integer) 555 * 556 * Set to the size of the chunk in bytes, including the 4 bytes of 557 * the chunk header and the size of the Cookie. 558 * 559 * Cookie: variable size 560 * 561 * This field must contain the exact cookie received in the 562 * State Cookie parameter from the previous INIT ACK. 563 * 564 * An implementation SHOULD make the cookie as small as possible 565 * to insure interoperability. 566 */ 567struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc, 568 const struct sctp_chunk *chunk) 569{ 570 struct sctp_chunk *retval; 571 int cookie_len; 572 void *cookie; 573 574 cookie = asoc->peer.cookie; 575 cookie_len = asoc->peer.cookie_len; 576 577 /* Build a cookie echo chunk. */ 578 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ECHO, 0, 579 cookie_len, GFP_ATOMIC); 580 if (!retval) 581 goto nodata; 582 retval->subh.cookie_hdr = 583 sctp_addto_chunk(retval, cookie_len, cookie); 584 585 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 586 * 587 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 588 * HEARTBEAT ACK, * etc.) to the same destination transport 589 * address from which it * received the DATA or control chunk 590 * to which it is replying. 591 * 592 * [COOKIE ECHO back to where the INIT ACK came from.] 593 */ 594 if (chunk) 595 retval->transport = chunk->transport; 596 597nodata: 598 return retval; 599} 600 601/* 3.3.12 Cookie Acknowledgement (COOKIE ACK) (11): 602 * 603 * This chunk is used only during the initialization of an 604 * association. It is used to acknowledge the receipt of a COOKIE 605 * ECHO chunk. This chunk MUST precede any DATA or SACK chunk sent 606 * within the association, but MAY be bundled with one or more DATA 607 * chunks or SACK chunk in the same SCTP packet. 608 * 609 * 0 1 2 3 610 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 611 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 612 * | Type = 11 |Chunk Flags | Length = 4 | 613 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 614 * 615 * Chunk Flags: 8 bits 616 * 617 * Set to zero on transmit and ignored on receipt. 618 */ 619struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc, 620 const struct sctp_chunk *chunk) 621{ 622 struct sctp_chunk *retval; 623 624 retval = sctp_make_control(asoc, SCTP_CID_COOKIE_ACK, 0, 0, GFP_ATOMIC); 625 626 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 627 * 628 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 629 * HEARTBEAT ACK, * etc.) to the same destination transport 630 * address from which it * received the DATA or control chunk 631 * to which it is replying. 632 * 633 * [COOKIE ACK back to where the COOKIE ECHO came from.] 634 */ 635 if (retval && chunk && chunk->transport) 636 retval->transport = 637 sctp_assoc_lookup_paddr(asoc, 638 &chunk->transport->ipaddr); 639 640 return retval; 641} 642 643/* 644 * Appendix A: Explicit Congestion Notification: 645 * CWR: 646 * 647 * RFC 2481 details a specific bit for a sender to send in the header of 648 * its next outbound TCP segment to indicate to its peer that it has 649 * reduced its congestion window. This is termed the CWR bit. For 650 * SCTP the same indication is made by including the CWR chunk. 651 * This chunk contains one data element, i.e. the TSN number that 652 * was sent in the ECNE chunk. This element represents the lowest 653 * TSN number in the datagram that was originally marked with the 654 * CE bit. 655 * 656 * 0 1 2 3 657 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 658 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 659 * | Chunk Type=13 | Flags=00000000| Chunk Length = 8 | 660 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 661 * | Lowest TSN Number | 662 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 663 * 664 * Note: The CWR is considered a Control chunk. 665 */ 666struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc, 667 const __u32 lowest_tsn, 668 const struct sctp_chunk *chunk) 669{ 670 struct sctp_chunk *retval; 671 struct sctp_cwrhdr cwr; 672 673 cwr.lowest_tsn = htonl(lowest_tsn); 674 retval = sctp_make_control(asoc, SCTP_CID_ECN_CWR, 0, 675 sizeof(cwr), GFP_ATOMIC); 676 677 if (!retval) 678 goto nodata; 679 680 retval->subh.ecn_cwr_hdr = 681 sctp_addto_chunk(retval, sizeof(cwr), &cwr); 682 683 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 684 * 685 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 686 * HEARTBEAT ACK, * etc.) to the same destination transport 687 * address from which it * received the DATA or control chunk 688 * to which it is replying. 689 * 690 * [Report a reduced congestion window back to where the ECNE 691 * came from.] 692 */ 693 if (chunk) 694 retval->transport = chunk->transport; 695 696nodata: 697 return retval; 698} 699 700/* Make an ECNE chunk. This is a congestion experienced report. */ 701struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc, 702 const __u32 lowest_tsn) 703{ 704 struct sctp_chunk *retval; 705 struct sctp_ecnehdr ecne; 706 707 ecne.lowest_tsn = htonl(lowest_tsn); 708 retval = sctp_make_control(asoc, SCTP_CID_ECN_ECNE, 0, 709 sizeof(ecne), GFP_ATOMIC); 710 if (!retval) 711 goto nodata; 712 retval->subh.ecne_hdr = 713 sctp_addto_chunk(retval, sizeof(ecne), &ecne); 714 715nodata: 716 return retval; 717} 718 719/* Make a DATA chunk for the given association from the provided 720 * parameters. However, do not populate the data payload. 721 */ 722struct sctp_chunk *sctp_make_datafrag_empty(const struct sctp_association *asoc, 723 const struct sctp_sndrcvinfo *sinfo, 724 int len, __u8 flags, gfp_t gfp) 725{ 726 struct sctp_chunk *retval; 727 struct sctp_datahdr dp; 728 729 /* We assign the TSN as LATE as possible, not here when 730 * creating the chunk. 731 */ 732 memset(&dp, 0, sizeof(dp)); 733 dp.ppid = sinfo->sinfo_ppid; 734 dp.stream = htons(sinfo->sinfo_stream); 735 736 /* Set the flags for an unordered send. */ 737 if (sinfo->sinfo_flags & SCTP_UNORDERED) 738 flags |= SCTP_DATA_UNORDERED; 739 740 retval = sctp_make_data(asoc, flags, sizeof(dp) + len, gfp); 741 if (!retval) 742 return NULL; 743 744 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp); 745 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo)); 746 747 return retval; 748} 749 750/* Create a selective ackowledgement (SACK) for the given 751 * association. This reports on which TSN's we've seen to date, 752 * including duplicates and gaps. 753 */ 754struct sctp_chunk *sctp_make_sack(struct sctp_association *asoc) 755{ 756 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map; 757 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS]; 758 __u16 num_gabs, num_dup_tsns; 759 struct sctp_transport *trans; 760 struct sctp_chunk *retval; 761 struct sctp_sackhdr sack; 762 __u32 ctsn; 763 int len; 764 765 memset(gabs, 0, sizeof(gabs)); 766 ctsn = sctp_tsnmap_get_ctsn(map); 767 768 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn); 769 770 /* How much room is needed in the chunk? */ 771 num_gabs = sctp_tsnmap_num_gabs(map, gabs); 772 num_dup_tsns = sctp_tsnmap_num_dups(map); 773 774 /* Initialize the SACK header. */ 775 sack.cum_tsn_ack = htonl(ctsn); 776 sack.a_rwnd = htonl(asoc->a_rwnd); 777 sack.num_gap_ack_blocks = htons(num_gabs); 778 sack.num_dup_tsns = htons(num_dup_tsns); 779 780 len = sizeof(sack) 781 + sizeof(struct sctp_gap_ack_block) * num_gabs 782 + sizeof(__u32) * num_dup_tsns; 783 784 /* Create the chunk. */ 785 retval = sctp_make_control(asoc, SCTP_CID_SACK, 0, len, GFP_ATOMIC); 786 if (!retval) 787 goto nodata; 788 789 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 790 * 791 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 792 * HEARTBEAT ACK, etc.) to the same destination transport 793 * address from which it received the DATA or control chunk to 794 * which it is replying. This rule should also be followed if 795 * the endpoint is bundling DATA chunks together with the 796 * reply chunk. 797 * 798 * However, when acknowledging multiple DATA chunks received 799 * in packets from different source addresses in a single 800 * SACK, the SACK chunk may be transmitted to one of the 801 * destination transport addresses from which the DATA or 802 * control chunks being acknowledged were received. 803 * 804 * [BUG: We do not implement the following paragraph. 805 * Perhaps we should remember the last transport we used for a 806 * SACK and avoid that (if possible) if we have seen any 807 * duplicates. --piggy] 808 * 809 * When a receiver of a duplicate DATA chunk sends a SACK to a 810 * multi- homed endpoint it MAY be beneficial to vary the 811 * destination address and not use the source address of the 812 * DATA chunk. The reason being that receiving a duplicate 813 * from a multi-homed endpoint might indicate that the return 814 * path (as specified in the source address of the DATA chunk) 815 * for the SACK is broken. 816 * 817 * [Send to the address from which we last received a DATA chunk.] 818 */ 819 retval->transport = asoc->peer.last_data_from; 820 821 retval->subh.sack_hdr = 822 sctp_addto_chunk(retval, sizeof(sack), &sack); 823 824 /* Add the gap ack block information. */ 825 if (num_gabs) 826 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs, 827 gabs); 828 829 /* Add the duplicate TSN information. */ 830 if (num_dup_tsns) { 831 asoc->stats.idupchunks += num_dup_tsns; 832 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns, 833 sctp_tsnmap_get_dups(map)); 834 } 835 /* Once we have a sack generated, check to see what our sack 836 * generation is, if its 0, reset the transports to 0, and reset 837 * the association generation to 1 838 * 839 * The idea is that zero is never used as a valid generation for the 840 * association so no transport will match after a wrap event like this, 841 * Until the next sack 842 */ 843 if (++asoc->peer.sack_generation == 0) { 844 list_for_each_entry(trans, &asoc->peer.transport_addr_list, 845 transports) 846 trans->sack_generation = 0; 847 asoc->peer.sack_generation = 1; 848 } 849nodata: 850 return retval; 851} 852 853/* Make a SHUTDOWN chunk. */ 854struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc, 855 const struct sctp_chunk *chunk) 856{ 857 struct sctp_shutdownhdr shut; 858 struct sctp_chunk *retval; 859 __u32 ctsn; 860 861 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map); 862 shut.cum_tsn_ack = htonl(ctsn); 863 864 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN, 0, 865 sizeof(shut), GFP_ATOMIC); 866 if (!retval) 867 goto nodata; 868 869 retval->subh.shutdown_hdr = 870 sctp_addto_chunk(retval, sizeof(shut), &shut); 871 872 if (chunk) 873 retval->transport = chunk->transport; 874nodata: 875 return retval; 876} 877 878struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc, 879 const struct sctp_chunk *chunk) 880{ 881 struct sctp_chunk *retval; 882 883 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0, 884 GFP_ATOMIC); 885 886 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 887 * 888 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 889 * HEARTBEAT ACK, * etc.) to the same destination transport 890 * address from which it * received the DATA or control chunk 891 * to which it is replying. 892 * 893 * [ACK back to where the SHUTDOWN came from.] 894 */ 895 if (retval && chunk) 896 retval->transport = chunk->transport; 897 898 return retval; 899} 900 901struct sctp_chunk *sctp_make_shutdown_complete( 902 const struct sctp_association *asoc, 903 const struct sctp_chunk *chunk) 904{ 905 struct sctp_chunk *retval; 906 __u8 flags = 0; 907 908 /* Set the T-bit if we have no association (vtag will be 909 * reflected) 910 */ 911 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T; 912 913 retval = sctp_make_control(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 914 0, GFP_ATOMIC); 915 916 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 917 * 918 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 919 * HEARTBEAT ACK, * etc.) to the same destination transport 920 * address from which it * received the DATA or control chunk 921 * to which it is replying. 922 * 923 * [Report SHUTDOWN COMPLETE back to where the SHUTDOWN ACK 924 * came from.] 925 */ 926 if (retval && chunk) 927 retval->transport = chunk->transport; 928 929 return retval; 930} 931 932/* Create an ABORT. Note that we set the T bit if we have no 933 * association, except when responding to an INIT (sctpimpguide 2.41). 934 */ 935struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc, 936 const struct sctp_chunk *chunk, 937 const size_t hint) 938{ 939 struct sctp_chunk *retval; 940 __u8 flags = 0; 941 942 /* Set the T-bit if we have no association and 'chunk' is not 943 * an INIT (vtag will be reflected). 944 */ 945 if (!asoc) { 946 if (chunk && chunk->chunk_hdr && 947 chunk->chunk_hdr->type == SCTP_CID_INIT) 948 flags = 0; 949 else 950 flags = SCTP_CHUNK_FLAG_T; 951 } 952 953 retval = sctp_make_control(asoc, SCTP_CID_ABORT, flags, hint, 954 GFP_ATOMIC); 955 956 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 957 * 958 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 959 * HEARTBEAT ACK, * etc.) to the same destination transport 960 * address from which it * received the DATA or control chunk 961 * to which it is replying. 