1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
54
55#include <linux/types.h>
56#include <linux/kernel.h>
57#include <linux/ip.h>
58#include <linux/ipv6.h>
59#include <linux/net.h>
60#include <linux/inet.h>
61#include <linux/scatterlist.h>
62#include <linux/crypto.h>
63#include <linux/slab.h>
64#include <net/sock.h>
65
66#include <linux/skbuff.h>
67#include <linux/random.h>
68#include <net/sctp/sctp.h>
69#include <net/sctp/sm.h>
70
71static struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
72 __u8 type, __u8 flags, int paylen);
73static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
74 const struct sctp_association *asoc,
75 const struct sctp_chunk *init_chunk,
76 int *cookie_len,
77 const __u8 *raw_addrs, int addrs_len);
78static int sctp_process_param(struct sctp_association *asoc,
79 union sctp_params param,
80 const union sctp_addr *peer_addr,
81 gfp_t gfp);
82static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
83 const void *data);
84
85
86int sctp_chunk_iif(const struct sctp_chunk *chunk)
87{
88 struct sctp_af *af;
89 int iif = 0;
90
91 af = sctp_get_af_specific(ipver2af(ip_hdr(chunk->skb)->version));
92 if (af)
93 iif = af->skb_iif(chunk->skb);
94
95 return iif;
96}
97
98
99
100
101
102
103static const struct sctp_paramhdr ecap_param = {
104 SCTP_PARAM_ECN_CAPABLE,
105 cpu_to_be16(sizeof(struct sctp_paramhdr)),
106};
107static const struct sctp_paramhdr prsctp_param = {
108 SCTP_PARAM_FWD_TSN_SUPPORT,
109 cpu_to_be16(sizeof(struct sctp_paramhdr)),
110};
111
112
113
114
115
116void sctp_init_cause(struct sctp_chunk *chunk, __be16 cause_code,
117 size_t paylen)
118{
119 sctp_errhdr_t err;
120 __u16 len;
121
122
123 err.cause = cause_code;
124 len = sizeof(sctp_errhdr_t) + paylen;
125 err.length = htons(len);
126 chunk->subh.err_hdr = sctp_addto_chunk(chunk, sizeof(sctp_errhdr_t), &err);
127}
128
129
130
131
132
133
134static int sctp_init_cause_fixed(struct sctp_chunk *chunk, __be16 cause_code,
135 size_t paylen)
136{
137 sctp_errhdr_t err;
138 __u16 len;
139
140
141 err.cause = cause_code;
142 len = sizeof(sctp_errhdr_t) + paylen;
143 err.length = htons(len);
144
145 if (skb_tailroom(chunk->skb) < len)
146 return -ENOSPC;
147 chunk->subh.err_hdr = sctp_addto_chunk_fixed(chunk,
148 sizeof(sctp_errhdr_t),
149 &err);
150 return 0;
151}
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196struct sctp_chunk *sctp_make_init(const struct sctp_association *asoc,
197 const struct sctp_bind_addr *bp,
198 gfp_t gfp, int vparam_len)
199{
200 struct net *net = sock_net(asoc->base.sk);
201 sctp_inithdr_t init;
202 union sctp_params addrs;
203 size_t chunksize;
204 struct sctp_chunk *retval = NULL;
205 int num_types, addrs_len = 0;
206 struct sctp_sock *sp;
207 sctp_supported_addrs_param_t sat;
208 __be16 types[2];
209 sctp_adaptation_ind_param_t aiparam;
210 sctp_supported_ext_param_t ext_param;
211 int num_ext = 0;
212 __u8 extensions[3];
213 sctp_paramhdr_t *auth_chunks = NULL,
214 *auth_hmacs = NULL;
215
216
217
218
219
220
221 retval = NULL;
222
223
224 addrs = sctp_bind_addrs_to_raw(bp, &addrs_len, gfp);
225
226 init.init_tag = htonl(asoc->c.my_vtag);
227 init.a_rwnd = htonl(asoc->rwnd);
228 init.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
229 init.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
230 init.initial_tsn = htonl(asoc->c.initial_tsn);
231
232
233 sp = sctp_sk(asoc->base.sk);
234 num_types = sp->pf->supported_addrs(sp, types);
235
236 chunksize = sizeof(init) + addrs_len;
237 chunksize += WORD_ROUND(SCTP_SAT_LEN(num_types));
238 chunksize += sizeof(ecap_param);
239
240 if (net->sctp.prsctp_enable)
241 chunksize += sizeof(prsctp_param);
242
243
244
245
246
247
248 if (net->sctp.addip_enable) {
249 extensions[num_ext] = SCTP_CID_ASCONF;
250 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
251 num_ext += 2;
252 }
253
254 if (sp->adaptation_ind)
255 chunksize += sizeof(aiparam);
256
257 chunksize += vparam_len;
258
259
260 if (net->sctp.auth_enable) {
261
262 chunksize += sizeof(asoc->c.auth_random);
263
264
265 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
266 if (auth_hmacs->length)
267 chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
268 else
269 auth_hmacs = NULL;
270
271
272 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
273 if (auth_chunks->length)
274 chunksize += WORD_ROUND(ntohs(auth_chunks->length));
275 else
276 auth_chunks = NULL;
277
278 extensions[num_ext] = SCTP_CID_AUTH;
279 num_ext += 1;
280 }
281
282
283 if (num_ext)
284 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
285 num_ext);
286
287
288
289
290
291
292
293
294
295
296
297
298
299 retval = sctp_make_chunk(asoc, SCTP_CID_INIT, 0, chunksize);
300 if (!retval)
301 goto nodata;
302
303 retval->subh.init_hdr =
304 sctp_addto_chunk(retval, sizeof(init), &init);
305 retval->param_hdr.v =
306 sctp_addto_chunk(retval, addrs_len, addrs.v);
307
308
309
310
311
312
313
314
315 sat.param_hdr.type = SCTP_PARAM_SUPPORTED_ADDRESS_TYPES;
316 sat.param_hdr.length = htons(SCTP_SAT_LEN(num_types));
317 sctp_addto_chunk(retval, sizeof(sat), &sat);
318 sctp_addto_chunk(retval, num_types * sizeof(__u16), &types);
319
320 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
321
322
323
324
325 if (num_ext) {
326 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
327 ext_param.param_hdr.length =
328 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
329 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
330 &ext_param);
331 sctp_addto_param(retval, num_ext, extensions);
332 }
333
334 if (net->sctp.prsctp_enable)
335 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
336
337 if (sp->adaptation_ind) {
338 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
339 aiparam.param_hdr.length = htons(sizeof(aiparam));
340 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
341 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
342 }
343
344
345 if (net->sctp.auth_enable) {
346 sctp_addto_chunk(retval, sizeof(asoc->c.auth_random),
347 asoc->c.auth_random);
348 if (auth_hmacs)
349 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
350 auth_hmacs);
351 if (auth_chunks)
352 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
353 auth_chunks);
354 }
355nodata:
356 kfree(addrs.v);
357 return retval;
358}
359
360struct sctp_chunk *sctp_make_init_ack(const struct sctp_association *asoc,
361 const struct sctp_chunk *chunk,
362 gfp_t gfp, int unkparam_len)
363{
364 sctp_inithdr_t initack;
365 struct sctp_chunk *retval;
366 union sctp_params addrs;
367 struct sctp_sock *sp;
368 int addrs_len;
369 sctp_cookie_param_t *cookie;
370 int cookie_len;
371 size_t chunksize;
372 sctp_adaptation_ind_param_t aiparam;
373 sctp_supported_ext_param_t ext_param;
374 int num_ext = 0;
375 __u8 extensions[3];
376 sctp_paramhdr_t *auth_chunks = NULL,
377 *auth_hmacs = NULL,
378 *auth_random = NULL;
379
380 retval = NULL;
381
382
383 addrs = sctp_bind_addrs_to_raw(&asoc->base.bind_addr, &addrs_len, gfp);
384
385 initack.init_tag = htonl(asoc->c.my_vtag);
386 initack.a_rwnd = htonl(asoc->rwnd);
387 initack.num_outbound_streams = htons(asoc->c.sinit_num_ostreams);
388 initack.num_inbound_streams = htons(asoc->c.sinit_max_instreams);
389 initack.initial_tsn = htonl(asoc->c.initial_tsn);
390
391
392
393
394 cookie = sctp_pack_cookie(asoc->ep, asoc, chunk, &cookie_len,
395 addrs.v, addrs_len);
396 if (!cookie)
397 goto nomem_cookie;
398
399
400
401
402 sp = sctp_sk(asoc->base.sk);
403 chunksize = sizeof(initack) + addrs_len + cookie_len + unkparam_len;
404
405
406 if (asoc->peer.ecn_capable)
407 chunksize += sizeof(ecap_param);
408
409 if (asoc->peer.prsctp_capable)
410 chunksize += sizeof(prsctp_param);
411
412 if (asoc->peer.asconf_capable) {
413 extensions[num_ext] = SCTP_CID_ASCONF;
414 extensions[num_ext+1] = SCTP_CID_ASCONF_ACK;
415 num_ext += 2;
416 }
417
418 if (sp->adaptation_ind)
419 chunksize += sizeof(aiparam);
420
421 if (asoc->peer.auth_capable) {
422 auth_random = (sctp_paramhdr_t *)asoc->c.auth_random;
423 chunksize += ntohs(auth_random->length);
424
425 auth_hmacs = (sctp_paramhdr_t *)asoc->c.auth_hmacs;
426 if (auth_hmacs->length)
427 chunksize += WORD_ROUND(ntohs(auth_hmacs->length));
428 else
429 auth_hmacs = NULL;
430
431 auth_chunks = (sctp_paramhdr_t *)asoc->c.auth_chunks;
432 if (auth_chunks->length)
433 chunksize += WORD_ROUND(ntohs(auth_chunks->length));
434 else
435 auth_chunks = NULL;
436
437 extensions[num_ext] = SCTP_CID_AUTH;
438 num_ext += 1;
439 }
440
441 if (num_ext)
442 chunksize += WORD_ROUND(sizeof(sctp_supported_ext_param_t) +
443 num_ext);
444
445
446 retval = sctp_make_chunk(asoc, SCTP_CID_INIT_ACK, 0, chunksize);
447 if (!retval)
448 goto nomem_chunk;
449
450
451
452
453
454
455
456
457
458
459 retval->transport = chunk->transport;
460
461 retval->subh.init_hdr =
462 sctp_addto_chunk(retval, sizeof(initack), &initack);
463 retval->param_hdr.v = sctp_addto_chunk(retval, addrs_len, addrs.v);
464 sctp_addto_chunk(retval, cookie_len, cookie);
465 if (asoc->peer.ecn_capable)
466 sctp_addto_chunk(retval, sizeof(ecap_param), &ecap_param);
