1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
54
55#include <linux/types.h>
56#include <linux/kernel.h>
57#include <linux/ip.h>
58#include <linux/ipv6.h>
59#include <linux/net.h>
60#include <linux/inet.h>
61#include <linux/scatterlist.h>
62#include <linux/crypto.h>
63#include <linux/slab.h>
64#include <net/sock.h>
65
66#include <linux/skbuff.h>
67#include <linux/random.h>
68#include <net/sctp/sctp.h>
69#include <net/sctp/sm.h>
70
71SCTP_STATIC
72struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
73 __u8 type, __u8 flags, int paylen);
74static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
75 const struct sctp_association *asoc,
76 const struct sctp_chunk *init_chunk,
77 int *cookie_len,
78 const __u8 *raw_addrs, int addrs_len);
79static int sctp_process_param(struct sctp_association *asoc,
80 union sctp_params param,
81 const union sctp_addr *peer_addr,
82 gfp_t gfp);
83static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
84 const void *data);
85
86
87int sctp_chunk_iif(const struct sctp_chunk *chunk)
88{
89 struct sctp_af *af;
90 int iif = 0;
91
92 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version));
93 if (af)
94 iif = af->skb_iif(chunk->skb);
95
96 return iif;
97}
98
99
100
101
102
103
104static const struct sctp_paramhdr ecap_param = {
105 SCTP_PARAM_ECN_CAPABLE,
106 cpu_to_be16(sizeof(struct sctp_paramhdr)),
107};
108static const struct sctp_paramhdr prsctp_param = {
109 SCTP_PARAM_FWD_TSN_SUPPORT,
110 cpu_to_be16(sizeof(struct sctp_paramhdr)),
111};
112
113
114
115
116
117void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
118 size_t paylen)
119{
120 sctp_errhdr_t err;
121 __u16 len;
122
123
124 err.cause = cause_code;
125 len = sizeof(sctp_errhdr_t) + paylen;
126 err.length = htons(len);
127 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
128}
129
130
131
132
133
134
135int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
136 size_t paylen)
137{
138 sctp_errhdr_t err;
139 __u16 len;
140
141
142 err.cause = cause_code;
143 len = sizeof(sctp_errhdr_t) + paylen;
144 err.length = htons(len);
145
146 if (skb_tailroom(chunk->skb) < len)
147 return -ENOSPC;
148 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk,
149 sizeof(sctp_errhdr_t),
150 &err);
151 return 0;
152}
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
198 const struct sctp_bind_addr *bp,
199 gfp_t gfp, int vparam_len)
200{
201 sctp_inithdr_t init;
202 union sctp_params addrs;
203 size_t chunksize;
204 struct sctp_chunk *retval = NULL;
205 int num_types, addrs_len = 0;
206 struct sctp_sock *sp;
207 sctp_supported_addrs_param_t sat;
208 __be16 types[2];
209 sctp_adaptation_ind_param_t aiparam;
210 sctp_supported_ext_param_t ext_param;
211 int num_ext = 0;
212 __u8 extensions[3];
213 sctp_paramhdr_t *auth_chunks = NULL,
214 *auth_hmacs = NULL;
215
216
217
218
219
220
221 retval = NULL;
222
223
224 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
225
226 init.init_tag = htonl(asoc->c.my_vtag);
227 init.a_rwnd = htonl(asoc->rwnd);
228 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
229 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
230 init.initial_tsn = htonl(asoc->c.initial_tsn);
231
232
233 sp = sctp_sk(asoc->base.sk);
234 num_types = sp->pf->supported_addrs(sp, types);
235
236 chunksize = sizeof(init) + addrs_len;
237 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types));
238 chunksize += sizeof(ecap_param);
239
240 if (sctp_prsctp_enable)
241 chunksize += sizeof(prsctp_param);
242
243
244
245
246
247
248 if (sctp_addip_enable) {
249 extensions[num_ext] = SCTP_CID_ASCONF;
250 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
251 num_ext += 2;
252 }
253
254 if (sp->adaptation_ind)
255 chunksize += sizeof(aiparam);
256
257 chunksize += vparam_len;
258
259
260 if (sctp_auth_enable) {
261
262 chunksize += sizeof(asoc->c.auth_random);
263
264
265 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
266 if (auth_hmacs->length)
267 chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
268 else
269 auth_hmacs = NULL;
270
271
272 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
273 if (auth_chunks->length)
274 chunksize += WORD_ROUND(ntohs(auth_chunks->length));
275 else
276 auth_chunks = NULL;
277
278 extensions[num_ext] = SCTP_CID_AUTH;
279 num_ext += 1;
280 }
281
282
283 if (num_ext)
284 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
285 num_ext);
286
287
288
289
290
291
292
293
294
295
296
297
298
299 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize);
300 if (!retval)
301 goto nodata;
302
303 retval->subh.init_hdr =
304 sctp_addto_chunk(retval, sizeof(init), &init);
305 retval->param_hdr.v =
306 sctp_addto_chunk(retval, addrs_len, addrs.v);
307
308
309
310
311
312
313
314
315 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
316 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
317 sctp_addto_chunk(retval, sizeof(sat), &sat);
318 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
319
320 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
321
322
323
324
325 if (num_ext) {
326 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
327 ext_param.param_hdr.length =
328 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
329 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
330 &ext_param);
331 sctp_addto_param(retval, num_ext, extensions);
332 }
333
334 if (sctp_prsctp_enable)
335 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
336
337 if (sp->adaptation_ind) {
338 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
339 aiparam.param_hdr.length = htons(sizeof(aiparam));
340 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
341 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
342 }
343
344
345 if (sctp_auth_enable) {
346 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
347 asoc->c.auth_random);
348 if (auth_hmacs)
349 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
350 auth_hmacs);
351 if (auth_chunks)
352 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
353 auth_chunks);
354 }
355nodata:
356 kfree(addrs.v);
357 return retval;
358}
359
360struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
361 const struct sctp_chunk *chunk,
362 gfp_t gfp, int unkparam_len)
363{
364 sctp_inithdr_t initack;
365 struct sctp_chunk *retval;
366 union sctp_params addrs;
367 struct sctp_sock *sp;
368 int addrs_len;
369 sctp_cookie_param_t *cookie;
370 int cookie_len;
371 size_t chunksize;
372 sctp_adaptation_ind_param_t aiparam;
373 sctp_supported_ext_param_t ext_param;
374 int num_ext = 0;
375 __u8 extensions[3];
376 sctp_paramhdr_t *auth_chunks = NULL,
377 *auth_hmacs = NULL,
378 *auth_random = NULL;
379
380 retval = NULL;
381
382
383 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
384
385 initack.init_tag = htonl(asoc->c.my_vtag);
386 initack.a_rwnd = htonl(asoc->rwnd);
387 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
388 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
389 initack.initial_tsn = htonl(asoc->c.initial_tsn);
390
391
392
393
394 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
395 addrs.v, addrs_len);
396 if (!cookie)
397 goto nomem_cookie;
398
399
400
401
402 sp = sctp_sk(asoc->base.sk);
403 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
404
405
406 if (asoc->peer.ecn_capable)
407 chunksize += sizeof(ecap_param);
408
409 if (asoc->peer.prsctp_capable)
410 chunksize += sizeof(prsctp_param);
411
412 if (asoc->peer.asconf_capable) {
413 extensions[num_ext] = SCTP_CID_ASCONF;
414 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
415 num_ext += 2;
416 }
417
418 if (sp->adaptation_ind)
419 chunksize += sizeof(aiparam);
420
421 if (asoc->peer.auth_capable) {
422 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random;
423 chunksize += ntohs(auth_random->length);
424
425 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
426 if (auth_hmacs->length)
427 chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
428 else
429 auth_hmacs = NULL;
430
431 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
432 if (auth_chunks->length)
433 chunksize += WORD_ROUND(ntohs(auth_chunks->length));
434 else
435 auth_chunks = NULL;
436
437 extensions[num_ext] = SCTP_CID_AUTH;
438 num_ext += 1;
439 }
440
441 if (num_ext)
442 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
443 num_ext);
444
445
446 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
447 if (!retval)
448 goto nomem_chunk;
449
450
451
452
453
454
455
456
457
458
459 retval->transport = chunk->transport;
460
461 retval->subh.init_hdr =
462 sctp_addto_chunk(retval, sizeof(initack), &initack);
