1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53#include <linux/types.h>
54#include <linux/kernel.h>
55#include <linux/ip.h>
56#include <linux/ipv6.h>
57#include <linux/net.h>
58#include <linux/inet.h>
59#include <linux/scatterlist.h>
60#include <linux/crypto.h>
61#include <net/sock.h>
62
63#include <linux/skbuff.h>
64#include <linux/random.h>
65#include <net/sctp/sctp.h>
66#include <net/sctp/sm.h>
67
68SCTP_STATIC
69struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
70 __u8 type, __u8 flags, int paylen);
71static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
72 const struct sctp_association *asoc,
73 const struct sctp_chunk *init_chunk,
74 int *cookie_len,
75 const __u8 *raw_addrs, int addrs_len);
76static int sctp_process_param(struct sctp_association *asoc,
77 union sctp_params param,
78 const union sctp_addr *peer_addr,
79 gfp_t gfp);
80static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
81 const void *data);
82
83
84int sctp_chunk_iif(const struct sctp_chunk *chunk)
85{
86 struct sctp_af *af;
87 int iif = 0;
88
89 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version));
90 if (af)
91 iif = af->skb_iif(chunk->skb);
92
93 return iif;
94}
95
96
97
98
99
100
101static const struct sctp_paramhdr ecap_param = {
102 SCTP_PARAM_ECN_CAPABLE,
103 cpu_to_be16(sizeof(struct sctp_paramhdr)),
104};
105static const struct sctp_paramhdr prsctp_param = {
106 SCTP_PARAM_FWD_TSN_SUPPORT,
107 cpu_to_be16(sizeof(struct sctp_paramhdr)),
108};
109
110
111
112
113
114void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
115 size_t paylen)
116{
117 sctp_errhdr_t err;
118 __u16 len;
119
120
121 err.cause = cause_code;
122 len = sizeof(sctp_errhdr_t) + paylen;
123 err.length = htons(len);
124 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
125}
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
172 const struct sctp_bind_addr *bp,
173 gfp_t gfp, int vparam_len)
174{
175 sctp_inithdr_t init;
176 union sctp_params addrs;
177 size_t chunksize;
178 struct sctp_chunk *retval = NULL;
179 int num_types, addrs_len = 0;
180 struct sctp_sock *sp;
181 sctp_supported_addrs_param_t sat;
182 __be16 types[2];
183 sctp_adaptation_ind_param_t aiparam;
184 sctp_supported_ext_param_t ext_param;
185 int num_ext = 0;
186 __u8 extensions[3];
187 sctp_paramhdr_t *auth_chunks = NULL,
188 *auth_hmacs = NULL;
189
190
191
192
193
194
195 retval = NULL;
196
197
198 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
199
200 init.init_tag = htonl(asoc->c.my_vtag);
201 init.a_rwnd = htonl(asoc->rwnd);
202 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
203 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
204 init.initial_tsn = htonl(asoc->c.initial_tsn);
205
206
207 sp = sctp_sk(asoc->base.sk);
208 num_types = sp->pf->supported_addrs(sp, types);
209
210 chunksize = sizeof(init) + addrs_len + SCTP_SAT_LEN(num_types);
211 chunksize += sizeof(ecap_param);
212
213 if (sctp_prsctp_enable)
214 chunksize += sizeof(prsctp_param);
215
216
217
218
219
220
221 if (sctp_addip_enable) {
222 extensions[num_ext] = SCTP_CID_ASCONF;
223 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
224 num_ext += 2;
225 }
226
227 if (sp->adaptation_ind)
228 chunksize += sizeof(aiparam);
229
230 chunksize += vparam_len;
231
232
233 if (sctp_auth_enable) {
234
235 chunksize += sizeof(asoc->c.auth_random);
236
237
238 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
239 if (auth_hmacs->length)
240 chunksize += ntohs(auth_hmacs->length);
241 else
242 auth_hmacs = NULL;
243
244
245 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
246 if (auth_chunks->length)
247 chunksize += ntohs(auth_chunks->length);
248 else
249 auth_chunks = NULL;
250
251 extensions[num_ext] = SCTP_CID_AUTH;
252 num_ext += 1;
253 }
254
255
256 if (num_ext)
257 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext;
258
259
260
261
262
263
264
265
266
267
268
269
270
271 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize);
272 if (!retval)
273 goto nodata;
274
275 retval->subh.init_hdr =
276 sctp_addto_chunk(retval, sizeof(init), &init);
277 retval->param_hdr.v =
278 sctp_addto_chunk(retval, addrs_len, addrs.v);
279
280
281
282
283
284
285
286
287 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
288 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
289 sctp_addto_chunk(retval, sizeof(sat), &sat);
290 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
291
292 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
293
294
295
296
297 if (num_ext) {
298 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
299 ext_param.param_hdr.length =
300 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
301 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
302 &ext_param);
303 sctp_addto_param(retval, num_ext, extensions);
304 }
305
306 if (sctp_prsctp_enable)
307 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
308
309 if (sp->adaptation_ind) {
310 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
311 aiparam.param_hdr.length = htons(sizeof(aiparam));
312 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
313 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
314 }
315
316
317 if (sctp_auth_enable) {
318 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
319 asoc->c.auth_random);
320 if (auth_hmacs)
321 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
322 auth_hmacs);
323 if (auth_chunks)
324 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
325 auth_chunks);
326 }
327nodata:
328 kfree(addrs.v);
329 return retval;
330}
331
332struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
333 const struct sctp_chunk *chunk,
334 gfp_t gfp, int unkparam_len)
335{
336 sctp_inithdr_t initack;
337 struct sctp_chunk *retval;
338 union sctp_params addrs;
339 struct sctp_sock *sp;
340 int addrs_len;
341 sctp_cookie_param_t *cookie;
342 int cookie_len;
343 size_t chunksize;
344 sctp_adaptation_ind_param_t aiparam;
345 sctp_supported_ext_param_t ext_param;
346 int num_ext = 0;
347 __u8 extensions[3];
348 sctp_paramhdr_t *auth_chunks = NULL,
349 *auth_hmacs = NULL,
350 *auth_random = NULL;
351
352 retval = NULL;
353
354
355 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
356
357 initack.init_tag = htonl(asoc->c.my_vtag);
358 initack.a_rwnd = htonl(asoc->rwnd);
359 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
360 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
361 initack.initial_tsn = htonl(asoc->c.initial_tsn);
362
363
364
365
366 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
367 addrs.v, addrs_len);
368 if (!cookie)
369 goto nomem_cookie;
370
371
372
373
374 sp = sctp_sk(asoc->base.sk);
375 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
376
377
378 if (asoc->peer.ecn_capable)
379 chunksize += sizeof(ecap_param);
380
381 if (asoc->peer.prsctp_capable)
382 chunksize += sizeof(prsctp_param);
383
384 if (asoc->peer.asconf_capable) {
385 extensions[num_ext] = SCTP_CID_ASCONF;
386 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
387 num_ext += 2;
388 }
389
390 if (sp->adaptation_ind)
391 chunksize += sizeof(aiparam);
392
393 if (asoc->peer.auth_capable) {
394 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random;
395 chunksize += ntohs(auth_random->length);
396
397 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
398 if (auth_hmacs->length)
399 chunksize += ntohs(auth_hmacs->length);
400 else
401 auth_hmacs = NULL;
402
403 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
404 if (auth_chunks->length)
405 chunksize += ntohs(auth_chunks->length);
406 else
407 auth_chunks = NULL;
408
409 extensions[num_ext] = SCTP_CID_AUTH;
410 num_ext += 1;
411 }
412
413 if (num_ext)
414 chunksize += sizeof(sctp_supported_ext_param_t) + num_ext;
415
416
417 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
418 if (!retval)
419 goto nomem_chunk;
420
421
422
423
424 retval->transport = chunk->transport;
425 retval->subh.init_hdr =
426 sctp_addto_chunk(retval, sizeof(initack), &initack);
427 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
428 sctp_addto_chunk(retval, cookie_len, cookie);
429 if (asoc->peer.ecn_capable)
430 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
431 if (num_ext) {
432 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
433 ext_param.param_hdr.length =
434 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
435 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
436 &ext_param);
437 sctp_addto_param(retval, num_ext, extensions);