467 if (num_ext) {
468 ext_param.param_hdr.type = SCTP_PARAM_SUPPORTED_EXT;
469 ext_param.param_hdr.length =
470 htons(sizeof(sctp_supported_ext_param_t) + num_ext);
471 sctp_addto_chunk(retval, sizeof(sctp_supported_ext_param_t),
472 &ext_param);
473 sctp_addto_param(retval, num_ext, extensions);
474 }
475 if (asoc->peer.prsctp_capable)
476 sctp_addto_chunk(retval, sizeof(prsctp_param), &prsctp_param);
477
478 if (sp->adaptation_ind) {
479 aiparam.param_hdr.type = SCTP_PARAM_ADAPTATION_LAYER_IND;
480 aiparam.param_hdr.length = htons(sizeof(aiparam));
481 aiparam.adaptation_ind = htonl(sp->adaptation_ind);
482 sctp_addto_chunk(retval, sizeof(aiparam), &aiparam);
483 }
484
485 if (asoc->peer.auth_capable) {
486 sctp_addto_chunk(retval, ntohs(auth_random->length),
487 auth_random);
488 if (auth_hmacs)
489 sctp_addto_chunk(retval, ntohs(auth_hmacs->length),
490 auth_hmacs);
491 if (auth_chunks)
492 sctp_addto_chunk(retval, ntohs(auth_chunks->length),
493 auth_chunks);
494 }
495
496
497 retval->asoc = (struct sctp_association *) asoc;
498
499nomem_chunk:
500 kfree(cookie);
501nomem_cookie:
502 kfree(addrs.v);
503 return retval;
504}
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540struct sctp_chunk *sctp_make_cookie_echo(const struct sctp_association *asoc,
541 const struct sctp_chunk *chunk)
542{
543 struct sctp_chunk *retval;
544 void *cookie;
545 int cookie_len;
546
547 cookie = asoc->peer.cookie;
548 cookie_len = asoc->peer.cookie_len;
549
550
551 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ECHO, 0, cookie_len);
552 if (!retval)
553 goto nodata;
554 retval->subh.cookie_hdr =
555 sctp_addto_chunk(retval, cookie_len, cookie);
556
557
558
559
560
561
562
563
564
565
566 if (chunk)
567 retval->transport = chunk->transport;
568
569nodata:
570 return retval;
571}
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591struct sctp_chunk *sctp_make_cookie_ack(const struct sctp_association *asoc,
592 const struct sctp_chunk *chunk)
593{
594 struct sctp_chunk *retval;
595
596 retval = sctp_make_chunk(asoc, SCTP_CID_COOKIE_ACK, 0, 0);
597
598
599
600
601
602
603
604
605
606
607 if (retval && chunk)
608 retval->transport = chunk->transport;
609
610 return retval;
611}
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636struct sctp_chunk *sctp_make_cwr(const struct sctp_association *asoc,
637 const __u32 lowest_tsn,
638 const struct sctp_chunk *chunk)
639{
640 struct sctp_chunk *retval;
641 sctp_cwrhdr_t cwr;
642
643 cwr.lowest_tsn = htonl(lowest_tsn);
644 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_CWR, 0,
645 sizeof(sctp_cwrhdr_t));
646
647 if (!retval)
648 goto nodata;
649
650 retval->subh.ecn_cwr_hdr =
651 sctp_addto_chunk(retval, sizeof(cwr), &cwr);
652
653
654
655
656
657
658
659
660
661
662
663 if (chunk)
664 retval->transport = chunk->transport;
665
666nodata:
667 return retval;
668}
669
670
671struct sctp_chunk *sctp_make_ecne(const struct sctp_association *asoc,
672 const __u32 lowest_tsn)
673{
674 struct sctp_chunk *retval;
675 sctp_ecnehdr_t ecne;
676
677 ecne.lowest_tsn = htonl(lowest_tsn);
678 retval = sctp_make_chunk(asoc, SCTP_CID_ECN_ECNE, 0,
679 sizeof(sctp_ecnehdr_t));
680 if (!retval)
681 goto nodata;
682 retval->subh.ecne_hdr =
683 sctp_addto_chunk(retval, sizeof(ecne), &ecne);
684
685nodata:
686 return retval;
687}
688
689
690
691
692struct sctp_chunk *sctp_make_datafrag_empty(struct sctp_association *asoc,
693 const struct sctp_sndrcvinfo *sinfo,
694 int data_len, __u8 flags, __u16 ssn)
695{
696 struct sctp_chunk *retval;
697 struct sctp_datahdr dp;
698 int chunk_len;
699
700
701
702
703 dp.tsn = 0;
704 dp.stream = htons(sinfo->sinfo_stream);
705 dp.ppid = sinfo->sinfo_ppid;
706
707
708 if (sinfo->sinfo_flags & SCTP_UNORDERED) {
709 flags |= SCTP_DATA_UNORDERED;
710 dp.ssn = 0;
711 } else
712 dp.ssn = htons(ssn);
713
714 chunk_len = sizeof(dp) + data_len;
715 retval = sctp_make_chunk(asoc, SCTP_CID_DATA, flags, chunk_len);
716 if (!retval)
717 goto nodata;
718
719 retval->subh.data_hdr = sctp_addto_chunk(retval, sizeof(dp), &dp);
720 memcpy(&retval->sinfo, sinfo, sizeof(struct sctp_sndrcvinfo));
721
722nodata:
723 return retval;
724}
725
726
727
728
729
730struct sctp_chunk *sctp_make_sack(const struct sctp_association *asoc)
731{
732 struct sctp_chunk *retval;
733 struct sctp_sackhdr sack;
734 int len;
735 __u32 ctsn;
736 __u16 num_gabs, num_dup_tsns;
737 struct sctp_association *aptr = (struct sctp_association *)asoc;
738 struct sctp_tsnmap *map = (struct sctp_tsnmap *)&asoc->peer.tsn_map;
739 struct sctp_gap_ack_block gabs[SCTP_MAX_GABS];
740 struct sctp_transport *trans;
741
742 memset(gabs, 0, sizeof(gabs));
743 ctsn = sctp_tsnmap_get_ctsn(map);
744
745 pr_debug("%s: sackCTSNAck sent:0x%x\n", __func__, ctsn);
746
747
748 num_gabs = sctp_tsnmap_num_gabs(map, gabs);
749 num_dup_tsns = sctp_tsnmap_num_dups(map);
750
751
752 sack.cum_tsn_ack = htonl(ctsn);
753 sack.a_rwnd = htonl(asoc->a_rwnd);
754 sack.num_gap_ack_blocks = htons(num_gabs);
755 sack.num_dup_tsns = htons(num_dup_tsns);
756
757 len = sizeof(sack)
758 + sizeof(struct sctp_gap_ack_block) * num_gabs
759 + sizeof(__u32) * num_dup_tsns;
760
761
762 retval = sctp_make_chunk(asoc, SCTP_CID_SACK, 0, len);
763 if (!retval)
764 goto nodata;
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796 retval->transport = asoc->peer.last_data_from;
797
798 retval->subh.sack_hdr =
799 sctp_addto_chunk(retval, sizeof(sack), &sack);
800
801
802 if (num_gabs)
803 sctp_addto_chunk(retval, sizeof(__u32) * num_gabs,
804 gabs);
805
806
807 if (num_dup_tsns) {
808 aptr->stats.idupchunks += num_dup_tsns;
809 sctp_addto_chunk(retval, sizeof(__u32) * num_dup_tsns,
810 sctp_tsnmap_get_dups(map));
811 }
812
813
814
815
816
817
818
819
820 if (++aptr->peer.sack_generation == 0) {
821 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
822 transports)
823 trans->sack_generation = 0;
824 aptr->peer.sack_generation = 1;
825 }
826nodata:
827 return retval;
828}
829
830
831struct sctp_chunk *sctp_make_shutdown(const struct sctp_association *asoc,
832 const struct sctp_chunk *chunk)
833{
834 struct sctp_chunk *retval;
835 sctp_shutdownhdr_t shut;
836 __u32 ctsn;
837
838 ctsn = sctp_tsnmap_get_ctsn(&asoc->peer.tsn_map);
839 shut.cum_tsn_ack = htonl(ctsn);
840
841 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN, 0,
842 sizeof(sctp_shutdownhdr_t));
843 if (!retval)
844 goto nodata;
845
846 retval->subh.shutdown_hdr =
847 sctp_addto_chunk(retval, sizeof(shut), &shut);
848
849 if (chunk)
850 retval->transport = chunk->transport;
851nodata:
852 return retval;
853}
854
855struct sctp_chunk *sctp_make_shutdown_ack(const struct sctp_association *asoc,
856 const struct sctp_chunk *chunk)
857{
858 struct sctp_chunk *retval;
859
860 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_ACK, 0, 0);
861
862
863
864
865
866
867
868
869
870
871 if (retval && chunk)
872 retval->transport = chunk->transport;
873
874 return retval;
875}
876
877struct sctp_chunk *sctp_make_shutdown_complete(
878 const struct sctp_association *asoc,
879 const struct sctp_chunk *chunk)
880{
881 struct sctp_chunk *retval;
882 __u8 flags = 0;
883
884
885
886
887 flags |= asoc ? 0 : SCTP_CHUNK_FLAG_T;
888
889 retval = sctp_make_chunk(asoc, SCTP_CID_SHUTDOWN_COMPLETE, flags, 0);
890
891
892
893
894
895
896
897
898
899
900
901 if (retval && chunk)
902 retval->transport = chunk->transport;
903
904 return retval;
905}
906
907
908
909
910struct sctp_chunk *sctp_make_abort(const struct sctp_association *asoc,
911 const struct sctp_chunk *chunk,
912 const size_t hint)
913{
914 struct sctp_chunk *retval;
915 __u8 flags = 0;
916
917
918
919
920 if (!asoc) {
921 if (chunk && chunk->chunk_hdr &&
922 chunk->chunk_hdr->type == SCTP_CID_INIT)
923 flags = 0;
924 else
925 flags = SCTP_CHUNK_FLAG_T;
926 }
927
928 retval = sctp_make_chunk(asoc, SCTP_CID_ABORT, flags, hint);
929
930
931
932
933
934
935
936
937
938
939 if (retval && chunk)
940 retval->transport = chunk->transport;
941
942 return retval;
943}
944
945
946struct sctp_chunk *sctp_make_abort_no_data(
947 const struct sctp_association *asoc,
948 const struct sctp_chunk *chunk, __u32 tsn)
949{
950 struct sctp_chunk *retval;
951 __be32 payload;
952
953 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t)
954 + sizeof(tsn));
955
956 if (!retval)
957 goto no_mem;
958
959
960 payload = htonl(tsn);
961 sctp_init_cause(retval, SCTP_ERROR_NO_DATA, sizeof(payload));
962 sctp_addto_chunk(retval, sizeof(payload), (const void *)&payload);
963
964
965
966
967
968
969
970
971
972
973 if (chunk)
974 retval->transport = chunk->transport;
975
976no_mem:
977 return retval;
978}
979
980
981struct sctp_chunk *sctp_make_abort_user(const struct sctp_association *asoc,
982 const struct msghdr *msg,
983 size_t paylen)
984{
985 struct sctp_chunk *retval;
986 void *payload = NULL;
987 int err;
988
989 retval = sctp_make_abort(asoc, NULL, sizeof(sctp_errhdr_t) + paylen);
990 if (!retval)
991 goto err_chunk;
992
993 if (paylen) {
994
995 payload = kmalloc(paylen, GFP_KERNEL);
996 if (!payload)
997 goto err_payload;
998
