1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45#include <linux/types.h>
46#include <linux/list.h>
47#include <linux/socket.h>
48#include <linux/ip.h>
49#include <linux/time.h>
50#include <linux/slab.h>
51#include <net/ip.h>
52#include <net/icmp.h>
53#include <net/snmp.h>
54#include <net/sock.h>
55#include <net/xfrm.h>
56#include <net/sctp/sctp.h>
57#include <net/sctp/sm.h>
58#include <net/sctp/checksum.h>
59#include <net/net_namespace.h>
60
61
62static int sctp_rcv_ootb(struct sk_buff *);
63static struct sctp_association *__sctp_rcv_lookup(struct net *net,
64 struct sk_buff *skb,
65 const union sctp_addr *paddr,
66 const union sctp_addr *laddr,
67 struct sctp_transport **transportp);
68static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(struct net *net,
69 const union sctp_addr *laddr);
70static struct sctp_association *__sctp_lookup_association(
71 struct net *net,
72 const union sctp_addr *local,
73 const union sctp_addr *peer,
74 struct sctp_transport **pt);
75
76static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb);
77
78
79
80static inline int sctp_rcv_checksum(struct net *net, struct sk_buff *skb)
81{
82 struct sctphdr *sh = sctp_hdr(skb);
83 __le32 cmp = sh->checksum;
84 __le32 val = sctp_compute_cksum(skb, 0);
85
86 if (val != cmp) {
87
88 SCTP_INC_STATS_BH(net, SCTP_MIB_CHECKSUMERRORS);
89 return -1;
90 }
91 return 0;
92}
93
94struct sctp_input_cb {
95 union {
96 struct inet_skb_parm h4;
97#if IS_ENABLED(CONFIG_IPV6)
98 struct inet6_skb_parm h6;
99#endif
100 } header;
101 struct sctp_chunk *chunk;
102};
103#define SCTP_INPUT_CB(__skb) ((struct sctp_input_cb *)&((__skb)->cb[0]))
104
105
106
107
108int sctp_rcv(struct sk_buff *skb)
109{
110 struct sock *sk;
111 struct sctp_association *asoc;
112 struct sctp_endpoint *ep = NULL;
113 struct sctp_ep_common *rcvr;
114 struct sctp_transport *transport = NULL;
115 struct sctp_chunk *chunk;
116 struct sctphdr *sh;
117 union sctp_addr src;
118 union sctp_addr dest;
119 int family;
120 struct sctp_af *af;
121 struct net *net = dev_net(skb->dev);
122
123 if (skb->pkt_type!=PACKET_HOST)
124 goto discard_it;
125
126 SCTP_INC_STATS_BH(net, SCTP_MIB_INSCTPPACKS);
127
128 if (skb_linearize(skb))
129 goto discard_it;
130
131 sh = sctp_hdr(skb);
132
133
134 __skb_pull(skb, skb_transport_offset(skb));
135 if (skb->len < sizeof(struct sctphdr))
136 goto discard_it;
137 if (!sctp_checksum_disable && !skb_csum_unnecessary(skb) &&
138 sctp_rcv_checksum(net, skb) < 0)
139 goto discard_it;
140
141 skb_pull(skb, sizeof(struct sctphdr));
142
143
144 if (skb->len < sizeof(struct sctp_chunkhdr))
145 goto discard_it;
146
147 family = ipver2af(ip_hdr(skb)->version);
148 af = sctp_get_af_specific(family);
149 if (unlikely(!af))
150 goto discard_it;
151
152
153 af->from_skb(&src, skb, 1);
154 af->from_skb(&dest, skb, 0);
155
156
157
158
159
160
161
162
163
164
165
166
167 if (!af->addr_valid(&src, NULL, skb) ||
168 !af->addr_valid(&dest, NULL, skb))
169 goto discard_it;
170
171 asoc = __sctp_rcv_lookup(net, skb, &src, &dest, &transport);
172
173 if (!asoc)
174 ep = __sctp_rcv_lookup_endpoint(net, &dest);
175
176
177 rcvr = asoc ? &asoc->base : &ep->base;
178 sk = rcvr->sk;
179
180
181
182
183
184 if (sk->sk_bound_dev_if && (sk->sk_bound_dev_if != af->skb_iif(skb)))
185 {
186 if (asoc) {
187 sctp_association_put(asoc);
188 asoc = NULL;
189 } else {
190 sctp_endpoint_put(ep);
191 ep = NULL;
192 }
193 sk = net->sctp.ctl_sock;
194 ep = sctp_sk(sk)->ep;
195 sctp_endpoint_hold(ep);
196 rcvr = &ep->base;
197 }
198
199
200
201
202
203
204
205
206
207 if (!asoc) {
208 if (sctp_rcv_ootb(skb)) {
209 SCTP_INC_STATS_BH(net, SCTP_MIB_OUTOFBLUES);
210 goto discard_release;
211 }
212 }
213
214 if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family))