438 }
439 if (asoc->peer.prsctp_capable)
440 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
441
442 if (sp->adaptation_ind) {
443 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
444 aiparam.param_hdr.length = htons(sizeof(aiparam));
445 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
446 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
447 }
448
449 if (asoc->peer.auth_capable) {
450 sctp_addto_chunk(retval, ntohs(auth_random->length),
451 auth_random);
452 if (auth_hmacs)
453 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
454 auth_hmacs);
455 if (auth_chunks)
456 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
457 auth_chunks);
458 }
459
460
461 retval->asoc = (struct sctp_association *) asoc;
462
463
464
465
466
467
468
469
470
471
472 if (chunk)
473 retval->transport = chunk->transport;
474
475nomem_chunk:
476 kfree(cookie);
477nomem_cookie:
478 kfree(addrs.v);
479 return retval;
480}
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
517 const struct sctp_chunk *chunk)
518{
519 struct sctp_chunk *retval;
520 void *cookie;
521 int cookie_len;
522
523 cookie = asoc->peer.cookie;
524 cookie_len = asoc->peer.cookie_len;
525
526
527 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len);
528 if (!retval)
529 goto nodata;
530 retval->subh.cookie_hdr =
531 sctp_addto_chunk(retval, cookie_len, cookie);
532
533
534
535
536
537
538
539
540
541
542 if (chunk)
543 retval->transport = chunk->transport;
544
545nodata:
546 return retval;
547}
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
568 const struct sctp_chunk *chunk)
569{
570 struct sctp_chunk *retval;
571
572 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0);
573
574
575
576
577
578
579
580
581
582
583 if (retval && chunk)
584 retval->transport = chunk->transport;
585
586 return retval;
587}
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
613 const __u32 lowest_tsn,
614 const struct sctp_chunk *chunk)
615{
616 struct sctp_chunk *retval;
617 sctp_cwrhdr_t cwr;
618
619 cwr.lowest_tsn = htonl(lowest_tsn);
620 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0,
621 sizeof(sctp_cwrhdr_t));
622
623 if (!retval)
624 goto nodata;
625
626 retval->subh.ecn_cwr_hdr =
627 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
628
629
630
631
632
633
634
635
636
637
638
639 if (chunk)
640 retval->transport = chunk->transport;
641
642nodata:
643 return retval;
644}
645
646
647struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
648 const __u32 lowest_tsn)
649{
650 struct sctp_chunk *retval;
651 sctp_ecnehdr_t ecne;
652
653 ecne.lowest_tsn = htonl(lowest_tsn);
654 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0,
655 sizeof(sctp_ecnehdr_t));
656 if (!retval)
657 goto nodata;
658 retval->subh.ecne_hdr =
659 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
660
661nodata:
662 return retval;
663}
664
665
666
667
668struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc,
669 const struct sctp_sndrcvinfo *sinfo,
670 int data_len, __u8 flags, __u16 ssn)
671{
672 struct sctp_chunk *retval;
673 struct sctp_datahdr dp;
674 int chunk_len;
675
676
677
678
679 dp.tsn = 0;
680 dp.stream = htons(sinfo->sinfo_stream);
681 dp.ppid = sinfo->sinfo_ppid;
682
683
684 if (sinfo->sinfo_flags & SCTP_UNORDERED) {
685 flags |= SCTP_DATA_UNORDERED;
686 dp.ssn = 0;
687 } else
688 dp.ssn = htons(ssn);
689
690 chunk_len = sizeof(dp) + data_len;
691 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len);
692 if (!retval)
693 goto nodata;
694
695 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
696 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
697
698nodata:
699 return retval;
700}
701
702
703
704
705
706struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
707{
708 struct sctp_chunk *retval;
709 struct sctp_sackhdr sack;
710 int len;
711 __u32 ctsn;
712 __u16 num_gabs, num_dup_tsns;
713 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
714 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
715
716 memset(gabs, 0, sizeof(gabs));
717 ctsn = sctp_tsnmap_get_ctsn(map);
718 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn);
719
720
721 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
722 num_dup_tsns = sctp_tsnmap_num_dups(map);
723
724
725 sack.cum_tsn_ack = htonl(ctsn);
726 sack.a_rwnd = htonl(asoc->a_rwnd);
727 sack.num_gap_ack_blocks = htons(num_gabs);
728 sack.num_dup_tsns = htons(num_dup_tsns);
729
730 len = sizeof(sack)
731 + sizeof(struct sctp_gap_ack_block) * num_gabs
732 + sizeof(__u32) * num_dup_tsns;
733
734
735 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len);
736 if (!retval)
737 goto nodata;
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769 retval->transport = asoc->peer.last_data_from;
770
771 retval->subh.sack_hdr =
772 sctp_addto_chunk(retval, sizeof(sack), &sack);
773
774
775 if (num_gabs)
776 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
777 gabs);
778
779
780 if (num_dup_tsns)
781 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
782 sctp_tsnmap_get_dups(map));
783
784nodata:
785 return retval;
786}
787
788
789struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
790 const struct sctp_chunk *chunk)
791{
792 struct sctp_chunk *retval;
793 sctp_shutdownhdr_t shut;
794 __u32 ctsn;
795
796 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
797 shut.cum_tsn_ack = htonl(ctsn);
798
799 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0,
800 sizeof(sctp_shutdownhdr_t));
801 if (!retval)
802 goto nodata;
803
804 retval->subh.shutdown_hdr =
805 sctp_addto_chunk(retval, sizeof(shut), &shut);
806
807 if (chunk)
808 retval->transport = chunk->transport;
809nodata:
810 return retval;
811}
812
813struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
814 const struct sctp_chunk *chunk)
815{
816 struct sctp_chunk *retval;
817
818 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0);
819
820
821
822
823
824
825
826
827
828
829 if (retval && chunk)
830 retval->transport = chunk->transport;
831
832 return retval;
833}
834
835struct sctp_chunk *sctp_make_shutdown_complete(
836 const struct sctp_association *asoc,
837 const struct sctp_chunk *chunk)
838{
839 struct sctp_chunk *retval;
840 __u8 flags = 0;
841
842
843
844
845 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
846
847 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0);
848
849
850
851
852
853
854
855
856
857
858
859 if (retval && chunk)
860 retval->transport = chunk->transport;
861
862 return retval;
863}
864
865
866
867
868struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
869 const struct sctp_chunk *chunk,
870 const size_t hint)
871{
872 struct sctp_chunk *retval;
873 __u8 flags = 0;
874
875
876
877
878 if (!asoc) {
879 if (chunk && chunk->chunk_hdr &&
880 chunk->chunk_hdr->type == SCTP_CID_INIT)
881 flags = 0;
882 else
883 flags = SCTP_CHUNK_FLAG_T;
884 }
885
886 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint);
887
888
889
890
891
892
893
894
895
896
897 if (retval && chunk)
898 retval->transport = chunk->transport;
899
900 return retval;
901}
902
903
904struct sctp_chunk *sctp_make_abort_no_data(
905 const struct sctp_association *asoc,
906 const struct sctp_chunk *chunk, __u32 tsn)
907{
908 struct sctp_chunk *retval;
909 __be32 payload;
910
911 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
912 + sizeof(tsn));
913
914 if (!retval)
915 goto no_mem;
916
917
918 payload = htonl(tsn);
919 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
920 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
921
922
923
924
925
926
927
928
929
930
931 if (chunk)
932 retval->transport = chunk->transport;
933
934no_mem:
935 return retval;
936}
937
938
939struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
940 const struct msghdr *msg,
941 size_t paylen)
942{
943 struct sctp_chunk *retval;
944 void *payload = NULL;
945 int err;
946
947 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen);
948 if (!retval)
949 goto err_chunk;
950
951 if (paylen) {
952
953 payload = kmalloc(paylen, GFP_KERNEL);
954 if (!payload)
955 goto err_payload;
956
957 err = memcpy_fromiovec(payload, msg->msg_iov, paylen);
958 if (err < 0)
959 goto err_copy;
960 }
961
962 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
963 sctp_addto_chunk(retval, paylen, payload);
964
965 if (paylen)
966 kfree(payload);
967
968 return retval;
969
970err_copy:
971 kfree(payload);
972err_payload:
973 sctp_chunk_free(retval);
974 retval = NULL;
975err_chunk:
976 return retval;
977}
978
979
980
981
982static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
983 const void *data)
984{
985 void *target;
986 int chunklen = ntohs(chunk->chunk_hdr->length);
987
988 target = skb_put(chunk->skb, len);
989
990 memcpy(target, data, len);
991
992
993 chunk->chunk_hdr->length = htons(chunklen + len);
994 chunk->chunk_end = skb_tail_pointer(chunk->skb);
995
996 return target;
997}
998
999
1000struct sctp_chunk *sctp_make_abort_violation(
1001 const struct sctp_association *asoc,
1002 const struct sctp_chunk *chunk,
1003 const __u8 *payload,
1004 const size_t paylen)
1005{
1006 struct sctp_chunk *retval;
1007 struct sctp_paramhdr phdr;
1008
1009 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen
1010 + sizeof(sctp_paramhdr_t));
1011 if (!retval)
1012 goto end;
1013
1014 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen
1015 + sizeof(sctp_paramhdr_t));
1016
1017 phdr.type = htons(chunk->chunk_hdr->type);
1018 phdr.length = chunk->chunk_hdr->length;
1019 sctp_addto_chunk(retval, paylen, payload);
1020 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr);
1021
1022end:
1023 return retval;
1024}
1025
1026struct sctp_chunk *sctp_make_violation_paramlen(
1027 const struct sctp_association *asoc,
1028 const struct sctp_chunk *chunk,
1029 struct sctp_paramhdr *param)
1030{
1031 struct sctp_chunk *retval;
1032 static const char error[] = "The following parameter had invalid length:";
1033 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
1034 sizeof(sctp_paramhdr_t);
1035
1036 retval = sctp_make_abort(asoc, chunk, payload_len);
1037 if (!retval)
1038 goto nodata;
1039
1040 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1041 sizeof(error) + sizeof(sctp_paramhdr_t));
1042 sctp_addto_chunk(retval, sizeof(error), error);
1043 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param);
1044
1045nodata:
1046 return retval;
1047}
1048
1049
1050struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1051 const struct sctp_transport *transport,
1052 const void *payload, const size_t paylen)
1053{
1054 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT,
1055 0, paylen);
1056
1057 if (!retval)
1058 goto nodata;
1059
1060
1061
1062
1063 retval->transport = (struct sctp_transport *) transport;
1064 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1065
1066nodata:
1067 return retval;
1068}
1069
1070struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1071 const struct sctp_chunk *chunk,
1072 const void *payload, const size_t paylen)
1073{
1074 struct sctp_chunk *retval;
1075
1076 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen);
1077 if (!retval)
1078 goto nodata;
1079
1080 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091 if (chunk)
1092 retval->transport = chunk->transport;
1093
1094nodata:
1095 return retval;
1096}
1097
1098
1099
1100
1101static struct sctp_chunk *sctp_make_op_error_space(
1102 const struct sctp_association *asoc,
1103 const struct sctp_chunk *chunk,
1104 size_t size)
1105{
1106 struct sctp_chunk *retval;
1107
1108 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0,
1109 sizeof(sctp_errhdr_t) + size);
1110 if (!retval)
1111 goto nodata;
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121 if (chunk)
1122 retval->transport = chunk->transport;
1123
1124nodata:
1125 return retval;
1126}
1127
1128
1129struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1130 const struct sctp_chunk *chunk,
1131 __be16 cause_code, const void *payload,
1132 size_t paylen)
1133{
1134 struct sctp_chunk *retval;
1135
1136 retval = sctp_make_op_error_space(asoc, chunk, paylen);
1137 if (!retval)
1138 goto nodata;
1139
1140 sctp_init_cause(retval, cause_code, paylen);
1141 sctp_addto_chunk(retval, paylen, payload);
1142
1143nodata:
1144 return retval;
1145}
1146
1147struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1148{
1149 struct sctp_chunk *retval;
1150 struct sctp_hmac *hmac_desc;
1151 struct sctp_authhdr auth_hdr;
1152 __u8 *hmac;
1153
1154
1155 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1156 if (unlikely(!hmac_desc))
1157 return NULL;
1158
1159 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
1160 hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
1161 if (!retval)
1162 return NULL;
1163
1164 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1165 auth_hdr.shkey_id = htons(asoc->active_key_id);
1166
1167 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1168 &auth_hdr);
1169
1170 hmac = skb_put(retval->skb, hmac_desc->hmac_len);
1171 memset(hmac, 0, hmac_desc->hmac_len);
1172
1173
1174 retval->chunk_hdr->length =
1175 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1176 retval->chunk_end = skb_tail_pointer(retval->skb);
1177
1178 return retval;
1179}
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1190 const struct sctp_association *asoc,
1191 struct sock *sk)
1192{
1193 struct sctp_chunk *retval;
1194
1195 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC);
1196
1197 if (!retval)
1198 goto nodata;
1199
1200 if (!sk) {
1201 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb);
1202 }
1203
1204 INIT_LIST_HEAD(&retval->list);
1205 retval->skb = skb;
1206 retval->asoc = (struct sctp_association *)asoc;
1207 retval->resent = 0;
1208 retval->has_tsn = 0;
1209 retval->has_ssn = 0;
1210 retval->rtt_in_progress = 0;
1211 retval->sent_at = 0;
1212 retval->singleton = 1;
1213 retval->end_of_packet = 0;
1214 retval->ecn_ce_done = 0;
1215 retval->pdiscard = 0;
1216
1217
1218
1219
1220
1221
1222
1223 retval->tsn_missing_report = 0;
1224 retval->tsn_gap_acked = 0;
1225 retval->fast_retransmit = SCTP_CAN_FRTX;
1226
1227
1228
1229
1230 retval->msg = NULL;
1231
1232
1233 INIT_LIST_HEAD(&retval->transmitted_list);
1234 INIT_LIST_HEAD(&retval->frag_list);
1235 SCTP_DBG_OBJCNT_INC(chunk);
1236 atomic_set(&retval->refcnt, 1);
1237
1238nodata:
1239 return retval;
1240}
1241
1242
1243void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1244 union sctp_addr *dest)
1245{
1246 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1247 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1248}
1249
1250
1251const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1252{
1253
1254 if (chunk->transport) {
1255 return &chunk->transport->ipaddr;
1256 } else {
1257
1258 return &chunk->source;
1259 }
1260}
1261
1262
1263
1264
1265SCTP_STATIC
1266struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1267 __u8 type, __u8 flags, int paylen)
1268{
1269 struct sctp_chunk *retval;
1270 sctp_chunkhdr_t *chunk_hdr;
1271 struct sk_buff *skb;
1272 struct sock *sk;
1273
1274
1275 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen),
1276 GFP_ATOMIC);
1277 if (!skb)
1278 goto nodata;
1279
1280
1281 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t));
1282 chunk_hdr->type = type;
1283 chunk_hdr->flags = flags;
1284 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t));
1285
1286 sk = asoc ? asoc->base.sk : NULL;
1287 retval = sctp_chunkify(skb, asoc, sk);
1288 if (!retval) {
1289 kfree_skb(skb);
1290 goto nodata;
1291 }
1292
1293 retval->chunk_hdr = chunk_hdr;
1294 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1295
1296
1297 if (sctp_auth_send_cid(type, asoc))
1298 retval->auth = 1;
1299
1300
1301 skb->sk = sk;
1302
1303 return retval;
1304nodata:
1305 return NULL;
1306}
1307
1308
1309
1310static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1311{
1312 BUG_ON(!list_empty(&chunk->list));
1313 list_del_init(&chunk->transmitted_list);
1314
1315
1316 dev_kfree_skb(chunk->skb);
1317
1318 SCTP_DBG_OBJCNT_DEC(chunk);
1319 kmem_cache_free(sctp_chunk_cachep, chunk);
1320}
1321
1322
1323void sctp_chunk_free(struct sctp_chunk *chunk)
1324{
1325
1326 if (chunk->msg)
1327 sctp_datamsg_put(chunk->msg);
1328
1329 sctp_chunk_put(chunk);
1330}
1331
1332
1333void sctp_chunk_hold(struct sctp_chunk *ch)
1334{
1335 atomic_inc(&ch->refcnt);
1336}
1337
1338
1339void sctp_chunk_put(struct sctp_chunk *ch)
1340{
1341 if (atomic_dec_and_test(&ch->refcnt))
1342 sctp_chunk_destroy(ch);
1343}
1344
1345
1346
1347
1348void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1349{
1350 void *target;
1351 void *padding;
1352 int chunklen = ntohs(chunk->chunk_hdr->length);
1353 int padlen = WORD_ROUND(chunklen) - chunklen;
1354
1355 padding = skb_put(chunk->skb, padlen);
1356 target = skb_put(chunk->skb, len);
1357
1358 memset(padding, 0, padlen);
1359 memcpy(target, data, len);
1360
1361