999 err = memcpy_fromiovec(payload, msg->msg_iov, paylen);
1000 if (err < 0)
1001 goto err_copy;
1002 }
1003
1004 sctp_init_cause(retval, SCTP_ERROR_USER_ABORT, paylen);
1005 sctp_addto_chunk(retval, paylen, payload);
1006
1007 if (paylen)
1008 kfree(payload);
1009
1010 return retval;
1011
1012err_copy:
1013 kfree(payload);
1014err_payload:
1015 sctp_chunk_free(retval);
1016 retval = NULL;
1017err_chunk:
1018 return retval;
1019}
1020
1021
1022
1023
1024static void *sctp_addto_param(struct sctp_chunk *chunk, int len,
1025 const void *data)
1026{
1027 void *target;
1028 int chunklen = ntohs(chunk->chunk_hdr->length);
1029
1030 target = skb_put(chunk->skb, len);
1031
1032 if (data)
1033 memcpy(target, data, len);
1034 else
1035 memset(target, 0, len);
1036
1037
1038 chunk->chunk_hdr->length = htons(chunklen + len);
1039 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1040
1041 return target;
1042}
1043
1044
1045struct sctp_chunk *sctp_make_abort_violation(
1046 const struct sctp_association *asoc,
1047 const struct sctp_chunk *chunk,
1048 const __u8 *payload,
1049 const size_t paylen)
1050{
1051 struct sctp_chunk *retval;
1052 struct sctp_paramhdr phdr;
1053
1054 retval = sctp_make_abort(asoc, chunk, sizeof(sctp_errhdr_t) + paylen
1055 + sizeof(sctp_paramhdr_t));
1056 if (!retval)
1057 goto end;
1058
1059 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, paylen
1060 + sizeof(sctp_paramhdr_t));
1061
1062 phdr.type = htons(chunk->chunk_hdr->type);
1063 phdr.length = chunk->chunk_hdr->length;
1064 sctp_addto_chunk(retval, paylen, payload);
1065 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), &phdr);
1066
1067end:
1068 return retval;
1069}
1070
1071struct sctp_chunk *sctp_make_violation_paramlen(
1072 const struct sctp_association *asoc,
1073 const struct sctp_chunk *chunk,
1074 struct sctp_paramhdr *param)
1075{
1076 struct sctp_chunk *retval;
1077 static const char error[] = "The following parameter had invalid length:";
1078 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t) +
1079 sizeof(sctp_paramhdr_t);
1080
1081 retval = sctp_make_abort(asoc, chunk, payload_len);
1082 if (!retval)
1083 goto nodata;
1084
1085 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION,
1086 sizeof(error) + sizeof(sctp_paramhdr_t));
1087 sctp_addto_chunk(retval, sizeof(error), error);
1088 sctp_addto_param(retval, sizeof(sctp_paramhdr_t), param);
1089
1090nodata:
1091 return retval;
1092}
1093
1094struct sctp_chunk *sctp_make_violation_max_retrans(
1095 const struct sctp_association *asoc,
1096 const struct sctp_chunk *chunk)
1097{
1098 struct sctp_chunk *retval;
1099 static const char error[] = "Association exceeded its max_retans count";
1100 size_t payload_len = sizeof(error) + sizeof(sctp_errhdr_t);
1101
1102 retval = sctp_make_abort(asoc, chunk, payload_len);
1103 if (!retval)
1104 goto nodata;
1105
1106 sctp_init_cause(retval, SCTP_ERROR_PROTO_VIOLATION, sizeof(error));
1107 sctp_addto_chunk(retval, sizeof(error), error);
1108
1109nodata:
1110 return retval;
1111}
1112
1113
1114struct sctp_chunk *sctp_make_heartbeat(const struct sctp_association *asoc,
1115 const struct sctp_transport *transport)
1116{
1117 struct sctp_chunk *retval;
1118 sctp_sender_hb_info_t hbinfo;
1119
1120 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT, 0, sizeof(hbinfo));
1121
1122 if (!retval)
1123 goto nodata;
1124
1125 hbinfo.param_hdr.type = SCTP_PARAM_HEARTBEAT_INFO;
1126 hbinfo.param_hdr.length = htons(sizeof(sctp_sender_hb_info_t));
1127 hbinfo.daddr = transport->ipaddr;
1128 hbinfo.sent_at = jiffies;
1129 hbinfo.hb_nonce = transport->hb_nonce;
1130
1131
1132
1133
1134 retval->transport = (struct sctp_transport *) transport;
1135 retval->subh.hbs_hdr = sctp_addto_chunk(retval, sizeof(hbinfo),
1136 &hbinfo);
1137
1138nodata:
1139 return retval;
1140}
1141
1142struct sctp_chunk *sctp_make_heartbeat_ack(const struct sctp_association *asoc,
1143 const struct sctp_chunk *chunk,
1144 const void *payload, const size_t paylen)
1145{
1146 struct sctp_chunk *retval;
1147
1148 retval = sctp_make_chunk(asoc, SCTP_CID_HEARTBEAT_ACK, 0, paylen);
1149 if (!retval)
1150 goto nodata;
1151
1152 retval->subh.hbs_hdr = sctp_addto_chunk(retval, paylen, payload);
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163 if (chunk)
1164 retval->transport = chunk->transport;
1165
1166nodata:
1167 return retval;
1168}
1169
1170
1171
1172
1173static struct sctp_chunk *sctp_make_op_error_space(
1174 const struct sctp_association *asoc,
1175 const struct sctp_chunk *chunk,
1176 size_t size)
1177{
1178 struct sctp_chunk *retval;
1179
1180 retval = sctp_make_chunk(asoc, SCTP_CID_ERROR, 0,
1181 sizeof(sctp_errhdr_t) + size);
1182 if (!retval)
1183 goto nodata;
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193 if (chunk)
1194 retval->transport = chunk->transport;
1195
1196nodata:
1197 return retval;
1198}
1199
1200
1201
1202
1203
1204
1205
1206static inline struct sctp_chunk *sctp_make_op_error_fixed(
1207 const struct sctp_association *asoc,
1208 const struct sctp_chunk *chunk)
1209{
1210 size_t size = asoc ? asoc->pathmtu : 0;
1211
1212 if (!size)
1213 size = SCTP_DEFAULT_MAXSEGMENT;
1214
1215 return sctp_make_op_error_space(asoc, chunk, size);
1216}
1217
1218
1219struct sctp_chunk *sctp_make_op_error(const struct sctp_association *asoc,
1220 const struct sctp_chunk *chunk,
1221 __be16 cause_code, const void *payload,
1222 size_t paylen, size_t reserve_tail)
1223{
1224 struct sctp_chunk *retval;
1225
1226 retval = sctp_make_op_error_space(asoc, chunk, paylen + reserve_tail);
1227 if (!retval)
1228 goto nodata;
1229
1230 sctp_init_cause(retval, cause_code, paylen + reserve_tail);
1231 sctp_addto_chunk(retval, paylen, payload);
1232 if (reserve_tail)
1233 sctp_addto_param(retval, reserve_tail, NULL);
1234
1235nodata:
1236 return retval;
1237}
1238
1239struct sctp_chunk *sctp_make_auth(const struct sctp_association *asoc)
1240{
1241 struct sctp_chunk *retval;
1242 struct sctp_hmac *hmac_desc;
1243 struct sctp_authhdr auth_hdr;
1244 __u8 *hmac;
1245
1246
1247 hmac_desc = sctp_auth_asoc_get_hmac(asoc);
1248 if (unlikely(!hmac_desc))
1249 return NULL;
1250
1251 retval = sctp_make_chunk(asoc, SCTP_CID_AUTH, 0,
1252 hmac_desc->hmac_len + sizeof(sctp_authhdr_t));
1253 if (!retval)
1254 return NULL;
1255
1256 auth_hdr.hmac_id = htons(hmac_desc->hmac_id);
1257 auth_hdr.shkey_id = htons(asoc->active_key_id);
1258
1259 retval->subh.auth_hdr = sctp_addto_chunk(retval, sizeof(sctp_authhdr_t),
1260 &auth_hdr);
1261
1262 hmac = skb_put(retval->skb, hmac_desc->hmac_len);
1263 memset(hmac, 0, hmac_desc->hmac_len);
1264
1265
1266 retval->chunk_hdr->length =
1267 htons(ntohs(retval->chunk_hdr->length) + hmac_desc->hmac_len);
1268 retval->chunk_end = skb_tail_pointer(retval->skb);
1269
1270 return retval;
1271}
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281struct sctp_chunk *sctp_chunkify(struct sk_buff *skb,
1282 const struct sctp_association *asoc,
1283 struct sock *sk)
1284{
1285 struct sctp_chunk *retval;
1286
1287 retval = kmem_cache_zalloc(sctp_chunk_cachep, GFP_ATOMIC);
1288
1289 if (!retval)
1290 goto nodata;
1291 if (!sk)
1292 pr_debug("%s: chunkifying skb:%p w/o an sk\n", __func__, skb);
1293
1294 INIT_LIST_HEAD(&retval->list);
1295 retval->skb = skb;
1296 retval->asoc = (struct sctp_association *)asoc;
1297 retval->has_tsn = 0;
1298 retval->has_ssn = 0;
1299 retval->rtt_in_progress = 0;
1300 retval->sent_at = 0;
1301 retval->singleton = 1;
1302 retval->end_of_packet = 0;
1303 retval->ecn_ce_done = 0;
1304 retval->pdiscard = 0;
1305
1306
1307
1308
1309
1310
1311
1312 retval->tsn_missing_report = 0;
1313 retval->tsn_gap_acked = 0;
1314 retval->fast_retransmit = SCTP_CAN_FRTX;
1315
1316
1317
1318
1319 retval->msg = NULL;
1320
1321
1322 INIT_LIST_HEAD(&retval->transmitted_list);
1323 INIT_LIST_HEAD(&retval->frag_list);
1324 SCTP_DBG_OBJCNT_INC(chunk);
1325 atomic_set(&retval->refcnt, 1);
1326
1327nodata:
1328 return retval;
1329}
1330
1331
1332void sctp_init_addrs(struct sctp_chunk *chunk, union sctp_addr *src,
1333 union sctp_addr *dest)
1334{
1335 memcpy(&chunk->source, src, sizeof(union sctp_addr));
1336 memcpy(&chunk->dest, dest, sizeof(union sctp_addr));
1337}
1338
1339
1340const union sctp_addr *sctp_source(const struct sctp_chunk *chunk)
1341{
1342
1343 if (chunk->transport) {
1344 return &chunk->transport->ipaddr;
1345 } else {
1346
1347 return &chunk->source;
1348 }
1349}
1350
1351
1352
1353
1354static struct sctp_chunk *sctp_make_chunk(const struct sctp_association *asoc,
1355 __u8 type, __u8 flags, int paylen)
1356{
1357 struct sctp_chunk *retval;
1358 sctp_chunkhdr_t *chunk_hdr;
1359 struct sk_buff *skb;
1360 struct sock *sk;
1361
1362
1363 skb = alloc_skb(WORD_ROUND(sizeof(sctp_chunkhdr_t) + paylen),
1364 GFP_ATOMIC);
1365 if (!skb)
1366 goto nodata;
1367
1368
1369 chunk_hdr = (sctp_chunkhdr_t *)skb_put(skb, sizeof(sctp_chunkhdr_t));
1370 chunk_hdr->type = type;
1371 chunk_hdr->flags = flags;
1372 chunk_hdr->length = htons(sizeof(sctp_chunkhdr_t));
1373
1374 sk = asoc ? asoc->base.sk : NULL;
1375 retval = sctp_chunkify(skb, asoc, sk);