463 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
464 sctp_addto_chunk(retval, cookie_len, cookie);
465 if (asoc->peer.ecn_capable)
466 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
467 if (num_ext) {
468 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
469 ext_param.param_hdr.length =
470 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
471 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
472 &ext_param);
473 sctp_addto_param(retval, num_ext, extensions);
474 }
475 if (asoc->peer.prsctp_capable)
476 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
477
478 if (sp->adaptation_ind) {
479 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
480 aiparam.param_hdr.length = htons(sizeof(aiparam));
481 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
482 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
483 }
484
485 if (asoc->peer.auth_capable) {
486 sctp_addto_chunk(retval, ntohs(auth_random->length),
487 auth_random);
488 if (auth_hmacs)
489 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
490 auth_hmacs);
491 if (auth_chunks)
492 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
493 auth_chunks);
494 }
495
496
497 retval->asoc = (struct sctp_association *) asoc;
498
499nomem_chunk:
500 kfree(cookie);
501nomem_cookie:
502 kfree(addrs.v);
503 return retval;
504}
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
541 const struct sctp_chunk *chunk)
542{
543 struct sctp_chunk *retval;
544 void *cookie;
545 int cookie_len;
546
547 cookie = asoc->peer.cookie;
548 cookie_len = asoc->peer.cookie_len;
549
550
551 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len);
552 if (!retval)
553 goto nodata;
554 retval->subh.cookie_hdr =
555 sctp_addto_chunk(retval, cookie_len, cookie);
556
557
558
559
560
561
562
563
564
565
566 if (chunk)
567 retval->transport = chunk->transport;
568
569nodata:
570 return retval;
571}
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
592 const struct sctp_chunk *chunk)
593{
594 struct sctp_chunk *retval;
595
596 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0);
597
598
599
600
601
602
603
604
605
606
607 if (retval && chunk)
608 retval->transport = chunk->transport;
609
610 return retval;
611}
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
637 const __u32 lowest_tsn,
638 const struct sctp_chunk *chunk)
639{
640 struct sctp_chunk *retval;
641 sctp_cwrhdr_t cwr;
642
643 cwr.lowest_tsn = htonl(lowest_tsn);
644 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0,
645 sizeof(sctp_cwrhdr_t));
646
647 if (!retval)
648 goto nodata;
649
650 retval->subh.ecn_cwr_hdr =
651 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
652
653
654
655
656
657
658
659
660
661
662
663 if (chunk)
664 retval->transport = chunk->transport;
665
666nodata:
667 return retval;
668}
669
670
671struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
672 const __u32 lowest_tsn)
673{
674 struct sctp_chunk *retval;
675 sctp_ecnehdr_t ecne;
676
677 ecne.lowest_tsn = htonl(lowest_tsn);
678 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0,
679 sizeof(sctp_ecnehdr_t));
680 if (!retval)
681 goto nodata;
682 retval->subh.ecne_hdr =
683 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
684
685nodata:
686 return retval;
687}
688
689
690
691
692struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc,
693 const struct sctp_sndrcvinfo *sinfo,
694 int data_len, __u8 flags, __u16 ssn)
695{
696 struct sctp_chunk *retval;
697 struct sctp_datahdr dp;
698 int chunk_len;
699
700
701
702
703 dp.tsn = 0;
704 dp.stream = htons(sinfo->sinfo_stream);
705 dp.ppid = sinfo->sinfo_ppid;
706
707
708 if (sinfo->sinfo_flags & SCTP_UNORDERED) {
709 flags |= SCTP_DATA_UNORDERED;
710 dp.ssn = 0;
711 } else
712 dp.ssn = htons(ssn);
713
714 chunk_len = sizeof(dp) + data_len;
715 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len);
716 if (!retval)
717 goto nodata;
718
719 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
720 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
721
722nodata:
723 return retval;
724}
725
726
727
728
729
730struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
731{
732 struct sctp_chunk *retval;
733 struct sctp_sackhdr sack;
734 int len;
735 __u32 ctsn;
736 __u16 num_gabs, num_dup_tsns;
737 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
738 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
739
740 memset(gabs, 0, sizeof(gabs));
741 ctsn = sctp_tsnmap_get_ctsn(map);
742 SCTP_DEBUG_PRINTK("sackCTSNAck sent: 0x%x.\n", ctsn);
743
744
745 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
746 num_dup_tsns = sctp_tsnmap_num_dups(map);
747
748
749 sack.cum_tsn_ack = htonl(ctsn);
750 sack.a_rwnd = htonl(asoc->a_rwnd);
751 sack.num_gap_ack_blocks = htons(num_gabs);
752 sack.num_dup_tsns = htons(num_dup_tsns);
753
754 len = sizeof(sack)
755 + sizeof(struct sctp_gap_ack_block) * num_gabs
756 + sizeof(__u32) * num_dup_tsns;
757
758
759 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len);
760 if (!retval)
761 goto nodata;
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793 retval->transport = asoc->peer.last_data_from;
794
795 retval->subh.sack_hdr =
796 sctp_addto_chunk(retval, sizeof(sack), &sack);
797
798
799 if (num_gabs)
800 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
801 gabs);
802
803
804 if (num_dup_tsns)
805 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
806 sctp_tsnmap_get_dups(map));
807
808nodata:
809 return retval;
810}
811
812
813struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
814 const struct sctp_chunk *chunk)
815{
816 struct sctp_chunk *retval;
817 sctp_shutdownhdr_t shut;
818 __u32 ctsn;
819
820 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
821 shut.cum_tsn_ack = htonl(ctsn);
822
823 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0,
824 sizeof(sctp_shutdownhdr_t));
825 if (!retval)
826 goto nodata;
827
828 retval->subh.shutdown_hdr =
829 sctp_addto_chunk(retval, sizeof(shut), &shut);
830
831 if (chunk)
832 retval->transport = chunk->transport;
833nodata:
834 return retval;
835}
836
837struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
838 const struct sctp_chunk *chunk)
839{
840 struct sctp_chunk *retval;
841
842 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0);
843
844
845
846
847
848
849
850
851
852
853 if (retval && chunk)
854 retval->transport = chunk->transport;
855
856 return retval;
857}
858
859struct sctp_chunk *sctp_make_shutdown_complete(
860 const struct sctp_association *asoc,
861 const struct sctp_chunk *chunk)
862{
863 struct sctp_chunk *retval;
864 __u8 flags = 0;
865
866
867
868
869 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
870
871 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0);
872
873
874
875
876
877
878
879
880
881
882
883 if (retval && chunk)
884 retval->transport = chunk->transport;
885
886 return retval;
887}
888
889
890
891
892struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
893 const struct sctp_chunk *chunk,
894 const size_t hint)
895{
896 struct sctp_chunk *retval;
897 __u8 flags = 0;
898
899
900
901
902 if (!asoc) {
903 if (chunk && chunk->chunk_hdr &&
904 chunk->chunk_hdr->type == SCTP_CID_INIT)
905 flags = 0;
906 else
907 flags = SCTP_CHUNK_FLAG_T;
908 }
909
910 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint);
911
912
913
914
915
916
917
918
919
920
921 if (retval && chunk)
922 retval->transport = chunk->transport;
923
924 return retval;
925}
926
927
928struct sctp_chunk *sctp_make_abort_no_data(
929 const struct sctp_association *asoc,
930 const struct sctp_chunk *chunk, __u32 tsn)
931{
932 struct sctp_chunk *retval;
933 __be32 payload;
934
935 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
936 + sizeof(tsn));
937
938 if (!retval)
939 goto no_mem;
940
941
942 payload = htonl(tsn);
943 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
944 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
945
946
947
948
949
950
951
952
953
954
955 if (chunk)
956 retval->transport = chunk->transport;
957
958no_mem:
959 return retval;
960}
961
962
963struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
964 const struct msghdr *msg,
965 size_t paylen)
966{
967 struct sctp_chunk *retval;
968 void *payload = NULL;
969 int err;
970
971 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen);
972 if (!retval)
973 goto err_chunk;
974
975 if (paylen) {
976
977 payload = kmalloc(paylen, GFP_KERNEL);
978 if (!payload)
979 goto err_payload;
980
981 err = memcpy_fromiovec(payload, msg->msg_iov, paylen);
982 if (err < 0)
983 goto err_copy;
984 }
985