962 * 963 * [ABORT back to where the offender came from.] 964 */ 965 if (retval && chunk) 966 retval->transport = chunk->transport; 967 968 return retval; 969} 970 971/* Helper to create ABORT with a NO_USER_DATA error. */ 972struct sctp_chunk *sctp_make_abort_no_data( 973 const struct sctp_association *asoc, 974 const struct sctp_chunk *chunk, 975 __u32 tsn) 976{ 977 struct sctp_chunk *retval; 978 __be32 payload; 979 980 retval = sctp_make_abort(asoc, chunk, 981 sizeof(struct sctp_errhdr) + sizeof(tsn)); 982 983 if (!retval) 984 goto no_mem; 985 986 /* Put the tsn back into network byte order. */ 987 payload = htonl(tsn); 988 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload)); 989 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload); 990 991 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 992 * 993 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 994 * HEARTBEAT ACK, * etc.) to the same destination transport 995 * address from which it * received the DATA or control chunk 996 * to which it is replying. 997 * 998 * [ABORT back to where the offender came from.] 999 */ 1000 if (chunk) 1001 retval->transport = chunk->transport; 1002 1003no_mem: 1004 return retval; 1005} 1006 1007/* Helper to create ABORT with a SCTP_ERROR_USER_ABORT error. */ 1008struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc, 1009 struct msghdr *msg, 1010 size_t paylen) 1011{ 1012 struct sctp_chunk *retval; 1013 void *payload = NULL; 1014 int err; 1015 1016 retval = sctp_make_abort(asoc, NULL, 1017 sizeof(struct sctp_errhdr) + paylen); 1018 if (!retval) 1019 goto err_chunk; 1020 1021 if (paylen) { 1022 /* Put the msg_iov together into payload. */ 1023 payload = kmalloc(paylen, GFP_KERNEL); 1024 if (!payload) 1025 goto err_payload; 1026 1027 err = memcpy_from_msg(payload, msg, paylen); 1028 if (err < 0) 1029 goto err_copy; 1030 } 1031 1032 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen); 1033 sctp_addto_chunk(retval, paylen, payload); 1034 1035 if (paylen) 1036 kfree(payload); 1037 1038 return retval; 1039 1040err_copy: 1041 kfree(payload); 1042err_payload: 1043 sctp_chunk_free(retval); 1044 retval = NULL; 1045err_chunk: 1046 return retval; 1047} 1048 1049/* Append bytes to the end of a parameter. Will panic if chunk is not big 1050 * enough. 1051 */ 1052static void *sctp_addto_param(struct sctp_chunk *chunk, int len, 1053 const void *data) 1054{ 1055 int chunklen = ntohs(chunk->chunk_hdr->length); 1056 void *target; 1057 1058 target = skb_put(chunk->skb, len); 1059 1060 if (data) 1061 memcpy(target, data, len); 1062 else 1063 memset(target, 0, len); 1064 1065 /* Adjust the chunk length field. */ 1066 chunk->chunk_hdr->length = htons(chunklen + len); 1067 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1068 1069 return target; 1070} 1071 1072/* Make an ABORT chunk with a PROTOCOL VIOLATION cause code. */ 1073struct sctp_chunk *sctp_make_abort_violation( 1074 const struct sctp_association *asoc, 1075 const struct sctp_chunk *chunk, 1076 const __u8 *payload, 1077 const size_t paylen) 1078{ 1079 struct sctp_chunk *retval; 1080 struct sctp_paramhdr phdr; 1081 1082 retval = sctp_make_abort(asoc, chunk, sizeof(struct sctp_errhdr) + 1083 paylen + sizeof(phdr)); 1084 if (!retval) 1085 goto end; 1086 1087 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen + 1088 sizeof(phdr)); 1089 1090 phdr.type = htons(chunk->chunk_hdr->type); 1091 phdr.length = chunk->chunk_hdr->length; 1092 sctp_addto_chunk(retval, paylen, payload); 1093 sctp_addto_param(retval, sizeof(phdr), &phdr); 1094 1095end: 1096 return retval; 1097} 1098 1099struct sctp_chunk *sctp_make_violation_paramlen( 1100 const struct sctp_association *asoc, 1101 const struct sctp_chunk *chunk, 1102 struct sctp_paramhdr *param) 1103{ 1104 static const char error[] = "The following parameter had invalid length:"; 1105 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr) + 1106 sizeof(*param); 1107 struct sctp_chunk *retval; 1108 1109 retval = sctp_make_abort(asoc, chunk, payload_len); 1110 if (!retval) 1111 goto nodata; 1112 1113 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, 1114 sizeof(error) + sizeof(*param)); 1115 sctp_addto_chunk(retval, sizeof(error), error); 1116 sctp_addto_param(retval, sizeof(*param), param); 1117 1118nodata: 1119 return retval; 1120} 1121 1122struct sctp_chunk *sctp_make_violation_max_retrans( 1123 const struct sctp_association *asoc, 1124 const struct sctp_chunk *chunk) 1125{ 1126 static const char error[] = "Association exceeded its max_retrans count"; 1127 size_t payload_len = sizeof(error) + sizeof(struct sctp_errhdr); 1128 struct sctp_chunk *retval; 1129 1130 retval = sctp_make_abort(asoc, chunk, payload_len); 1131 if (!retval) 1132 goto nodata; 1133 1134 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error)); 1135 sctp_addto_chunk(retval, sizeof(error), error); 1136 1137nodata: 1138 return retval; 1139} 1140 1141struct sctp_chunk *sctp_make_new_encap_port(const struct sctp_association *asoc, 1142 const struct sctp_chunk *chunk) 1143{ 1144 struct sctp_new_encap_port_hdr nep; 1145 struct sctp_chunk *retval; 1146 1147 retval = sctp_make_abort(asoc, chunk, 1148 sizeof(struct sctp_errhdr) + sizeof(nep)); 1149 if (!retval) 1150 goto nodata; 1151 1152 sctp_init_cause(retval, SCTP_ERROR_NEW_ENCAP_PORT, sizeof(nep)); 1153 nep.cur_port = SCTP_INPUT_CB(chunk->skb)->encap_port; 1154 nep.new_port = chunk->transport->encap_port; 1155 sctp_addto_chunk(retval, sizeof(nep), &nep); 1156 1157nodata: 1158 return retval; 1159} 1160 1161/* Make a HEARTBEAT chunk. */ 1162struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc, 1163 const struct sctp_transport *transport, 1164 __u32 probe_size) 1165{ 1166 struct sctp_sender_hb_info hbinfo = {}; 1167 struct sctp_chunk *retval; 1168 1169 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT, 0, 1170 sizeof(hbinfo), GFP_ATOMIC); 1171 1172 if (!retval) 1173 goto nodata; 1174 1175 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO; 1176 hbinfo.param_hdr.length = htons(sizeof(hbinfo)); 1177 hbinfo.daddr = transport->ipaddr; 1178 hbinfo.sent_at = jiffies; 1179 hbinfo.hb_nonce = transport->hb_nonce; 1180 hbinfo.probe_size = probe_size; 1181 1182 /* Cast away the 'const', as this is just telling the chunk 1183 * what transport it belongs to. 1184 */ 1185 retval->transport = (struct sctp_transport *) transport; 1186 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo), 1187 &hbinfo); 1188 retval->pmtu_probe = !!probe_size; 1189 1190nodata: 1191 return retval; 1192} 1193 1194struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc, 1195 const struct sctp_chunk *chunk, 1196 const void *payload, 1197 const size_t paylen) 1198{ 1199 struct sctp_chunk *retval; 1200 1201 retval = sctp_make_control(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen, 1202 GFP_ATOMIC); 1203 if (!retval) 1204 goto nodata; 1205 1206 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload); 1207 1208 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1209 * 1210 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1211 * HEARTBEAT ACK, * etc.) to the same destination transport 1212 * address from which it * received the DATA or control chunk 1213 * to which it is replying. 1214 * 1215 * [HBACK back to where the HEARTBEAT came from.] 1216 */ 1217 if (chunk) 1218 retval->transport = chunk->transport; 1219 1220nodata: 1221 return retval; 1222} 1223 1224/* RFC4820 3. Padding Chunk (PAD) 1225 * 0 1 2 3 1226 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1227 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1228 * | Type = 0x84 | Flags=0 | Length | 1229 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1230 * | | 1231 * \ Padding Data / 1232 * / \ 1233 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1234 */ 1235struct sctp_chunk *sctp_make_pad(const struct sctp_association *asoc, int len) 1236{ 1237 struct sctp_chunk *retval; 1238 1239 retval = sctp_make_control(asoc, SCTP_CID_PAD, 0, len, GFP_ATOMIC); 1240 if (!retval) 1241 return NULL; 1242 1243 skb_put_zero(retval->skb, len); 1244 retval->chunk_hdr->length = htons(ntohs(retval->chunk_hdr->length) + len); 1245 retval->chunk_end = skb_tail_pointer(retval->skb); 1246 1247 return retval; 1248} 1249 1250/* Create an Operation Error chunk with the specified space reserved. 1251 * This routine can be used for containing multiple causes in the chunk. 1252 */ 1253static struct sctp_chunk *sctp_make_op_error_space( 1254 const struct sctp_association *asoc, 1255 const struct sctp_chunk *chunk, 1256 size_t size) 1257{ 1258 struct sctp_chunk *retval; 1259 1260 retval = sctp_make_control(asoc, SCTP_CID_ERROR, 0, 1261 sizeof(struct sctp_errhdr) + size, 1262 GFP_ATOMIC); 1263 if (!retval) 1264 goto nodata; 1265 1266 /* RFC 2960 6.4 Multi-homed SCTP Endpoints 1267 * 1268 * An endpoint SHOULD transmit reply chunks (e.g., SACK, 1269 * HEARTBEAT ACK, etc.) to the same destination transport 1270 * address from which it received the DATA or control chunk 1271 * to which it is replying. 1272 * 1273 */ 1274 if (chunk) 1275 retval->transport = chunk->transport; 1276 1277nodata: 1278 return retval; 1279} 1280 1281/* Create an Operation Error chunk of a fixed size, specifically, 1282 * min(asoc->pathmtu, SCTP_DEFAULT_MAXSEGMENT) - overheads. 1283 * This is a helper function to allocate an error chunk for those 1284 * invalid parameter codes in which we may not want to report all the 1285 * errors, if the incoming chunk is large. If it can't fit in a single 1286 * packet, we ignore it. 1287 */ 1288static inline struct sctp_chunk *sctp_make_op_error_limited( 1289 const struct sctp_association *asoc, 1290 const struct sctp_chunk *chunk) 1291{ 1292 size_t size = SCTP_DEFAULT_MAXSEGMENT; 1293 struct sctp_sock *sp = NULL; 1294 1295 if (asoc) { 1296 size = min_t(size_t, size, asoc->pathmtu); 1297 sp = sctp_sk(asoc->base.sk); 1298 } 1299 1300 size = sctp_mtu_payload(sp, size, sizeof(struct sctp_errhdr)); 1301 1302 return sctp_make_op_error_space(asoc, chunk, size); 1303} 1304 1305/* Create an Operation Error chunk. */ 1306struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc, 1307 const struct sctp_chunk *chunk, 1308 __be16 cause_code, const void *payload, 1309 size_t paylen, size_t reserve_tail) 1310{ 1311 struct sctp_chunk *retval; 1312 1313 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail); 1314 if (!retval) 1315 goto nodata; 1316 1317 sctp_init_cause(retval, cause_code, paylen + reserve_tail); 1318 sctp_addto_chunk(retval, paylen, payload); 1319 if (reserve_tail) 1320 sctp_addto_param(retval, reserve_tail, NULL); 1321 1322nodata: 1323 return retval; 1324} 1325 1326struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc, 1327 __u16 key_id) 1328{ 1329 struct sctp_authhdr auth_hdr; 1330 struct sctp_hmac *hmac_desc; 1331 struct sctp_chunk *retval; 1332 1333 /* Get the first hmac that the peer told us to use */ 1334 hmac_desc = sctp_auth_asoc_get_hmac(asoc); 1335 if (unlikely(!hmac_desc)) 1336 return NULL; 1337 1338 retval = sctp_make_control(asoc, SCTP_CID_AUTH, 0, 1339 hmac_desc->hmac_len + sizeof(auth_hdr), 1340 GFP_ATOMIC); 1341 if (!retval) 1342 return NULL; 1343 1344 auth_hdr.hmac_id = htons(hmac_desc->hmac_id); 1345 auth_hdr.shkey_id = htons(key_id); 1346 1347 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(auth_hdr), 1348 &auth_hdr); 1349 1350 skb_put_zero(retval->skb, hmac_desc->hmac_len); 1351 1352 /* Adjust the chunk header to include the empty MAC */ 1353 retval->chunk_hdr->length = 1354 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len); 1355 retval->chunk_end = skb_tail_pointer(retval->skb); 1356 1357 return retval; 1358} 1359 1360 1361/******************************************************************** 1362 * 2nd Level Abstractions 1363 ********************************************************************/ 1364 1365/* Turn an skb into a chunk. 1366 * FIXME: Eventually move the structure directly inside the skb->cb[]. 1367 * 1368 * sctpimpguide-05.txt Section 2.8.2 1369 * M1) Each time a new DATA chunk is transmitted 1370 * set the 'TSN.Missing.Report' count for that TSN to 0. The 1371 * 'TSN.Missing.Report' count will be used to determine missing chunks 1372 * and when to fast retransmit. 1373 * 1374 */ 1375struct sctp_chunk *sctp_chunkify(struct sk_buff *skb, 1376 const struct sctp_association *asoc, 1377 struct sock *sk, gfp_t gfp) 1378{ 1379 struct sctp_chunk *retval; 1380 1381 retval = kmem_cache_zalloc(sctp_chunk_cachep, gfp); 1382 1383 if (!retval) 1384 goto nodata; 1385 if (!sk) 1386 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb); 1387 1388 INIT_LIST_HEAD(&retval->list); 1389 retval->skb = skb; 1390 retval->asoc = (struct sctp_association *)asoc; 1391 retval->singleton = 1; 1392 1393 retval->fast_retransmit = SCTP_CAN_FRTX; 1394 1395 /* Polish the bead hole. */ 1396 INIT_LIST_HEAD(&retval->transmitted_list); 1397 INIT_LIST_HEAD(&retval->frag_list); 1398 SCTP_DBG_OBJCNT_INC(chunk); 1399 refcount_set(&retval->refcnt, 1); 1400 1401nodata: 1402 return retval; 1403} 1404 1405/* Set chunk->source and dest based on the IP header in chunk->skb. */ 1406void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src, 1407 union sctp_addr *dest) 1408{ 1409 memcpy(&chunk->source, src, sizeof(union sctp_addr)); 1410 memcpy(&chunk->dest, dest, sizeof(union sctp_addr)); 1411} 1412 1413/* Extract the source address from a chunk. */ 1414const union sctp_addr *sctp_source(const struct sctp_chunk *chunk) 1415{ 1416 /* If we have a known transport, use that. */ 1417 if (chunk->transport) { 1418 return &chunk->transport->ipaddr; 1419 } else { 1420 /* Otherwise, extract it from the IP header. */ 1421 return &chunk->source; 1422 } 1423} 1424 1425/* Create a new chunk, setting the type and flags headers from the 1426 * arguments, reserving enough space for a 'paylen' byte payload. 