1376 if (!retval) {
1377 kfree_skb(skb);
1378 goto nodata;
1379 }
1380
1381 retval->chunk_hdr = chunk_hdr;
1382 retval->chunk_end = ((__u8 *)chunk_hdr) + sizeof(struct sctp_chunkhdr);
1383
1384
1385 if (sctp_auth_send_cid(type, asoc))
1386 retval->auth = 1;
1387
1388
1389 skb->sk = sk;
1390
1391 return retval;
1392nodata:
1393 return NULL;
1394}
1395
1396
1397
1398static void sctp_chunk_destroy(struct sctp_chunk *chunk)
1399{
1400 BUG_ON(!list_empty(&chunk->list));
1401 list_del_init(&chunk->transmitted_list);
1402
1403
1404 dev_kfree_skb(chunk->skb);
1405
1406 SCTP_DBG_OBJCNT_DEC(chunk);
1407 kmem_cache_free(sctp_chunk_cachep, chunk);
1408}
1409
1410
1411void sctp_chunk_free(struct sctp_chunk *chunk)
1412{
1413
1414 if (chunk->msg)
1415 sctp_datamsg_put(chunk->msg);
1416
1417 sctp_chunk_put(chunk);
1418}
1419
1420
1421void sctp_chunk_hold(struct sctp_chunk *ch)
1422{
1423 atomic_inc(&ch->refcnt);
1424}
1425
1426
1427void sctp_chunk_put(struct sctp_chunk *ch)
1428{
1429 if (atomic_dec_and_test(&ch->refcnt))
1430 sctp_chunk_destroy(ch);
1431}
1432
1433
1434
1435
1436void *sctp_addto_chunk(struct sctp_chunk *chunk, int len, const void *data)
1437{
1438 void *target;
1439 void *padding;
1440 int chunklen = ntohs(chunk->chunk_hdr->length);
1441 int padlen = WORD_ROUND(chunklen) - chunklen;
1442
1443 padding = skb_put(chunk->skb, padlen);
1444 target = skb_put(chunk->skb, len);
1445
1446 memset(padding, 0, padlen);
1447 memcpy(target, data, len);
1448
1449
1450 chunk->chunk_hdr->length = htons(chunklen + padlen + len);
1451 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1452
1453 return target;
1454}
1455
1456
1457
1458
1459void *sctp_addto_chunk_fixed(struct sctp_chunk *chunk,
1460 int len, const void *data)
1461{
1462 if (skb_tailroom(chunk->skb) >= len)
1463 return sctp_addto_chunk(chunk, len, data);
1464 else
1465 return NULL;
1466}
1467
1468
1469
1470
1471
1472int sctp_user_addto_chunk(struct sctp_chunk *chunk, int off, int len,
1473 struct iovec *data)
1474{
1475 __u8 *target;
1476 int err = 0;
1477
1478
1479 target = skb_put(chunk->skb, len);
1480
1481
1482 if ((err = memcpy_fromiovecend(target, data, off, len)))
1483 goto out;
1484
1485
1486 chunk->chunk_hdr->length =
1487 htons(ntohs(chunk->chunk_hdr->length) + len);
1488 chunk->chunk_end = skb_tail_pointer(chunk->skb);
1489
1490out:
1491 return err;
1492}
1493
1494
1495
1496
1497void sctp_chunk_assign_ssn(struct sctp_chunk *chunk)
1498{
1499 struct sctp_datamsg *msg;
1500 struct sctp_chunk *lchunk;
1501 struct sctp_stream *stream;
1502 __u16 ssn;
1503 __u16 sid;
1504
1505 if (chunk->has_ssn)
1506 return;
1507
1508
1509 sid = ntohs(chunk->subh.data_hdr->stream);
1510 stream = &chunk->asoc->ssnmap->out;
1511
1512
1513
1514
1515 msg = chunk->msg;
1516 list_for_each_entry(lchunk, &msg->chunks, frag_list) {
1517 if (lchunk->chunk_hdr->flags & SCTP_DATA_UNORDERED) {
1518 ssn = 0;
1519 } else {
1520 if (lchunk->chunk_hdr->flags & SCTP_DATA_LAST_FRAG)
1521 ssn = sctp_ssn_next(stream, sid);
1522 else
1523 ssn = sctp_ssn_peek(stream, sid);
1524 }
1525
1526 lchunk->subh.data_hdr->ssn = htons(ssn);
1527 lchunk->has_ssn = 1;
1528 }
1529}
1530
1531
1532
1533
1534void sctp_chunk_assign_tsn(struct sctp_chunk *chunk)
1535{
1536 if (!chunk->has_tsn) {
1537
1538
1539
1540 chunk->subh.data_hdr->tsn =
1541 htonl(sctp_association_get_next_tsn(chunk->asoc));
1542 chunk->has_tsn = 1;
1543 }
1544}
1545
1546
1547struct sctp_association *sctp_make_temp_asoc(const struct sctp_endpoint *ep,
1548 struct sctp_chunk *chunk,
1549 gfp_t gfp)
1550{
1551 struct sctp_association *asoc;
1552 struct sk_buff *skb;
1553 sctp_scope_t scope;
1554 struct sctp_af *af;
1555
1556
1557 scope = sctp_scope(sctp_source(chunk));
1558 asoc = sctp_association_new(ep, ep->base.sk, scope, gfp);
1559 if (!asoc)
1560 goto nodata;
1561 asoc->temp = 1;
1562 skb = chunk->skb;
1563
1564 af = sctp_get_af_specific(ipver2af(ip_hdr(skb)->version));
1565 if (unlikely(!af))
1566 goto fail;
1567 af->from_skb(&asoc->c.peer_addr, skb, 1);
1568nodata:
1569 return asoc;
1570
1571fail:
1572 sctp_association_free(asoc);
1573 return NULL;
1574}
1575
1576
1577
1578
1579static sctp_cookie_param_t *sctp_pack_cookie(const struct sctp_endpoint *ep,
1580 const struct sctp_association *asoc,
1581 const struct sctp_chunk *init_chunk,
1582 int *cookie_len,
1583 const __u8 *raw_addrs, int addrs_len)
1584{
1585 sctp_cookie_param_t *retval;
1586 struct sctp_signed_cookie *cookie;
1587 struct scatterlist sg;
1588 int headersize, bodysize;
1589
1590
1591
1592
1593 headersize = sizeof(sctp_paramhdr_t) +
1594 (sizeof(struct sctp_signed_cookie) -
1595 sizeof(struct sctp_cookie));
1596 bodysize = sizeof(struct sctp_cookie)
1597 + ntohs(init_chunk->chunk_hdr->length) + addrs_len;
1598
1599
1600
1601
1602 if (bodysize % SCTP_COOKIE_MULTIPLE)
1603 bodysize += SCTP_COOKIE_MULTIPLE
1604 - (bodysize % SCTP_COOKIE_MULTIPLE);
1605 *cookie_len = headersize + bodysize;
1606
1607
1608
1609
1610 retval = kzalloc(*cookie_len, GFP_ATOMIC);
1611 if (!retval)
1612 goto nodata;
1613
1614 cookie = (struct sctp_signed_cookie *) retval->body;
1615
1616
1617 retval->p.type = SCTP_PARAM_STATE_COOKIE;
1618 retval->p.length = htons(*cookie_len);
1619
1620
1621 cookie->c = asoc->c;
1622
1623 cookie->c.raw_addr_list_len = addrs_len;
1624
1625
1626 cookie->c.prsctp_capable = asoc->peer.prsctp_capable;
1627
1628
1629 cookie->c.adaptation_ind = asoc->peer.adaptation_ind;
1630
1631
1632 cookie->c.expiration = ktime_add(asoc->cookie_life,
1633 ktime_get());
1634
1635
1636 memcpy(&cookie->c.peer_init[0], init_chunk->chunk_hdr,
1637 ntohs(init_chunk->chunk_hdr->length));
1638
1639
1640 memcpy((__u8 *)&cookie->c.peer_init[0] +
1641 ntohs(init_chunk->chunk_hdr->length), raw_addrs, addrs_len);
1642
1643 if (sctp_sk(ep->base.sk)->hmac) {
1644 struct hash_desc desc;
1645
1646
1647 sg_init_one(&sg, &cookie->c, bodysize);
1648 desc.tfm = sctp_sk(ep->base.sk)->hmac;
1649 desc.flags = 0;
1650
1651 if (crypto_hash_setkey(desc.tfm, ep->secret_key,
1652 sizeof(ep->secret_key)) ||
1653 crypto_hash_digest(&desc, &sg, bodysize, cookie->signature))
1654 goto free_cookie;
1655 }
1656
1657 return retval;
1658
1659free_cookie:
1660 kfree(retval);
1661nodata:
1662 *cookie_len = 0;
1663 return NULL;
1664}
1665
1666
1667struct sctp_association *sctp_unpack_cookie(
1668 const struct sctp_endpoint *ep,
1669 const struct sctp_association *asoc,
1670 struct sctp_chunk *chunk, gfp_t gfp,
1671 int *error, struct sctp_chunk **errp)
1672{
1673 struct sctp_association *retval = NULL;
1674 struct sctp_signed_cookie *cookie;
1675 struct sctp_cookie *bear_cookie;
1676 int headersize, bodysize, fixed_size;
1677 __u8 *digest = ep->digest;
1678 struct scatterlist sg;
1679 unsigned int len;
1680 sctp_scope_t scope;
1681 struct sk_buff *skb = chunk->skb;
1682 ktime_t kt;
1683 struct hash_desc desc;
1684
1685
1686
1687
1688 headersize = sizeof(sctp_chunkhdr_t) +
1689 (sizeof(struct sctp_signed_cookie) -
1690 sizeof(struct sctp_cookie));
1691 bodysize = ntohs(chunk->chunk_hdr->length) - headersize;
1692 fixed_size = headersize + sizeof(struct sctp_cookie);
1693
1694
1695
1696
1697
1698 len = ntohs(chunk->chunk_hdr->length);
1699 if (len < fixed_size + sizeof(struct sctp_chunkhdr))
1700 goto malformed;
1701
1702
1703 if (bodysize % SCTP_COOKIE_MULTIPLE)
1704 goto malformed;
1705
1706
1707 cookie = chunk->subh.cookie_hdr;
1708 bear_cookie = &cookie->c;
1709
1710 if (!sctp_sk(ep->base.sk)->hmac)
1711 goto no_hmac;
1712
1713
1714 sg_init_one(&sg, bear_cookie, bodysize);
1715 desc.tfm = sctp_sk(ep->base.sk)->hmac;
1716 desc.flags = 0;
1717
1718 memset(digest, 0x00, SCTP_SIGNATURE_SIZE);
1719 if (crypto_hash_setkey(desc.tfm, ep->secret_key,
1720 sizeof(ep->secret_key)) ||
1721 crypto_hash_digest(&desc, &sg, bodysize, digest)) {
1722 *error = -SCTP_IERROR_NOMEM;
1723 goto fail;
1724 }
1725
1726 if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) {
1727 *error = -SCTP_IERROR_BAD_SIG;
1728 goto fail;
1729 }
1730
1731no_hmac:
1732
1733
1734
1735
1736
1737
1738
1739 if (ntohl(chunk->sctp_hdr->vtag) != bear_cookie->my_vtag) {
1740 *error = -SCTP_IERROR_BAD_TAG;
1741 goto fail;
1742 }
1743
1744 if (chunk->sctp_hdr->source != bear_cookie->peer_addr.v4.sin_port ||
1745 ntohs(chunk->sctp_hdr->dest) != bear_cookie->my_port) {
1746 *error = -SCTP_IERROR_BAD_PORTS;
1747 goto fail;
1748 }
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758 if (sock_flag(ep->base.sk, SOCK_TIMESTAMP))
1759 kt = skb_get_ktime(skb);
1760 else
1761 kt = ktime_get();
1762
1763 if (!asoc && ktime_compare(bear_cookie->expiration, kt) < 0) {
1764
1765
1766
1767
1768
1769
1770
1771
1772 len = ntohs(chunk->chunk_hdr->length);
1773 *errp = sctp_make_op_error_space(asoc, chunk, len);
1774 if (*errp) {
1775 suseconds_t usecs = ktime_to_us(ktime_sub(kt, bear_cookie->expiration));
1776 __be32 n = htonl(usecs);
1777
1778 sctp_init_cause(*errp, SCTP_ERROR_STALE_COOKIE,
1779 sizeof(n));
1780 sctp_addto_chunk(*errp, sizeof(n), &n);
1781 *error = -SCTP_IERROR_STALE_COOKIE;
1782 } else
1783 *error = -SCTP_IERROR_NOMEM;