986 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
987 sctp_addto_chunk(retval, paylen, payload);
988
989 if (paylen)
990 kfree(payload);
991
992 return retval;
993
994err_copy:
995 kfree(payload);
996err_payload:
997 sctp_chunk_free(retval);
998 retval = NULL;
999err_chunk:
1000 return retval;
1001}
1002
1003
1004
1005
1006static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1007 const void *data)
1008{
1009 void *target;
1010 int chunklen = ntohs(chunk->chunk_hdr->length);
1011
1012 target = skb_put(chunk->skb, len);
1013
1014 if (data)
1015 memcpy(target, data, len);
1016 else
1017 memset(target, 0, len);
1018
1019
1020 chunk->chunk_hdr->length = htons(chunklen + len);
1021 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1022
1023 return target;
1024}
1025
1026
1027struct sctp_chunk *sctp_make_abort_violation(
1028 const struct sctp_association *asoc,
1029 const struct sctp_chunk *chunk,
1030 const __u8 *payload,
1031 const size_t paylen)
1032{
1033 struct sctp_chunk *retval;
1034 struct sctp_paramhdr phdr;
1035
1036 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen
1037 + sizeof(sctp_paramhdr_t));
1038 if (!retval)
1039 goto end;
1040
1041 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen
1042 + sizeof(sctp_paramhdr_t));
1043
1044 phdr.type = htons(chunk->chunk_hdr->type);
1045 phdr.length = chunk->chunk_hdr->length;
1046 sctp_addto_chunk(retval, paylen, payload);
1047 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr);
1048
1049end:
1050 return retval;
1051}
1052
1053struct sctp_chunk *sctp_make_violation_paramlen(
1054 const struct sctp_association *asoc,
1055 const struct sctp_chunk *chunk,
1056 struct sctp_paramhdr *param)
1057{
1058 struct sctp_chunk *retval;
1059 static const char error[] = "The following parameter had invalid length:";
1060 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
1061 sizeof(sctp_paramhdr_t);
1062
1063 retval = sctp_make_abort(asoc, chunk, payload_len);
1064 if (!retval)
1065 goto nodata;
1066
1067 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1068 sizeof(error) + sizeof(sctp_paramhdr_t));
1069 sctp_addto_chunk(retval, sizeof(error), error);
1070 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param);
1071
1072nodata:
1073 return retval;
1074}
1075
1076
1077struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1078 const struct sctp_transport *transport,
1079 const void *payload, const size_t paylen)
1080{
1081 struct sctp_chunk *retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT,
1082 0, paylen);
1083
1084 if (!retval)
1085 goto nodata;
1086
1087
1088
1089
1090 retval->transport = (struct sctp_transport *) transport;
1091 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1092
1093nodata:
1094 return retval;
1095}
1096
1097struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1098 const struct sctp_chunk *chunk,
1099 const void *payload, const size_t paylen)
1100{
1101 struct sctp_chunk *retval;
1102
1103 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen);
1104 if (!retval)
1105 goto nodata;
1106
1107 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118 if (chunk)
1119 retval->transport = chunk->transport;
1120
1121nodata:
1122 return retval;
1123}
1124
1125
1126
1127
1128static struct sctp_chunk *sctp_make_op_error_space(
1129 const struct sctp_association *asoc,
1130 const struct sctp_chunk *chunk,
1131 size_t size)
1132{
1133 struct sctp_chunk *retval;
1134
1135 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0,
1136 sizeof(sctp_errhdr_t) + size);
1137 if (!retval)
1138 goto nodata;
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148 if (chunk)
1149 retval->transport = chunk->transport;
1150
1151nodata:
1152 return retval;
1153}
1154
1155
1156
1157
1158
1159
1160
1161static inline struct sctp_chunk *sctp_make_op_error_fixed(
1162 const struct sctp_association *asoc,
1163 const struct sctp_chunk *chunk)
1164{
1165 size_t size = asoc ? asoc->pathmtu : 0;
1166
1167 if (!size)
1168 size = SCTP_DEFAULT_MAXSEGMENT;
1169
1170 return sctp_make_op_error_space(asoc, chunk, size);
1171}
1172
1173
1174struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1175 const struct sctp_chunk *chunk,
1176 __be16 cause_code, const void *payload,
1177 size_t paylen, size_t reserve_tail)
1178{
1179 struct sctp_chunk *retval;
1180
1181 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1182 if (!retval)
1183 goto nodata;
1184
1185 sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1186 sctp_addto_chunk(retval, paylen, payload);
1187 if (reserve_tail)
1188 sctp_addto_param(retval, reserve_tail, NULL);
1189
1190nodata:
1191 return retval;
1192}
1193
1194struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1195{
1196 struct sctp_chunk *retval;
1197 struct sctp_hmac *hmac_desc;
1198 struct sctp_authhdr auth_hdr;
1199 __u8 *hmac;
1200
1201
1202 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1203 if (unlikely(!hmac_desc))
1204 return NULL;
1205
1206 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
1207 hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
1208 if (!retval)
1209 return NULL;
1210
1211 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1212 auth_hdr.shkey_id = htons(asoc->active_key_id);
1213
1214 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1215 &auth_hdr);
1216
1217 hmac = skb_put(retval->skb, hmac_desc->hmac_len);
1218 memset(hmac, 0, hmac_desc->hmac_len);
1219
1220
1221 retval->chunk_hdr->length =
1222 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1223 retval->chunk_end = skb_tail_pointer(retval->skb);
1224
1225 return retval;
1226}
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1237 const struct sctp_association *asoc,
1238 struct sock *sk)
1239{
1240 struct sctp_chunk *retval;
1241
1242 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC);
1243
1244 if (!retval)
1245 goto nodata;
1246
1247 if (!sk) {
1248 SCTP_DEBUG_PRINTK("chunkifying skb %p w/o an sk\n", skb);
1249 }
1250
1251 INIT_LIST_HEAD(&retval->list);
1252 retval->skb = skb;
1253 retval->asoc = (struct sctp_association *)asoc;
1254 retval->has_tsn = 0;
1255 retval->has_ssn = 0;
1256 retval->rtt_in_progress = 0;
1257 retval->sent_at = 0;
1258 retval->singleton = 1;
1259 retval->end_of_packet = 0;
1260 retval->ecn_ce_done = 0;
1261 retval->pdiscard = 0;
1262
1263
1264
1265
1266
1267
1268
1269 retval->tsn_missing_report = 0;
1270 retval->tsn_gap_acked = 0;
1271 retval->fast_retransmit = SCTP_CAN_FRTX;
1272
1273
1274
1275
1276 retval->msg = NULL;
1277
1278
1279 INIT_LIST_HEAD(&retval->transmitted_list);
1280 INIT_LIST_HEAD(&retval->frag_list);
1281 SCTP_DBG_OBJCNT_INC(chunk);
1282 atomic_set(&retval->refcnt, 1);
1283
1284nodata:
1285 return retval;
1286}
1287
1288
1289void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1290 union sctp_addr *dest)
1291{
1292 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1293 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1294}
1295
1296
1297const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1298{
1299
1300 if (chunk->transport) {
1301 return &chunk->transport->ipaddr;
1302 } else {
1303
1304 return &chunk->source;
1305 }
1306}
1307
1308
1309
1310
1311SCTP_STATIC
1312struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1313 __u8 type, __u8 flags, int paylen)
1314{
1315 struct sctp_chunk *retval;
1316 sctp_chunkhdr_t *chunk_hdr;
1317 struct sk_buff *skb;
1318 struct sock *sk;
1319
1320
1321 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen),
1322 GFP_ATOMIC);
1323 if (!skb)
1324 goto nodata;
1325
1326
1327 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t));
1328 chunk_hdr->type = type;
1329 chunk_hdr->flags = flags;
1330 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t));
1331
1332 sk = asoc ? asoc->base.sk : NULL;
1333 retval = sctp_chunkify(skb, asoc, sk);
1334 if (!retval) {
1335 kfree_skb(skb);
1336 goto nodata;
1337 }
1338
1339 retval->chunk_hdr = chunk_hdr;
1340 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1341
1342
1343 if (sctp_auth_send_cid(type, asoc))
1344 retval->auth = 1;
1345
1346
1347 skb->sk = sk;
1348
1349 return retval;
1350nodata:
1351 return NULL;
1352}
1353
1354
1355
1356static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1357{
1358 BUG_ON(!list_empty(&chunk->list));
1359 list_del_init(&chunk->transmitted_list);
1360
1361
1362 dev_kfree_skb(chunk->skb);
1363
1364 SCTP_DBG_OBJCNT_DEC(chunk);
1365 kmem_cache_free(sctp_chunk_cachep, chunk);
1366}
1367
1368
1369void sctp_chunk_free(struct sctp_chunk *chunk)
1370{
1371
1372 if (chunk->msg)
1373 sctp_datamsg_put(chunk->msg);
1374