1427 */ 1428static struct sctp_chunk *_sctp_make_chunk(const struct sctp_association *asoc, 1429 __u8 type, __u8 flags, int paylen, 1430 gfp_t gfp) 1431{ 1432 struct sctp_chunkhdr *chunk_hdr; 1433 struct sctp_chunk *retval; 1434 struct sk_buff *skb; 1435 struct sock *sk; 1436 int chunklen; 1437 1438 chunklen = SCTP_PAD4(sizeof(*chunk_hdr) + paylen); 1439 if (chunklen > SCTP_MAX_CHUNK_LEN) 1440 goto nodata; 1441 1442 /* No need to allocate LL here, as this is only a chunk. */ 1443 skb = alloc_skb(chunklen, gfp); 1444 if (!skb) 1445 goto nodata; 1446 1447 /* Make room for the chunk header. */ 1448 chunk_hdr = (struct sctp_chunkhdr *)skb_put(skb, sizeof(*chunk_hdr)); 1449 chunk_hdr->type = type; 1450 chunk_hdr->flags = flags; 1451 chunk_hdr->length = htons(sizeof(*chunk_hdr)); 1452 1453 sk = asoc ? asoc->base.sk : NULL; 1454 retval = sctp_chunkify(skb, asoc, sk, gfp); 1455 if (!retval) { 1456 kfree_skb(skb); 1457 goto nodata; 1458 } 1459 1460 retval->chunk_hdr = chunk_hdr; 1461 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(*chunk_hdr); 1462 1463 /* Determine if the chunk needs to be authenticated */ 1464 if (sctp_auth_send_cid(type, asoc)) 1465 retval->auth = 1; 1466 1467 return retval; 1468nodata: 1469 return NULL; 1470} 1471 1472static struct sctp_chunk *sctp_make_data(const struct sctp_association *asoc, 1473 __u8 flags, int paylen, gfp_t gfp) 1474{ 1475 return _sctp_make_chunk(asoc, SCTP_CID_DATA, flags, paylen, gfp); 1476} 1477 1478struct sctp_chunk *sctp_make_idata(const struct sctp_association *asoc, 1479 __u8 flags, int paylen, gfp_t gfp) 1480{ 1481 return _sctp_make_chunk(asoc, SCTP_CID_I_DATA, flags, paylen, gfp); 1482} 1483 1484static struct sctp_chunk *sctp_make_control(const struct sctp_association *asoc, 1485 __u8 type, __u8 flags, int paylen, 1486 gfp_t gfp) 1487{ 1488 struct sctp_chunk *chunk; 1489 1490 chunk = _sctp_make_chunk(asoc, type, flags, paylen, gfp); 1491 if (chunk) 1492 sctp_control_set_owner_w(chunk); 1493 1494 return chunk; 1495} 1496 1497/* Release the memory occupied by a chunk. */ 1498static void sctp_chunk_destroy(struct sctp_chunk *chunk) 1499{ 1500 BUG_ON(!list_empty(&chunk->list)); 1501 list_del_init(&chunk->transmitted_list); 1502 1503 consume_skb(chunk->skb); 1504 consume_skb(chunk->auth_chunk); 1505 1506 SCTP_DBG_OBJCNT_DEC(chunk); 1507 kmem_cache_free(sctp_chunk_cachep, chunk); 1508} 1509 1510/* Possibly, free the chunk. */ 1511void sctp_chunk_free(struct sctp_chunk *chunk) 1512{ 1513 /* Release our reference on the message tracker. */ 1514 if (chunk->msg) 1515 sctp_datamsg_put(chunk->msg); 1516 1517 sctp_chunk_put(chunk); 1518} 1519 1520/* Grab a reference to the chunk. */ 1521void sctp_chunk_hold(struct sctp_chunk *ch) 1522{ 1523 refcount_inc(&ch->refcnt); 1524} 1525 1526/* Release a reference to the chunk. */ 1527void sctp_chunk_put(struct sctp_chunk *ch) 1528{ 1529 if (refcount_dec_and_test(&ch->refcnt)) 1530 sctp_chunk_destroy(ch); 1531} 1532 1533/* Append bytes to the end of a chunk. Will panic if chunk is not big 1534 * enough. 1535 */ 1536void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data) 1537{ 1538 int chunklen = ntohs(chunk->chunk_hdr->length); 1539 int padlen = SCTP_PAD4(chunklen) - chunklen; 1540 void *target; 1541 1542 skb_put_zero(chunk->skb, padlen); 1543 target = skb_put_data(chunk->skb, data, len); 1544 1545 /* Adjust the chunk length field. */ 1546 chunk->chunk_hdr->length = htons(chunklen + padlen + len); 1547 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1548 1549 return target; 1550} 1551 1552/* Append bytes from user space to the end of a chunk. Will panic if 1553 * chunk is not big enough. 1554 * Returns a kernel err value. 1555 */ 1556int sctp_user_addto_chunk(struct sctp_chunk *chunk, int len, 1557 struct iov_iter *from) 1558{ 1559 void *target; 1560 1561 /* Make room in chunk for data. */ 1562 target = skb_put(chunk->skb, len); 1563 1564 /* Copy data (whole iovec) into chunk */ 1565 if (!copy_from_iter_full(target, len, from)) 1566 return -EFAULT; 1567 1568 /* Adjust the chunk length field. */ 1569 chunk->chunk_hdr->length = 1570 htons(ntohs(chunk->chunk_hdr->length) + len); 1571 chunk->chunk_end = skb_tail_pointer(chunk->skb); 1572 1573 return 0; 1574} 1575 1576/* Helper function to assign a TSN if needed. This assumes that both 1577 * the data_hdr and association have already been assigned. 1578 */ 1579void sctp_chunk_assign_ssn(struct sctp_chunk *chunk) 1580{ 1581 struct sctp_stream *stream; 1582 struct sctp_chunk *lchunk; 1583 struct sctp_datamsg *msg; 1584 __u16 ssn, sid; 1585 1586 if (chunk->has_ssn) 1587 return; 1588 1589 /* All fragments will be on the same stream */ 1590 sid = ntohs(chunk->subh.data_hdr->stream); 1591 stream = &chunk->asoc->stream; 1592 1593 /* Now assign the sequence number to the entire message. 1594 * All fragments must have the same stream sequence number. 1595 */ 1596 msg = chunk->msg; 1597 list_for_each_entry(lchunk, &msg->chunks, frag_list) { 1598 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) { 1599 ssn = 0; 1600 } else { 1601 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG) 1602 ssn = sctp_ssn_next(stream, out, sid); 1603 else 1604 ssn = sctp_ssn_peek(stream, out, sid); 1605 } 1606 1607 lchunk->subh.data_hdr->ssn = htons(ssn); 1608 lchunk->has_ssn = 1; 1609 } 1610} 1611 1612/* Helper function to assign a TSN if needed. This assumes that both 1613 * the data_hdr and association have already been assigned. 1614 */ 1615void sctp_chunk_assign_tsn(struct sctp_chunk *chunk) 1616{ 1617 if (!chunk->has_tsn) { 1618 /* This is the last possible instant to 1619 * assign a TSN. 1620 */ 1621 chunk->subh.data_hdr->tsn = 1622 htonl(sctp_association_get_next_tsn(chunk->asoc)); 1623 chunk->has_tsn = 1; 1624 } 1625} 1626 1627/* Create a CLOSED association to use with an incoming packet. */ 1628struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep, 1629 struct sctp_chunk *chunk, 1630 gfp_t gfp) 1631{ 1632 struct sctp_association *asoc; 1633 enum sctp_scope scope; 1634 struct sk_buff *skb; 1635 1636 /* Create the bare association. */ 1637 scope = sctp_scope(sctp_source(chunk)); 1638 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp); 1639 if (!asoc) 1640 goto nodata; 1641 asoc->temp = 1; 1642 skb = chunk->skb; 1643 /* Create an entry for the source address of the packet. */ 1644 SCTP_INPUT_CB(skb)->af->from_skb(&asoc->c.peer_addr, skb, 1); 1645 1646nodata: 1647 return asoc; 1648} 1649 1650/* Build a cookie representing asoc. 1651 * This INCLUDES the param header needed to put the cookie in the INIT ACK. 1652 */ 1653static struct sctp_cookie_param *sctp_pack_cookie( 1654 const struct sctp_endpoint *ep, 1655 const struct sctp_association *asoc, 1656 const struct sctp_chunk *init_chunk, 1657 int *cookie_len, const __u8 *raw_addrs, 1658 int addrs_len) 1659{ 1660 struct sctp_signed_cookie *cookie; 1661 struct sctp_cookie_param *retval; 1662 int headersize, bodysize; 1663 1664 /* Header size is static data prior to the actual cookie, including 1665 * any padding. 1666 */ 1667 headersize = sizeof(struct sctp_paramhdr) + 1668 (sizeof(struct sctp_signed_cookie) - 1669 sizeof(struct sctp_cookie)); 1670 bodysize = sizeof(struct sctp_cookie) 1671 + ntohs(init_chunk->chunk_hdr->length) + addrs_len; 1672 1673 /* Pad out the cookie to a multiple to make the signature 1674 * functions simpler to write. 1675 */ 1676 if (bodysize % SCTP_COOKIE_MULTIPLE) 1677 bodysize += SCTP_COOKIE_MULTIPLE 1678 - (bodysize % SCTP_COOKIE_MULTIPLE); 1679 *cookie_len = headersize + bodysize; 1680 1681 /* Clear this memory since we are sending this data structure 1682 * out on the network. 1683 */ 1684 retval = kzalloc(*cookie_len, GFP_ATOMIC); 1685 if (!retval) 1686 goto nodata; 1687 1688 cookie = (struct sctp_signed_cookie *) retval->body; 1689 1690 /* Set up the parameter header. */ 1691 retval->p.type = SCTP_PARAM_STATE_COOKIE; 1692 retval->p.length = htons(*cookie_len); 1693 1694 /* Copy the cookie part of the association itself. */ 1695 cookie->c = asoc->c; 1696 /* Save the raw address list length in the cookie. */ 1697 cookie->c.raw_addr_list_len = addrs_len; 1698 1699 /* Remember PR-SCTP capability. */ 1700 cookie->c.prsctp_capable = asoc->peer.prsctp_capable; 1701 1702 /* Save adaptation indication in the cookie. */ 1703 cookie->c.adaptation_ind = asoc->peer.adaptation_ind; 1704 1705 /* Set an expiration time for the cookie. */ 1706 cookie->c.expiration = ktime_add(asoc->cookie_life, 1707 ktime_get_real()); 1708 1709 /* Copy the peer's init packet. */ 1710 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr, 1711 ntohs(init_chunk->chunk_hdr->length)); 1712 1713 /* Copy the raw local address list of the association. */ 1714 memcpy((__u8 *)&cookie->c.peer_init[0] + 1715 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len); 1716 1717 if (sctp_sk(ep->base.sk)->hmac) { 1718 struct crypto_shash *tfm = sctp_sk(ep->base.sk)->hmac; 1719 int err; 1720 1721 /* Sign the message. */ 1722 err = crypto_shash_setkey(tfm, ep->secret_key, 1723 sizeof(ep->secret_key)) ?: 1724 crypto_shash_tfm_digest(tfm, (u8 *)&cookie->c, bodysize, 1725 cookie->signature); 1726 if (err) 1727 goto free_cookie; 1728 } 1729 1730 return retval; 1731 1732free_cookie: 1733 kfree(retval); 1734nodata: 1735 *cookie_len = 0; 1736 return NULL; 1737} 1738 1739/* Unpack the cookie from COOKIE ECHO chunk, recreating the association. */ 1740struct sctp_association *sctp_unpack_cookie( 1741 const struct sctp_endpoint *ep, 1742 const struct sctp_association *asoc, 1743 struct sctp_chunk *chunk, gfp_t gfp, 1744 int *error, struct sctp_chunk **errp) 1745{ 1746 struct sctp_association *retval = NULL; 1747 int headersize, bodysize, fixed_size; 1748 struct sctp_signed_cookie *cookie; 1749 struct sk_buff *skb = chunk->skb; 1750 struct sctp_cookie *bear_cookie; 1751 __u8 *digest = ep->digest; 1752 enum sctp_scope scope; 1753 unsigned int len; 1754 ktime_t kt; 1755 1756 /* Header size is static data prior to the actual cookie, including 1757 * any padding. 1758 */ 1759 headersize = sizeof(struct sctp_chunkhdr) + 1760 (sizeof(struct sctp_signed_cookie) - 1761 sizeof(struct sctp_cookie)); 1762 bodysize = ntohs(chunk->chunk_hdr->length) - headersize; 1763 fixed_size = headersize + sizeof(struct sctp_cookie); 1764 1765 /* Verify that the chunk looks like it even has a cookie. 1766 * There must be enough room for our cookie and our peer's 1767 * INIT chunk. 1768 */ 1769 len = ntohs(chunk->chunk_hdr->length); 1770 if (len < fixed_size + sizeof(struct sctp_chunkhdr)) 1771 goto malformed; 1772 1773 /* Verify that the cookie has been padded out. */ 1774 if (bodysize % SCTP_COOKIE_MULTIPLE) 1775 goto malformed; 1776 1777 /* Process the cookie. */ 1778 cookie = chunk->subh.cookie_hdr; 1779 bear_cookie = &cookie->c; 1780 1781 if (!sctp_sk(ep->base.sk)->hmac) 1782 goto no_hmac; 1783 1784 /* Check the signature. */ 1785 { 1786 struct crypto_shash *tfm = sctp_sk(ep->base.sk)->hmac; 1787 int err; 1788 1789 err = crypto_shash_setkey(tfm, ep->secret_key, 1790 sizeof(ep->secret_key)) ?: 1791 crypto_shash_tfm_digest(tfm, (u8 *)bear_cookie, bodysize, 1792 digest); 1793 if (err) { 1794 *error = -SCTP_IERROR_NOMEM; 1795 goto fail; 1796 } 1797 } 1798 1799 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1800 *error = -SCTP_IERROR_BAD_SIG; 1801 goto fail; 1802 } 1803 1804no_hmac: 1805 /* IG Section 2.35.2: 1806 * 3) Compare the port numbers and the verification tag contained 1807 * within the COOKIE ECHO chunk to the actual port numbers and the 1808 * verification tag within the SCTP common header of the received 1809 * packet. If these values do not match the packet MUST be silently 1810 * discarded, 1811 */ 1812 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) { 1813 *error = -SCTP_IERROR_BAD_TAG; 1814 goto fail; 1815 } 1816 1817 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port || 1818 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) { 1819 *error = -SCTP_IERROR_BAD_PORTS; 1820 goto fail; 1821 } 1822 1823 /* Check to see if the cookie is stale. If there is already 1824 * an association, there is no need to check cookie's expiration 1825 * for init collision case of lost COOKIE ACK. 1826 * If skb has been timestamped, then use the stamp, otherwise 1827 * use current time. This introduces a small possibility that 1828 * a cookie may be considered expired, but this would only slow 1829 * down the new association establishment instead of every packet. 1830 */ 1831 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP)) 1832 kt = skb_get_ktime(skb); 1833 else 1834 kt = ktime_get_real(); 1835 1836 if (!asoc && ktime_before(bear_cookie->expiration, kt)) { 1837 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration)); 1838 __be32 n = htonl(usecs); 1839 1840 /* 1841 * Section 3.3.10.3 Stale Cookie Error (3) 1842 * 1843 * Cause of error 1844 * --------------- 1845 * Stale Cookie Error: Indicates the receipt of a valid State 1846 * Cookie that has expired. 