1784
1785 goto fail;
1786 }
1787
1788
1789 scope = sctp_scope(sctp_source(chunk));
1790 retval = sctp_association_new(ep, ep->base.sk, scope, gfp);
1791 if (!retval) {
1792 *error = -SCTP_IERROR_NOMEM;
1793 goto fail;
1794 }
1795
1796
1797 retval->peer.port = ntohs(chunk->sctp_hdr->source);
1798
1799
1800 memcpy(&retval->c, bear_cookie, sizeof(*bear_cookie));
1801
1802 if (sctp_assoc_set_bind_addr_from_cookie(retval, bear_cookie,
1803 GFP_ATOMIC) < 0) {
1804 *error = -SCTP_IERROR_NOMEM;
1805 goto fail;
1806 }
1807
1808
1809 if (list_empty(&retval->base.bind_addr.address_list)) {
1810 sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
1811 SCTP_ADDR_SRC, GFP_ATOMIC);
1812 }
1813
1814 retval->next_tsn = retval->c.initial_tsn;
1815 retval->ctsn_ack_point = retval->next_tsn - 1;
1816 retval->addip_serial = retval->c.initial_tsn;
1817 retval->adv_peer_ack_point = retval->ctsn_ack_point;
1818 retval->peer.prsctp_capable = retval->c.prsctp_capable;
1819 retval->peer.adaptation_ind = retval->c.adaptation_ind;
1820
1821
1822 return retval;
1823
1824fail:
1825 if (retval)
1826 sctp_association_free(retval);
1827
1828 return NULL;
1829
1830malformed:
1831
1832
1833
1834 *error = -SCTP_IERROR_MALFORMED;
1835 goto fail;
1836}
1837
1838
1839
1840
1841
1842struct __sctp_missing {
1843 __be32 num_missing;
1844 __be16 type;
1845} __packed;
1846
1847
1848
1849
1850static int sctp_process_missing_param(const struct sctp_association *asoc,
1851 sctp_param_t paramtype,
1852 struct sctp_chunk *chunk,
1853 struct sctp_chunk **errp)
1854{
1855 struct __sctp_missing report;
1856 __u16 len;
1857
1858 len = WORD_ROUND(sizeof(report));
1859
1860
1861
1862
1863 if (!*errp)
1864 *errp = sctp_make_op_error_space(asoc, chunk, len);
1865
1866 if (*errp) {
1867 report.num_missing = htonl(1);
1868 report.type = paramtype;
1869 sctp_init_cause(*errp, SCTP_ERROR_MISS_PARAM,
1870 sizeof(report));
1871 sctp_addto_chunk(*errp, sizeof(report), &report);
1872 }
1873
1874
1875 return 0;
1876}
1877
1878
1879static int sctp_process_inv_mandatory(const struct sctp_association *asoc,
1880 struct sctp_chunk *chunk,
1881 struct sctp_chunk **errp)
1882{
1883
1884
1885 if (!*errp)
1886 *errp = sctp_make_op_error_space(asoc, chunk, 0);
1887
1888 if (*errp)
1889 sctp_init_cause(*errp, SCTP_ERROR_INV_PARAM, 0);
1890
1891
1892 return 0;
1893}
1894
1895static int sctp_process_inv_paramlength(const struct sctp_association *asoc,
1896 struct sctp_paramhdr *param,
1897 const struct sctp_chunk *chunk,
1898 struct sctp_chunk **errp)
1899{
1900
1901
1902
1903 if (*errp)
1904 sctp_chunk_free(*errp);
1905
1906
1907 *errp = sctp_make_violation_paramlen(asoc, chunk, param);
1908
1909 return 0;
1910}
1911
1912
1913
1914
1915
1916static int sctp_process_hn_param(const struct sctp_association *asoc,
1917 union sctp_params param,
1918 struct sctp_chunk *chunk,
1919 struct sctp_chunk **errp)
1920{
1921 __u16 len = ntohs(param.p->length);
1922
1923
1924
1925
1926
1927
1928 if (*errp)
1929 sctp_chunk_free(*errp);
1930
1931 *errp = sctp_make_op_error_space(asoc, chunk, len);
1932
1933 if (*errp) {
1934 sctp_init_cause(*errp, SCTP_ERROR_DNS_FAILED, len);
1935 sctp_addto_chunk(*errp, len, param.v);
1936 }
1937
1938
1939 return 0;
1940}
1941
1942static int sctp_verify_ext_param(struct net *net, union sctp_params param)
1943{
1944 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1945 int have_auth = 0;
1946 int have_asconf = 0;
1947 int i;
1948
1949 for (i = 0; i < num_ext; i++) {
1950 switch (param.ext->chunks[i]) {
1951 case SCTP_CID_AUTH:
1952 have_auth = 1;
1953 break;
1954 case SCTP_CID_ASCONF:
1955 case SCTP_CID_ASCONF_ACK:
1956 have_asconf = 1;
1957 break;
1958 }
1959 }
1960
1961
1962
1963
1964
1965
1966 if (net->sctp.addip_noauth)
1967 return 1;
1968
1969 if (net->sctp.addip_enable && !have_auth && have_asconf)
1970 return 0;
1971
1972 return 1;
1973}
1974
1975static void sctp_process_ext_param(struct sctp_association *asoc,
1976 union sctp_params param)
1977{
1978 struct net *net = sock_net(asoc->base.sk);
1979 __u16 num_ext = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
1980 int i;
1981
1982 for (i = 0; i < num_ext; i++) {
1983 switch (param.ext->chunks[i]) {
1984 case SCTP_CID_FWD_TSN:
1985 if (net->sctp.prsctp_enable &&
1986 !asoc->peer.prsctp_capable)
1987 asoc->peer.prsctp_capable = 1;
1988 break;
1989 case SCTP_CID_AUTH:
1990
1991
1992
1993 if (net->sctp.auth_enable)
1994 asoc->peer.auth_capable = 1;
1995 break;
1996 case SCTP_CID_ASCONF:
1997 case SCTP_CID_ASCONF_ACK:
1998 if (net->sctp.addip_enable)
1999 asoc->peer.asconf_capable = 1;
2000 break;
2001 default:
2002 break;
2003 }
2004 }
2005}
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032static sctp_ierror_t sctp_process_unk_param(const struct sctp_association *asoc,
2033 union sctp_params param,
2034 struct sctp_chunk *chunk,
2035 struct sctp_chunk **errp)
2036{
2037 int retval = SCTP_IERROR_NO_ERROR;
2038
2039 switch (param.p->type & SCTP_PARAM_ACTION_MASK) {
2040 case SCTP_PARAM_ACTION_DISCARD:
2041 retval = SCTP_IERROR_ERROR;
2042 break;
2043 case SCTP_PARAM_ACTION_SKIP:
2044 break;
2045 case SCTP_PARAM_ACTION_DISCARD_ERR:
2046 retval = SCTP_IERROR_ERROR;
2047
2048 case SCTP_PARAM_ACTION_SKIP_ERR:
2049
2050
2051
2052 if (NULL == *errp)
2053 *errp = sctp_make_op_error_fixed(asoc, chunk);
2054
2055 if (*errp) {
2056 if (!sctp_init_cause_fixed(*errp, SCTP_ERROR_UNKNOWN_PARAM,
2057 WORD_ROUND(ntohs(param.p->length))))
2058 sctp_addto_chunk_fixed(*errp,
2059 WORD_ROUND(ntohs(param.p->length)),
2060 param.v);
2061 } else {
2062
2063
2064
2065
2066
2067 retval = SCTP_IERROR_NOMEM;
2068 }
2069 break;
2070 default:
2071 break;
2072 }
2073
2074 return retval;
2075}
2076
2077
2078
2079
2080
2081
2082
2083
2084static sctp_ierror_t sctp_verify_param(struct net *net,
2085 const struct sctp_association *asoc,
2086 union sctp_params param,
2087 sctp_cid_t cid,
2088 struct sctp_chunk *chunk,
2089 struct sctp_chunk **err_chunk)
2090{
2091 struct sctp_hmac_algo_param *hmacs;
2092 int retval = SCTP_IERROR_NO_ERROR;
2093 __u16 n_elt, id = 0;
2094 int i;
2095
2096
2097
2098
2099
2100
2101 switch (param.p->type) {
2102 case SCTP_PARAM_IPV4_ADDRESS:
2103 case SCTP_PARAM_IPV6_ADDRESS:
2104 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2105 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2106 case SCTP_PARAM_STATE_COOKIE:
2107 case SCTP_PARAM_HEARTBEAT_INFO:
2108 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2109 case SCTP_PARAM_ECN_CAPABLE:
2110 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2111 break;
2112
2113 case SCTP_PARAM_SUPPORTED_EXT:
2114 if (!sctp_verify_ext_param(net, param))
2115 return SCTP_IERROR_ABORT;
2116 break;
2117
2118 case SCTP_PARAM_SET_PRIMARY:
2119 if (net->sctp.addip_enable)
2120 break;
2121 goto fallthrough;
2122
2123 case SCTP_PARAM_HOST_NAME_ADDRESS:
2124
2125 sctp_process_hn_param(asoc, param, chunk, err_chunk);
2126 retval = SCTP_IERROR_ABORT;
2127 break;
2128
2129 case SCTP_PARAM_FWD_TSN_SUPPORT:
2130 if (net->sctp.prsctp_enable)
2131 break;
2132 goto fallthrough;
2133
2134 case SCTP_PARAM_RANDOM:
2135 if (!net->sctp.auth_enable)
2136 goto fallthrough;
2137
2138
2139
2140
2141
2142
2143 if (SCTP_AUTH_RANDOM_LENGTH !=
2144 ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) {
2145 sctp_process_inv_paramlength(asoc, param.p,
2146 chunk, err_chunk);
2147 retval = SCTP_IERROR_ABORT;
2148 }
2149 break;
2150
2151 case SCTP_PARAM_CHUNKS:
2152 if (!net->sctp.auth_enable)
2153 goto fallthrough;
2154
2155
2156
2157
2158
2159
2160 if (260 < ntohs(param.p->length)) {
2161 sctp_process_inv_paramlength(asoc, param.p,
2162 chunk, err_chunk);
2163 retval = SCTP_IERROR_ABORT;
2164 }
2165 break;
2166
2167 case SCTP_PARAM_HMAC_ALGO:
2168 if (!net->sctp.auth_enable)
2169 goto fallthrough;
2170
2171 hmacs = (struct sctp_hmac_algo_param *)param.p;
2172 n_elt = (ntohs(param.p->length) - sizeof(sctp_paramhdr_t)) >> 1;
2173
2174
2175
2176
2177
2178 for (i = 0; i < n_elt; i++) {
2179 id = ntohs(hmacs->hmac_ids[i]);
2180
2181 if (id == SCTP_AUTH_HMAC_ID_SHA1)
2182 break;
2183 }
2184
2185 if (id != SCTP_AUTH_HMAC_ID_SHA1) {
2186 sctp_process_inv_paramlength(asoc, param.p, chunk,
2187 err_chunk);
2188 retval = SCTP_IERROR_ABORT;
2189 }
2190 break;
2191fallthrough:
2192 default:
2193 pr_debug("%s: unrecognized param:%d for chunk:%d\n",
2194 __func__, ntohs(param.p->type), cid);
2195
2196 retval = sctp_process_unk_param(asoc, param, chunk, err_chunk);
2197 break;
2198 }
2199 return retval;
2200}
2201
2202
2203int sctp_verify_init(struct net *net, const struct sctp_association *asoc,
2204 sctp_cid_t cid,
2205 sctp_init_chunk_t *peer_init,
2206 struct sctp_chunk *chunk,
2207 struct sctp_chunk **errp)
2208{
2209 union sctp_params param;
2210 int has_cookie = 0;
2211 int result;
2212
2213
2214 if ((0 == peer_init->init_hdr.num_outbound_streams) ||
2215 (0 == peer_init->init_hdr.num_inbound_streams) ||
2216 (0 == peer_init->init_hdr.init_tag) ||
2217 (SCTP_DEFAULT_MINWINDOW > ntohl(peer_init->init_hdr.a_rwnd))) {
2218
2219 return sctp_process_inv_mandatory(asoc, chunk, errp);