1375 sctp_chunk_put(chunk);
1376}
1377
1378
1379void sctp_chunk_hold(struct sctp_chunk *ch)
1380{
1381 atomic_inc(&ch->refcnt);
1382}
1383
1384
1385void sctp_chunk_put(struct sctp_chunk *ch)
1386{
1387 if (atomic_dec_and_test(&ch->refcnt))
1388 sctp_chunk_destroy(ch);
1389}
1390
1391
1392
1393
1394void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1395{
1396 void *target;
1397 void *padding;
1398 int chunklen = ntohs(chunk->chunk_hdr->length);
1399 int padlen = WORD_ROUND(chunklen) - chunklen;
1400
1401 padding = skb_put(chunk->skb, padlen);
1402 target = skb_put(chunk->skb, len);
1403
1404 memset(padding, 0, padlen);
1405 memcpy(target, data, len);
1406
1407
1408 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1409 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1410
1411 return target;
1412}
1413
1414
1415
1416
1417void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk,
1418 int len, const void *data)
1419{
1420 if (skb_tailroom(chunk->skb) >= len)
1421 return sctp_addto_chunk(chunk, len, data);
1422 else
1423 return NULL;
1424}
1425
1426
1427
1428
1429
1430int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len,
1431 struct iovec *data)
1432{
1433 __u8 *target;
1434 int err = 0;
1435
1436
1437 target = skb_put(chunk->skb, len);
1438
1439
1440 if ((err = memcpy_fromiovecend(target, data, off, len)))
1441 goto out;
1442
1443
1444 chunk->chunk_hdr->length =
1445 htons(ntohs(chunk->chunk_hdr->length) + len);
1446 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1447
1448out:
1449 return err;
1450}
1451
1452
1453
1454
1455void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1456{
1457 struct sctp_datamsg *msg;
1458 struct sctp_chunk *lchunk;
1459 struct sctp_stream *stream;
1460 __u16 ssn;
1461 __u16 sid;
1462
1463 if (chunk->has_ssn)
1464 return;
1465
1466
1467 sid = ntohs(chunk->subh.data_hdr->stream);
1468 stream = &chunk->asoc->ssnmap->out;
1469
1470
1471
1472
1473 msg = chunk->msg;
1474 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1475 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1476 ssn = 0;
1477 } else {
1478 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1479 ssn = sctp_ssn_next(stream, sid);
1480 else
1481 ssn = sctp_ssn_peek(stream, sid);
1482 }
1483
1484 lchunk->subh.data_hdr->ssn = htons(ssn);
1485 lchunk->has_ssn = 1;
1486 }
1487}
1488
1489
1490
1491
1492void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1493{
1494 if (!chunk->has_tsn) {
1495
1496
1497
1498 chunk->subh.data_hdr->tsn =
1499 htonl(sctp_association_get_next_tsn(chunk->asoc));
1500 chunk->has_tsn = 1;
1501 }
1502}
1503
1504
1505struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1506 struct sctp_chunk *chunk,
1507 gfp_t gfp)
1508{
1509 struct sctp_association *asoc;
1510 struct sk_buff *skb;
1511 sctp_scope_t scope;
1512 struct sctp_af *af;
1513
1514
1515 scope = sctp_scope(sctp_source(chunk));
1516 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1517 if (!asoc)
1518 goto nodata;
1519 asoc->temp = 1;
1520 skb = chunk->skb;
1521
1522 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version));
1523 if (unlikely(!af))
1524 goto fail;
1525 af->from_skb(&asoc->c.peer_addr, skb, 1);
1526nodata:
1527 return asoc;
1528
1529fail:
1530 sctp_association_free(asoc);
1531 return NULL;
1532}
1533
1534
1535
1536
1537static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1538 const struct sctp_association *asoc,
1539 const struct sctp_chunk *init_chunk,
1540 int *cookie_len,
1541 const __u8 *raw_addrs, int addrs_len)
1542{
1543 sctp_cookie_param_t *retval;
1544 struct sctp_signed_cookie *cookie;
1545 struct scatterlist sg;
1546 int headersize, bodysize;
1547 unsigned int keylen;
1548 char *key;
1549
1550
1551
1552
1553 headersize = sizeof(sctp_paramhdr_t) +
1554 (sizeof(struct sctp_signed_cookie) -
1555 sizeof(struct sctp_cookie));
1556 bodysize = sizeof(struct sctp_cookie)
1557 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1558
1559
1560
1561
1562 if (bodysize % SCTP_COOKIE_MULTIPLE)
1563 bodysize += SCTP_COOKIE_MULTIPLE
1564 - (bodysize % SCTP_COOKIE_MULTIPLE);
1565 *cookie_len = headersize + bodysize;
1566
1567
1568
1569
1570 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1571 if (!retval)
1572 goto nodata;
1573
1574 cookie = (struct sctp_signed_cookie *) retval->body;
1575
1576
1577 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1578 retval->p.length = htons(*cookie_len);
1579
1580
1581 cookie->c = asoc->c;
1582
1583 cookie->c.raw_addr_list_len = addrs_len;
1584
1585
1586 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1587
1588
1589 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1590
1591
1592 do_gettimeofday(&cookie->c.expiration);
1593 TIMEVAL_ADD(asoc->cookie_life, cookie->c.expiration);
1594
1595
1596 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1597 ntohs(init_chunk->chunk_hdr->length));
1598
1599
1600 memcpy((__u8 *)&cookie->c.peer_init[0] +
1601 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1602
1603 if (sctp_sk(ep->base.sk)->hmac) {
1604 struct hash_desc desc;
1605
1606
1607 sg_init_one(&sg, &cookie->c, bodysize);
1608 keylen = SCTP_SECRET_SIZE;
1609 key = (char *)ep->secret_key[ep->current_key];
1610 desc.tfm = sctp_sk(ep->base.sk)->hmac;
1611 desc.flags = 0;
1612
1613 if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1614 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
1615 goto free_cookie;
1616 }
1617
1618 return retval;
1619
1620free_cookie:
1621 kfree(retval);
1622nodata:
1623 *cookie_len = 0;
1624 return NULL;
1625}
1626
1627
1628struct sctp_association *sctp_unpack_cookie(
1629 const struct sctp_endpoint *ep,
1630 const struct sctp_association *asoc,
1631 struct sctp_chunk *chunk, gfp_t gfp,
1632 int *error, struct sctp_chunk **errp)
1633{
1634 struct sctp_association *retval = NULL;
1635 struct sctp_signed_cookie *cookie;
1636 struct sctp_cookie *bear_cookie;
1637 int headersize, bodysize, fixed_size;
1638 __u8 *digest = ep->digest;
1639 struct scatterlist sg;
1640 unsigned int keylen, len;
1641 char *key;
1642 sctp_scope_t scope;
1643 struct sk_buff *skb = chunk->skb;
1644 struct timeval tv;
1645 struct hash_desc desc;
1646
1647
1648
1649
1650 headersize = sizeof(sctp_chunkhdr_t) +
1651 (sizeof(struct sctp_signed_cookie) -
1652 sizeof(struct sctp_cookie));
1653 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1654 fixed_size = headersize + sizeof(struct sctp_cookie);
1655
1656
1657
1658
1659
1660 len = ntohs(chunk->chunk_hdr->length);
1661 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1662 goto malformed;
1663
1664
1665 if (bodysize % SCTP_COOKIE_MULTIPLE)
1666 goto malformed;
1667
1668
1669 cookie = chunk->subh.cookie_hdr;
1670 bear_cookie = &cookie->c;
1671
1672 if (!sctp_sk(ep->base.sk)->hmac)
1673 goto no_hmac;
1674
1675
1676 keylen = SCTP_SECRET_SIZE;
1677 sg_init_one(&sg, bear_cookie, bodysize);
1678 key = (char *)ep->secret_key[ep->current_key];
1679 desc.tfm = sctp_sk(ep->base.sk)->hmac;
1680 desc.flags = 0;
1681
1682 memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1683 if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1684 crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1685 *error = -SCTP_IERROR_NOMEM;
1686 goto fail;
1687 }
1688
1689 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1690
1691 key = (char *)ep->secret_key[ep->last_key];
1692 memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1693 if (crypto_hash_setkey(desc.tfm, key, keylen) ||
1694 crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1695 *error = -SCTP_IERROR_NOMEM;
1696 goto fail;
1697 }
1698
1699 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1700
1701 *error = -SCTP_IERROR_BAD_SIG;
1702 goto fail;
1703 }
1704 }
1705
1706no_hmac:
1707
1708
1709
1710
1711
1712
1713
1714 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1715 *error = -SCTP_IERROR_BAD_TAG;
1716 goto fail;
1717 }
1718
1719 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1720 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1721 *error = -SCTP_IERROR_BAD_PORTS;
1722 goto fail;
1723 }
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1734 skb_get_timestamp(skb, &tv);
1735 else
1736 do_gettimeofday(&tv);
1737
1738 if (!asoc && tv_lt(bear_cookie->expiration, tv)) {
1739
1740
1741
1742
1743
1744
1745
1746
1747 len = ntohs(chunk->chunk_hdr->length);
1748 *errp = sctp_make_op_error_space(asoc, chunk, len);
1749 if (*errp) {
1750 suseconds_t usecs = (tv.tv_sec -
1751 bear_cookie->expiration.tv_sec) * 1000000L +
1752 tv.tv_usec - bear_cookie->expiration.tv_usec;
1753 __be32 n = htonl(usecs);
1754