1847 */ 1848 *errp = sctp_make_op_error(asoc, chunk, 1849 SCTP_ERROR_STALE_COOKIE, &n, 1850 sizeof(n), 0); 1851 if (*errp) 1852 *error = -SCTP_IERROR_STALE_COOKIE; 1853 else 1854 *error = -SCTP_IERROR_NOMEM; 1855 1856 goto fail; 1857 } 1858 1859 /* Make a new base association. */ 1860 scope = sctp_scope(sctp_source(chunk)); 1861 retval = sctp_association_new(ep, ep->base.sk, scope, gfp); 1862 if (!retval) { 1863 *error = -SCTP_IERROR_NOMEM; 1864 goto fail; 1865 } 1866 1867 /* Set up our peer's port number. */ 1868 retval->peer.port = ntohs(chunk->sctp_hdr->source); 1869 1870 /* Populate the association from the cookie. */ 1871 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie)); 1872 1873 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie, 1874 GFP_ATOMIC) < 0) { 1875 *error = -SCTP_IERROR_NOMEM; 1876 goto fail; 1877 } 1878 1879 /* Also, add the destination address. */ 1880 if (list_empty(&retval->base.bind_addr.address_list)) { 1881 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, 1882 sizeof(chunk->dest), SCTP_ADDR_SRC, 1883 GFP_ATOMIC); 1884 } 1885 1886 retval->next_tsn = retval->c.initial_tsn; 1887 retval->ctsn_ack_point = retval->next_tsn - 1; 1888 retval->addip_serial = retval->c.initial_tsn; 1889 retval->strreset_outseq = retval->c.initial_tsn; 1890 retval->adv_peer_ack_point = retval->ctsn_ack_point; 1891 retval->peer.prsctp_capable = retval->c.prsctp_capable; 1892 retval->peer.adaptation_ind = retval->c.adaptation_ind; 1893 1894 /* The INIT stuff will be done by the side effects. */ 1895 return retval; 1896 1897fail: 1898 if (retval) 1899 sctp_association_free(retval); 1900 1901 return NULL; 1902 1903malformed: 1904 /* Yikes! The packet is either corrupt or deliberately 1905 * malformed. 1906 */ 1907 *error = -SCTP_IERROR_MALFORMED; 1908 goto fail; 1909} 1910 1911/******************************************************************** 1912 * 3rd Level Abstractions 1913 ********************************************************************/ 1914 1915struct __sctp_missing { 1916 __be32 num_missing; 1917 __be16 type; 1918} __packed; 1919 1920/* 1921 * Report a missing mandatory parameter. 1922 */ 1923static int sctp_process_missing_param(const struct sctp_association *asoc, 1924 enum sctp_param paramtype, 1925 struct sctp_chunk *chunk, 1926 struct sctp_chunk **errp) 1927{ 1928 struct __sctp_missing report; 1929 __u16 len; 1930 1931 len = SCTP_PAD4(sizeof(report)); 1932 1933 /* Make an ERROR chunk, preparing enough room for 1934 * returning multiple unknown parameters. 1935 */ 1936 if (!*errp) 1937 *errp = sctp_make_op_error_space(asoc, chunk, len); 1938 1939 if (*errp) { 1940 report.num_missing = htonl(1); 1941 report.type = paramtype; 1942 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM, 1943 sizeof(report)); 1944 sctp_addto_chunk(*errp, sizeof(report), &report); 1945 } 1946 1947 /* Stop processing this chunk. */ 1948 return 0; 1949} 1950 1951/* Report an Invalid Mandatory Parameter. */ 1952static int sctp_process_inv_mandatory(const struct sctp_association *asoc, 1953 struct sctp_chunk *chunk, 1954 struct sctp_chunk **errp) 1955{ 1956 /* Invalid Mandatory Parameter Error has no payload. */ 1957 1958 if (!*errp) 1959 *errp = sctp_make_op_error_space(asoc, chunk, 0); 1960 1961 if (*errp) 1962 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0); 1963 1964 /* Stop processing this chunk. */ 1965 return 0; 1966} 1967 1968static int sctp_process_inv_paramlength(const struct sctp_association *asoc, 1969 struct sctp_paramhdr *param, 1970 const struct sctp_chunk *chunk, 1971 struct sctp_chunk **errp) 1972{ 1973 /* This is a fatal error. Any accumulated non-fatal errors are 1974 * not reported. 1975 */ 1976 if (*errp) 1977 sctp_chunk_free(*errp); 1978 1979 /* Create an error chunk and fill it in with our payload. */ 1980 *errp = sctp_make_violation_paramlen(asoc, chunk, param); 1981 1982 return 0; 1983} 1984 1985 1986/* Do not attempt to handle the HOST_NAME parm. However, do 1987 * send back an indicator to the peer. 1988 */ 1989static int sctp_process_hn_param(const struct sctp_association *asoc, 1990 union sctp_params param, 1991 struct sctp_chunk *chunk, 1992 struct sctp_chunk **errp) 1993{ 1994 __u16 len = ntohs(param.p->length); 1995 1996 /* Processing of the HOST_NAME parameter will generate an 1997 * ABORT. If we've accumulated any non-fatal errors, they 1998 * would be unrecognized parameters and we should not include 1999 * them in the ABORT. 2000 */ 2001 if (*errp) 2002 sctp_chunk_free(*errp); 2003 2004 *errp = sctp_make_op_error(asoc, chunk, SCTP_ERROR_DNS_FAILED, 2005 param.v, len, 0); 2006 2007 /* Stop processing this chunk. */ 2008 return 0; 2009} 2010 2011static int sctp_verify_ext_param(struct net *net, 2012 const struct sctp_endpoint *ep, 2013 union sctp_params param) 2014{ 2015 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2016 int have_asconf = 0; 2017 int have_auth = 0; 2018 int i; 2019 2020 for (i = 0; i < num_ext; i++) { 2021 switch (param.ext->chunks[i]) { 2022 case SCTP_CID_AUTH: 2023 have_auth = 1; 2024 break; 2025 case SCTP_CID_ASCONF: 2026 case SCTP_CID_ASCONF_ACK: 2027 have_asconf = 1; 2028 break; 2029 } 2030 } 2031 2032 /* ADD-IP Security: The draft requires us to ABORT or ignore the 2033 * INIT/INIT-ACK if ADD-IP is listed, but AUTH is not. Do this 2034 * only if ADD-IP is turned on and we are not backward-compatible 2035 * mode. 2036 */ 2037 if (net->sctp.addip_noauth) 2038 return 1; 2039 2040 if (ep->asconf_enable && !have_auth && have_asconf) 2041 return 0; 2042 2043 return 1; 2044} 2045 2046static void sctp_process_ext_param(struct sctp_association *asoc, 2047 union sctp_params param) 2048{ 2049 __u16 num_ext = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2050 int i; 2051 2052 for (i = 0; i < num_ext; i++) { 2053 switch (param.ext->chunks[i]) { 2054 case SCTP_CID_RECONF: 2055 if (asoc->ep->reconf_enable) 2056 asoc->peer.reconf_capable = 1; 2057 break; 2058 case SCTP_CID_FWD_TSN: 2059 if (asoc->ep->prsctp_enable) 2060 asoc->peer.prsctp_capable = 1; 2061 break; 2062 case SCTP_CID_AUTH: 2063 /* if the peer reports AUTH, assume that he 2064 * supports AUTH. 2065 */ 2066 if (asoc->ep->auth_enable) 2067 asoc->peer.auth_capable = 1; 2068 break; 2069 case SCTP_CID_ASCONF: 2070 case SCTP_CID_ASCONF_ACK: 2071 if (asoc->ep->asconf_enable) 2072 asoc->peer.asconf_capable = 1; 2073 break; 2074 case SCTP_CID_I_DATA: 2075 if (asoc->ep->intl_enable) 2076 asoc->peer.intl_capable = 1; 2077 break; 2078 default: 2079 break; 2080 } 2081 } 2082} 2083 2084/* RFC 3.2.1 & the Implementers Guide 2.2. 2085 * 2086 * The Parameter Types are encoded such that the 2087 * highest-order two bits specify the action that must be 2088 * taken if the processing endpoint does not recognize the 2089 * Parameter Type. 2090 * 2091 * 00 - Stop processing this parameter; do not process any further 2092 * parameters within this chunk 2093 * 2094 * 01 - Stop processing this parameter, do not process any further 2095 * parameters within this chunk, and report the unrecognized 2096 * parameter in an 'Unrecognized Parameter' ERROR chunk. 2097 * 2098 * 10 - Skip this parameter and continue processing. 2099 * 2100 * 11 - Skip this parameter and continue processing but 2101 * report the unrecognized parameter in an 2102 * 'Unrecognized Parameter' ERROR chunk. 2103 * 2104 * Return value: 2105 * SCTP_IERROR_NO_ERROR - continue with the chunk 2106 * SCTP_IERROR_ERROR - stop and report an error. 2107 * SCTP_IERROR_NOMEME - out of memory. 2108 */ 2109static enum sctp_ierror sctp_process_unk_param( 2110 const struct sctp_association *asoc, 2111 union sctp_params param, 2112 struct sctp_chunk *chunk, 2113 struct sctp_chunk **errp) 2114{ 2115 int retval = SCTP_IERROR_NO_ERROR; 2116 2117 switch (param.p->type & SCTP_PARAM_ACTION_MASK) { 2118 case SCTP_PARAM_ACTION_DISCARD: 2119 retval = SCTP_IERROR_ERROR; 2120 break; 2121 case SCTP_PARAM_ACTION_SKIP: 2122 break; 2123 case SCTP_PARAM_ACTION_DISCARD_ERR: 2124 retval = SCTP_IERROR_ERROR; 2125 fallthrough; 2126 case SCTP_PARAM_ACTION_SKIP_ERR: 2127 /* Make an ERROR chunk, preparing enough room for 2128 * returning multiple unknown parameters. 2129 */ 2130 if (!*errp) { 2131 *errp = sctp_make_op_error_limited(asoc, chunk); 2132 if (!*errp) { 2133 /* If there is no memory for generating the 2134 * ERROR report as specified, an ABORT will be 2135 * triggered to the peer and the association 2136 * won't be established. 2137 */ 2138 retval = SCTP_IERROR_NOMEM; 2139 break; 2140 } 2141 } 2142 2143 if (!sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM, 2144 ntohs(param.p->length))) 2145 sctp_addto_chunk(*errp, ntohs(param.p->length), 2146 param.v); 2147 break; 2148 default: 2149 break; 2150 } 2151 2152 return retval; 2153} 2154 2155/* Verify variable length parameters 2156 * Return values: 2157 * SCTP_IERROR_ABORT - trigger an ABORT 2158 * SCTP_IERROR_NOMEM - out of memory (abort) 2159 * SCTP_IERROR_ERROR - stop processing, trigger an ERROR 2160 * SCTP_IERROR_NO_ERROR - continue with the chunk 2161 */ 2162static enum sctp_ierror sctp_verify_param(struct net *net, 2163 const struct sctp_endpoint *ep, 2164 const struct sctp_association *asoc, 2165 union sctp_params param, 2166 enum sctp_cid cid, 2167 struct sctp_chunk *chunk, 2168 struct sctp_chunk **err_chunk) 2169{ 2170 struct sctp_hmac_algo_param *hmacs; 2171 int retval = SCTP_IERROR_NO_ERROR; 2172 __u16 n_elt, id = 0; 2173 int i; 2174 2175 /* FIXME - This routine is not looking at each parameter per the 2176 * chunk type, i.e., unrecognized parameters should be further 2177 * identified based on the chunk id. 2178 */ 2179 2180 switch (param.p->type) { 2181 case SCTP_PARAM_IPV4_ADDRESS: 2182 case SCTP_PARAM_IPV6_ADDRESS: 2183 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2184 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2185 case SCTP_PARAM_STATE_COOKIE: 2186 case SCTP_PARAM_HEARTBEAT_INFO: 2187 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2188 case SCTP_PARAM_ECN_CAPABLE: 2189 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2190 break; 2191 2192 case SCTP_PARAM_SUPPORTED_EXT: 2193 if (!sctp_verify_ext_param(net, ep, param)) 2194 return SCTP_IERROR_ABORT; 2195 break; 2196 2197 case SCTP_PARAM_SET_PRIMARY: 2198 if (!ep->asconf_enable) 2199 goto unhandled; 2200 2201 if (ntohs(param.p->length) < sizeof(struct sctp_addip_param) + 2202 sizeof(struct sctp_paramhdr)) { 2203 sctp_process_inv_paramlength(asoc, param.p, 2204 chunk, err_chunk); 2205 retval = SCTP_IERROR_ABORT; 2206 } 2207 break; 2208 2209 case SCTP_PARAM_HOST_NAME_ADDRESS: 2210 /* Tell the peer, we won't support this param. */ 2211 sctp_process_hn_param(asoc, param, chunk, err_chunk); 2212 retval = SCTP_IERROR_ABORT; 2213 break; 2214 2215 case SCTP_PARAM_FWD_TSN_SUPPORT: 2216 if (ep->prsctp_enable) 2217 break; 2218 goto unhandled; 2219 2220 case SCTP_PARAM_RANDOM: 2221 if (!ep->auth_enable) 2222 goto unhandled; 2223 2224 /* SCTP-AUTH: Secion 6.1 2225 * If the random number is not 32 byte long the association 2226 * MUST be aborted. The ABORT chunk SHOULD contain the error 2227 * cause 'Protocol Violation'. 2228 */ 2229 if (SCTP_AUTH_RANDOM_LENGTH != ntohs(param.p->length) - 2230 sizeof(struct sctp_paramhdr)) { 2231 sctp_process_inv_paramlength(asoc, param.p, 2232 chunk, err_chunk); 2233 retval = SCTP_IERROR_ABORT; 2234 } 2235 break; 2236 2237 case SCTP_PARAM_CHUNKS: 2238 if (!ep->auth_enable) 2239 goto unhandled; 2240 2241 /* SCTP-AUTH: Section 3.2 2242 * The CHUNKS parameter MUST be included once in the INIT or 2243 * INIT-ACK chunk if the sender wants to receive authenticated 2244 * chunks. Its maximum length is 260 bytes. 2245 */ 2246 if (260 < ntohs(param.p->length)) { 2247 sctp_process_inv_paramlength(asoc, param.p, 2248 chunk, err_chunk); 2249 retval = SCTP_IERROR_ABORT; 2250 } 2251 break; 2252 2253 case SCTP_PARAM_HMAC_ALGO: 2254 if (!ep->auth_enable) 2255 goto unhandled; 2256 2257 hmacs = (struct sctp_hmac_algo_param *)param.p; 2258 n_elt = (ntohs(param.p->length) - 2259 sizeof(struct sctp_paramhdr)) >> 1; 2260 2261 /* SCTP-AUTH: Section 6.1 2262 * The HMAC algorithm based on SHA-1 MUST be supported and 2263 * included in the HMAC-ALGO parameter. 2264 */ 2265 for (i = 0; i < n_elt; i++) { 2266 id = ntohs(hmacs->hmac_ids[i]); 2267 2268 if (id == SCTP_AUTH_HMAC_ID_SHA1) 2269 break; 2270 } 2271 2272 if (id != SCTP_AUTH_HMAC_ID_SHA1) { 2273 sctp_process_inv_paramlength(asoc, param.p, chunk, 2274 err_chunk); 2275 retval = SCTP_IERROR_ABORT; 2276 } 2277 break; 2278unhandled: 2279 default: 2280 pr_debug("%s: unrecognized param:%d for chunk:%d\n", 2281 __func__, ntohs(param.p->type), cid); 2282 2283 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk); 2284 break; 2285 } 2286 return retval; 2287} 2288 2289/* Verify the INIT packet before we process it. */ 2290int sctp_verify_init(struct net *net, const struct sctp_endpoint *ep, 2291 const struct sctp_association *asoc, enum sctp_cid cid, 2292 struct sctp_init_chunk *peer_init, 2293 struct sctp_chunk *chunk, struct sctp_chunk **errp) 2294{ 2295 union sctp_params param; 2296 bool has_cookie = false; 2297 int result; 2298 2299 /* Check for missing mandatory parameters. Note: Initial TSN is 2300 * also mandatory, but is not checked here since the valid range 2301 * is 0..2**32-1. RFC4960, section 3.3.3. 