2220 }
2221
2222
2223 sctp_walk_params(param, peer_init, init_hdr.params) {
2224
2225 if (SCTP_PARAM_STATE_COOKIE == param.p->type)
2226 has_cookie = 1;
2227
2228 }
2229
2230
2231
2232
2233
2234
2235
2236
2237 if (param.v != (void*)chunk->chunk_end)
2238 return sctp_process_inv_paramlength(asoc, param.p, chunk, errp);
2239
2240
2241
2242
2243 if ((SCTP_CID_INIT_ACK == cid) && !has_cookie)
2244 return sctp_process_missing_param(asoc, SCTP_PARAM_STATE_COOKIE,
2245 chunk, errp);
2246
2247
2248 sctp_walk_params(param, peer_init, init_hdr.params) {
2249
2250 result = sctp_verify_param(net, asoc, param, cid, chunk, errp);
2251 switch (result) {
2252 case SCTP_IERROR_ABORT:
2253 case SCTP_IERROR_NOMEM:
2254 return 0;
2255 case SCTP_IERROR_ERROR:
2256 return 1;
2257 case SCTP_IERROR_NO_ERROR:
2258 default:
2259 break;
2260 }
2261
2262 }
2263
2264 return 1;
2265}
2266
2267
2268
2269
2270
2271int sctp_process_init(struct sctp_association *asoc, struct sctp_chunk *chunk,
2272 const union sctp_addr *peer_addr,
2273 sctp_init_chunk_t *peer_init, gfp_t gfp)
2274{
2275 struct net *net = sock_net(asoc->base.sk);
2276 union sctp_params param;
2277 struct sctp_transport *transport;
2278 struct list_head *pos, *temp;
2279 struct sctp_af *af;
2280 union sctp_addr addr;
2281 char *cookie;
2282 int src_match = 0;
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294 if(!sctp_assoc_add_peer(asoc, peer_addr, gfp, SCTP_ACTIVE))
2295 goto nomem;
2296
2297 if (sctp_cmp_addr_exact(sctp_source(chunk), peer_addr))
2298 src_match = 1;
2299
2300
2301 sctp_walk_params(param, peer_init, init_hdr.params) {
2302 if (!src_match && (param.p->type == SCTP_PARAM_IPV4_ADDRESS ||
2303 param.p->type == SCTP_PARAM_IPV6_ADDRESS)) {
2304 af = sctp_get_af_specific(param_type2af(param.p->type));
2305 af->from_addr_param(&addr, param.addr,
2306 chunk->sctp_hdr->source, 0);
2307 if (sctp_cmp_addr_exact(sctp_source(chunk), &addr))
2308 src_match = 1;
2309 }
2310
2311 if (!sctp_process_param(asoc, param, peer_addr, gfp))
2312 goto clean_up;
2313 }
2314
2315
2316 if (!src_match)
2317 goto clean_up;
2318
2319
2320
2321
2322 if (asoc->peer.auth_capable && (!asoc->peer.peer_random ||
2323 !asoc->peer.peer_hmacs))
2324 asoc->peer.auth_capable = 0;
2325
2326
2327
2328
2329
2330
2331
2332 if (!net->sctp.addip_noauth &&
2333 (asoc->peer.asconf_capable && !asoc->peer.auth_capable)) {
2334 asoc->peer.addip_disabled_mask |= (SCTP_PARAM_ADD_IP |
2335 SCTP_PARAM_DEL_IP |
2336 SCTP_PARAM_SET_PRIMARY);
2337 asoc->peer.asconf_capable = 0;
2338 goto clean_up;
2339 }
2340
2341
2342 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2343 transport = list_entry(pos, struct sctp_transport, transports);
2344 if (transport->state == SCTP_UNKNOWN) {
2345 sctp_assoc_rm_peer(asoc, transport);
2346 }
2347 }
2348
2349
2350
2351
2352 asoc->peer.i.init_tag =
2353 ntohl(peer_init->init_hdr.init_tag);
2354 asoc->peer.i.a_rwnd =
2355 ntohl(peer_init->init_hdr.a_rwnd);
2356 asoc->peer.i.num_outbound_streams =
2357 ntohs(peer_init->init_hdr.num_outbound_streams);
2358 asoc->peer.i.num_inbound_streams =
2359 ntohs(peer_init->init_hdr.num_inbound_streams);
2360 asoc->peer.i.initial_tsn =
2361 ntohl(peer_init->init_hdr.initial_tsn);
2362
2363
2364
2365
2366 if (asoc->c.sinit_num_ostreams >
2367 ntohs(peer_init->init_hdr.num_inbound_streams)) {
2368 asoc->c.sinit_num_ostreams =
2369 ntohs(peer_init->init_hdr.num_inbound_streams);
2370 }
2371
2372 if (asoc->c.sinit_max_instreams >
2373 ntohs(peer_init->init_hdr.num_outbound_streams)) {
2374 asoc->c.sinit_max_instreams =
2375 ntohs(peer_init->init_hdr.num_outbound_streams);
2376 }
2377
2378
2379 asoc->c.peer_vtag = asoc->peer.i.init_tag;
2380
2381
2382 asoc->peer.rwnd = asoc->peer.i.a_rwnd;
2383
2384
2385 cookie = asoc->peer.cookie;
2386 if (cookie) {
2387 asoc->peer.cookie = kmemdup(cookie, asoc->peer.cookie_len, gfp);
2388 if (!asoc->peer.cookie)
2389 goto clean_up;
2390 }
2391
2392
2393
2394
2395
2396 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
2397 transports) {
2398 transport->ssthresh = asoc->peer.i.a_rwnd;
2399 }
2400
2401
2402 if (!sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2403 asoc->peer.i.initial_tsn, gfp))
2404 goto clean_up;
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417 if (!asoc->temp) {
2418 int error;
2419
2420 asoc->ssnmap = sctp_ssnmap_new(asoc->c.sinit_max_instreams,
2421 asoc->c.sinit_num_ostreams, gfp);
2422 if (!asoc->ssnmap)
2423 goto clean_up;
2424
2425 error = sctp_assoc_set_id(asoc, gfp);
2426 if (error)
2427 goto clean_up;
2428 }
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440 asoc->peer.addip_serial = asoc->peer.i.initial_tsn - 1;
2441 return 1;
2442
2443clean_up:
2444
2445 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) {
2446 transport = list_entry(pos, struct sctp_transport, transports);
2447 if (transport->state != SCTP_ACTIVE)
2448 sctp_assoc_rm_peer(asoc, transport);
2449 }
2450
2451nomem:
2452 return 0;
2453}
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467static int sctp_process_param(struct sctp_association *asoc,
2468 union sctp_params param,
2469 const union sctp_addr *peer_addr,
2470 gfp_t gfp)
2471{
2472 struct net *net = sock_net(asoc->base.sk);
2473 union sctp_addr addr;
2474 int i;
2475 __u16 sat;
2476 int retval = 1;
2477 sctp_scope_t scope;
2478 time_t stale;
2479 struct sctp_af *af;
2480 union sctp_addr_param *addr_param;
2481 struct sctp_transport *t;
2482
2483
2484
2485
2486
2487 switch (param.p->type) {
2488 case SCTP_PARAM_IPV6_ADDRESS:
2489 if (PF_INET6 != asoc->base.sk->sk_family)
2490 break;
2491 goto do_addr_param;
2492
2493 case SCTP_PARAM_IPV4_ADDRESS:
2494
2495 if (ipv6_only_sock(asoc->base.sk))
2496 break;
2497do_addr_param:
2498 af = sctp_get_af_specific(param_type2af(param.p->type));
2499 af->from_addr_param(&addr, param.addr, htons(asoc->peer.port), 0);
2500 scope = sctp_scope(peer_addr);
2501 if (sctp_in_scope(net, &addr, scope))
2502 if (!sctp_assoc_add_peer(asoc, &addr, gfp, SCTP_UNCONFIRMED))
2503 return 0;
2504 break;
2505
2506 case SCTP_PARAM_COOKIE_PRESERVATIVE:
2507 if (!net->sctp.cookie_preserve_enable)
2508 break;
2509
2510 stale = ntohl(param.life->lifespan_increment);
2511
2512
2513
2514
2515 asoc->cookie_life = ktime_add_ms(asoc->cookie_life, stale);
2516 break;
2517
2518 case SCTP_PARAM_HOST_NAME_ADDRESS:
2519 pr_debug("%s: unimplemented SCTP_HOST_NAME_ADDRESS\n", __func__);
2520 break;
2521
2522 case SCTP_PARAM_SUPPORTED_ADDRESS_TYPES:
2523
2524
2525
2526 asoc->peer.ipv4_address = 0;
2527 asoc->peer.ipv6_address = 0;
2528
2529
2530
2531
2532 if (peer_addr->sa.sa_family == AF_INET6)
2533 asoc->peer.ipv6_address = 1;
2534 else if (peer_addr->sa.sa_family == AF_INET)
2535 asoc->peer.ipv4_address = 1;
2536
2537
2538 sat = ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2539 if (sat)
2540 sat /= sizeof(__u16);
2541
2542 for (i = 0; i < sat; ++i) {
2543 switch (param.sat->types[i]) {
2544 case SCTP_PARAM_IPV4_ADDRESS:
2545 asoc->peer.ipv4_address = 1;
2546 break;
2547
2548 case SCTP_PARAM_IPV6_ADDRESS:
2549 if (PF_INET6 == asoc->base.sk->sk_family)
2550 asoc->peer.ipv6_address = 1;
2551 break;
2552
2553 case SCTP_PARAM_HOST_NAME_ADDRESS:
2554 asoc->peer.hostname_address = 1;
2555 break;
2556
2557 default:
2558 break;
2559 }
2560 }
2561 break;
2562
2563 case SCTP_PARAM_STATE_COOKIE:
2564 asoc->peer.cookie_len =
2565 ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
2566 asoc->peer.cookie = param.cookie->body;
2567 break;
2568
2569 case SCTP_PARAM_HEARTBEAT_INFO:
2570
2571 break;
2572
2573 case SCTP_PARAM_UNRECOGNIZED_PARAMETERS:
2574
2575 break;
2576
2577 case SCTP_PARAM_ECN_CAPABLE:
2578 asoc->peer.ecn_capable = 1;
2579 break;
2580
2581 case SCTP_PARAM_ADAPTATION_LAYER_IND:
2582 asoc->peer.adaptation_ind = ntohl(param.aind->adaptation_ind);
2583 break;
2584
2585 case SCTP_PARAM_SET_PRIMARY:
2586 if (!net->sctp.addip_enable)
2587 goto fall_through;
2588
2589 addr_param = param.v + sizeof(sctp_addip_param_t);
2590
2591 af = sctp_get_af_specific(param_type2af(param.p->type));
2592 af->from_addr_param(&addr, addr_param,
2593 htons(asoc->peer.port), 0);
2594
2595
2596
2597
2598 if (!af->addr_valid(&addr, NULL, NULL))
2599 break;
2600
2601 t = sctp_assoc_lookup_paddr(asoc, &addr);
2602 if (!t)
2603 break;
2604
2605 sctp_assoc_set_primary(asoc, t);
2606 break;
2607
2608 case SCTP_PARAM_SUPPORTED_EXT:
2609 sctp_process_ext_param(asoc, param);
2610 break;
2611
2612 case SCTP_PARAM_FWD_TSN_SUPPORT:
2613 if (net->sctp.prsctp_enable) {
2614 asoc->peer.prsctp_capable = 1;
2615 break;
2616 }
2617
2618 goto fall_through;
2619
2620 case SCTP_PARAM_RANDOM:
2621 if (!net->sctp.auth_enable)
2622 goto fall_through;
2623
2624
2625 asoc->peer.peer_random = kmemdup(param.p,
2626 ntohs(param.p->length), gfp);
2627 if (!asoc->peer.peer_random) {
2628 retval = 0;
2629 break;
2630 }
2631 break;
2632
2633 case SCTP_PARAM_HMAC_ALGO:
2634 if (!net->sctp.auth_enable)
2635 goto fall_through;
2636
2637
2638 asoc->peer.peer_hmacs = kmemdup(param.p,
2639 ntohs(param.p->length), gfp);
2640 if (!asoc->peer.peer_hmacs) {