1755 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1756 sizeof(n));
1757 sctp_addto_chunk(*errp, sizeof(n), &n);
1758 *error = -SCTP_IERROR_STALE_COOKIE;
1759 } else
1760 *error = -SCTP_IERROR_NOMEM;
1761
1762 goto fail;
1763 }
1764
1765
1766 scope = sctp_scope(sctp_source(chunk));
1767 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1768 if (!retval) {
1769 *error = -SCTP_IERROR_NOMEM;
1770 goto fail;
1771 }
1772
1773
1774 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1775
1776
1777 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1778
1779 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1780 GFP_ATOMIC) < 0) {
1781 *error = -SCTP_IERROR_NOMEM;
1782 goto fail;
1783 }
1784
1785
1786 if (list_empty(&retval->base.bind_addr.address_list)) {
1787 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1788 SCTP_ADDR_SRC, GFP_ATOMIC);
1789 }
1790
1791 retval->next_tsn = retval->c.initial_tsn;
1792 retval->ctsn_ack_point = retval->next_tsn - 1;
1793 retval->addip_serial = retval->c.initial_tsn;
1794 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1795 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1796 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1797
1798
1799 return retval;
1800
1801fail:
1802 if (retval)
1803 sctp_association_free(retval);
1804
1805 return NULL;
1806
1807malformed:
1808
1809
1810
1811 *error = -SCTP_IERROR_MALFORMED;
1812 goto fail;
1813}
1814
1815
1816
1817
1818
1819struct __sctp_missing {
1820 __be32 num_missing;
1821 __be16 type;
1822} __packed;
1823
1824
1825
1826
1827static int sctp_process_missing_param(const struct sctp_association *asoc,
1828 sctp_param_t paramtype,
1829 struct sctp_chunk *chunk,
1830 struct sctp_chunk **errp)
1831{
1832 struct __sctp_missing report;
1833 __u16 len;
1834
1835 len = WORD_ROUND(sizeof(report));
1836
1837
1838
1839
1840 if (!*errp)
1841 *errp = sctp_make_op_error_space(asoc, chunk, len);
1842
1843 if (*errp) {
1844 report.num_missing = htonl(1);
1845 report.type = paramtype;
1846 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1847 sizeof(report));
1848 sctp_addto_chunk(*errp, sizeof(report), &report);
1849 }
1850
1851
1852 return 0;
1853}
1854
1855
1856static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1857 struct sctp_chunk *chunk,
1858 struct sctp_chunk **errp)
1859{
1860
1861
1862 if (!*errp)
1863 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1864
1865 if (*errp)
1866 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1867
1868
1869 return 0;
1870}
1871
1872static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1873 struct sctp_paramhdr *param,
1874 const struct sctp_chunk *chunk,
1875 struct sctp_chunk **errp)
1876{
1877
1878
1879
1880 if (*errp)
1881 sctp_chunk_free(*errp);
1882
1883
1884 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1885
1886 return 0;
1887}
1888
1889
1890
1891
1892
1893static int sctp_process_hn_param(const struct sctp_association *asoc,
1894 union sctp_params param,
1895 struct sctp_chunk *chunk,
1896 struct sctp_chunk **errp)
1897{
1898 __u16 len = ntohs(param.p->length);
1899
1900
1901
1902
1903
1904
1905 if (*errp)
1906 sctp_chunk_free(*errp);
1907
1908 *errp = sctp_make_op_error_space(asoc, chunk, len);
1909
1910 if (*errp) {
1911 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
1912 sctp_addto_chunk(*errp, len, param.v);
1913 }
1914
1915
1916 return 0;
1917}
1918
1919static int sctp_verify_ext_param(union sctp_params param)
1920{
1921 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1922 int have_auth = 0;
1923 int have_asconf = 0;
1924 int i;
1925
1926 for (i = 0; i < num_ext; i++) {
1927 switch (param.ext->chunks[i]) {
1928 case SCTP_CID_AUTH:
1929 have_auth = 1;
1930 break;
1931 case SCTP_CID_ASCONF:
1932 case SCTP_CID_ASCONF_ACK:
1933 have_asconf = 1;
1934 break;
1935 }
1936 }
1937
1938
1939
1940
1941
1942
1943 if (sctp_addip_noauth)
1944 return 1;
1945
1946 if (sctp_addip_enable && !have_auth && have_asconf)
1947 return 0;
1948
1949 return 1;
1950}
1951
1952static void sctp_process_ext_param(struct sctp_association *asoc,
1953 union sctp_params param)
1954{
1955 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1956 int i;
1957
1958 for (i = 0; i < num_ext; i++) {
1959 switch (param.ext->chunks[i]) {
1960 case SCTP_CID_FWD_TSN:
1961 if (sctp_prsctp_enable &&
1962 !asoc->peer.prsctp_capable)
1963 asoc->peer.prsctp_capable = 1;
1964 break;
1965 case SCTP_CID_AUTH:
1966
1967
1968
1969 if (sctp_auth_enable)
1970 asoc->peer.auth_capable = 1;
1971 break;
1972 case SCTP_CID_ASCONF:
1973 case SCTP_CID_ASCONF_ACK:
1974 if (sctp_addip_enable)
1975 asoc->peer.asconf_capable = 1;
1976 break;
1977 default:
1978 break;
1979 }
1980 }
1981}
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
2009 union sctp_params param,
2010 struct sctp_chunk *chunk,
2011 struct sctp_chunk **errp)
2012{
2013 int retval = SCTP_IERROR_NO_ERROR;
2014
2015 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2016 case SCTP_PARAM_ACTION_DISCARD:
2017 retval = SCTP_IERROR_ERROR;
2018 break;
2019 case SCTP_PARAM_ACTION_SKIP:
2020 break;
2021 case SCTP_PARAM_ACTION_DISCARD_ERR:
2022 retval = SCTP_IERROR_ERROR;
2023
2024 case SCTP_PARAM_ACTION_SKIP_ERR:
2025
2026
2027
2028 if (NULL == *errp)
2029 *errp = sctp_make_op_error_fixed(asoc, chunk);
2030
2031 if (*errp) {
2032 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2033 WORD_ROUND(ntohs(param.p->length))))
2034 sctp_addto_chunk_fixed(*errp,
2035 WORD_ROUND(ntohs(param.p->length)),
2036 param.v);
2037 } else {
2038
2039
2040
2041
2042
2043 retval = SCTP_IERROR_NOMEM;
2044 }
2045 break;
2046 default:
2047 break;
2048 }
2049
2050 return retval;
2051}
2052
2053
2054
2055
2056
2057
2058
2059
2060static sctp_ierror_t sctp_verify_param(const struct sctp_association *asoc,
2061 union sctp_params param,
2062 sctp_cid_t cid,
2063 struct sctp_chunk *chunk,
2064 struct sctp_chunk **err_chunk)
2065{
2066 struct sctp_hmac_algo_param *hmacs;
2067 int retval = SCTP_IERROR_NO_ERROR;
2068 __u16 n_elt, id = 0;
2069 int i;
2070
2071
2072
2073
2074
2075
2076 switch (param.p->type) {
2077 case SCTP_PARAM_IPV4_ADDRESS:
2078 case SCTP_PARAM_IPV6_ADDRESS:
2079 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2080 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2081 case SCTP_PARAM_STATE_COOKIE:
2082 case SCTP_PARAM_HEARTBEAT_INFO:
2083 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2084 case SCTP_PARAM_ECN_CAPABLE:
2085 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2086 break;
2087
2088 case SCTP_PARAM_SUPPORTED_EXT:
2089 if (!sctp_verify_ext_param(param))
2090 return SCTP_IERROR_ABORT;
2091 break;
2092
2093 case SCTP_PARAM_SET_PRIMARY:
2094 if (sctp_addip_enable)
2095 break;
2096 goto fallthrough;
2097
2098 case SCTP_PARAM_HOST_NAME_ADDRESS:
2099
2100 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2101 retval = SCTP_IERROR_ABORT;
2102 break;
2103
2104 case SCTP_PARAM_FWD_TSN_SUPPORT:
2105 if (sctp_prsctp_enable)
2106 break;
2107 goto fallthrough;
2108
2109 case SCTP_PARAM_RANDOM:
2110 if (!sctp_auth_enable)
2111 goto fallthrough;
2112
2113
2114
2115
2116
2117
2118 if (SCTP_AUTH_RANDOM_LENGTH !=
2119 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) {
2120 sctp_process_inv_paramlength(asoc, param.p,
2121 chunk, err_chunk);
2122 retval = SCTP_IERROR_ABORT;
2123 }
2124 break;
2125
2126 case SCTP_PARAM_CHUNKS:
2127 if (!sctp_auth_enable)
2128 goto fallthrough;
2129
2130
2131
2132
2133
2134
2135 if (260 < ntohs(param.p->length)) {
2136 sctp_process_inv_paramlength(asoc, param.p,
2137 chunk, err_chunk);
2138 retval = SCTP_IERROR_ABORT;
2139 }
2140 break;
2141
2142 case SCTP_PARAM_HMAC_ALGO:
2143 if (!sctp_auth_enable)
2144 goto fallthrough;
2145
2146 hmacs = (struct sctp_hmac_algo_param *)param.p;
2147 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
2148
2149
2150
2151
2152
2153 for (i = 0; i < n_elt; i++) {
2154 id = ntohs(hmacs->hmac_ids[i]);
2155
2156 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2157 break;
2158 }
2159
2160 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2161 sctp_process_inv_paramlength(asoc, param.p, chunk,
2162 err_chunk);
2163 retval = SCTP_IERROR_ABORT;
2164 }
2165 break;
2166fallthrough:
2167 default:
2168 SCTP_DEBUG_PRINTK("Unrecognized param: %d for chunk %d.\n",
2169 ntohs(param.p->type), cid);
2170 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2171 break;
2172 }
2173 return retval;
2174}
2175
2176
2177int sctp_verify_init(const struct sctp_association *asoc,
2178 sctp_cid_t cid,
2179 sctp_init_chunk_t *peer_init,
2180 struct sctp_chunk *chunk,