1362 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1363 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1364
1365 return target;
1366}
1367
1368
1369
1370
1371
1372int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len,
1373 struct iovec *data)
1374{
1375 __u8 *target;
1376 int err = 0;
1377
1378
1379 target = skb_put(chunk->skb, len);
1380
1381
1382 if ((err = memcpy_fromiovecend(target, data, off, len)))
1383 goto out;
1384
1385
1386 chunk->chunk_hdr->length =
1387 htons(ntohs(chunk->chunk_hdr->length) + len);
1388 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1389
1390out:
1391 return err;
1392}
1393
1394
1395
1396
1397void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1398{
1399 struct sctp_datamsg *msg;
1400 struct sctp_chunk *lchunk;
1401 struct sctp_stream *stream;
1402 __u16 ssn;
1403 __u16 sid;
1404
1405 if (chunk->has_ssn)
1406 return;
1407
1408
1409 sid = ntohs(chunk->subh.data_hdr->stream);
1410 stream = &chunk->asoc->ssnmap->out;
1411
1412
1413
1414
1415 msg = chunk->msg;
1416 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1417 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1418 ssn = 0;
1419 } else {
1420 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1421 ssn = sctp_ssn_next(stream, sid);
1422 else
1423 ssn = sctp_ssn_peek(stream, sid);
1424 }
1425
1426 lchunk->subh.data_hdr->ssn = htons(ssn);
1427 lchunk->has_ssn = 1;
1428 }
1429}
1430
1431
1432
1433
1434void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1435{
1436 if (!chunk->has_tsn) {
1437
1438
1439
1440 chunk->subh.data_hdr->tsn =
1441 htonl(sctp_association_get_next_tsn(chunk->asoc));
1442 chunk->has_tsn = 1;
1443 }
1444}
1445
1446
1447struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1448 struct sctp_chunk *chunk,
1449 gfp_t gfp)
1450{
1451 struct sctp_association *asoc;
1452 struct sk_buff *skb;
1453 sctp_scope_t scope;
1454 struct sctp_af *af;
1455
1456
1457 scope = sctp_scope(sctp_source(chunk));
1458 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1459 if (!asoc)
1460 goto nodata;
1461 asoc->temp = 1;
1462 skb = chunk->skb;
1463
1464 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version));
1465 if (unlikely(!af))
1466 goto fail;
1467 af->from_skb(&asoc->c.peer_addr, skb, 1);
1468nodata:
1469 return asoc;
1470
1471fail:
1472 sctp_association_free(asoc);
1473 return NULL;
1474}
1475
1476
1477
1478
1479static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1480 const struct sctp_association *asoc,
1481 const struct sctp_chunk *init_chunk,
1482 int *cookie_len,
1483 const __u8 *raw_addrs, int addrs_len)
1484{
1485 sctp_cookie_param_t *retval;
1486 struct sctp_signed_cookie *cookie;
1487 struct scatterlist sg;
1488 int headersize, bodysize;
1489 unsigned int keylen;
1490 char *key;
1491
1492
1493
1494
1495 headersize = sizeof(sctp_paramhdr_t) +
1496 (sizeof(struct sctp_signed_cookie) -
1497 sizeof(struct sctp_cookie));
1498 bodysize = sizeof(struct sctp_cookie)
1499 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1500
1501
1502
1503
1504 if (bodysize % SCTP_COOKIE_MULTIPLE)
1505 bodysize += SCTP_COOKIE_MULTIPLE
1506 - (bodysize % SCTP_COOKIE_MULTIPLE);
1507 *cookie_len = headersize + bodysize;
1508
1509
1510
1511
1512 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1513 if (!retval)
1514 goto nodata;
1515
1516 cookie = (struct sctp_signed_cookie *) retval->body;
1517
1518
1519 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1520 retval->p.length = htons(*cookie_len);
1521
1522
1523 cookie->c = asoc->c;
1524
1525 cookie->c.raw_addr_list_len = addrs_len;
1526
1527
1528 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1529
1530
1531 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1532
1533
1534 do_gettimeofday(&cookie->c.expiration);
1535 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration);
1536
1537
1538 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1539 ntohs(init_chunk->chunk_hdr->length));
1540
1541
1542 memcpy((__u8 *)&cookie->c.peer_init[0] +
1543 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1544
1545 if (sctp_sk(ep->base.sk)->hmac) {
1546 struct hash_desc desc;
1547
1548
1549 sg_init_one(&sg, &cookie->c, bodysize);
1550 keylen = SCTP_SECRET_SIZE;
1551 key = (char *)ep->secret_key[ep->current_key];
1552 desc.tfm = sctp_sk(ep->base.sk)->hmac;
1553 desc.flags = 0;
1554
1555 if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1556 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
1557 goto free_cookie;
1558 }
1559
1560 return retval;
1561
1562free_cookie:
1563 kfree(retval);
1564nodata:
1565 *cookie_len = 0;
1566 return NULL;
1567}
1568
1569
1570struct sctp_association *sctp_unpack_cookie(
1571 const struct sctp_endpoint *ep,
1572 const struct sctp_association *asoc,
1573 struct sctp_chunk *chunk, gfp_t gfp,
1574 int *error, struct sctp_chunk **errp)
1575{
1576 struct sctp_association *retval = NULL;
1577 struct sctp_signed_cookie *cookie;
1578 struct sctp_cookie *bear_cookie;
1579 int headersize, bodysize, fixed_size;
1580 __u8 *digest = ep->digest;
1581 struct scatterlist sg;
1582 unsigned int keylen, len;
1583 char *key;
1584 sctp_scope_t scope;
1585 struct sk_buff *skb = chunk->skb;
1586 struct timeval tv;
1587 struct hash_desc desc;
1588
1589
1590
1591
1592 headersize = sizeof(sctp_chunkhdr_t) +
1593 (sizeof(struct sctp_signed_cookie) -
1594 sizeof(struct sctp_cookie));
1595 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1596 fixed_size = headersize + sizeof(struct sctp_cookie);
1597
1598
1599
1600
1601
1602 len = ntohs(chunk->chunk_hdr->length);
1603 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1604 goto malformed;
1605
1606
1607 if (bodysize % SCTP_COOKIE_MULTIPLE)
1608 goto malformed;
1609
1610
1611 cookie = chunk->subh.cookie_hdr;
1612 bear_cookie = &cookie->c;
1613
1614 if (!sctp_sk(ep->base.sk)->hmac)
1615 goto no_hmac;
1616
1617
1618 keylen = SCTP_SECRET_SIZE;
1619 sg_init_one(&sg, bear_cookie, bodysize);
1620 key = (char *)ep->secret_key[ep->current_key];
1621 desc.tfm = sctp_sk(ep->base.sk)->hmac;
1622 desc.flags = 0;
1623
1624 memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1625 if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1626 crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1627 *error = -SCTP_IERROR_NOMEM;
1628 goto fail;
1629 }
1630
1631 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1632
1633 key = (char *)ep->secret_key[ep->last_key];
1634 memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1635 if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1636 crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1637 *error = -SCTP_IERROR_NOMEM;
1638 goto fail;
1639 }
1640
1641 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1642
1643 *error = -SCTP_IERROR_BAD_SIG;
1644 goto fail;
1645 }
1646 }
1647
1648no_hmac:
1649
1650
1651
1652
1653
1654
1655
1656 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1657 *error = -SCTP_IERROR_BAD_TAG;
1658 goto fail;
1659 }
1660
1661 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1662 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1663 *error = -SCTP_IERROR_BAD_PORTS;
1664 goto fail;
1665 }
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1676 skb_get_timestamp(skb, &tv);
1677 else
1678 do_gettimeofday(&tv);
1679
1680 if (!asoc && tv_lt(bear_cookie->expiration, tv)) {
1681
1682
1683
1684
1685
1686
1687
1688
1689 len = ntohs(chunk->chunk_hdr->length);
1690 *errp = sctp_make_op_error_space(asoc, chunk, len);
1691 if (*errp) {
1692 suseconds_t usecs = (tv.tv_sec -
1693 bear_cookie->expiration.tv_sec) * 1000000L +
1694 tv.tv_usec - bear_cookie->expiration.tv_usec;
1695 __be32 n = htonl(usecs);
1696
1697 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1698 sizeof(n));
1699 sctp_addto_chunk(*errp, sizeof(n), &n);
1700 *error = -SCTP_IERROR_STALE_COOKIE;
1701 } else
1702 *error = -SCTP_IERROR_NOMEM;
1703
1704 goto fail;
1705 }
1706
1707
1708 scope = sctp_scope(sctp_source(chunk));
1709 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1710 if (!retval) {
1711 *error = -SCTP_IERROR_NOMEM;
1712 goto fail;
1713 }
1714
1715
1716 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1717
1718
1719 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1720
1721 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1722 GFP_ATOMIC) < 0) {
1723 *error = -SCTP_IERROR_NOMEM;
1724 goto fail;
1725 }
1726
1727
1728 if (list_empty(&retval->base.bind_addr.address_list)) {