2302 */ 2303 if (peer_init->init_hdr.num_outbound_streams == 0 || 2304 peer_init->init_hdr.num_inbound_streams == 0 || 2305 peer_init->init_hdr.init_tag == 0 || 2306 ntohl(peer_init->init_hdr.a_rwnd) < SCTP_DEFAULT_MINWINDOW) 2307 return sctp_process_inv_mandatory(asoc, chunk, errp); 2308 2309 sctp_walk_params(param, peer_init, init_hdr.params) { 2310 if (param.p->type == SCTP_PARAM_STATE_COOKIE) 2311 has_cookie = true; 2312 } 2313 2314 /* There is a possibility that a parameter length was bad and 2315 * in that case we would have stoped walking the parameters. 2316 * The current param.p would point at the bad one. 2317 * Current consensus on the mailing list is to generate a PROTOCOL 2318 * VIOLATION error. We build the ERROR chunk here and let the normal 2319 * error handling code build and send the packet. 2320 */ 2321 if (param.v != (void *)chunk->chunk_end) 2322 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp); 2323 2324 /* The only missing mandatory param possible today is 2325 * the state cookie for an INIT-ACK chunk. 2326 */ 2327 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie) 2328 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE, 2329 chunk, errp); 2330 2331 /* Verify all the variable length parameters */ 2332 sctp_walk_params(param, peer_init, init_hdr.params) { 2333 result = sctp_verify_param(net, ep, asoc, param, cid, 2334 chunk, errp); 2335 switch (result) { 2336 case SCTP_IERROR_ABORT: 2337 case SCTP_IERROR_NOMEM: 2338 return 0; 2339 case SCTP_IERROR_ERROR: 2340 return 1; 2341 case SCTP_IERROR_NO_ERROR: 2342 default: 2343 break; 2344 } 2345 2346 } /* for (loop through all parameters) */ 2347 2348 return 1; 2349} 2350 2351/* Unpack the parameters in an INIT packet into an association. 2352 * Returns 0 on failure, else success. 2353 * FIXME: This is an association method. 2354 */ 2355int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk, 2356 const union sctp_addr *peer_addr, 2357 struct sctp_init_chunk *peer_init, gfp_t gfp) 2358{ 2359 struct sctp_transport *transport; 2360 struct list_head *pos, *temp; 2361 union sctp_params param; 2362 union sctp_addr addr; 2363 struct sctp_af *af; 2364 int src_match = 0; 2365 2366 /* We must include the address that the INIT packet came from. 2367 * This is the only address that matters for an INIT packet. 2368 * When processing a COOKIE ECHO, we retrieve the from address 2369 * of the INIT from the cookie. 2370 */ 2371 2372 /* This implementation defaults to making the first transport 2373 * added as the primary transport. The source address seems to 2374 * be a better choice than any of the embedded addresses. 2375 */ 2376 asoc->encap_port = SCTP_INPUT_CB(chunk->skb)->encap_port; 2377 if (!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE)) 2378 goto nomem; 2379 2380 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr)) 2381 src_match = 1; 2382 2383 /* Process the initialization parameters. */ 2384 sctp_walk_params(param, peer_init, init_hdr.params) { 2385 if (!src_match && 2386 (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 2387 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) { 2388 af = sctp_get_af_specific(param_type2af(param.p->type)); 2389 if (!af->from_addr_param(&addr, param.addr, 2390 chunk->sctp_hdr->source, 0)) 2391 continue; 2392 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr)) 2393 src_match = 1; 2394 } 2395 2396 if (!sctp_process_param(asoc, param, peer_addr, gfp)) 2397 goto clean_up; 2398 } 2399 2400 /* source address of chunk may not match any valid address */ 2401 if (!src_match) 2402 goto clean_up; 2403 2404 /* AUTH: After processing the parameters, make sure that we 2405 * have all the required info to potentially do authentications. 2406 */ 2407 if (asoc->peer.auth_capable && (!asoc->peer.peer_random || 2408 !asoc->peer.peer_hmacs)) 2409 asoc->peer.auth_capable = 0; 2410 2411 /* In a non-backward compatible mode, if the peer claims 2412 * support for ADD-IP but not AUTH, the ADD-IP spec states 2413 * that we MUST ABORT the association. Section 6. The section 2414 * also give us an option to silently ignore the packet, which 2415 * is what we'll do here. 2416 */ 2417 if (!asoc->base.net->sctp.addip_noauth && 2418 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) { 2419 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP | 2420 SCTP_PARAM_DEL_IP | 2421 SCTP_PARAM_SET_PRIMARY); 2422 asoc->peer.asconf_capable = 0; 2423 goto clean_up; 2424 } 2425 2426 /* Walk list of transports, removing transports in the UNKNOWN state. */ 2427 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2428 transport = list_entry(pos, struct sctp_transport, transports); 2429 if (transport->state == SCTP_UNKNOWN) { 2430 sctp_assoc_rm_peer(asoc, transport); 2431 } 2432 } 2433 2434 /* The fixed INIT headers are always in network byte 2435 * order. 2436 */ 2437 asoc->peer.i.init_tag = 2438 ntohl(peer_init->init_hdr.init_tag); 2439 asoc->peer.i.a_rwnd = 2440 ntohl(peer_init->init_hdr.a_rwnd); 2441 asoc->peer.i.num_outbound_streams = 2442 ntohs(peer_init->init_hdr.num_outbound_streams); 2443 asoc->peer.i.num_inbound_streams = 2444 ntohs(peer_init->init_hdr.num_inbound_streams); 2445 asoc->peer.i.initial_tsn = 2446 ntohl(peer_init->init_hdr.initial_tsn); 2447 2448 asoc->strreset_inseq = asoc->peer.i.initial_tsn; 2449 2450 /* Apply the upper bounds for output streams based on peer's 2451 * number of inbound streams. 2452 */ 2453 if (asoc->c.sinit_num_ostreams > 2454 ntohs(peer_init->init_hdr.num_inbound_streams)) { 2455 asoc->c.sinit_num_ostreams = 2456 ntohs(peer_init->init_hdr.num_inbound_streams); 2457 } 2458 2459 if (asoc->c.sinit_max_instreams > 2460 ntohs(peer_init->init_hdr.num_outbound_streams)) { 2461 asoc->c.sinit_max_instreams = 2462 ntohs(peer_init->init_hdr.num_outbound_streams); 2463 } 2464 2465 /* Copy Initiation tag from INIT to VT_peer in cookie. */ 2466 asoc->c.peer_vtag = asoc->peer.i.init_tag; 2467 2468 /* Peer Rwnd : Current calculated value of the peer's rwnd. */ 2469 asoc->peer.rwnd = asoc->peer.i.a_rwnd; 2470 2471 /* RFC 2960 7.2.1 The initial value of ssthresh MAY be arbitrarily 2472 * high (for example, implementations MAY use the size of the receiver 2473 * advertised window). 2474 */ 2475 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 2476 transports) { 2477 transport->ssthresh = asoc->peer.i.a_rwnd; 2478 } 2479 2480 /* Set up the TSN tracking pieces. */ 2481 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, 2482 asoc->peer.i.initial_tsn, gfp)) 2483 goto clean_up; 2484 2485 /* RFC 2960 6.5 Stream Identifier and Stream Sequence Number 2486 * 2487 * The stream sequence number in all the streams shall start 2488 * from 0 when the association is established. Also, when the 2489 * stream sequence number reaches the value 65535 the next 2490 * stream sequence number shall be set to 0. 2491 */ 2492 2493 if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 2494 asoc->c.sinit_max_instreams, gfp)) 2495 goto clean_up; 2496 2497 /* Update frag_point when stream_interleave may get changed. */ 2498 sctp_assoc_update_frag_point(asoc); 2499 2500 if (!asoc->temp && sctp_assoc_set_id(asoc, gfp)) 2501 goto clean_up; 2502 2503 /* ADDIP Section 4.1 ASCONF Chunk Procedures 2504 * 2505 * When an endpoint has an ASCONF signaled change to be sent to the 2506 * remote endpoint it should do the following: 2507 * ... 2508 * A2) A serial number should be assigned to the Chunk. The serial 2509 * number should be a monotonically increasing number. All serial 2510 * numbers are defined to be initialized at the start of the 2511 * association to the same value as the Initial TSN. 2512 */ 2513 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1; 2514 return 1; 2515 2516clean_up: 2517 /* Release the transport structures. */ 2518 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 2519 transport = list_entry(pos, struct sctp_transport, transports); 2520 if (transport->state != SCTP_ACTIVE) 2521 sctp_assoc_rm_peer(asoc, transport); 2522 } 2523 2524nomem: 2525 return 0; 2526} 2527 2528 2529/* Update asoc with the option described in param. 2530 * 2531 * RFC2960 3.3.2.1 Optional/Variable Length Parameters in INIT 2532 * 2533 * asoc is the association to update. 2534 * param is the variable length parameter to use for update. 2535 * cid tells us if this is an INIT, INIT ACK or COOKIE ECHO. 2536 * If the current packet is an INIT we want to minimize the amount of 2537 * work we do. In particular, we should not build transport 2538 * structures for the addresses. 2539 */ 2540static int sctp_process_param(struct sctp_association *asoc, 2541 union sctp_params param, 2542 const union sctp_addr *peer_addr, 2543 gfp_t gfp) 2544{ 2545 struct sctp_endpoint *ep = asoc->ep; 2546 union sctp_addr_param *addr_param; 2547 struct net *net = asoc->base.net; 2548 struct sctp_transport *t; 2549 enum sctp_scope scope; 2550 union sctp_addr addr; 2551 struct sctp_af *af; 2552 int retval = 1, i; 2553 u32 stale; 2554 __u16 sat; 2555 2556 /* We maintain all INIT parameters in network byte order all the 2557 * time. This allows us to not worry about whether the parameters 2558 * came from a fresh INIT, and INIT ACK, or were stored in a cookie. 2559 */ 2560 switch (param.p->type) { 2561 case SCTP_PARAM_IPV6_ADDRESS: 2562 if (PF_INET6 != asoc->base.sk->sk_family) 2563 break; 2564 goto do_addr_param; 2565 2566 case SCTP_PARAM_IPV4_ADDRESS: 2567 /* v4 addresses are not allowed on v6-only socket */ 2568 if (ipv6_only_sock(asoc->base.sk)) 2569 break; 2570do_addr_param: 2571 af = sctp_get_af_specific(param_type2af(param.p->type)); 2572 if (!af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0)) 2573 break; 2574 scope = sctp_scope(peer_addr); 2575 if (sctp_in_scope(net, &addr, scope)) 2576 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED)) 2577 return 0; 2578 break; 2579 2580 case SCTP_PARAM_COOKIE_PRESERVATIVE: 2581 if (!net->sctp.cookie_preserve_enable) 2582 break; 2583 2584 stale = ntohl(param.life->lifespan_increment); 2585 2586 /* Suggested Cookie Life span increment's unit is msec, 2587 * (1/1000sec). 2588 */ 2589 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale); 2590 break; 2591 2592 case SCTP_PARAM_HOST_NAME_ADDRESS: 2593 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__); 2594 break; 2595 2596 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES: 2597 /* Turn off the default values first so we'll know which 2598 * ones are really set by the peer. 2599 */ 2600 asoc->peer.ipv4_address = 0; 2601 asoc->peer.ipv6_address = 0; 2602 2603 /* Assume that peer supports the address family 2604 * by which it sends a packet. 2605 */ 2606 if (peer_addr->sa.sa_family == AF_INET6) 2607 asoc->peer.ipv6_address = 1; 2608 else if (peer_addr->sa.sa_family == AF_INET) 2609 asoc->peer.ipv4_address = 1; 2610 2611 /* Cycle through address types; avoid divide by 0. */ 2612 sat = ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2613 if (sat) 2614 sat /= sizeof(__u16); 2615 2616 for (i = 0; i < sat; ++i) { 2617 switch (param.sat->types[i]) { 2618 case SCTP_PARAM_IPV4_ADDRESS: 2619 asoc->peer.ipv4_address = 1; 2620 break; 2621 2622 case SCTP_PARAM_IPV6_ADDRESS: 2623 if (PF_INET6 == asoc->base.sk->sk_family) 2624 asoc->peer.ipv6_address = 1; 2625 break; 2626 2627 case SCTP_PARAM_HOST_NAME_ADDRESS: 2628 asoc->peer.hostname_address = 1; 2629 break; 2630 2631 default: /* Just ignore anything else. */ 2632 break; 2633 } 2634 } 2635 break; 2636 2637 case SCTP_PARAM_STATE_COOKIE: 2638 asoc->peer.cookie_len = 2639 ntohs(param.p->length) - sizeof(struct sctp_paramhdr); 2640 kfree(asoc->peer.cookie); 2641 asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp); 2642 if (!asoc->peer.cookie) 2643 retval = 0; 2644 break; 2645 2646 case SCTP_PARAM_HEARTBEAT_INFO: 2647 /* Would be odd to receive, but it causes no problems. */ 2648 break; 2649 2650 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS: 2651 /* Rejected during verify stage. */ 2652 break; 2653 2654 case SCTP_PARAM_ECN_CAPABLE: 2655 if (asoc->ep->ecn_enable) { 2656 asoc->peer.ecn_capable = 1; 2657 break; 2658 } 2659 /* Fall Through */ 2660 goto fall_through; 2661 2662 2663 case SCTP_PARAM_ADAPTATION_LAYER_IND: 2664 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind); 2665 break; 2666 2667 case SCTP_PARAM_SET_PRIMARY: 2668 if (!ep->asconf_enable) 2669 goto fall_through; 2670 2671 addr_param = param.v + sizeof(struct sctp_addip_param); 2672 2673 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 2674 if (!af) 2675 break; 2676 2677 if (!af->from_addr_param(&addr, addr_param, 2678 htons(asoc->peer.port), 0)) 2679 break; 2680 2681 if (!af->addr_valid(&addr, NULL, NULL)) 2682 break; 2683 2684 t = sctp_assoc_lookup_paddr(asoc, &addr); 2685 if (!t) 2686 break; 2687 2688 sctp_assoc_set_primary(asoc, t); 2689 break; 2690 2691 case SCTP_PARAM_SUPPORTED_EXT: 2692 sctp_process_ext_param(asoc, param); 2693 break; 2694 2695 case SCTP_PARAM_FWD_TSN_SUPPORT: 2696 if (asoc->ep->prsctp_enable) { 2697 asoc->peer.prsctp_capable = 1; 2698 break; 2699 } 2700 /* Fall Through */ 2701 goto fall_through; 2702 2703 case SCTP_PARAM_RANDOM: 2704 if (!ep->auth_enable) 2705 goto fall_through; 2706 2707 /* Save peer's random parameter */ 2708 kfree(asoc->peer.peer_random); 2709 asoc->peer.peer_random = kmemdup(param.p, 2710 ntohs(param.p->length), gfp); 2711 if (!asoc->peer.peer_random) { 2712 retval = 0; 2713 break; 2714 } 2715 break; 2716 2717 case SCTP_PARAM_HMAC_ALGO: 2718 if (!ep->auth_enable) 2719 goto fall_through; 2720 2721 /* Save peer's HMAC list */ 2722 kfree(asoc->peer.peer_hmacs); 2723 asoc->peer.peer_hmacs = kmemdup(param.p, 2724 ntohs(param.p->length), gfp); 2725 if (!asoc->peer.peer_hmacs) { 2726 retval = 0; 2727 break; 2728 } 2729 2730 /* Set the default HMAC the peer requested*/ 2731 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo); 2732 break; 2733 2734 case SCTP_PARAM_CHUNKS: 2735 if (!ep->auth_enable) 2736 goto fall_through; 2737 2738 kfree(asoc->peer.peer_chunks); 2739 asoc->peer.peer_chunks = kmemdup(param.p, 2740 ntohs(param.p->length), gfp); 2741 if (!asoc->peer.peer_chunks) 2742 retval = 0; 2743 break; 2744fall_through: 2745 default: 2746 /* Any unrecognized parameters should have been caught 2747 * and handled by sctp_verify_param() which should be 2748 * called prior to this routine. Simply log the error 2749 * here. 2750 */ 2751 pr_debug("%s: ignoring param:%d for association:%p.