2641 retval = 0;
2642 break;
2643 }
2644
2645
2646 sctp_auth_asoc_set_default_hmac(asoc, param.hmac_algo);
2647 break;
2648
2649 case SCTP_PARAM_CHUNKS:
2650 if (!net->sctp.auth_enable)
2651 goto fall_through;
2652
2653 asoc->peer.peer_chunks = kmemdup(param.p,
2654 ntohs(param.p->length), gfp);
2655 if (!asoc->peer.peer_chunks)
2656 retval = 0;
2657 break;
2658fall_through:
2659 default:
2660
2661
2662
2663
2664
2665 pr_debug("%s: ignoring param:%d for association:%p.\n",
2666 __func__, ntohs(param.p->type), asoc);
2667 break;
2668 }
2669
2670 return retval;
2671}
2672
2673
2674__u32 sctp_generate_tag(const struct sctp_endpoint *ep)
2675{
2676
2677
2678
2679 __u32 x;
2680
2681 do {
2682 get_random_bytes(&x, sizeof(__u32));
2683 } while (x == 0);
2684
2685 return x;
2686}
2687
2688
2689__u32 sctp_generate_tsn(const struct sctp_endpoint *ep)
2690{
2691 __u32 retval;
2692
2693 get_random_bytes(&retval, sizeof(__u32));
2694 return retval;
2695}
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719static struct sctp_chunk *sctp_make_asconf(struct sctp_association *asoc,
2720 union sctp_addr *addr,
2721 int vparam_len)
2722{
2723 sctp_addiphdr_t asconf;
2724 struct sctp_chunk *retval;
2725 int length = sizeof(asconf) + vparam_len;
2726 union sctp_addr_param addrparam;
2727 int addrlen;
2728 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2729
2730 addrlen = af->to_addr_param(addr, &addrparam);
2731 if (!addrlen)
2732 return NULL;
2733 length += addrlen;
2734
2735
2736 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF, 0, length);
2737 if (!retval)
2738 return NULL;
2739
2740 asconf.serial = htonl(asoc->addip_serial++);
2741
2742 retval->subh.addip_hdr =
2743 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2744 retval->param_hdr.v =
2745 sctp_addto_chunk(retval, addrlen, &addrparam);
2746
2747 return retval;
2748}
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774struct sctp_chunk *sctp_make_asconf_update_ip(struct sctp_association *asoc,
2775 union sctp_addr *laddr,
2776 struct sockaddr *addrs,
2777 int addrcnt,
2778 __be16 flags)
2779{
2780 sctp_addip_param_t param;
2781 struct sctp_chunk *retval;
2782 union sctp_addr_param addr_param;
2783 union sctp_addr *addr;
2784 void *addr_buf;
2785 struct sctp_af *af;
2786 int paramlen = sizeof(param);
2787 int addr_param_len = 0;
2788 int totallen = 0;
2789 int i;
2790 int del_pickup = 0;
2791
2792
2793 addr_buf = addrs;
2794 for (i = 0; i < addrcnt; i++) {
2795 addr = addr_buf;
2796 af = sctp_get_af_specific(addr->v4.sin_family);
2797 addr_param_len = af->to_addr_param(addr, &addr_param);
2798
2799 totallen += paramlen;
2800 totallen += addr_param_len;
2801
2802 addr_buf += af->sockaddr_len;
2803 if (asoc->asconf_addr_del_pending && !del_pickup) {
2804
2805 totallen += paramlen;
2806 totallen += addr_param_len;
2807 del_pickup = 1;
2808
2809 pr_debug("%s: picked same-scope del_pending addr, "
2810 "totallen for all addresses is %d\n",
2811 __func__, totallen);
2812 }
2813 }
2814
2815
2816 retval = sctp_make_asconf(asoc, laddr, totallen);
2817 if (!retval)
2818 return NULL;
2819
2820
2821 addr_buf = addrs;
2822 for (i = 0; i < addrcnt; i++) {
2823 addr = addr_buf;
2824 af = sctp_get_af_specific(addr->v4.sin_family);
2825 addr_param_len = af->to_addr_param(addr, &addr_param);
2826 param.param_hdr.type = flags;
2827 param.param_hdr.length = htons(paramlen + addr_param_len);
2828 param.crr_id = i;
2829
2830 sctp_addto_chunk(retval, paramlen, ¶m);
2831 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2832
2833 addr_buf += af->sockaddr_len;
2834 }
2835 if (flags == SCTP_PARAM_ADD_IP && del_pickup) {
2836 addr = asoc->asconf_addr_del_pending;
2837 af = sctp_get_af_specific(addr->v4.sin_family);
2838 addr_param_len = af->to_addr_param(addr, &addr_param);
2839 param.param_hdr.type = SCTP_PARAM_DEL_IP;
2840 param.param_hdr.length = htons(paramlen + addr_param_len);
2841 param.crr_id = i;
2842
2843 sctp_addto_chunk(retval, paramlen, ¶m);
2844 sctp_addto_chunk(retval, addr_param_len, &addr_param);
2845 }
2846 return retval;
2847}
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863struct sctp_chunk *sctp_make_asconf_set_prim(struct sctp_association *asoc,
2864 union sctp_addr *addr)
2865{
2866 sctp_addip_param_t param;
2867 struct sctp_chunk *retval;
2868 int len = sizeof(param);
2869 union sctp_addr_param addrparam;
2870 int addrlen;
2871 struct sctp_af *af = sctp_get_af_specific(addr->v4.sin_family);
2872
2873 addrlen = af->to_addr_param(addr, &addrparam);
2874 if (!addrlen)
2875 return NULL;
2876 len += addrlen;
2877
2878
2879 retval = sctp_make_asconf(asoc, addr, len);
2880 if (!retval)
2881 return NULL;
2882
2883 param.param_hdr.type = SCTP_PARAM_SET_PRIMARY;
2884 param.param_hdr.length = htons(len);
2885 param.crr_id = 0;
2886
2887 sctp_addto_chunk(retval, sizeof(param), ¶m);
2888 sctp_addto_chunk(retval, addrlen, &addrparam);
2889
2890 return retval;
2891}
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912static struct sctp_chunk *sctp_make_asconf_ack(const struct sctp_association *asoc,
2913 __u32 serial, int vparam_len)
2914{
2915 sctp_addiphdr_t asconf;
2916 struct sctp_chunk *retval;
2917 int length = sizeof(asconf) + vparam_len;
2918
2919
2920 retval = sctp_make_chunk(asoc, SCTP_CID_ASCONF_ACK, 0, length);
2921 if (!retval)
2922 return NULL;
2923
2924 asconf.serial = htonl(serial);
2925
2926 retval->subh.addip_hdr =
2927 sctp_addto_chunk(retval, sizeof(asconf), &asconf);
2928
2929 return retval;
2930}
2931
2932
2933static void sctp_add_asconf_response(struct sctp_chunk *chunk, __be32 crr_id,
2934 __be16 err_code, sctp_addip_param_t *asconf_param)
2935{
2936 sctp_addip_param_t ack_param;
2937 sctp_errhdr_t err_param;
2938 int asconf_param_len = 0;
2939 int err_param_len = 0;
2940 __be16 response_type;
2941
2942 if (SCTP_ERROR_NO_ERROR == err_code) {
2943 response_type = SCTP_PARAM_SUCCESS_REPORT;
2944 } else {
2945 response_type = SCTP_PARAM_ERR_CAUSE;
2946 err_param_len = sizeof(err_param);
2947 if (asconf_param)
2948 asconf_param_len =
2949 ntohs(asconf_param->param_hdr.length);
2950 }
2951
2952
2953 ack_param.param_hdr.type = response_type;
2954 ack_param.param_hdr.length = htons(sizeof(ack_param) +
2955 err_param_len +
2956 asconf_param_len);
2957 ack_param.crr_id = crr_id;
2958 sctp_addto_chunk(chunk, sizeof(ack_param), &ack_param);
2959
2960 if (SCTP_ERROR_NO_ERROR == err_code)
2961 return;
2962
2963
2964 err_param.cause = err_code;
2965 err_param.length = htons(err_param_len + asconf_param_len);
2966 sctp_addto_chunk(chunk, err_param_len, &err_param);
2967
2968
2969 if (asconf_param)
2970 sctp_addto_chunk(chunk, asconf_param_len, asconf_param);
2971}
2972
2973
2974static __be16 sctp_process_asconf_param(struct sctp_association *asoc,
2975 struct sctp_chunk *asconf,
2976 sctp_addip_param_t *asconf_param)
2977{
2978 struct sctp_transport *peer;
2979 struct sctp_af *af;
2980 union sctp_addr addr;
2981 union sctp_addr_param *addr_param;
2982
2983 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
2984
2985 if (asconf_param->param_hdr.type != SCTP_PARAM_ADD_IP &&
2986 asconf_param->param_hdr.type != SCTP_PARAM_DEL_IP &&
2987 asconf_param->param_hdr.type != SCTP_PARAM_SET_PRIMARY)
2988 return SCTP_ERROR_UNKNOWN_PARAM;
2989
2990 switch (addr_param->p.type) {
2991 case SCTP_PARAM_IPV6_ADDRESS:
2992 if (!asoc->peer.ipv6_address)
2993 return SCTP_ERROR_DNS_FAILED;
2994 break;
2995 case SCTP_PARAM_IPV4_ADDRESS:
2996 if (!asoc->peer.ipv4_address)
2997 return SCTP_ERROR_DNS_FAILED;
2998 break;
2999 default:
3000 return SCTP_ERROR_DNS_FAILED;
3001 }
3002
3003 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3004 if (unlikely(!af))
3005 return SCTP_ERROR_DNS_FAILED;
3006
3007 af->from_addr_param(&addr, addr_param, htons(asoc->peer.port), 0);
3008
3009
3010
3011
3012
3013
3014 if (!af->is_any(&addr) && !af->addr_valid(&addr, NULL, asconf->skb))
3015 return SCTP_ERROR_DNS_FAILED;
3016
3017 switch (asconf_param->param_hdr.type) {
3018 case SCTP_PARAM_ADD_IP:
3019
3020
3021
3022
3023 if (af->is_any(&addr))
3024 memcpy(&addr, &asconf->source, sizeof(addr));
3025
3026
3027
3028
3029
3030
3031
3032
3033 peer = sctp_assoc_add_peer(asoc, &addr, GFP_ATOMIC, SCTP_UNCONFIRMED);
3034 if (!peer)
3035 return SCTP_ERROR_RSRC_LOW;
3036
3037
3038 if (!mod_timer(&peer->hb_timer, sctp_transport_timeout(peer)))
3039 sctp_transport_hold(peer);
3040 asoc->new_transport = peer;
3041 break;
3042 case SCTP_PARAM_DEL_IP:
3043
3044
3045
3046
3047
3048 if (asoc->peer.transport_count == 1)
3049 return SCTP_ERROR_DEL_LAST_IP;
3050
3051
3052
3053
3054
3055
3056
3057
3058 if (sctp_cmp_addr_exact(&asconf->source, &addr))
3059 return SCTP_ERROR_DEL_SRC_IP;
3060
3061
3062
3063
3064
3065
3066 if (af->is_any(&addr)) {
3067 sctp_assoc_set_primary(asoc, asconf->transport);
3068 sctp_assoc_del_nonprimary_peers(asoc,
3069 asconf->transport);
3070 } else
3071 sctp_assoc_del_peer(asoc, &addr);
3072 break;
3073 case SCTP_PARAM_SET_PRIMARY:
3074
3075
3076
3077
3078
3079 if (af->is_any(&addr))
3080 memcpy(&addr.v4, sctp_source(asconf), sizeof(addr));
3081