1729 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1730 SCTP_ADDR_SRC, GFP_ATOMIC);
1731 }
1732
1733 retval->next_tsn = retval->c.initial_tsn;
1734 retval->ctsn_ack_point = retval->next_tsn - 1;
1735 retval->addip_serial = retval->c.initial_tsn;
1736 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1737 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1738 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1739
1740
1741 return retval;
1742
1743fail:
1744 if (retval)
1745 sctp_association_free(retval);
1746
1747 return NULL;
1748
1749malformed:
1750
1751
1752
1753 *error = -SCTP_IERROR_MALFORMED;
1754 goto fail;
1755}
1756
1757
1758
1759
1760
1761struct __sctp_missing {
1762 __be32 num_missing;
1763 __be16 type;
1764} __attribute__((packed));
1765
1766
1767
1768
1769static int sctp_process_missing_param(const struct sctp_association *asoc,
1770 sctp_param_t paramtype,
1771 struct sctp_chunk *chunk,
1772 struct sctp_chunk **errp)
1773{
1774 struct __sctp_missing report;
1775 __u16 len;
1776
1777 len = WORD_ROUND(sizeof(report));
1778
1779
1780
1781
1782 if (!*errp)
1783 *errp = sctp_make_op_error_space(asoc, chunk, len);
1784
1785 if (*errp) {
1786 report.num_missing = htonl(1);
1787 report.type = paramtype;
1788 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1789 sizeof(report));
1790 sctp_addto_chunk(*errp, sizeof(report), &report);
1791 }
1792
1793
1794 return 0;
1795}
1796
1797
1798static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1799 struct sctp_chunk *chunk,
1800 struct sctp_chunk **errp)
1801{
1802
1803
1804 if (!*errp)
1805 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1806
1807 if (*errp)
1808 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1809
1810
1811 return 0;
1812}
1813
1814static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1815 struct sctp_paramhdr *param,
1816 const struct sctp_chunk *chunk,
1817 struct sctp_chunk **errp)
1818{
1819
1820
1821
1822 if (*errp)
1823 sctp_chunk_free(*errp);
1824
1825
1826 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1827
1828 return 0;
1829}
1830
1831
1832
1833
1834
1835static int sctp_process_hn_param(const struct sctp_association *asoc,
1836 union sctp_params param,
1837 struct sctp_chunk *chunk,
1838 struct sctp_chunk **errp)
1839{
1840 __u16 len = ntohs(param.p->length);
1841
1842
1843
1844
1845
1846
1847 if (*errp)
1848 sctp_chunk_free(*errp);
1849
1850 *errp = sctp_make_op_error_space(asoc, chunk, len);
1851
1852 if (*errp) {
1853 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
1854 sctp_addto_chunk(*errp, len, param.v);
1855 }
1856
1857
1858 return 0;
1859}
1860
1861static int sctp_verify_ext_param(union sctp_params param)
1862{
1863 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1864 int have_auth = 0;
1865 int have_asconf = 0;
1866 int i;
1867
1868 for (i = 0; i < num_ext; i++) {
1869 switch (param.ext->chunks[i]) {
1870 case SCTP_CID_AUTH:
1871 have_auth = 1;
1872 break;
1873 case SCTP_CID_ASCONF:
1874 case SCTP_CID_ASCONF_ACK:
1875 have_asconf = 1;
1876 break;
1877 }
1878 }
1879
1880
1881
1882
1883
1884
1885 if (sctp_addip_noauth)
1886 return 1;
1887
1888 if (sctp_addip_enable && !have_auth && have_asconf)
1889 return 0;
1890
1891 return 1;
1892}
1893
1894static void sctp_process_ext_param(struct sctp_association *asoc,
1895 union sctp_params param)
1896{
1897 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1898 int i;
1899
1900 for (i = 0; i < num_ext; i++) {
1901 switch (param.ext->chunks[i]) {
1902 case SCTP_CID_FWD_TSN:
1903 if (sctp_prsctp_enable &&
1904 !asoc->peer.prsctp_capable)
1905 asoc->peer.prsctp_capable = 1;
1906 break;
1907 case SCTP_CID_AUTH:
1908
1909
1910
1911 if (sctp_auth_enable)
1912 asoc->peer.auth_capable = 1;
1913 break;
1914 case SCTP_CID_ASCONF:
1915 case SCTP_CID_ASCONF_ACK:
1916 if (sctp_addip_enable)
1917 asoc->peer.asconf_capable = 1;
1918 break;
1919 default:
1920 break;
1921 }
1922 }
1923}
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
1951 union sctp_params param,
1952 struct sctp_chunk *chunk,
1953 struct sctp_chunk **errp)
1954{
1955 int retval = SCTP_IERROR_NO_ERROR;
1956
1957 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
1958 case SCTP_PARAM_ACTION_DISCARD:
1959 retval = SCTP_IERROR_ERROR;
1960 break;
1961 case SCTP_PARAM_ACTION_SKIP:
1962 break;
1963 case SCTP_PARAM_ACTION_DISCARD_ERR:
1964 retval = SCTP_IERROR_ERROR;
1965
1966 case SCTP_PARAM_ACTION_SKIP_ERR:
1967
1968
1969
1970 if (NULL == *errp)
1971 *errp = sctp_make_op_error_space(asoc, chunk,
1972 ntohs(chunk->chunk_hdr->length));
1973
1974 if (*errp) {
1975 sctp_init_cause(*errp, SCTP_ERROR_UNKNOWN_PARAM,
1976 WORD_ROUND(ntohs(param.p->length)));
1977 sctp_addto_chunk(*errp,
1978 WORD_ROUND(ntohs(param.p->length)),
1979 param.v);
1980 } else {
1981
1982
1983
1984
1985
1986 retval = SCTP_IERROR_NOMEM;
1987 }
1988 break;
1989 default:
1990 break;
1991 }
1992
1993 return retval;
1994}
1995
1996
1997
1998
1999
2000
2001
2002
2003static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
2004 union sctp_params param,
2005 sctp_cid_t cid,
2006 struct sctp_chunk *chunk,
2007 struct sctp_chunk **err_chunk)
2008{
2009 struct sctp_hmac_algo_param *hmacs;
2010 int retval = SCTP_IERROR_NO_ERROR;
2011 __u16 n_elt, id = 0;
2012 int i;
2013
2014
2015
2016
2017
2018
2019 switch (param.p->type) {
2020 case SCTP_PARAM_IPV4_ADDRESS:
2021 case SCTP_PARAM_IPV6_ADDRESS:
2022 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2023 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2024 case SCTP_PARAM_STATE_COOKIE:
2025 case SCTP_PARAM_HEARTBEAT_INFO:
2026 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2027 case SCTP_PARAM_ECN_CAPABLE:
2028 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2029 break;
2030
2031 case SCTP_PARAM_SUPPORTED_EXT:
2032 if (!sctp_verify_ext_param(param))
2033 return SCTP_IERROR_ABORT;
2034 break;
2035
2036 case SCTP_PARAM_SET_PRIMARY:
2037 if (sctp_addip_enable)
2038 break;
2039 goto fallthrough;
2040
2041 case SCTP_PARAM_HOST_NAME_ADDRESS:
2042
2043 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2044 retval = SCTP_IERROR_ABORT;
2045 break;
2046
2047 case SCTP_PARAM_FWD_TSN_SUPPORT:
2048 if (sctp_prsctp_enable)
2049 break;
2050 goto fallthrough;
2051
2052 case SCTP_PARAM_RANDOM:
2053 if (!sctp_auth_enable)
2054 goto fallthrough;
2055
2056
2057
2058
2059
2060
2061 if (SCTP_AUTH_RANDOM_LENGTH !=
2062 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) {
2063 sctp_process_inv_paramlength(asoc, param.p,
2064 chunk, err_chunk);
2065 retval = SCTP_IERROR_ABORT;
2066 }
2067 break;
2068
2069 case SCTP_PARAM_CHUNKS:
2070 if (!sctp_auth_enable)
2071 goto fallthrough;
2072
2073
2074
2075
2076
2077
2078 if (260 < ntohs(param.p->length)) {
2079 sctp_process_inv_paramlength(asoc, param.p,
2080 chunk, err_chunk);
2081 retval = SCTP_IERROR_ABORT;
2082 }
2083 break;
2084
2085 case SCTP_PARAM_HMAC_ALGO:
2086 if (!sctp_auth_enable)
2087 goto fallthrough;
2088
2089 hmacs = (struct sctp_hmac_algo_param *)param.p;
2090 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
2091
2092
2093
2094
2095
2096 for (i = 0; i < n_elt; i++) {
2097 id = ntohs(hmacs->hmac_ids[i]);
2098
2099 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2100 break;
2101 }
2102
2103 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2104 sctp_process_inv_paramlength(asoc, param.p, chunk,
2105 err_chunk);
2106 retval = SCTP_IERROR_ABORT;
2107 }
2108 break;
2109fallthrough:
2110 default:
2111 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
2112 ntohs(param.p->type), cid);
2113 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2114 break;
2115 }
2116 return retval;
2117}
2118
2119
2120int sctp_verify_init(const struct sctp_association *asoc,
2121 sctp_cid_t cid,
2122 sctp_init_chunk_t *peer_init,
2123 struct sctp_chunk *chunk,
2124 struct sctp_chunk **errp)
2125{
2126 union sctp_params param;
2127 int has_cookie = 0;
2128 int result;
2129
2130
2131 if ((0 == peer_init->init_hdr.num_outbound_streams) ||
2132 (0 == peer_init->init_hdr.num_inbound_streams) ||
2133 (0 == peer_init->init_hdr.init_tag) ||
2134 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
2135
2136 return sctp_process_inv_mandatory(asoc, chunk, errp);
2137 }
2138
2139
2140 sctp_walk_params(param, peer_init, init_hdr.params) {
2141
2142 if (SCTP_PARAM_STATE_COOKIE == param.p->type)
2143 has_cookie = 1;
2144
2145 }
2146
2147
2148
2149
2150
2151
2152
2153
2154 if (param.v != (void*)chunk->chunk_end)