\n", 2752 __func__, ntohs(param.p->type), asoc); 2753 break; 2754 } 2755 2756 return retval; 2757} 2758 2759/* Select a new verification tag. */ 2760__u32 sctp_generate_tag(const struct sctp_endpoint *ep) 2761{ 2762 /* I believe that this random number generator complies with RFC1750. 2763 * A tag of 0 is reserved for special cases (e.g. INIT). 2764 */ 2765 __u32 x; 2766 2767 do { 2768 get_random_bytes(&x, sizeof(__u32)); 2769 } while (x == 0); 2770 2771 return x; 2772} 2773 2774/* Select an initial TSN to send during startup. */ 2775__u32 sctp_generate_tsn(const struct sctp_endpoint *ep) 2776{ 2777 __u32 retval; 2778 2779 get_random_bytes(&retval, sizeof(__u32)); 2780 return retval; 2781} 2782 2783/* 2784 * ADDIP 3.1.1 Address Configuration Change Chunk (ASCONF) 2785 * 0 1 2 3 2786 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2787 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2788 * | Type = 0xC1 | Chunk Flags | Chunk Length | 2789 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2790 * | Serial Number | 2791 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2792 * | Address Parameter | 2793 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2794 * | ASCONF Parameter #1 | 2795 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2796 * \ \ 2797 * / .... / 2798 * \ \ 2799 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2800 * | ASCONF Parameter #N | 2801 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2802 * 2803 * Address Parameter and other parameter will not be wrapped in this function 2804 */ 2805static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc, 2806 union sctp_addr *addr, 2807 int vparam_len) 2808{ 2809 struct sctp_addiphdr asconf; 2810 struct sctp_chunk *retval; 2811 int length = sizeof(asconf) + vparam_len; 2812 union sctp_addr_param addrparam; 2813 int addrlen; 2814 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2815 2816 addrlen = af->to_addr_param(addr, &addrparam); 2817 if (!addrlen) 2818 return NULL; 2819 length += addrlen; 2820 2821 /* Create the chunk. */ 2822 retval = sctp_make_control(asoc, SCTP_CID_ASCONF, 0, length, 2823 GFP_ATOMIC); 2824 if (!retval) 2825 return NULL; 2826 2827 asconf.serial = htonl(asoc->addip_serial++); 2828 2829 retval->subh.addip_hdr = 2830 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 2831 retval->param_hdr.v = 2832 sctp_addto_chunk(retval, addrlen, &addrparam); 2833 2834 return retval; 2835} 2836 2837/* ADDIP 2838 * 3.2.1 Add IP Address 2839 * 0 1 2 3 2840 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2841 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2842 * | Type = 0xC001 | Length = Variable | 2843 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2844 * | ASCONF-Request Correlation ID | 2845 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2846 * | Address Parameter | 2847 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2848 * 2849 * 3.2.2 Delete IP Address 2850 * 0 1 2 3 2851 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2852 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2853 * | Type = 0xC002 | Length = Variable | 2854 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2855 * | ASCONF-Request Correlation ID | 2856 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2857 * | Address Parameter | 2858 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2859 * 2860 */ 2861struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc, 2862 union sctp_addr *laddr, 2863 struct sockaddr *addrs, 2864 int addrcnt, __be16 flags) 2865{ 2866 union sctp_addr_param addr_param; 2867 struct sctp_addip_param param; 2868 int paramlen = sizeof(param); 2869 struct sctp_chunk *retval; 2870 int addr_param_len = 0; 2871 union sctp_addr *addr; 2872 int totallen = 0, i; 2873 int del_pickup = 0; 2874 struct sctp_af *af; 2875 void *addr_buf; 2876 2877 /* Get total length of all the address parameters. */ 2878 addr_buf = addrs; 2879 for (i = 0; i < addrcnt; i++) { 2880 addr = addr_buf; 2881 af = sctp_get_af_specific(addr->v4.sin_family); 2882 addr_param_len = af->to_addr_param(addr, &addr_param); 2883 2884 totallen += paramlen; 2885 totallen += addr_param_len; 2886 2887 addr_buf += af->sockaddr_len; 2888 if (asoc->asconf_addr_del_pending && !del_pickup) { 2889 /* reuse the parameter length from the same scope one */ 2890 totallen += paramlen; 2891 totallen += addr_param_len; 2892 del_pickup = 1; 2893 2894 pr_debug("%s: picked same-scope del_pending addr, " 2895 "totallen for all addresses is %d\n", 2896 __func__, totallen); 2897 } 2898 } 2899 2900 /* Create an asconf chunk with the required length. */ 2901 retval = sctp_make_asconf(asoc, laddr, totallen); 2902 if (!retval) 2903 return NULL; 2904 2905 /* Add the address parameters to the asconf chunk. */ 2906 addr_buf = addrs; 2907 for (i = 0; i < addrcnt; i++) { 2908 addr = addr_buf; 2909 af = sctp_get_af_specific(addr->v4.sin_family); 2910 addr_param_len = af->to_addr_param(addr, &addr_param); 2911 param.param_hdr.type = flags; 2912 param.param_hdr.length = htons(paramlen + addr_param_len); 2913 param.crr_id = htonl(i); 2914 2915 sctp_addto_chunk(retval, paramlen, ¶m); 2916 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2917 2918 addr_buf += af->sockaddr_len; 2919 } 2920 if (flags == SCTP_PARAM_ADD_IP && del_pickup) { 2921 addr = asoc->asconf_addr_del_pending; 2922 af = sctp_get_af_specific(addr->v4.sin_family); 2923 addr_param_len = af->to_addr_param(addr, &addr_param); 2924 param.param_hdr.type = SCTP_PARAM_DEL_IP; 2925 param.param_hdr.length = htons(paramlen + addr_param_len); 2926 param.crr_id = htonl(i); 2927 2928 sctp_addto_chunk(retval, paramlen, ¶m); 2929 sctp_addto_chunk(retval, addr_param_len, &addr_param); 2930 } 2931 return retval; 2932} 2933 2934/* ADDIP 2935 * 3.2.4 Set Primary IP Address 2936 * 0 1 2 3 2937 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2938 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2939 * | Type =0xC004 | Length = Variable | 2940 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2941 * | ASCONF-Request Correlation ID | 2942 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2943 * | Address Parameter | 2944 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2945 * 2946 * Create an ASCONF chunk with Set Primary IP address parameter. 2947 */ 2948struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc, 2949 union sctp_addr *addr) 2950{ 2951 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family); 2952 union sctp_addr_param addrparam; 2953 struct sctp_addip_param param; 2954 struct sctp_chunk *retval; 2955 int len = sizeof(param); 2956 int addrlen; 2957 2958 addrlen = af->to_addr_param(addr, &addrparam); 2959 if (!addrlen) 2960 return NULL; 2961 len += addrlen; 2962 2963 /* Create the chunk and make asconf header. */ 2964 retval = sctp_make_asconf(asoc, addr, len); 2965 if (!retval) 2966 return NULL; 2967 2968 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY; 2969 param.param_hdr.length = htons(len); 2970 param.crr_id = 0; 2971 2972 sctp_addto_chunk(retval, sizeof(param), ¶m); 2973 sctp_addto_chunk(retval, addrlen, &addrparam); 2974 2975 return retval; 2976} 2977 2978/* ADDIP 3.1.2 Address Configuration Acknowledgement Chunk (ASCONF-ACK) 2979 * 0 1 2 3 2980 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2981 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2982 * | Type = 0x80 | Chunk Flags | Chunk Length | 2983 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2984 * | Serial Number | 2985 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2986 * | ASCONF Parameter Response#1 | 2987 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2988 * \ \ 2989 * / .... / 2990 * \ \ 2991 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2992 * | ASCONF Parameter Response#N | 2993 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2994 * 2995 * Create an ASCONF_ACK chunk with enough space for the parameter responses. 2996 */ 2997static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc, 2998 __u32 serial, int vparam_len) 2999{ 3000 struct sctp_addiphdr asconf; 3001 struct sctp_chunk *retval; 3002 int length = sizeof(asconf) + vparam_len; 3003 3004 /* Create the chunk. */ 3005 retval = sctp_make_control(asoc, SCTP_CID_ASCONF_ACK, 0, length, 3006 GFP_ATOMIC); 3007 if (!retval) 3008 return NULL; 3009 3010 asconf.serial = htonl(serial); 3011 3012 retval->subh.addip_hdr = 3013 sctp_addto_chunk(retval, sizeof(asconf), &asconf); 3014 3015 return retval; 3016} 3017 3018/* Add response parameters to an ASCONF_ACK chunk. */ 3019static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id, 3020 __be16 err_code, 3021 struct sctp_addip_param *asconf_param) 3022{ 3023 struct sctp_addip_param ack_param; 3024 struct sctp_errhdr err_param; 3025 int asconf_param_len = 0; 3026 int err_param_len = 0; 3027 __be16 response_type; 3028 3029 if (SCTP_ERROR_NO_ERROR == err_code) { 3030 response_type = SCTP_PARAM_SUCCESS_REPORT; 3031 } else { 3032 response_type = SCTP_PARAM_ERR_CAUSE; 3033 err_param_len = sizeof(err_param); 3034 if (asconf_param) 3035 asconf_param_len = 3036 ntohs(asconf_param->param_hdr.length); 3037 } 3038 3039 /* Add Success Indication or Error Cause Indication parameter. */ 3040 ack_param.param_hdr.type = response_type; 3041 ack_param.param_hdr.length = htons(sizeof(ack_param) + 3042 err_param_len + 3043 asconf_param_len); 3044 ack_param.crr_id = crr_id; 3045 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param); 3046 3047 if (SCTP_ERROR_NO_ERROR == err_code) 3048 return; 3049 3050 /* Add Error Cause parameter. */ 3051 err_param.cause = err_code; 3052 err_param.length = htons(err_param_len + asconf_param_len); 3053 sctp_addto_chunk(chunk, err_param_len, &err_param); 3054 3055 /* Add the failed TLV copied from ASCONF chunk. */ 3056 if (asconf_param) 3057 sctp_addto_chunk(chunk, asconf_param_len, asconf_param); 3058} 3059 3060/* Process a asconf parameter. */ 3061static __be16 sctp_process_asconf_param(struct sctp_association *asoc, 3062 struct sctp_chunk *asconf, 3063 struct sctp_addip_param *asconf_param) 3064{ 3065 union sctp_addr_param *addr_param; 3066 struct sctp_transport *peer; 3067 union sctp_addr addr; 3068 struct sctp_af *af; 3069 3070 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3071 3072 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP && 3073 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP && 3074 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY) 3075 return SCTP_ERROR_UNKNOWN_PARAM; 3076 3077 switch (addr_param->p.type) { 3078 case SCTP_PARAM_IPV6_ADDRESS: 3079 if (!asoc->peer.ipv6_address) 3080 return SCTP_ERROR_DNS_FAILED; 3081 break; 3082 case SCTP_PARAM_IPV4_ADDRESS: 3083 if (!asoc->peer.ipv4_address) 3084 return SCTP_ERROR_DNS_FAILED; 3085 break; 3086 default: 3087 return SCTP_ERROR_DNS_FAILED; 3088 } 3089 3090 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3091 if (unlikely(!af)) 3092 return SCTP_ERROR_DNS_FAILED; 3093 3094 if (!af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0)) 3095 return SCTP_ERROR_DNS_FAILED; 3096 3097 /* ADDIP 4.2.1 This parameter MUST NOT contain a broadcast 3098 * or multicast address. 3099 * (note: wildcard is permitted and requires special handling so 3100 * make sure we check for that) 3101 */ 3102 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb)) 3103 return SCTP_ERROR_DNS_FAILED; 3104 3105 switch (asconf_param->param_hdr.type) { 3106 case SCTP_PARAM_ADD_IP: 3107 /* Section 4.2.1: 3108 * If the address 0.0.0.0 or ::0 is provided, the source 3109 * address of the packet MUST be added. 3110 */ 3111 if (af->is_any(&addr)) 3112 memcpy(&addr, &asconf->source, sizeof(addr)); 3113 3114 if (security_sctp_bind_connect(asoc->ep->base.sk, 3115 SCTP_PARAM_ADD_IP, 3116 (struct sockaddr *)&addr, 3117 af->sockaddr_len)) 3118 return SCTP_ERROR_REQ_REFUSED; 3119 3120 /* ADDIP 4.3 D9) If an endpoint receives an ADD IP address 3121 * request and does not have the local resources to add this 3122 * new address to the association, it MUST return an Error 3123 * Cause TLV set to the new error code 'Operation Refused 3124 * Due to Resource Shortage'. 