2181 struct sctp_chunk **errp)
2182{
2183 union sctp_params param;
2184 int has_cookie = 0;
2185 int result;
2186
2187
2188 if ((0 == peer_init->init_hdr.num_outbound_streams) ||
2189 (0 == peer_init->init_hdr.num_inbound_streams) ||
2190 (0 == peer_init->init_hdr.init_tag) ||
2191 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
2192
2193 return sctp_process_inv_mandatory(asoc, chunk, errp);
2194 }
2195
2196
2197 sctp_walk_params(param, peer_init, init_hdr.params) {
2198
2199 if (SCTP_PARAM_STATE_COOKIE == param.p->type)
2200 has_cookie = 1;
2201
2202 }
2203
2204
2205
2206
2207
2208
2209
2210
2211 if (param.v != (void*)chunk->chunk_end)
2212 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2213
2214
2215
2216
2217 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2218 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2219 chunk, errp);
2220
2221
2222 sctp_walk_params(param, peer_init, init_hdr.params) {
2223
2224 result = sctp_verify_param(asoc, param, cid, chunk, errp);
2225 switch (result) {
2226 case SCTP_IERROR_ABORT:
2227 case SCTP_IERROR_NOMEM:
2228 return 0;
2229 case SCTP_IERROR_ERROR:
2230 return 1;
2231 case SCTP_IERROR_NO_ERROR:
2232 default:
2233 break;
2234 }
2235
2236 }
2237
2238 return 1;
2239}
2240
2241
2242
2243
2244
2245int sctp_process_init(struct sctp_association *asoc, sctp_cid_t cid,
2246 const union sctp_addr *peer_addr,
2247 sctp_init_chunk_t *peer_init, gfp_t gfp)
2248{
2249 union sctp_params param;
2250 struct sctp_transport *transport;
2251 struct list_head *pos, *temp;
2252 char *cookie;
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264 if (peer_addr) {
2265 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2266 goto nomem;
2267 }
2268
2269
2270 sctp_walk_params(param, peer_init, init_hdr.params) {
2271
2272 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2273 goto clean_up;
2274 }
2275
2276
2277
2278
2279 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2280 !asoc->peer.peer_hmacs))
2281 asoc->peer.auth_capable = 0;
2282
2283
2284
2285
2286
2287
2288
2289 if (!sctp_addip_noauth &&
2290 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2291 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2292 SCTP_PARAM_DEL_IP |
2293 SCTP_PARAM_SET_PRIMARY);
2294 asoc->peer.asconf_capable = 0;
2295 goto clean_up;
2296 }
2297
2298
2299 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2300 transport = list_entry(pos, struct sctp_transport, transports);
2301 if (transport->state == SCTP_UNKNOWN) {
2302 sctp_assoc_rm_peer(asoc, transport);
2303 }
2304 }
2305
2306
2307
2308
2309 asoc->peer.i.init_tag =
2310 ntohl(peer_init->init_hdr.init_tag);
2311 asoc->peer.i.a_rwnd =
2312 ntohl(peer_init->init_hdr.a_rwnd);
2313 asoc->peer.i.num_outbound_streams =
2314 ntohs(peer_init->init_hdr.num_outbound_streams);
2315 asoc->peer.i.num_inbound_streams =
2316 ntohs(peer_init->init_hdr.num_inbound_streams);
2317 asoc->peer.i.initial_tsn =
2318 ntohl(peer_init->init_hdr.initial_tsn);
2319
2320
2321
2322
2323 if (asoc->c.sinit_num_ostreams >
2324 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2325 asoc->c.sinit_num_ostreams =
2326 ntohs(peer_init->init_hdr.num_inbound_streams);
2327 }
2328
2329 if (asoc->c.sinit_max_instreams >
2330 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2331 asoc->c.sinit_max_instreams =
2332 ntohs(peer_init->init_hdr.num_outbound_streams);
2333 }
2334
2335
2336 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2337
2338
2339 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2340
2341
2342 cookie = asoc->peer.cookie;
2343 if (cookie) {
2344 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2345 if (!asoc->peer.cookie)
2346 goto clean_up;
2347 }
2348
2349
2350
2351
2352
2353 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2354 transports) {
2355 transport->ssthresh = asoc->peer.i.a_rwnd;
2356 }
2357
2358
2359 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2360 asoc->peer.i.initial_tsn, gfp))
2361 goto clean_up;
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374 if (!asoc->temp) {
2375 int error;
2376
2377 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams,
2378 asoc->c.sinit_num_ostreams, gfp);
2379 if (!asoc->ssnmap)
2380 goto clean_up;
2381
2382 error = sctp_assoc_set_id(asoc, gfp);
2383 if (error)
2384 goto clean_up;
2385 }
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2398 return 1;
2399
2400clean_up:
2401
2402 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2403 transport = list_entry(pos, struct sctp_transport, transports);
2404 if (transport->state != SCTP_ACTIVE)
2405 sctp_assoc_rm_peer(asoc, transport);
2406 }
2407
2408nomem:
2409 return 0;
2410}
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424static int sctp_process_param(struct sctp_association *asoc,
2425 union sctp_params param,
2426 const union sctp_addr *peer_addr,
2427 gfp_t gfp)
2428{
2429 union sctp_addr addr;
2430 int i;
2431 __u16 sat;
2432 int retval = 1;
2433 sctp_scope_t scope;
2434 time_t stale;
2435 struct sctp_af *af;
2436 union sctp_addr_param *addr_param;
2437 struct sctp_transport *t;
2438
2439
2440
2441
2442
2443 switch (param.p->type) {
2444 case SCTP_PARAM_IPV6_ADDRESS:
2445 if (PF_INET6 != asoc->base.sk->sk_family)
2446 break;
2447 goto do_addr_param;
2448
2449 case SCTP_PARAM_IPV4_ADDRESS:
2450
2451 if (ipv6_only_sock(asoc->base.sk))
2452 break;
2453do_addr_param:
2454 af = sctp_get_af_specific(param_type2af(param.p->type));
2455 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2456 scope = sctp_scope(peer_addr);
2457 if (sctp_in_scope(&addr, scope))
2458 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2459 return 0;
2460 break;
2461
2462 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2463 if (!sctp_cookie_preserve_enable)
2464 break;
2465
2466 stale = ntohl(param.life->lifespan_increment);
2467
2468
2469
2470
2471 asoc->cookie_life.tv_sec += stale / 1000;
2472 asoc->cookie_life.tv_usec += (stale % 1000) * 1000;
2473 break;
2474
2475 case SCTP_PARAM_HOST_NAME_ADDRESS:
2476 SCTP_DEBUG_PRINTK("unimplemented SCTP_HOST_NAME_ADDRESS\n");
2477 break;
2478
2479 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2480
2481
2482
2483 asoc->peer.ipv4_address = 0;
2484 asoc->peer.ipv6_address = 0;
2485
2486
2487
2488
2489 if (peer_addr->sa.sa_family == AF_INET6)
2490 asoc->peer.ipv6_address = 1;
2491 else if (peer_addr->sa.sa_family == AF_INET)
2492 asoc->peer.ipv4_address = 1;
2493
2494
2495 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2496 if (sat)
2497 sat /= sizeof(__u16);
2498
2499 for (i = 0; i < sat; ++i) {
2500 switch (param.sat->types[i]) {
2501 case SCTP_PARAM_IPV4_ADDRESS:
2502 asoc->peer.ipv4_address = 1;
2503 break;
2504
2505 case SCTP_PARAM_IPV6_ADDRESS:
2506 if (PF_INET6 == asoc->base.sk->sk_family)
2507 asoc->peer.ipv6_address = 1;
2508 break;
2509
2510 case SCTP_PARAM_HOST_NAME_ADDRESS:
2511 asoc->peer.hostname_address = 1;
2512 break;
2513
2514 default:
2515 break;
2516 }
2517 }
2518 break;
2519
2520 case SCTP_PARAM_STATE_COOKIE:
2521 asoc->peer.cookie_len =
2522 ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2523 asoc->peer.cookie = param.cookie->body;
2524 break;
2525
2526 case SCTP_PARAM_HEARTBEAT_INFO:
2527
2528 break;
2529
2530 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2531
2532 break;
2533
2534 case SCTP_PARAM_ECN_CAPABLE:
2535 asoc->peer.ecn_capable = 1;
2536 break;
2537
2538 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2539 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2540 break;
2541
2542 case SCTP_PARAM_SET_PRIMARY:
2543 if (!sctp_addip_enable)
2544 goto fall_through;
2545
2546 addr_param = param.v + sizeof(sctp_addip_param_t);
2547
2548 af = sctp_get_af_specific(param_type2af(param.p->type));
2549 af->from_addr_param(&addr, addr_param,
2550 htons(asoc->peer.port), 0);
2551
2552
2553
2554
2555 if (!af->addr_valid(&addr, NULL, NULL))
2556 break;
2557
2558 t = sctp_assoc_lookup_paddr(asoc, &addr);
2559 if (!t)
2560 break;
2561
2562 sctp_assoc_set_primary(asoc, t);
2563 break;
2564
2565 case SCTP_PARAM_SUPPORTED_EXT:
2566 sctp_process_ext_param(asoc, param);
2567 break;
2568
2569 case SCTP_PARAM_FWD_TSN_SUPPORT:
2570 if (sctp_prsctp_enable) {
2571 asoc->peer.prsctp_capable = 1;
2572 break;
2573 }
2574
2575 goto fall_through;
2576
2577 case SCTP_PARAM_RANDOM:
2578 if (!sctp_auth_enable)
2579 goto fall_through;
2580
2581
2582 asoc->peer.peer_random = kmemdup(param.p,
2583 ntohs(param.p->length), gfp);
2584 if (!asoc->peer.peer_random) {
2585 retval = 0;
2586 break;
2587 }
2588 break;
2589
2590 case SCTP_PARAM_HMAC_ALGO:
2591 if (!sctp_auth_enable)
2592 goto fall_through;
2593
2594
2595 asoc->peer.peer_hmacs = kmemdup(param.p,
2596 ntohs(param.p->length), gfp);
2597 if (!asoc->peer.peer_hmacs) {
2598 retval = 0;
2599 break;
2600 }
2601
2602
2603 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2604 break;
2605
2606 case SCTP_PARAM_CHUNKS:
2607 if (!sctp_auth_enable)
2608 goto fall_through;
2609
2610 asoc->peer.peer_chunks = kmemdup(param.p,
2611 ntohs(param.p->length), gfp);
2612 if (!asoc->peer.peer_chunks)
2613 retval = 0;
2614 break;
2615fall_through:
2616 default:
2617
2618
2619
2620
2621
2622 SCTP_DEBUG_PRINTK("Ignoring param: %d for association %p.\n",
2623 ntohs(param.p->type), asoc);
2624 break;
2625 }
2626
2627 return retval;
2628}
2629
2630
2631__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2632{
2633
2634
2635
2636 __u32 x;
2637
2638 do {
2639 get_random_bytes(&x, sizeof(__u32));
2640 } while (x == 0);
2641
2642 return x;
2643}
2644
2645
2646__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2647{
2648 __u32 retval;
2649
2650 get_random_bytes(&retval, sizeof(__u32));
2651 return retval;
2652}
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2677 union sctp_addr *addr,
2678 int vparam_len)
2679{
2680 sctp_addiphdr_t asconf;
2681 struct sctp_chunk *retval;
2682 int length = sizeof(asconf) + vparam_len;
2683 union sctp_addr_param addrparam;
2684 int addrlen;
2685 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2686
2687 addrlen = af->to_addr_param(addr, &addrparam);
2688 if (!addrlen)
2689 return NULL;
2690 length += addrlen;
2691
2692
2693 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length);
2694 if (!retval)
2695 return NULL;
2696
2697 asconf.serial = htonl(asoc->addip_serial++);
2698
2699 retval->subh.addip_hdr =
2700 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2701 retval->param_hdr.v =
2702 sctp_addto_chunk(retval, addrlen, &addrparam);
2703
2704 return retval;
2705}
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2732 union sctp_addr *laddr,
2733 struct sockaddr *addrs,
2734 int addrcnt,
2735 __be16 flags)
2736{
2737 sctp_addip_param_t param;
2738 struct sctp_chunk *retval;
2739 union sctp_addr_param addr_param;
2740 union sctp_addr *addr;
2741 void *addr_buf;
2742 struct sctp_af *af;
2743 int paramlen = sizeof(param);
2744 int addr_param_len = 0;
2745 int totallen = 0;
2746 int i;
2747
2748
2749 addr_buf = addrs;
2750 for (i = 0; i < addrcnt; i++) {
2751 addr = (union sctp_addr *)addr_buf;
2752 af = sctp_get_af_specific(addr->v4.sin_family);
2753 addr_param_len = af->to_addr_param(addr, &addr_param);
2754
2755 totallen += paramlen;
2756 totallen += addr_param_len;
2757
2758 addr_buf += af->sockaddr_len;
2759 }
2760
2761
2762 retval = sctp_make_asconf(asoc, laddr, totallen);
2763 if (!retval)
2764 return NULL;
2765
2766
2767 addr_buf = addrs;
2768 for (i = 0; i < addrcnt; i++) {
2769 addr = (union sctp_addr *)addr_buf;
2770 af = sctp_get_af_specific(addr->v4.sin_family);
2771 addr_param_len = af->to_addr_param(addr, &addr_param);
2772 param.param_hdr.type = flags;
2773 param.param_hdr.length = htons(paramlen + addr_param_len);
2774 param.crr_id = i;
2775
2776 sctp_addto_chunk(retval, paramlen, ¶m);
2777 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2778
2779 addr_buf += af->sockaddr_len;
2780 }
2781 return retval;
2782}
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2799 union sctp_addr *addr)
2800{
2801 sctp_addip_param_t param;
2802 struct sctp_chunk *retval;
2803 int len = sizeof(param);
2804 union sctp_addr_param addrparam;
2805 int addrlen;
2806 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2807
2808 addrlen = af->to_addr_param(addr, &addrparam);
2809 if (!addrlen)
2810 return NULL;
2811 len += addrlen;
2812
2813
2814 retval = sctp_make_asconf(asoc, addr, len);
2815 if (!retval)
2816 return NULL;
2817
2818 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2819 param.param_hdr.length = htons(len);
2820 param.crr_id = 0;
2821
2822 sctp_addto_chunk(retval, sizeof(param), ¶m);
2823 sctp_addto_chunk(retval, addrlen, &addrparam);
2824
2825 return retval;
2826}
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2848 __u32 serial, int vparam_len)
2849{
2850 sctp_addiphdr_t asconf;
2851 struct sctp_chunk *retval;
2852 int length = sizeof(asconf) + vparam_len;
2853
2854
2855 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length);
2856 if (!retval)
2857 return NULL;
2858
2859 asconf.serial = htonl(serial);
2860
2861 retval->subh.addip_hdr =
2862 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2863
2864 return retval;
2865}
2866
2867
2868static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2869 __be16 err_code, sctp_addip_param_t *asconf_param)
2870{
2871 sctp_addip_param_t ack_param;
2872 sctp_errhdr_t err_param;
2873 int asconf_param_len = 0;
2874 int err_param_len = 0;
2875 __be16 response_type;
2876
2877 if (SCTP_ERROR_NO_ERROR == err_code) {
2878 response_type = SCTP_PARAM_SUCCESS_REPORT;
2879 } else {
2880 response_type = SCTP_PARAM_ERR_CAUSE;
2881 err_param_len = sizeof(err_param);
2882 if (asconf_param)
2883 asconf_param_len =
2884 ntohs(asconf_param->param_hdr.length);
2885 }
2886
2887
2888 ack_param.param_hdr.type = response_type;
2889 ack_param.param_hdr.length = htons(sizeof(ack_param) +
2890 err_param_len +
2891 asconf_param_len);
2892 ack_param.crr_id = crr_id;
2893 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2894
2895 if (SCTP_ERROR_NO_ERROR == err_code)
2896 return;
2897
2898
2899 err_param.cause = err_code;
2900 err_param.length = htons(err_param_len + asconf_param_len);
2901 sctp_addto_chunk(chunk, err_param_len, &err_param);
2902
2903
2904 if (asconf_param)
2905 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
2906}
2907
2908
2909static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
2910 struct sctp_chunk *asconf,
2911 sctp_addip_param_t *asconf_param)
2912{
2913 struct sctp_transport *peer;
2914 struct sctp_af *af;
2915 union sctp_addr addr;
2916 union sctp_addr_param *addr_param;
2917
2918 addr_param = (union sctp_addr_param *)
2919 ((void *)asconf_param + sizeof(sctp_addip_param_t));
2920
2921 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
2922 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
2923 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
2924 return SCTP_ERROR_UNKNOWN_PARAM;
2925
2926 switch (addr_param->v4.param_hdr.type) {
2927 case SCTP_PARAM_IPV6_ADDRESS:
2928 if (!asoc->peer.ipv6_address)
2929 return SCTP_ERROR_DNS_FAILED;
2930 break;
2931 case SCTP_PARAM_IPV4_ADDRESS:
2932 if (!asoc->peer.ipv4_address)
2933 return SCTP_ERROR_DNS_FAILED;
2934 break;
2935 default:
2936 return SCTP_ERROR_DNS_FAILED;
2937 }
2938
2939 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
2940 if (unlikely(!af))
2941 return SCTP_ERROR_DNS_FAILED;
2942
2943 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
2944
2945
2946
2947
2948
2949
2950 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
2951 return SCTP_ERROR_DNS_FAILED;
2952
2953 switch (asconf_param->param_hdr.type) {
2954 case SCTP_PARAM_ADD_IP:
2955
2956
2957
2958
2959 if (af->is_any(&addr))
2960 memcpy(&addr, &asconf->source, sizeof(addr));
2961
2962
2963
2964
2965
2966
2967
2968
2969 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
2970 if (!peer)
2971 return SCTP_ERROR_RSRC_LOW;
2972
2973
2974 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
2975 sctp_transport_hold(peer);
2976 break;
2977 case SCTP_PARAM_DEL_IP:
2978
2979
2980
2981
2982
2983 if (asoc->peer.transport_count == 1)
2984 return SCTP_ERROR_DEL_LAST_IP;
2985
2986
2987
2988
2989
2990
2991
2992
2993 if (sctp_cmp_addr_exact(sctp_source(asconf), &addr))
2994 return SCTP_ERROR_DEL_SRC_IP;
2995
2996
2997
2998
2999
3000
3001 if (af->is_any(&addr)) {
3002 sctp_assoc_set_primary(asoc, asconf->transport);
3003 sctp_assoc_del_nonprimary_peers(asoc,
3004 asconf->transport);
3005 } else
3006 sctp_assoc_del_peer(asoc, &addr);
3007 break;
3008 case SCTP_PARAM_SET_PRIMARY:
3009
3010
3011
3012
3013
3014 if (af->is_any(&addr))
3015 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3016
3017 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3018 if (!peer)
3019 return SCTP_ERROR_DNS_FAILED;
3020
3021 sctp_assoc_set_primary(asoc, peer);
3022 break;
3023 }
3024
3025 return SCTP_ERROR_NO_ERROR;
3026}
3027
3028
3029int sctp_verify_asconf(const struct sctp_association *asoc,
3030 struct sctp_paramhdr *param_hdr, void *chunk_end,
3031 struct sctp_paramhdr **errp) {
3032 sctp_addip_param_t *asconf_param;
3033 union sctp_params param;
3034 int length, plen;
3035