2155 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2156
2157
2158
2159
2160 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2161 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2162 chunk, errp);
2163
2164
2165 sctp_walk_params(param, peer_init, init_hdr.params) {
2166
2167 result = sctp_verify_param(asoc, param, cid, chunk, errp);
2168 switch (result) {
2169 case SCTP_IERROR_ABORT:
2170 case SCTP_IERROR_NOMEM:
2171 return 0;
2172 case SCTP_IERROR_ERROR:
2173 return 1;
2174 case SCTP_IERROR_NO_ERROR:
2175 default:
2176 break;
2177 }
2178
2179 }
2180
2181 return 1;
2182}
2183
2184
2185
2186
2187
2188int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
2189 const union sctp_addr *peer_addr,
2190 sctp_init_chunk_t *peer_init, gfp_t gfp)
2191{
2192 union sctp_params param;
2193 struct sctp_transport *transport;
2194 struct list_head *pos, *temp;
2195 char *cookie;
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207 if (peer_addr) {
2208 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2209 goto nomem;
2210 }
2211
2212
2213 sctp_walk_params(param, peer_init, init_hdr.params) {
2214
2215 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2216 goto clean_up;
2217 }
2218
2219
2220
2221
2222 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2223 !asoc->peer.peer_hmacs))
2224 asoc->peer.auth_capable = 0;
2225
2226
2227
2228
2229
2230
2231
2232 if (!sctp_addip_noauth &&
2233 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2234 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2235 SCTP_PARAM_DEL_IP |
2236 SCTP_PARAM_SET_PRIMARY);
2237 asoc->peer.asconf_capable = 0;
2238 goto clean_up;
2239 }
2240
2241
2242 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2243 transport = list_entry(pos, struct sctp_transport, transports);
2244 if (transport->state == SCTP_UNKNOWN) {
2245 sctp_assoc_rm_peer(asoc, transport);
2246 }
2247 }
2248
2249
2250
2251
2252 asoc->peer.i.init_tag =
2253 ntohl(peer_init->init_hdr.init_tag);
2254 asoc->peer.i.a_rwnd =
2255 ntohl(peer_init->init_hdr.a_rwnd);
2256 asoc->peer.i.num_outbound_streams =
2257 ntohs(peer_init->init_hdr.num_outbound_streams);
2258 asoc->peer.i.num_inbound_streams =
2259 ntohs(peer_init->init_hdr.num_inbound_streams);
2260 asoc->peer.i.initial_tsn =
2261 ntohl(peer_init->init_hdr.initial_tsn);
2262
2263
2264
2265
2266 if (asoc->c.sinit_num_ostreams >
2267 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2268 asoc->c.sinit_num_ostreams =
2269 ntohs(peer_init->init_hdr.num_inbound_streams);
2270 }
2271
2272 if (asoc->c.sinit_max_instreams >
2273 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2274 asoc->c.sinit_max_instreams =
2275 ntohs(peer_init->init_hdr.num_outbound_streams);
2276 }
2277
2278
2279 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2280
2281
2282 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2283
2284
2285 cookie = asoc->peer.cookie;
2286 if (cookie) {
2287 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2288 if (!asoc->peer.cookie)
2289 goto clean_up;
2290 }
2291
2292
2293
2294
2295
2296 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2297 transports) {
2298 transport->ssthresh = asoc->peer.i.a_rwnd;
2299 }
2300
2301
2302 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2303 asoc->peer.i.initial_tsn, gfp))
2304 goto clean_up;
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317 if (!asoc->temp) {
2318 int error;
2319
2320 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams,
2321 asoc->c.sinit_num_ostreams, gfp);
2322 if (!asoc->ssnmap)
2323 goto clean_up;
2324
2325 error = sctp_assoc_set_id(asoc, gfp);
2326 if (error)
2327 goto clean_up;
2328 }
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2341 return 1;
2342
2343clean_up:
2344
2345 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2346 transport = list_entry(pos, struct sctp_transport, transports);
2347 if (transport->state != SCTP_ACTIVE)
2348 sctp_assoc_rm_peer(asoc, transport);
2349 }
2350
2351nomem:
2352 return 0;
2353}
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367static int sctp_process_param(struct sctp_association *asoc,
2368 union sctp_params param,
2369 const union sctp_addr *peer_addr,
2370 gfp_t gfp)
2371{
2372 union sctp_addr addr;
2373 int i;
2374 __u16 sat;
2375 int retval = 1;
2376 sctp_scope_t scope;
2377 time_t stale;
2378 struct sctp_af *af;
2379 union sctp_addr_param *addr_param;
2380 struct sctp_transport *t;
2381
2382
2383
2384
2385
2386 switch (param.p->type) {
2387 case SCTP_PARAM_IPV6_ADDRESS:
2388 if (PF_INET6 != asoc->base.sk->sk_family)
2389 break;
2390 goto do_addr_param;
2391
2392 case SCTP_PARAM_IPV4_ADDRESS:
2393
2394 if (ipv6_only_sock(asoc->base.sk))
2395 break;
2396do_addr_param:
2397 af = sctp_get_af_specific(param_type2af(param.p->type));
2398 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2399 scope = sctp_scope(peer_addr);
2400 if (sctp_in_scope(&addr, scope))
2401 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2402 return 0;
2403 break;
2404
2405 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2406 if (!sctp_cookie_preserve_enable)
2407 break;
2408
2409 stale = ntohl(param.life->lifespan_increment);
2410
2411
2412
2413
2414 asoc->cookie_life.tv_sec += stale / 1000;
2415 asoc->cookie_life.tv_usec += (stale % 1000) * 1000;
2416 break;
2417
2418 case SCTP_PARAM_HOST_NAME_ADDRESS:
2419 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n");
2420 break;
2421
2422 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2423
2424
2425
2426 asoc->peer.ipv4_address = 0;
2427 asoc->peer.ipv6_address = 0;
2428
2429
2430
2431
2432 if (peer_addr->sa.sa_family == AF_INET6)
2433 asoc->peer.ipv6_address = 1;
2434 else if (peer_addr->sa.sa_family == AF_INET)
2435 asoc->peer.ipv4_address = 1;
2436
2437
2438 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2439 if (sat)
2440 sat /= sizeof(__u16);
2441
2442 for (i = 0; i < sat; ++i) {
2443 switch (param.sat->types[i]) {
2444 case SCTP_PARAM_IPV4_ADDRESS:
2445 asoc->peer.ipv4_address = 1;
2446 break;
2447
2448 case SCTP_PARAM_IPV6_ADDRESS:
2449 if (PF_INET6 == asoc->base.sk->sk_family)
2450 asoc->peer.ipv6_address = 1;
2451 break;
2452
2453 case SCTP_PARAM_HOST_NAME_ADDRESS:
2454 asoc->peer.hostname_address = 1;
2455 break;
2456
2457 default:
2458 break;
2459 }
2460 }
2461 break;
2462
2463 case SCTP_PARAM_STATE_COOKIE:
2464 asoc->peer.cookie_len =
2465 ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2466 asoc->peer.cookie = param.cookie->body;
2467 break;
2468
2469 case SCTP_PARAM_HEARTBEAT_INFO:
2470
2471 break;
2472
2473 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2474
2475 break;
2476
2477 case SCTP_PARAM_ECN_CAPABLE:
2478 asoc->peer.ecn_capable = 1;
2479 break;
2480
2481 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2482 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2483 break;
2484
2485 case SCTP_PARAM_SET_PRIMARY:
2486 if (!sctp_addip_enable)
2487 goto fall_through;
2488
2489 addr_param = param.v + sizeof(sctp_addip_param_t);
2490
2491 af = sctp_get_af_specific(param_type2af(param.p->type));
2492 af->from_addr_param(&addr, addr_param,
2493 htons(asoc->peer.port), 0);
2494
2495
2496
2497
2498 if (!af->addr_valid(&addr, NULL, NULL))
2499 break;
2500
2501 t = sctp_assoc_lookup_paddr(asoc, &addr);
2502 if (!t)
2503 break;
2504
2505 sctp_assoc_set_primary(asoc, t);
2506 break;
2507
2508 case SCTP_PARAM_SUPPORTED_EXT:
2509 sctp_process_ext_param(asoc, param);
2510 break;
2511
2512 case SCTP_PARAM_FWD_TSN_SUPPORT:
2513 if (sctp_prsctp_enable) {
2514 asoc->peer.prsctp_capable = 1;
2515 break;
2516 }
2517
2518 goto fall_through;
2519
2520 case SCTP_PARAM_RANDOM:
2521 if (!sctp_auth_enable)
2522 goto fall_through;
2523
2524
2525 asoc->peer.peer_random = kmemdup(param.p,
2526 ntohs(param.p->length), gfp);
2527 if (!asoc->peer.peer_random) {
2528 retval = 0;
2529 break;
2530 }
2531 break;
2532
2533 case SCTP_PARAM_HMAC_ALGO:
2534 if (!sctp_auth_enable)
2535 goto fall_through;
2536
2537
2538 asoc->peer.peer_hmacs = kmemdup(param.p,
2539 ntohs(param.p->length), gfp);
2540 if (!asoc->peer.peer_hmacs) {
2541 retval = 0;
2542 break;
2543 }
2544
2545
2546 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2547 break;
2548
2549 case SCTP_PARAM_CHUNKS:
2550 if (!sctp_auth_enable)
2551 goto fall_through;
2552
2553 asoc->peer.peer_chunks = kmemdup(param.p,
2554 ntohs(param.p->length), gfp);
2555 if (!asoc->peer.peer_chunks)
2556 retval = 0;
2557 break;
2558fall_through:
2559 default:
2560
2561