3125 */ 3126 3127 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED); 3128 if (!peer) 3129 return SCTP_ERROR_RSRC_LOW; 3130 3131 /* Start the heartbeat timer. */ 3132 sctp_transport_reset_hb_timer(peer); 3133 asoc->new_transport = peer; 3134 break; 3135 case SCTP_PARAM_DEL_IP: 3136 /* ADDIP 4.3 D7) If a request is received to delete the 3137 * last remaining IP address of a peer endpoint, the receiver 3138 * MUST send an Error Cause TLV with the error cause set to the 3139 * new error code 'Request to Delete Last Remaining IP Address'. 3140 */ 3141 if (asoc->peer.transport_count == 1) 3142 return SCTP_ERROR_DEL_LAST_IP; 3143 3144 /* ADDIP 4.3 D8) If a request is received to delete an IP 3145 * address which is also the source address of the IP packet 3146 * which contained the ASCONF chunk, the receiver MUST reject 3147 * this request. To reject the request the receiver MUST send 3148 * an Error Cause TLV set to the new error code 'Request to 3149 * Delete Source IP Address' 3150 */ 3151 if (sctp_cmp_addr_exact(&asconf->source, &addr)) 3152 return SCTP_ERROR_DEL_SRC_IP; 3153 3154 /* Section 4.2.2 3155 * If the address 0.0.0.0 or ::0 is provided, all 3156 * addresses of the peer except the source address of the 3157 * packet MUST be deleted. 3158 */ 3159 if (af->is_any(&addr)) { 3160 sctp_assoc_set_primary(asoc, asconf->transport); 3161 sctp_assoc_del_nonprimary_peers(asoc, 3162 asconf->transport); 3163 return SCTP_ERROR_NO_ERROR; 3164 } 3165 3166 /* If the address is not part of the association, the 3167 * ASCONF-ACK with Error Cause Indication Parameter 3168 * which including cause of Unresolvable Address should 3169 * be sent. 3170 */ 3171 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3172 if (!peer) 3173 return SCTP_ERROR_DNS_FAILED; 3174 3175 sctp_assoc_rm_peer(asoc, peer); 3176 break; 3177 case SCTP_PARAM_SET_PRIMARY: 3178 /* ADDIP Section 4.2.4 3179 * If the address 0.0.0.0 or ::0 is provided, the receiver 3180 * MAY mark the source address of the packet as its 3181 * primary. 3182 */ 3183 if (af->is_any(&addr)) 3184 memcpy(&addr, sctp_source(asconf), sizeof(addr)); 3185 3186 if (security_sctp_bind_connect(asoc->ep->base.sk, 3187 SCTP_PARAM_SET_PRIMARY, 3188 (struct sockaddr *)&addr, 3189 af->sockaddr_len)) 3190 return SCTP_ERROR_REQ_REFUSED; 3191 3192 peer = sctp_assoc_lookup_paddr(asoc, &addr); 3193 if (!peer) 3194 return SCTP_ERROR_DNS_FAILED; 3195 3196 sctp_assoc_set_primary(asoc, peer); 3197 break; 3198 } 3199 3200 return SCTP_ERROR_NO_ERROR; 3201} 3202 3203/* Verify the ASCONF packet before we process it. */ 3204bool sctp_verify_asconf(const struct sctp_association *asoc, 3205 struct sctp_chunk *chunk, bool addr_param_needed, 3206 struct sctp_paramhdr **errp) 3207{ 3208 struct sctp_addip_chunk *addip; 3209 bool addr_param_seen = false; 3210 union sctp_params param; 3211 3212 addip = (struct sctp_addip_chunk *)chunk->chunk_hdr; 3213 sctp_walk_params(param, addip, addip_hdr.params) { 3214 size_t length = ntohs(param.p->length); 3215 3216 *errp = param.p; 3217 switch (param.p->type) { 3218 case SCTP_PARAM_ERR_CAUSE: 3219 break; 3220 case SCTP_PARAM_IPV4_ADDRESS: 3221 if (length != sizeof(struct sctp_ipv4addr_param)) 3222 return false; 3223 /* ensure there is only one addr param and it's in the 3224 * beginning of addip_hdr params, or we reject it. 3225 */ 3226 if (param.v != addip->addip_hdr.params) 3227 return false; 3228 addr_param_seen = true; 3229 break; 3230 case SCTP_PARAM_IPV6_ADDRESS: 3231 if (length != sizeof(struct sctp_ipv6addr_param)) 3232 return false; 3233 if (param.v != addip->addip_hdr.params) 3234 return false; 3235 addr_param_seen = true; 3236 break; 3237 case SCTP_PARAM_ADD_IP: 3238 case SCTP_PARAM_DEL_IP: 3239 case SCTP_PARAM_SET_PRIMARY: 3240 /* In ASCONF chunks, these need to be first. */ 3241 if (addr_param_needed && !addr_param_seen) 3242 return false; 3243 length = ntohs(param.addip->param_hdr.length); 3244 if (length < sizeof(struct sctp_addip_param) + 3245 sizeof(**errp)) 3246 return false; 3247 break; 3248 case SCTP_PARAM_SUCCESS_REPORT: 3249 case SCTP_PARAM_ADAPTATION_LAYER_IND: 3250 if (length != sizeof(struct sctp_addip_param)) 3251 return false; 3252 break; 3253 default: 3254 /* This is unknown to us, reject! */ 3255 return false; 3256 } 3257 } 3258 3259 /* Remaining sanity checks. */ 3260 if (addr_param_needed && !addr_param_seen) 3261 return false; 3262 if (!addr_param_needed && addr_param_seen) 3263 return false; 3264 if (param.v != chunk->chunk_end) 3265 return false; 3266 3267 return true; 3268} 3269 3270/* Process an incoming ASCONF chunk with the next expected serial no. and 3271 * return an ASCONF_ACK chunk to be sent in response. 3272 */ 3273struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc, 3274 struct sctp_chunk *asconf) 3275{ 3276 union sctp_addr_param *addr_param; 3277 struct sctp_addip_chunk *addip; 3278 struct sctp_chunk *asconf_ack; 3279 bool all_param_pass = true; 3280 struct sctp_addiphdr *hdr; 3281 int length = 0, chunk_len; 3282 union sctp_params param; 3283 __be16 err_code; 3284 __u32 serial; 3285 3286 addip = (struct sctp_addip_chunk *)asconf->chunk_hdr; 3287 chunk_len = ntohs(asconf->chunk_hdr->length) - 3288 sizeof(struct sctp_chunkhdr); 3289 hdr = (struct sctp_addiphdr *)asconf->skb->data; 3290 serial = ntohl(hdr->serial); 3291 3292 /* Skip the addiphdr and store a pointer to address parameter. */ 3293 length = sizeof(*hdr); 3294 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3295 chunk_len -= length; 3296 3297 /* Skip the address parameter and store a pointer to the first 3298 * asconf parameter. 3299 */ 3300 length = ntohs(addr_param->p.length); 3301 chunk_len -= length; 3302 3303 /* create an ASCONF_ACK chunk. 3304 * Based on the definitions of parameters, we know that the size of 3305 * ASCONF_ACK parameters are less than or equal to the fourfold of ASCONF 3306 * parameters. 3307 */ 3308 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4); 3309 if (!asconf_ack) 3310 goto done; 3311 3312 /* Process the TLVs contained within the ASCONF chunk. */ 3313 sctp_walk_params(param, addip, addip_hdr.params) { 3314 /* Skip preceeding address parameters. */ 3315 if (param.p->type == SCTP_PARAM_IPV4_ADDRESS || 3316 param.p->type == SCTP_PARAM_IPV6_ADDRESS) 3317 continue; 3318 3319 err_code = sctp_process_asconf_param(asoc, asconf, 3320 param.addip); 3321 /* ADDIP 4.1 A7) 3322 * If an error response is received for a TLV parameter, 3323 * all TLVs with no response before the failed TLV are 3324 * considered successful if not reported. All TLVs after 3325 * the failed response are considered unsuccessful unless 3326 * a specific success indication is present for the parameter. 3327 */ 3328 if (err_code != SCTP_ERROR_NO_ERROR) 3329 all_param_pass = false; 3330 if (!all_param_pass) 3331 sctp_add_asconf_response(asconf_ack, param.addip->crr_id, 3332 err_code, param.addip); 3333 3334 /* ADDIP 4.3 D11) When an endpoint receiving an ASCONF to add 3335 * an IP address sends an 'Out of Resource' in its response, it 3336 * MUST also fail any subsequent add or delete requests bundled 3337 * in the ASCONF. 3338 */ 3339 if (err_code == SCTP_ERROR_RSRC_LOW) 3340 goto done; 3341 } 3342done: 3343 asoc->peer.addip_serial++; 3344 3345 /* If we are sending a new ASCONF_ACK hold a reference to it in assoc 3346 * after freeing the reference to old asconf ack if any. 3347 */ 3348 if (asconf_ack) { 3349 sctp_chunk_hold(asconf_ack); 3350 list_add_tail(&asconf_ack->transmitted_list, 3351 &asoc->asconf_ack_list); 3352 } 3353 3354 return asconf_ack; 3355} 3356 3357/* Process a asconf parameter that is successfully acked. */ 3358static void sctp_asconf_param_success(struct sctp_association *asoc, 3359 struct sctp_addip_param *asconf_param) 3360{ 3361 struct sctp_bind_addr *bp = &asoc->base.bind_addr; 3362 union sctp_addr_param *addr_param; 3363 struct sctp_sockaddr_entry *saddr; 3364 struct sctp_transport *transport; 3365 union sctp_addr addr; 3366 struct sctp_af *af; 3367 3368 addr_param = (void *)asconf_param + sizeof(*asconf_param); 3369 3370 /* We have checked the packet before, so we do not check again. */ 3371 af = sctp_get_af_specific(param_type2af(addr_param->p.type)); 3372 if (!af->from_addr_param(&addr, addr_param, htons(bp->port), 0)) 3373 return; 3374 3375 switch (asconf_param->param_hdr.type) { 3376 case SCTP_PARAM_ADD_IP: 3377 /* This is always done in BH context with a socket lock 3378 * held, so the list can not change. 3379 */ 3380 local_bh_disable(); 3381 list_for_each_entry(saddr, &bp->address_list, list) { 3382 if (sctp_cmp_addr_exact(&saddr->a, &addr)) 3383 saddr->state = SCTP_ADDR_SRC; 3384 } 3385 local_bh_enable(); 3386 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3387 transports) { 3388 sctp_transport_dst_release(transport); 3389 } 3390 break; 3391 case SCTP_PARAM_DEL_IP: 3392 local_bh_disable(); 3393 sctp_del_bind_addr(bp, &addr); 3394 if (asoc->asconf_addr_del_pending != NULL && 3395 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) { 3396 kfree(asoc->asconf_addr_del_pending); 3397 asoc->asconf_addr_del_pending = NULL; 3398 } 3399 local_bh_enable(); 3400 list_for_each_entry(transport, &asoc->peer.transport_addr_list, 3401 transports) { 3402 sctp_transport_dst_release(transport); 3403 } 3404 break; 3405 default: 3406 break; 3407 } 3408} 3409 3410/* Get the corresponding ASCONF response error code from the ASCONF_ACK chunk 3411 * for the given asconf parameter. If there is no response for this parameter, 3412 * return the error code based on the third argument 'no_err'. 3413 * ADDIP 4.1 3414 * A7) If an error response is received for a TLV parameter, all TLVs with no 3415 * response before the failed TLV are considered successful if not reported. 3416 * All TLVs after the failed response are considered unsuccessful unless a 3417 * specific success indication is present for the parameter. 3418 */ 3419static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack, 3420 struct sctp_addip_param *asconf_param, 3421 int no_err) 3422{ 3423 struct sctp_addip_param *asconf_ack_param; 3424 struct sctp_errhdr *err_param; 3425 int asconf_ack_len; 3426 __be16 err_code; 3427 int length; 3428 3429 if (no_err) 3430 err_code = SCTP_ERROR_NO_ERROR; 3431 else 3432 err_code = SCTP_ERROR_REQ_REFUSED; 3433 3434 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) - 3435 sizeof(struct sctp_chunkhdr); 3436 3437 /* Skip the addiphdr from the asconf_ack chunk and store a pointer to 3438 * the first asconf_ack parameter. 3439 */ 3440 length = sizeof(struct sctp_addiphdr); 3441 asconf_ack_param = (struct sctp_addip_param *)(asconf_ack->skb->data + 3442 length); 3443 asconf_ack_len -= length; 3444 3445 while (asconf_ack_len > 0) { 3446 if (asconf_ack_param->crr_id == asconf_param->crr_id) { 3447 switch (asconf_ack_param->param_hdr.type) { 3448 case SCTP_PARAM_SUCCESS_REPORT: 3449 return SCTP_ERROR_NO_ERROR; 3450 case SCTP_PARAM_ERR_CAUSE: 3451 length = sizeof(*asconf_ack_param); 3452 err_param = (void *)asconf_ack_param + length; 3453 asconf_ack_len -= length; 3454 if (asconf_ack_len > 0) 3455 return err_param->cause; 3456 else 3457 return SCTP_ERROR_INV_PARAM; 3458 break; 3459 default: 3460 return SCTP_ERROR_INV_PARAM; 3461 } 3462 } 3463 3464 length = ntohs(asconf_ack_param->param_hdr.length); 3465 asconf_ack_param = (void *)asconf_ack_param + length; 3466 asconf_ack_len -= length; 3467 } 3468 3469 return err_code; 3470} 3471 3472/* Process an incoming ASCONF_ACK chunk against the cached last ASCONF chunk. */ 3473int sctp_process_asconf_ack(struct sctp_association *asoc, 3474 struct sctp_chunk *asconf_ack) 3475{ 3476 struct sctp_chunk *asconf = asoc->addip_last_asconf; 3477 struct sctp_addip_param *asconf_param; 3478 __be16 err_code = SCTP_ERROR_NO_ERROR; 3479 union sctp_addr_param *addr_param; 3480 int asconf_len = asconf->skb->len; 3481 int all_param_pass = 0; 3482 int length = 0; 3483 int no_err = 1; 3484 int retval = 0; 3485 3486 /* Skip the chunkhdr and addiphdr from the last asconf sent and store 3487 * a pointer to address parameter. 3488 */ 3489 length = sizeof(struct sctp_addip_chunk); 3490 addr_param = (union sctp_addr_param *)(asconf->skb->data + length); 3491 asconf_len -= length; 3492 3493 /* Skip the address parameter in the last asconf sent and store a 3494 * pointer to the first asconf parameter. 3495 */ 3496 length = ntohs(addr_param->p.length); 3497 asconf_param = (void *)addr_param + length; 3498 asconf_len -= length; 3499 3500 /* ADDIP 4.1 3501 * A8) If there is no response(s) to specific TLV parameter(s), and no 3502 * failures are indicated, then all request(s) are considered 3503 * successful. 3504 */ 3505 if (asconf_ack->skb->len == sizeof(struct sctp_addiphdr)) 3506 all_param_pass = 1; 3507 3508 /* Process the TLVs contained in the last sent ASCONF chunk. */ 3509 while (asconf_len > 0) { 3510 if (all_param_pass) 3511 err_code = SCTP_ERROR_NO_ERROR; 3512 else { 3513 err_code = sctp_get_asconf_response(asconf_ack, 3514 asconf_param, 3515 no_err); 3516 if (no_err && (SCTP_ERROR_NO_ERROR != err_code)) 3517 no_err = 0; 3518 } 3519 3520 switch (err_code) { 3521 case SCTP_ERROR_NO_ERROR: 3522 sctp_asconf_param_success(asoc, asconf_param); 3523 break; 3524 3525 case SCTP_ERROR_RSRC_LOW: 3526 retval = 1; 3527 break; 3528 3529 case SCTP_ERROR_UNKNOWN_PARAM: 3530 /* Disable sending this type of asconf parameter in 3531 * future. 