3082 peer = sctp_assoc_lookup_paddr(asoc, &addr);
3083 if (!peer)
3084 return SCTP_ERROR_DNS_FAILED;
3085
3086 sctp_assoc_set_primary(asoc, peer);
3087 break;
3088 }
3089
3090 return SCTP_ERROR_NO_ERROR;
3091}
3092
3093
3094int sctp_verify_asconf(const struct sctp_association *asoc,
3095 struct sctp_paramhdr *param_hdr, void *chunk_end,
3096 struct sctp_paramhdr **errp) {
3097 sctp_addip_param_t *asconf_param;
3098 union sctp_params param;
3099 int length, plen;
3100
3101 param.v = (sctp_paramhdr_t *) param_hdr;
3102 while (param.v <= chunk_end - sizeof(sctp_paramhdr_t)) {
3103 length = ntohs(param.p->length);
3104 *errp = param.p;
3105
3106 if (param.v > chunk_end - length ||
3107 length < sizeof(sctp_paramhdr_t))
3108 return 0;
3109
3110 switch (param.p->type) {
3111 case SCTP_PARAM_ADD_IP:
3112 case SCTP_PARAM_DEL_IP:
3113 case SCTP_PARAM_SET_PRIMARY:
3114 asconf_param = (sctp_addip_param_t *)param.v;
3115 plen = ntohs(asconf_param->param_hdr.length);
3116 if (plen < sizeof(sctp_addip_param_t) +
3117 sizeof(sctp_paramhdr_t))
3118 return 0;
3119 break;
3120 case SCTP_PARAM_SUCCESS_REPORT:
3121 case SCTP_PARAM_ADAPTATION_LAYER_IND:
3122 if (length != sizeof(sctp_addip_param_t))
3123 return 0;
3124
3125 break;
3126 default:
3127 break;
3128 }
3129
3130 param.v += WORD_ROUND(length);
3131 }
3132
3133 if (param.v != chunk_end)
3134 return 0;
3135
3136 return 1;
3137}
3138
3139
3140
3141
3142struct sctp_chunk *sctp_process_asconf(struct sctp_association *asoc,
3143 struct sctp_chunk *asconf)
3144{
3145 sctp_addiphdr_t *hdr;
3146 union sctp_addr_param *addr_param;
3147 sctp_addip_param_t *asconf_param;
3148 struct sctp_chunk *asconf_ack;
3149
3150 __be16 err_code;
3151 int length = 0;
3152 int chunk_len;
3153 __u32 serial;
3154 int all_param_pass = 1;
3155
3156 chunk_len = ntohs(asconf->chunk_hdr->length) - sizeof(sctp_chunkhdr_t);
3157 hdr = (sctp_addiphdr_t *)asconf->skb->data;
3158 serial = ntohl(hdr->serial);
3159
3160
3161 length = sizeof(sctp_addiphdr_t);
3162 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3163 chunk_len -= length;
3164
3165
3166
3167
3168 length = ntohs(addr_param->p.length);
3169 asconf_param = (void *)addr_param + length;
3170 chunk_len -= length;
3171
3172
3173
3174
3175
3176
3177 asconf_ack = sctp_make_asconf_ack(asoc, serial, chunk_len * 4);
3178 if (!asconf_ack)
3179 goto done;
3180
3181
3182 while (chunk_len > 0) {
3183 err_code = sctp_process_asconf_param(asoc, asconf,
3184 asconf_param);
3185
3186
3187
3188
3189
3190
3191
3192 if (SCTP_ERROR_NO_ERROR != err_code)
3193 all_param_pass = 0;
3194
3195 if (!all_param_pass)
3196 sctp_add_asconf_response(asconf_ack,
3197 asconf_param->crr_id, err_code,
3198 asconf_param);
3199
3200
3201
3202
3203
3204
3205 if (SCTP_ERROR_RSRC_LOW == err_code)
3206 goto done;
3207
3208
3209 length = ntohs(asconf_param->param_hdr.length);
3210 asconf_param = (void *)asconf_param + length;
3211 chunk_len -= length;
3212 }
3213
3214done:
3215 asoc->peer.addip_serial++;
3216
3217
3218
3219
3220 if (asconf_ack) {
3221 sctp_chunk_hold(asconf_ack);
3222 list_add_tail(&asconf_ack->transmitted_list,
3223 &asoc->asconf_ack_list);
3224 }
3225
3226 return asconf_ack;
3227}
3228
3229
3230static void sctp_asconf_param_success(struct sctp_association *asoc,
3231 sctp_addip_param_t *asconf_param)
3232{
3233 struct sctp_af *af;
3234 union sctp_addr addr;
3235 struct sctp_bind_addr *bp = &asoc->base.bind_addr;
3236 union sctp_addr_param *addr_param;
3237 struct sctp_transport *transport;
3238 struct sctp_sockaddr_entry *saddr;
3239
3240 addr_param = (void *)asconf_param + sizeof(sctp_addip_param_t);
3241
3242
3243 af = sctp_get_af_specific(param_type2af(addr_param->p.type));
3244 af->from_addr_param(&addr, addr_param, htons(bp->port), 0);
3245
3246 switch (asconf_param->param_hdr.type) {
3247 case SCTP_PARAM_ADD_IP:
3248
3249
3250
3251 local_bh_disable();
3252 list_for_each_entry(saddr, &bp->address_list, list) {
3253 if (sctp_cmp_addr_exact(&saddr->a, &addr))
3254 saddr->state = SCTP_ADDR_SRC;
3255 }
3256 local_bh_enable();
3257 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3258 transports) {
3259 dst_release(transport->dst);
3260 transport->dst = NULL;
3261 }
3262 break;
3263 case SCTP_PARAM_DEL_IP:
3264 local_bh_disable();
3265 sctp_del_bind_addr(bp, &addr);
3266 if (asoc->asconf_addr_del_pending != NULL &&
3267 sctp_cmp_addr_exact(asoc->asconf_addr_del_pending, &addr)) {
3268 kfree(asoc->asconf_addr_del_pending);
3269 asoc->asconf_addr_del_pending = NULL;
3270 }
3271 local_bh_enable();
3272 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
3273 transports) {
3274 dst_release(transport->dst);
3275 transport->dst = NULL;
3276 }
3277 break;
3278 default:
3279 break;
3280 }
3281}
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292static __be16 sctp_get_asconf_response(struct sctp_chunk *asconf_ack,
3293 sctp_addip_param_t *asconf_param,
3294 int no_err)
3295{
3296 sctp_addip_param_t *asconf_ack_param;
3297 sctp_errhdr_t *err_param;
3298 int length;
3299 int asconf_ack_len;
3300 __be16 err_code;
3301
3302 if (no_err)
3303 err_code = SCTP_ERROR_NO_ERROR;
3304 else
3305 err_code = SCTP_ERROR_REQ_REFUSED;
3306
3307 asconf_ack_len = ntohs(asconf_ack->chunk_hdr->length) -
3308 sizeof(sctp_chunkhdr_t);
3309
3310
3311
3312
3313 length = sizeof(sctp_addiphdr_t);
3314 asconf_ack_param = (sctp_addip_param_t *)(asconf_ack->skb->data +
3315 length);
3316 asconf_ack_len -= length;
3317
3318 while (asconf_ack_len > 0) {
3319 if (asconf_ack_param->crr_id == asconf_param->crr_id) {
3320 switch(asconf_ack_param->param_hdr.type) {
3321 case SCTP_PARAM_SUCCESS_REPORT:
3322 return SCTP_ERROR_NO_ERROR;
3323 case SCTP_PARAM_ERR_CAUSE:
3324 length = sizeof(sctp_addip_param_t);
3325 err_param = (void *)asconf_ack_param + length;
3326 asconf_ack_len -= length;
3327 if (asconf_ack_len > 0)
3328 return err_param->cause;
3329 else
3330 return SCTP_ERROR_INV_PARAM;
3331 break;
3332 default:
3333 return SCTP_ERROR_INV_PARAM;
3334 }
3335 }
3336
3337 length = ntohs(asconf_ack_param->param_hdr.length);
3338 asconf_ack_param = (void *)asconf_ack_param + length;
3339 asconf_ack_len -= length;
3340 }
3341
3342 return err_code;
3343}
3344
3345
3346int sctp_process_asconf_ack(struct sctp_association *asoc,
3347 struct sctp_chunk *asconf_ack)
3348{
3349 struct sctp_chunk *asconf = asoc->addip_last_asconf;
3350 union sctp_addr_param *addr_param;
3351 sctp_addip_param_t *asconf_param;
3352 int length = 0;
3353 int asconf_len = asconf->skb->len;
3354 int all_param_pass = 0;
3355 int no_err = 1;
3356 int retval = 0;
3357 __be16 err_code = SCTP_ERROR_NO_ERROR;
3358
3359
3360
3361
3362 length = sizeof(sctp_addip_chunk_t);
3363 addr_param = (union sctp_addr_param *)(asconf->skb->data + length);
3364 asconf_len -= length;
3365
3366
3367
3368
3369 length = ntohs(addr_param->p.length);
3370 asconf_param = (void *)addr_param + length;
3371 asconf_len -= length;
3372
3373
3374
3375
3376
3377
3378 if (asconf_ack->skb->len == sizeof(sctp_addiphdr_t))
3379 all_param_pass = 1;
3380
3381
3382 while (asconf_len > 0) {
3383 if (all_param_pass)
3384 err_code = SCTP_ERROR_NO_ERROR;
3385 else {
3386 err_code = sctp_get_asconf_response(asconf_ack,
3387 asconf_param,
3388 no_err);
3389 if (no_err && (SCTP_ERROR_NO_ERROR != err_code))
3390 no_err = 0;
3391 }
3392
3393 switch (err_code) {
3394 case SCTP_ERROR_NO_ERROR:
3395 sctp_asconf_param_success(asoc, asconf_param);
3396 break;
3397
3398 case SCTP_ERROR_RSRC_LOW:
3399 retval = 1;
3400 break;
3401
3402 case SCTP_ERROR_UNKNOWN_PARAM:
3403
3404
3405
3406 asoc->peer.addip_disabled_mask |=
3407 asconf_param->param_hdr.type;
3408 break;
3409
3410 case SCTP_ERROR_REQ_REFUSED:
3411 case SCTP_ERROR_DEL_LAST_IP:
3412 case SCTP_ERROR_DEL_SRC_IP:
3413 default:
3414 break;
3415 }
3416
3417
3418
3419
3420 length = ntohs(asconf_param->param_hdr.length);
3421 asconf_param = (void *)asconf_param + length;
3422 asconf_len -= length;
3423 }
3424
3425 if (no_err && asoc->src_out_of_asoc_ok) {
3426 asoc->src_out_of_asoc_ok = 0;
3427 sctp_transport_immediate_rtx(asoc->peer.primary_path);
3428 }
3429
3430
3431 list_del_init(&asconf->transmitted_list);
3432 sctp_chunk_free(asconf);
3433 asoc->addip_last_asconf = NULL;
3434
3435 return retval;
3436}
3437
3438
3439struct sctp_chunk *sctp_make_fwdtsn(const struct sctp_association *asoc,
3440 __u32 new_cum_tsn, size_t nstreams,
3441 struct sctp_fwdtsn_skip *skiplist)
3442{
3443 struct sctp_chunk *retval = NULL;
3444 struct sctp_fwdtsn_hdr ftsn_hdr;
3445 struct sctp_fwdtsn_skip skip;
3446 size_t hint;
3447 int i;
3448
3449 hint = (nstreams + 1) * sizeof(__u32);
3450
3451 retval = sctp_make_chunk(asoc, SCTP_CID_FWD_TSN, 0, hint);
3452
3453 if (!retval)
3454 return NULL;
3455
3456 ftsn_hdr.new_cum_tsn = htonl(new_cum_tsn);
3457 retval->subh.fwdtsn_hdr =
3458 sctp_addto_chunk(retval, sizeof(ftsn_hdr), &ftsn_hdr);
3459
3460 for (i = 0; i < nstreams; i++) {
3461 skip.stream = skiplist[i].stream;
3462 skip.ssn = skiplist[i].ssn;
3463 sctp_addto_chunk(retval, sizeof(skip), &skip);
3464 }
3465
3466 return retval;
3467}
3468