2562
2563
2564
2565 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n",
2566 ntohs(param.p->type), asoc);
2567 break;
2568 }
2569
2570 return retval;
2571}
2572
2573
2574__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2575{
2576
2577
2578
2579 __u32 x;
2580
2581 do {
2582 get_random_bytes(&x, sizeof(__u32));
2583 } while (x == 0);
2584
2585 return x;
2586}
2587
2588
2589__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2590{
2591 __u32 retval;
2592
2593 get_random_bytes(&retval, sizeof(__u32));
2594 return retval;
2595}
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2620 union sctp_addr *addr,
2621 int vparam_len)
2622{
2623 sctp_addiphdr_t asconf;
2624 struct sctp_chunk *retval;
2625 int length = sizeof(asconf) + vparam_len;
2626 union sctp_addr_param addrparam;
2627 int addrlen;
2628 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2629
2630 addrlen = af->to_addr_param(addr, &addrparam);
2631 if (!addrlen)
2632 return NULL;
2633 length += addrlen;
2634
2635
2636 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length);
2637 if (!retval)
2638 return NULL;
2639
2640 asconf.serial = htonl(asoc->addip_serial++);
2641
2642 retval->subh.addip_hdr =
2643 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2644 retval->param_hdr.v =
2645 sctp_addto_chunk(retval, addrlen, &addrparam);
2646
2647 return retval;
2648}
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2675 union sctp_addr *laddr,
2676 struct sockaddr *addrs,
2677 int addrcnt,
2678 __be16 flags)
2679{
2680 sctp_addip_param_t param;
2681 struct sctp_chunk *retval;
2682 union sctp_addr_param addr_param;
2683 union sctp_addr *addr;
2684 void *addr_buf;
2685 struct sctp_af *af;
2686 int paramlen = sizeof(param);
2687 int addr_param_len = 0;
2688 int totallen = 0;
2689 int i;
2690
2691
2692 addr_buf = addrs;
2693 for (i = 0; i < addrcnt; i++) {
2694 addr = (union sctp_addr *)addr_buf;
2695 af = sctp_get_af_specific(addr->v4.sin_family);
2696 addr_param_len = af->to_addr_param(addr, &addr_param);
2697
2698 totallen += paramlen;
2699 totallen += addr_param_len;
2700
2701 addr_buf += af->sockaddr_len;
2702 }
2703
2704
2705 retval = sctp_make_asconf(asoc, laddr, totallen);
2706 if (!retval)
2707 return NULL;
2708
2709
2710 addr_buf = addrs;
2711 for (i = 0; i < addrcnt; i++) {
2712 addr = (union sctp_addr *)addr_buf;
2713 af = sctp_get_af_specific(addr->v4.sin_family);
2714 addr_param_len = af->to_addr_param(addr, &addr_param);
2715 param.param_hdr.type = flags;
2716 param.param_hdr.length = htons(paramlen + addr_param_len);
2717 param.crr_id = i;
2718
2719 sctp_addto_chunk(retval, paramlen, ¶m);
2720 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2721
2722 addr_buf += af->sockaddr_len;
2723 }
2724 return retval;
2725}
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2742 union sctp_addr *addr)
2743{
2744 sctp_addip_param_t param;
2745 struct sctp_chunk *retval;
2746 int len = sizeof(param);
2747 union sctp_addr_param addrparam;
2748 int addrlen;
2749 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2750
2751 addrlen = af->to_addr_param(addr, &addrparam);
2752 if (!addrlen)
2753 return NULL;
2754 len += addrlen;
2755
2756
2757 retval = sctp_make_asconf(asoc, addr, len);
2758 if (!retval)
2759 return NULL;
2760
2761 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2762 param.param_hdr.length = htons(len);
2763 param.crr_id = 0;
2764
2765 sctp_addto_chunk(retval, sizeof(param), ¶m);
2766 sctp_addto_chunk(retval, addrlen, &addrparam);
2767
2768 return retval;
2769}
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2791 __u32 serial, int vparam_len)
2792{
2793 sctp_addiphdr_t asconf;
2794 struct sctp_chunk *retval;
2795 int length = sizeof(asconf) + vparam_len;
2796
2797
2798 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length);
2799 if (!retval)
2800 return NULL;
2801
2802 asconf.serial = htonl(serial);
2803
2804 retval->subh.addip_hdr =
2805 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2806
2807 return retval;
2808}
2809
2810
2811static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2812 __be16 err_code, sctp_addip_param_t *asconf_param)
2813{
2814 sctp_addip_param_t ack_param;
2815 sctp_errhdr_t err_param;
2816 int asconf_param_len = 0;
2817 int err_param_len = 0;
2818 __be16 response_type;
2819
2820 if (SCTP_ERROR_NO_ERROR == err_code) {
2821 response_type = SCTP_PARAM_SUCCESS_REPORT;
2822 } else {
2823 response_type = SCTP_PARAM_ERR_CAUSE;
2824 err_param_len = sizeof(err_param);
2825 if (asconf_param)
2826 asconf_param_len =
2827 ntohs(asconf_param->param_hdr.length);
2828 }
2829
2830
2831 ack_param.param_hdr.type = response_type;
2832 ack_param.param_hdr.length = htons(sizeof(ack_param) +
2833 err_param_len +
2834 asconf_param_len);
2835 ack_param.crr_id = crr_id;
2836 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2837
2838 if (SCTP_ERROR_NO_ERROR == err_code)
2839 return;
2840
2841
2842 err_param.cause = err_code;
2843 err_param.length = htons(err_param_len + asconf_param_len);
2844 sctp_addto_chunk(chunk, err_param_len, &err_param);
2845
2846
2847 if (asconf_param)
2848 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
2849}
2850
2851
2852static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
2853 struct sctp_chunk *asconf,
2854 sctp_addip_param_t *asconf_param)
2855{
2856 struct sctp_transport *peer;
2857 struct sctp_af *af;
2858 union sctp_addr addr;
2859 union sctp_addr_param *addr_param;
2860
2861 addr_param = (union sctp_addr_param *)
2862 ((void *)asconf_param + sizeof(sctp_addip_param_t));
2863
2864 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
2865 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
2866 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
2867 return SCTP_ERROR_UNKNOWN_PARAM;
2868
2869 switch (addr_param->v4.param_hdr.type) {
2870 case SCTP_PARAM_IPV6_ADDRESS:
2871 if (!asoc->peer.ipv6_address)
2872 return SCTP_ERROR_DNS_FAILED;
2873 break;
2874 case SCTP_PARAM_IPV4_ADDRESS:
2875 if (!asoc->peer.ipv4_address)
2876 return SCTP_ERROR_DNS_FAILED;
2877 break;
2878 default:
2879 return SCTP_ERROR_DNS_FAILED;
2880 }
2881
2882 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
2883 if (unlikely(!af))
2884 return SCTP_ERROR_DNS_FAILED;
2885
2886 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
2887
2888
2889
2890
2891
2892
2893 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
2894 return SCTP_ERROR_DNS_FAILED;
2895
2896 switch (asconf_param->param_hdr.type) {
2897 case SCTP_PARAM_ADD_IP:
2898
2899
2900
2901
2902 if (af->is_any(&addr))
2903 memcpy(&addr, &asconf->source, sizeof(addr));
2904
2905
2906
2907
2908
2909
2910
2911
2912 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
2913 if (!peer)
2914 return SCTP_ERROR_RSRC_LOW;
2915
2916
2917 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
2918 sctp_transport_hold(peer);
2919 break;
2920 case SCTP_PARAM_DEL_IP:
2921
2922
2923
2924
2925
2926 if (asoc->peer.transport_count == 1)
2927 return SCTP_ERROR_DEL_LAST_IP;
2928
2929
2930
2931
2932
2933
2934
2935
2936 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr))
2937 return SCTP_ERROR_DEL_SRC_IP;
2938
2939
2940
2941
2942
2943
2944 if (af->is_any(&addr)) {
2945 sctp_assoc_set_primary(asoc, asconf->transport);
2946 sctp_assoc_del_nonprimary_peers(asoc,
2947 asconf->transport);
2948 } else
2949 sctp_assoc_del_peer(asoc, &addr);
2950 break;
2951 case SCTP_PARAM_SET_PRIMARY:
2952
2953
2954
2955
2956
2957 if (af->is_any(&addr))
2958 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
2959
2960 peer = sctp_assoc_lookup_paddr(asoc, &addr);
2961 if (!peer)
2962 return SCTP_ERROR_DNS_FAILED;
2963
2964 sctp_assoc_set_primary(asoc, peer);
2965 break;
2966 }
2967
2968 return SCTP_ERROR_NO_ERROR;
2969}
2970
2971
2972int sctp_verify_asconf(const struct sctp_association *asoc,
2973 struct sctp_paramhdr *param_hdr, void *chunk_end,
2974 struct sctp_paramhdr **errp) {
2975 sctp_addip_param_t *asconf_param;
2976 union sctp_params param;
2977 int length, plen;
2978
2979 param.v = (sctp_paramhdr_t *) param_hdr;
2980 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
2981 length = ntohs(param.p->length);
2982 *errp = param.p;
2983
2984 if (param.v > chunk_end - length ||
2985 length < sizeof(sctp_paramhdr_t))
2986 return 0;
2987
2988 switch (param.p->type) {
2989 case SCTP_PARAM_ADD_IP:
2990 case SCTP_PARAM_DEL_IP:
2991 case SCTP_PARAM_SET_PRIMARY:
2992 asconf_param = (sctp_addip_param_t *)param.v;