3532 */ 3533 asoc->peer.addip_disabled_mask |= 3534 asconf_param->param_hdr.type; 3535 break; 3536 3537 case SCTP_ERROR_REQ_REFUSED: 3538 case SCTP_ERROR_DEL_LAST_IP: 3539 case SCTP_ERROR_DEL_SRC_IP: 3540 default: 3541 break; 3542 } 3543 3544 /* Skip the processed asconf parameter and move to the next 3545 * one. 3546 */ 3547 length = ntohs(asconf_param->param_hdr.length); 3548 asconf_param = (void *)asconf_param + length; 3549 asconf_len -= length; 3550 } 3551 3552 if (no_err && asoc->src_out_of_asoc_ok) { 3553 asoc->src_out_of_asoc_ok = 0; 3554 sctp_transport_immediate_rtx(asoc->peer.primary_path); 3555 } 3556 3557 /* Free the cached last sent asconf chunk. */ 3558 list_del_init(&asconf->transmitted_list); 3559 sctp_chunk_free(asconf); 3560 asoc->addip_last_asconf = NULL; 3561 3562 return retval; 3563} 3564 3565/* Make a FWD TSN chunk. */ 3566struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc, 3567 __u32 new_cum_tsn, size_t nstreams, 3568 struct sctp_fwdtsn_skip *skiplist) 3569{ 3570 struct sctp_chunk *retval = NULL; 3571 struct sctp_fwdtsn_hdr ftsn_hdr; 3572 struct sctp_fwdtsn_skip skip; 3573 size_t hint; 3574 int i; 3575 3576 hint = (nstreams + 1) * sizeof(__u32); 3577 3578 retval = sctp_make_control(asoc, SCTP_CID_FWD_TSN, 0, hint, GFP_ATOMIC); 3579 3580 if (!retval) 3581 return NULL; 3582 3583 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3584 retval->subh.fwdtsn_hdr = 3585 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3586 3587 for (i = 0; i < nstreams; i++) { 3588 skip.stream = skiplist[i].stream; 3589 skip.ssn = skiplist[i].ssn; 3590 sctp_addto_chunk(retval, sizeof(skip), &skip); 3591 } 3592 3593 return retval; 3594} 3595 3596struct sctp_chunk *sctp_make_ifwdtsn(const struct sctp_association *asoc, 3597 __u32 new_cum_tsn, size_t nstreams, 3598 struct sctp_ifwdtsn_skip *skiplist) 3599{ 3600 struct sctp_chunk *retval = NULL; 3601 struct sctp_ifwdtsn_hdr ftsn_hdr; 3602 size_t hint; 3603 3604 hint = (nstreams + 1) * sizeof(__u32); 3605 3606 retval = sctp_make_control(asoc, SCTP_CID_I_FWD_TSN, 0, hint, 3607 GFP_ATOMIC); 3608 if (!retval) 3609 return NULL; 3610 3611 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn); 3612 retval->subh.ifwdtsn_hdr = 3613 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr); 3614 3615 sctp_addto_chunk(retval, nstreams * sizeof(skiplist[0]), skiplist); 3616 3617 return retval; 3618} 3619 3620/* RE-CONFIG 3.1 (RE-CONFIG chunk) 3621 * 0 1 2 3 3622 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3623 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3624 * | Type = 130 | Chunk Flags | Chunk Length | 3625 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3626 * \ \ 3627 * / Re-configuration Parameter / 3628 * \ \ 3629 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3630 * \ \ 3631 * / Re-configuration Parameter (optional) / 3632 * \ \ 3633 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3634 */ 3635static struct sctp_chunk *sctp_make_reconf(const struct sctp_association *asoc, 3636 int length) 3637{ 3638 struct sctp_reconf_chunk *reconf; 3639 struct sctp_chunk *retval; 3640 3641 retval = sctp_make_control(asoc, SCTP_CID_RECONF, 0, length, 3642 GFP_ATOMIC); 3643 if (!retval) 3644 return NULL; 3645 3646 reconf = (struct sctp_reconf_chunk *)retval->chunk_hdr; 3647 retval->param_hdr.v = reconf->params; 3648 3649 return retval; 3650} 3651 3652/* RE-CONFIG 4.1 (STREAM OUT RESET) 3653 * 0 1 2 3 3654 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3655 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3656 * | Parameter Type = 13 | Parameter Length = 16 + 2 * N | 3657 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3658 * | Re-configuration Request Sequence Number | 3659 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3660 * | Re-configuration Response Sequence Number | 3661 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3662 * | Sender's Last Assigned TSN | 3663 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3664 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3665 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3666 * / ...... / 3667 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3668 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3669 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3670 * 3671 * RE-CONFIG 4.2 (STREAM IN RESET) 3672 * 0 1 2 3 3673 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3674 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3675 * | Parameter Type = 14 | Parameter Length = 8 + 2 * N | 3676 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3677 * | Re-configuration Request Sequence Number | 3678 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3679 * | Stream Number 1 (optional) | Stream Number 2 (optional) | 3680 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3681 * / ...... / 3682 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3683 * | Stream Number N-1 (optional) | Stream Number N (optional) | 3684 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3685 */ 3686struct sctp_chunk *sctp_make_strreset_req( 3687 const struct sctp_association *asoc, 3688 __u16 stream_num, __be16 *stream_list, 3689 bool out, bool in) 3690{ 3691 __u16 stream_len = stream_num * sizeof(__u16); 3692 struct sctp_strreset_outreq outreq; 3693 struct sctp_strreset_inreq inreq; 3694 struct sctp_chunk *retval; 3695 __u16 outlen, inlen; 3696 3697 outlen = (sizeof(outreq) + stream_len) * out; 3698 inlen = (sizeof(inreq) + stream_len) * in; 3699 3700 retval = sctp_make_reconf(asoc, SCTP_PAD4(outlen) + SCTP_PAD4(inlen)); 3701 if (!retval) 3702 return NULL; 3703 3704 if (outlen) { 3705 outreq.param_hdr.type = SCTP_PARAM_RESET_OUT_REQUEST; 3706 outreq.param_hdr.length = htons(outlen); 3707 outreq.request_seq = htonl(asoc->strreset_outseq); 3708 outreq.response_seq = htonl(asoc->strreset_inseq - 1); 3709 outreq.send_reset_at_tsn = htonl(asoc->next_tsn - 1); 3710 3711 sctp_addto_chunk(retval, sizeof(outreq), &outreq); 3712 3713 if (stream_len) 3714 sctp_addto_chunk(retval, stream_len, stream_list); 3715 } 3716 3717 if (inlen) { 3718 inreq.param_hdr.type = SCTP_PARAM_RESET_IN_REQUEST; 3719 inreq.param_hdr.length = htons(inlen); 3720 inreq.request_seq = htonl(asoc->strreset_outseq + out); 3721 3722 sctp_addto_chunk(retval, sizeof(inreq), &inreq); 3723 3724 if (stream_len) 3725 sctp_addto_chunk(retval, stream_len, stream_list); 3726 } 3727 3728 return retval; 3729} 3730 3731/* RE-CONFIG 4.3 (SSN/TSN RESET ALL) 3732 * 0 1 2 3 3733 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3734 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3735 * | Parameter Type = 15 | Parameter Length = 8 | 3736 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3737 * | Re-configuration Request Sequence Number | 3738 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3739 */ 3740struct sctp_chunk *sctp_make_strreset_tsnreq( 3741 const struct sctp_association *asoc) 3742{ 3743 struct sctp_strreset_tsnreq tsnreq; 3744 __u16 length = sizeof(tsnreq); 3745 struct sctp_chunk *retval; 3746 3747 retval = sctp_make_reconf(asoc, length); 3748 if (!retval) 3749 return NULL; 3750 3751 tsnreq.param_hdr.type = SCTP_PARAM_RESET_TSN_REQUEST; 3752 tsnreq.param_hdr.length = htons(length); 3753 tsnreq.request_seq = htonl(asoc->strreset_outseq); 3754 3755 sctp_addto_chunk(retval, sizeof(tsnreq), &tsnreq); 3756 3757 return retval; 3758} 3759 3760/* RE-CONFIG 4.5/4.6 (ADD STREAM) 3761 * 0 1 2 3 3762 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3763 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3764 * | Parameter Type = 17 | Parameter Length = 12 | 3765 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3766 * | Re-configuration Request Sequence Number | 3767 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3768 * | Number of new streams | Reserved | 3769 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3770 */ 3771struct sctp_chunk *sctp_make_strreset_addstrm( 3772 const struct sctp_association *asoc, 3773 __u16 out, __u16 in) 3774{ 3775 struct sctp_strreset_addstrm addstrm; 3776 __u16 size = sizeof(addstrm); 3777 struct sctp_chunk *retval; 3778 3779 retval = sctp_make_reconf(asoc, (!!out + !!in) * size); 3780 if (!retval) 3781 return NULL; 3782 3783 if (out) { 3784 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_OUT_STREAMS; 3785 addstrm.param_hdr.length = htons(size); 3786 addstrm.number_of_streams = htons(out); 3787 addstrm.request_seq = htonl(asoc->strreset_outseq); 3788 addstrm.reserved = 0; 3789 3790 sctp_addto_chunk(retval, size, &addstrm); 3791 } 3792 3793 if (in) { 3794 addstrm.param_hdr.type = SCTP_PARAM_RESET_ADD_IN_STREAMS; 3795 addstrm.param_hdr.length = htons(size); 3796 addstrm.number_of_streams = htons(in); 3797 addstrm.request_seq = htonl(asoc->strreset_outseq + !!out); 3798 addstrm.reserved = 0; 3799 3800 sctp_addto_chunk(retval, size, &addstrm); 3801 } 3802 3803 return retval; 3804} 3805 3806/* RE-CONFIG 4.4 (RESP) 3807 * 0 1 2 3 3808 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3809 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3810 * | Parameter Type = 16 | Parameter Length | 3811 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3812 * | Re-configuration Response Sequence Number | 3813 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3814 * | Result | 3815 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3816 */ 3817struct sctp_chunk *sctp_make_strreset_resp(const struct sctp_association *asoc, 3818 __u32 result, __u32 sn) 3819{ 3820 struct sctp_strreset_resp resp; 3821 __u16 length = sizeof(resp); 3822 struct sctp_chunk *retval; 3823 3824 retval = sctp_make_reconf(asoc, length); 3825 if (!retval) 3826 return NULL; 3827 3828 resp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3829 resp.param_hdr.length = htons(length); 3830 resp.response_seq = htonl(sn); 3831 resp.result = htonl(result); 3832 3833 sctp_addto_chunk(retval, sizeof(resp), &resp); 3834 3835 return retval; 3836} 3837 3838/* RE-CONFIG 4.4 OPTIONAL (TSNRESP) 3839 * 0 1 2 3 3840 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3841 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3842 * | Parameter Type = 16 | Parameter Length | 3843 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3844 * | Re-configuration Response Sequence Number | 3845 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3846 * | Result | 3847 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3848 * | Sender's Next TSN (optional) | 3849 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3850 * | Receiver's Next TSN (optional) | 3851 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3852 */ 3853struct sctp_chunk *sctp_make_strreset_tsnresp(struct sctp_association *asoc, 3854 __u32 result, __u32 sn, 3855 __u32 sender_tsn, 3856 __u32 receiver_tsn) 3857{ 3858 struct sctp_strreset_resptsn tsnresp; 3859 __u16 length = sizeof(tsnresp); 3860 struct sctp_chunk *retval; 3861 3862 retval = sctp_make_reconf(asoc, length); 3863 if (!retval) 3864 return NULL; 3865 3866 tsnresp.param_hdr.type = SCTP_PARAM_RESET_RESPONSE; 3867 tsnresp.param_hdr.length = htons(length); 3868 3869 tsnresp.response_seq = htonl(sn); 3870 tsnresp.result = htonl(result); 3871 tsnresp.senders_next_tsn = htonl(sender_tsn); 3872 tsnresp.receivers_next_tsn = htonl(receiver_tsn); 3873 3874 sctp_addto_chunk(retval, sizeof(tsnresp), &tsnresp); 3875 3876 return retval; 3877} 3878 3879bool sctp_verify_reconf(const struct sctp_association *asoc, 3880 struct sctp_chunk *chunk, 3881 struct sctp_paramhdr **errp) 3882{ 3883 struct sctp_reconf_chunk *hdr; 3884 union sctp_params param; 3885 __be16 last = 0; 3886 __u16 cnt = 0; 3887 3888 hdr = (struct sctp_reconf_chunk *)chunk->chunk_hdr; 3889 sctp_walk_params(param, hdr, params) { 3890 __u16 length = ntohs(param.p->length); 3891 3892 *errp = param.p; 3893 if (cnt++ > 2) 3894 return false; 3895 switch (param.p->type) { 3896 case SCTP_PARAM_RESET_OUT_REQUEST: 3897 if (length < sizeof(struct sctp_strreset_outreq) || 3898 (last && last != SCTP_PARAM_RESET_RESPONSE && 3899 last != SCTP_PARAM_RESET_IN_REQUEST)) 3900 return false; 3901 break; 3902 case SCTP_PARAM_RESET_IN_REQUEST: 3903 if (length < sizeof(struct sctp_strreset_inreq) || 3904 (last && last != SCTP_PARAM_RESET_OUT_REQUEST)) 3905 return false; 3906 break; 3907 case SCTP_PARAM_RESET_RESPONSE: 3908 if ((length != sizeof(struct sctp_strreset_resp) && 3909 length != sizeof(struct sctp_strreset_resptsn)) || 3910 (last && last != SCTP_PARAM_RESET_RESPONSE && 3911 last != SCTP_PARAM_RESET_OUT_REQUEST)) 3912 return false; 3913 break; 3914 case SCTP_PARAM_RESET_TSN_REQUEST: 3915 if (length != 3916 sizeof(struct sctp_strreset_tsnreq) || last) 3917 return false; 3918 break; 3919 case SCTP_PARAM_RESET_ADD_IN_STREAMS: 3920 if (length != sizeof(struct sctp_strreset_addstrm) || 3921 (last && last != SCTP_PARAM_RESET_ADD_OUT_STREAMS)) 3922 return false; 3923 break; 3924 case SCTP_PARAM_RESET_ADD_OUT_STREAMS: 3925 if (length != sizeof(struct sctp_strreset_addstrm) || 3926 (last && last != SCTP_PARAM_RESET_ADD_IN_STREAMS)) 3927 return false; 3928 break; 3929 default: 3930 return false; 3931 } 3932 3933 last = param.p->type; 3934 } 3935 3936 return true; 3937}