3036 param.v = (sctp_paramhdr_t *) param_hdr;
3037 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
3038 length = ntohs(param.p->length);
3039 *errp = param.p;
3040
3041 if (param.v > chunk_end - length ||
3042 length < sizeof(sctp_paramhdr_t))
3043 return 0;
3044
3045 switch (param.p->type) {
3046 case SCTP_PARAM_ADD_IP:
3047 case SCTP_PARAM_DEL_IP:
3048 case SCTP_PARAM_SET_PRIMARY:
3049 asconf_param = (sctp_addip_param_t *)param.v;
3050 plen = ntohs(asconf_param->param_hdr.length);
3051 if (plen < sizeof(sctp_addip_param_t) +
3052 sizeof(sctp_paramhdr_t))
3053 return 0;
3054 break;
3055 case SCTP_PARAM_SUCCESS_REPORT:
3056 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3057 if (length != sizeof(sctp_addip_param_t))
3058 return 0;
3059
3060 break;
3061 default:
3062 break;
3063 }
3064
3065 param.v += WORD_ROUND(length);
3066 }
3067
3068 if (param.v != chunk_end)
3069 return 0;
3070
3071 return 1;
3072}
3073
3074
3075
3076
3077struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3078 struct sctp_chunk *asconf)
3079{
3080 sctp_addiphdr_t *hdr;
3081 union sctp_addr_param *addr_param;
3082 sctp_addip_param_t *asconf_param;
3083 struct sctp_chunk *asconf_ack;
3084
3085 __be16 err_code;
3086 int length = 0;
3087 int chunk_len;
3088 __u32 serial;
3089 int all_param_pass = 1;
3090
3091 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
3092 hdr = (sctp_addiphdr_t *)asconf->skb->data;
3093 serial = ntohl(hdr->serial);
3094
3095
3096 length = sizeof(sctp_addiphdr_t);
3097 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3098 chunk_len -= length;
3099
3100
3101
3102
3103 length = ntohs(addr_param->v4.param_hdr.length);
3104 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
3105 chunk_len -= length;
3106
3107
3108
3109
3110
3111
3112 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 2);
3113 if (!asconf_ack)
3114 goto done;
3115
3116
3117 while (chunk_len > 0) {
3118 err_code = sctp_process_asconf_param(asoc, asconf,
3119 asconf_param);
3120
3121
3122
3123
3124
3125
3126
3127 if (SCTP_ERROR_NO_ERROR != err_code)
3128 all_param_pass = 0;
3129
3130 if (!all_param_pass)
3131 sctp_add_asconf_response(asconf_ack,
3132 asconf_param->crr_id, err_code,
3133 asconf_param);
3134
3135
3136
3137
3138
3139
3140 if (SCTP_ERROR_RSRC_LOW == err_code)
3141 goto done;
3142
3143
3144 length = ntohs(asconf_param->param_hdr.length);
3145 asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
3146 length);
3147 chunk_len -= length;
3148 }
3149
3150done:
3151 asoc->peer.addip_serial++;
3152
3153
3154
3155
3156 if (asconf_ack) {
3157 sctp_chunk_hold(asconf_ack);
3158 list_add_tail(&asconf_ack->transmitted_list,
3159 &asoc->asconf_ack_list);
3160 }
3161
3162 return asconf_ack;
3163}
3164
3165
3166static void sctp_asconf_param_success(struct sctp_association *asoc,
3167 sctp_addip_param_t *asconf_param)
3168{
3169 struct sctp_af *af;
3170 union sctp_addr addr;
3171 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3172 union sctp_addr_param *addr_param;
3173 struct sctp_transport *transport;
3174 struct sctp_sockaddr_entry *saddr;
3175
3176 addr_param = (union sctp_addr_param *)
3177 ((void *)asconf_param + sizeof(sctp_addip_param_t));
3178
3179
3180 af = sctp_get_af_specific(param_type2af(addr_param->v4.param_hdr.type));
3181 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3182
3183 switch (asconf_param->param_hdr.type) {
3184 case SCTP_PARAM_ADD_IP:
3185
3186
3187
3188 local_bh_disable();
3189 list_for_each_entry(saddr, &bp->address_list, list) {
3190 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3191 saddr->state = SCTP_ADDR_SRC;
3192 }
3193 local_bh_enable();
3194 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3195 transports) {
3196 if (transport->state == SCTP_ACTIVE)
3197 continue;
3198 dst_release(transport->dst);
3199 sctp_transport_route(transport, NULL,
3200 sctp_sk(asoc->base.sk));
3201 }
3202 break;
3203 case SCTP_PARAM_DEL_IP:
3204 local_bh_disable();
3205 sctp_del_bind_addr(bp, &addr);
3206 local_bh_enable();
3207 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3208 transports) {
3209 dst_release(transport->dst);
3210 sctp_transport_route(transport, NULL,
3211 sctp_sk(asoc->base.sk));
3212 }
3213 break;
3214 default:
3215 break;
3216 }
3217}
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3229 sctp_addip_param_t *asconf_param,
3230 int no_err)
3231{
3232 sctp_addip_param_t *asconf_ack_param;
3233 sctp_errhdr_t *err_param;
3234 int length;
3235 int asconf_ack_len;
3236 __be16 err_code;
3237
3238 if (no_err)
3239 err_code = SCTP_ERROR_NO_ERROR;
3240 else
3241 err_code = SCTP_ERROR_REQ_REFUSED;
3242
3243 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3244 sizeof(sctp_chunkhdr_t);
3245
3246
3247
3248
3249 length = sizeof(sctp_addiphdr_t);
3250 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
3251 length);
3252 asconf_ack_len -= length;
3253
3254 while (asconf_ack_len > 0) {
3255 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3256 switch(asconf_ack_param->param_hdr.type) {
3257 case SCTP_PARAM_SUCCESS_REPORT:
3258 return SCTP_ERROR_NO_ERROR;
3259 case SCTP_PARAM_ERR_CAUSE:
3260 length = sizeof(sctp_addip_param_t);
3261 err_param = (sctp_errhdr_t *)
3262 ((void *)asconf_ack_param + length);
3263 asconf_ack_len -= length;
3264 if (asconf_ack_len > 0)
3265 return err_param->cause;
3266 else
3267 return SCTP_ERROR_INV_PARAM;
3268 break;
3269 default:
3270 return SCTP_ERROR_INV_PARAM;
3271 }
3272 }
3273
3274 length = ntohs(asconf_ack_param->param_hdr.length);
3275 asconf_ack_param = (sctp_addip_param_t *)
3276 ((void *)asconf_ack_param + length);
3277 asconf_ack_len -= length;
3278 }
3279
3280 return err_code;
3281}
3282
3283
3284int sctp_process_asconf_ack(struct sctp_association *asoc,
3285 struct sctp_chunk *asconf_ack)
3286{
3287 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3288 union sctp_addr_param *addr_param;
3289 sctp_addip_param_t *asconf_param;
3290 int length = 0;
3291 int asconf_len = asconf->skb->len;
3292 int all_param_pass = 0;
3293 int no_err = 1;
3294 int retval = 0;
3295 __be16 err_code = SCTP_ERROR_NO_ERROR;
3296
3297
3298
3299
3300 length = sizeof(sctp_addip_chunk_t);
3301 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3302 asconf_len -= length;
3303
3304
3305
3306
3307 length = ntohs(addr_param->v4.param_hdr.length);
3308 asconf_param = (sctp_addip_param_t *)((void *)addr_param + length);
3309 asconf_len -= length;
3310
3311
3312
3313
3314
3315
3316 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
3317 all_param_pass = 1;
3318
3319
3320 while (asconf_len > 0) {
3321 if (all_param_pass)
3322 err_code = SCTP_ERROR_NO_ERROR;
3323 else {
3324 err_code = sctp_get_asconf_response(asconf_ack,
3325 asconf_param,
3326 no_err);
3327 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3328 no_err = 0;
3329 }
3330
3331 switch (err_code) {
3332 case SCTP_ERROR_NO_ERROR:
3333 sctp_asconf_param_success(asoc, asconf_param);
3334 break;
3335
3336 case SCTP_ERROR_RSRC_LOW:
3337 retval = 1;
3338 break;
3339
3340 case SCTP_ERROR_UNKNOWN_PARAM:
3341
3342
3343
3344 asoc->peer.addip_disabled_mask |=
3345 asconf_param->param_hdr.type;
3346 break;
3347
3348 case SCTP_ERROR_REQ_REFUSED:
3349 case SCTP_ERROR_DEL_LAST_IP:
3350 case SCTP_ERROR_DEL_SRC_IP:
3351 default:
3352 break;
3353 }
3354
3355
3356
3357
3358 length = ntohs(asconf_param->param_hdr.length);
3359 asconf_param = (sctp_addip_param_t *)((void *)asconf_param +
3360 length);
3361 asconf_len -= length;
3362 }
3363
3364
3365 list_del_init(&asconf->transmitted_list);
3366 sctp_chunk_free(asconf);
3367 asoc->addip_last_asconf = NULL;
3368
3369 return retval;
3370}
3371
3372
3373struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3374 __u32 new_cum_tsn, size_t nstreams,
3375 struct sctp_fwdtsn_skip *skiplist)
3376{
3377 struct sctp_chunk *retval = NULL;
3378 struct sctp_fwdtsn_chunk *ftsn_chunk;
3379 struct sctp_fwdtsn_hdr ftsn_hdr;
3380 struct sctp_fwdtsn_skip skip;
3381 size_t hint;
3382 int i;
3383
3384 hint = (nstreams + 1) * sizeof(__u32);
3385
3386 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint);
3387
3388 if (!retval)
3389 return NULL;
3390
3391 ftsn_chunk = (struct sctp_fwdtsn_chunk *)retval->subh.fwdtsn_hdr;
3392
3393 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3394 retval->subh.fwdtsn_hdr =
3395 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3396
3397 for (i = 0; i < nstreams; i++) {
3398 skip.stream = skiplist[i].stream;
3399 skip.ssn = skiplist[i].ssn;
3400 sctp_addto_chunk(retval, sizeof(skip), &skip);
3401 }
3402
3403 return retval;
3404}
3405