2993 plen = ntohs(asconf_param->param_hdr.length);
2994 if (plen < sizeof(sctp_addip_param_t) +
2995 sizeof(sctp_paramhdr_t))
2996 return 0;
2997 break;
2998 case SCTP_PARAM_SUCCESS_REPORT:
2999 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3000 if (length != sizeof(sctp_addip_param_t))
3001 return 0;
3002
3003 break;
3004 default:
3005 break;
3006 }
3007
3008 param.v += WORD_ROUND(length);
3009 }
3010
3011 if (param.v != chunk_end)
3012 return 0;
3013
3014 return 1;
3015}
3016
3017
3018
3019
3020struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3021 struct sctp_chunk *asconf)
3022{
3023 sctp_addiphdr_t *hdr;
3024 union sctp_addr_param *addr_param;
3025 sctp_addip_param_t *asconf_param;
3026 struct sctp_chunk *asconf_ack;
3027
3028 __be16 err_code;
3029 int length = 0;
3030 int chunk_len;
3031 __u32 serial;
3032 int all_param_pass = 1;
3033
3034 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
3035 hdr = (sctp_addiphdr_t *)asconf->skb->data;
3036 serial = ntohl(hdr->serial);
3037
3038
3039 length = sizeof(sctp_addiphdr_t);
3040 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3041 chunk_len -= length;
3042
3043
3044
3045
3046 length = ntohs(addr_param->v4.param_hdr.length);
3047 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
3048 chunk_len -= length;
3049
3050
3051
3052
3053
3054
3055 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2);
3056 if (!asconf_ack)
3057 goto done;
3058
3059
3060 while (chunk_len > 0) {
3061 err_code = sctp_process_asconf_param(asoc, asconf,
3062 asconf_param);
3063
3064
3065
3066
3067
3068
3069
3070 if (SCTP_ERROR_NO_ERROR != err_code)
3071 all_param_pass = 0;
3072
3073 if (!all_param_pass)
3074 sctp_add_asconf_response(asconf_ack,
3075 asconf_param->crr_id, err_code,
3076 asconf_param);
3077
3078
3079
3080
3081
3082
3083 if (SCTP_ERROR_RSRC_LOW == err_code)
3084 goto done;
3085
3086
3087 length = ntohs(asconf_param->param_hdr.length);
3088 asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
3089 length);
3090 chunk_len -= length;
3091 }
3092
3093done:
3094 asoc->peer.addip_serial++;
3095
3096
3097
3098
3099 if (asconf_ack) {
3100 sctp_chunk_hold(asconf_ack);
3101 list_add_tail(&asconf_ack->transmitted_list,
3102 &asoc->asconf_ack_list);
3103 }
3104
3105 return asconf_ack;
3106}
3107
3108
3109static void sctp_asconf_param_success(struct sctp_association *asoc,
3110 sctp_addip_param_t *asconf_param)
3111{
3112 struct sctp_af *af;
3113 union sctp_addr addr;
3114 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3115 union sctp_addr_param *addr_param;
3116 struct sctp_transport *transport;
3117 struct sctp_sockaddr_entry *saddr;
3118
3119 addr_param = (union sctp_addr_param *)
3120 ((void *)asconf_param + sizeof(sctp_addip_param_t));
3121
3122
3123 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
3124 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3125
3126 switch (asconf_param->param_hdr.type) {
3127 case SCTP_PARAM_ADD_IP:
3128
3129
3130
3131 local_bh_disable();
3132 list_for_each_entry(saddr, &bp->address_list, list) {
3133 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3134 saddr->state = SCTP_ADDR_SRC;
3135 }
3136 local_bh_enable();
3137 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3138 transports) {
3139 if (transport->state == SCTP_ACTIVE)
3140 continue;
3141 dst_release(transport->dst);
3142 sctp_transport_route(transport, NULL,
3143 sctp_sk(asoc->base.sk));
3144 }
3145 break;
3146 case SCTP_PARAM_DEL_IP:
3147 local_bh_disable();
3148 sctp_del_bind_addr(bp, &addr);
3149 local_bh_enable();
3150 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3151 transports) {
3152 dst_release(transport->dst);
3153 sctp_transport_route(transport, NULL,
3154 sctp_sk(asoc->base.sk));
3155 }
3156 break;
3157 default:
3158 break;
3159 }
3160}
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3172 sctp_addip_param_t *asconf_param,
3173 int no_err)
3174{
3175 sctp_addip_param_t *asconf_ack_param;
3176 sctp_errhdr_t *err_param;
3177 int length;
3178 int asconf_ack_len;
3179 __be16 err_code;
3180
3181 if (no_err)
3182 err_code = SCTP_ERROR_NO_ERROR;
3183 else
3184 err_code = SCTP_ERROR_REQ_REFUSED;
3185
3186 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3187 sizeof(sctp_chunkhdr_t);
3188
3189
3190
3191
3192 length = sizeof(sctp_addiphdr_t);
3193 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
3194 length);
3195 asconf_ack_len -= length;
3196
3197 while (asconf_ack_len > 0) {
3198 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3199 switch(asconf_ack_param->param_hdr.type) {
3200 case SCTP_PARAM_SUCCESS_REPORT:
3201 return SCTP_ERROR_NO_ERROR;
3202 case SCTP_PARAM_ERR_CAUSE:
3203 length = sizeof(sctp_addip_param_t);
3204 err_param = (sctp_errhdr_t *)
3205 ((void *)asconf_ack_param + length);
3206 asconf_ack_len -= length;
3207 if (asconf_ack_len > 0)
3208 return err_param->cause;
3209 else
3210 return SCTP_ERROR_INV_PARAM;
3211 break;
3212 default:
3213 return SCTP_ERROR_INV_PARAM;
3214 }
3215 }
3216
3217 length = ntohs(asconf_ack_param->param_hdr.length);
3218 asconf_ack_param = (sctp_addip_param_t *)
3219 ((void *)asconf_ack_param + length);
3220 asconf_ack_len -= length;
3221 }
3222
3223 return err_code;
3224}
3225
3226
3227int sctp_process_asconf_ack(struct sctp_association *asoc,
3228 struct sctp_chunk *asconf_ack)
3229{
3230 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3231 union sctp_addr_param *addr_param;
3232 sctp_addip_param_t *asconf_param;
3233 int length = 0;
3234 int asconf_len = asconf->skb->len;
3235 int all_param_pass = 0;
3236 int no_err = 1;
3237 int retval = 0;
3238 __be16 err_code = SCTP_ERROR_NO_ERROR;
3239
3240
3241
3242
3243 length = sizeof(sctp_addip_chunk_t);
3244 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3245 asconf_len -= length;
3246
3247
3248
3249
3250 length = ntohs(addr_param->v4.param_hdr.length);
3251 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
3252 asconf_len -= length;
3253
3254
3255
3256
3257
3258
3259 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
3260 all_param_pass = 1;
3261
3262
3263 while (asconf_len > 0) {
3264 if (all_param_pass)
3265 err_code = SCTP_ERROR_NO_ERROR;
3266 else {
3267 err_code = sctp_get_asconf_response(asconf_ack,
3268 asconf_param,
3269 no_err);
3270 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3271 no_err = 0;
3272 }
3273
3274 switch (err_code) {
3275 case SCTP_ERROR_NO_ERROR:
3276 sctp_asconf_param_success(asoc, asconf_param);
3277 break;
3278
3279 case SCTP_ERROR_RSRC_LOW:
3280 retval = 1;
3281 break;
3282
3283 case SCTP_ERROR_UNKNOWN_PARAM:
3284
3285
3286
3287 asoc->peer.addip_disabled_mask |=
3288 asconf_param->param_hdr.type;
3289 break;
3290
3291 case SCTP_ERROR_REQ_REFUSED:
3292 case SCTP_ERROR_DEL_LAST_IP:
3293 case SCTP_ERROR_DEL_SRC_IP:
3294 default:
3295 break;
3296 }
3297
3298
3299
3300
3301 length = ntohs(asconf_param->param_hdr.length);
3302 asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
3303 length);
3304 asconf_len -= length;
3305 }
3306
3307
3308 list_del_init(&asconf->transmitted_list);
3309 sctp_chunk_free(asconf);
3310 asoc->addip_last_asconf = NULL;
3311
3312
3313 if (!list_empty(&asoc->addip_chunk_list)) {
3314 struct list_head *entry = asoc->addip_chunk_list.next;
3315 asconf = list_entry(entry, struct sctp_chunk, list);
3316
3317 list_del_init(entry);
3318
3319
3320 sctp_chunk_hold(asconf);
3321 if (sctp_primitive_ASCONF(asoc, asconf))
3322 sctp_chunk_free(asconf);
3323 else
3324 asoc->addip_last_asconf = asconf;
3325 }
3326
3327 return retval;
3328}
3329
3330
3331struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3332 __u32 new_cum_tsn, size_t nstreams,
3333 struct sctp_fwdtsn_skip *skiplist)
3334{
3335 struct sctp_chunk *retval = NULL;
3336 struct sctp_fwdtsn_chunk *ftsn_chunk;
3337 struct sctp_fwdtsn_hdr ftsn_hdr;
3338 struct sctp_fwdtsn_skip skip;
3339 size_t hint;
3340 int i;
3341
3342 hint = (nstreams + 1) * sizeof(__u32);
3343
3344 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint);
3345
3346 if (!retval)
3347 return NULL;
3348
3349 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr;
3350
3351 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3352 retval->subh.fwdtsn_hdr =
3353 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3354
3355 for (i = 0; i < nstreams; i++) {
3356 skip.stream = skiplist[i].stream;
3357 skip.ssn = skiplist[i].ssn;
3358 sctp_addto_chunk(retval, sizeof(skip), &skip);
3359 }
3360
3361 return retval;
3362}
3363