215 goto discard_release;
216 nf_reset(skb);
217
218 if (sk_filter(sk, skb))
219 goto discard_release;
220
221
222 chunk = sctp_chunkify(skb, asoc, sk);
223 if (!chunk)
224 goto discard_release;
225 SCTP_INPUT_CB(skb)->chunk = chunk;
226
227
228 chunk->rcvr = rcvr;
229
230
231 chunk->sctp_hdr = sh;
232
233
234 sctp_init_addrs(chunk, &src, &dest);
235
236
237 chunk->transport = transport;
238
239
240
241
242
243 sctp_bh_lock_sock(sk);
244
245 if (sk != rcvr->sk) {
246
247
248
249
250
251
252
253 sctp_bh_unlock_sock(sk);
254 sk = rcvr->sk;
255 sctp_bh_lock_sock(sk);
256 }
257
258 if (sock_owned_by_user(sk)) {
259 if (sctp_add_backlog(sk, skb)) {
260 sctp_bh_unlock_sock(sk);
261 sctp_chunk_free(chunk);
262 skb = NULL;
263 goto discard_release;
264 }
265 SCTP_INC_STATS_BH(net, SCTP_MIB_IN_PKT_BACKLOG);
266 } else {
267 SCTP_INC_STATS_BH(net, SCTP_MIB_IN_PKT_SOFTIRQ);
268 sctp_inq_push(&chunk->rcvr->inqueue, chunk);
269 }
270
271 sctp_bh_unlock_sock(sk);
272
273
274 if (asoc)
275 sctp_association_put(asoc);
276 else
277 sctp_endpoint_put(ep);
278
279 return 0;
280
281discard_it:
282 SCTP_INC_STATS_BH(net, SCTP_MIB_IN_PKT_DISCARDS);
283 kfree_skb(skb);
284 return 0;
285
286discard_release:
287
288 if (asoc)
289 sctp_association_put(asoc);
290 else
291 sctp_endpoint_put(ep);
292
293 goto discard_it;
294}
295
296
297
298
299
300
301int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
302{
303 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk;
304 struct sctp_inq *inqueue = &chunk->rcvr->inqueue;
305 struct sctp_ep_common *rcvr = NULL;
306 int backloged = 0;
307
308 rcvr = chunk->rcvr;
309
310
311
312
313
314 if (rcvr->dead) {
315 sctp_chunk_free(chunk);
316 goto done;
317 }
318
319 if (unlikely(rcvr->sk != sk)) {
320
321
322
323
324
325
326
327
328
329
330
331 sk = rcvr->sk;
332 sctp_bh_lock_sock(sk);
333
334 if (sock_owned_by_user(sk)) {
335 if (sk_add_backlog(sk, skb, sk->sk_rcvbuf))
336 sctp_chunk_free(chunk);
337 else
338 backloged = 1;
339 } else
340 sctp_inq_push(inqueue, chunk);
341
342 sctp_bh_unlock_sock(sk);
343
344
345 if (backloged)
346 return 0;
347 } else {
348 sctp_inq_push(inqueue, chunk);
349 }
350
351done:
352
353 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
354 sctp_association_put(sctp_assoc(rcvr));
355 else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
356 sctp_endpoint_put(sctp_ep(rcvr));
357 else
358 BUG();
359
360 return 0;
361}
362
363static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb)
364{
365 struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk;
366 struct sctp_ep_common *rcvr = chunk->rcvr;
367 int ret;
368
369 ret = sk_add_backlog(sk, skb, sk->sk_rcvbuf);
370 if (!ret) {
371
372
373
374
375 if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
376 sctp_association_hold(sctp_assoc(rcvr));
377 else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
378 sctp_endpoint_hold(sctp_ep(rcvr));
379 else
380 BUG();
381 }
382 return ret;
383
384}
385
386
387void sctp_icmp_frag_needed(struct sock *sk, struct sctp_association *asoc,
388 struct sctp_transport *t, __u32 pmtu)
389{
390 if (!t || (t->pathmtu <= pmtu))
391 return;
392
393 if (sock_owned_by_user(sk)) {
394 asoc->pmtu_pending = 1;
395 t->pmtu_pending = 1;
396 return;
397 }
398
399 if (t->param_flags & SPP_PMTUD_ENABLE) {
400
401 sctp_transport_update_pmtu(sk, t, pmtu);
402
403
404 sctp_assoc_sync_pmtu(sk, asoc);
405 }
406
407
408
409
410
411
412
413 sctp_retransmit(&asoc->outqueue, t, SCTP_RTXR_PMTUD);
414}
415
416void sctp_icmp_redirect(struct sock *sk, struct sctp_transport *t,
417 struct sk_buff *skb)
418{
419 struct dst_entry *dst;
420
421 if (!t)
422 return;
423 dst = sctp_transport_dst_check(t);
424 if (dst)
425 dst->ops->redirect(dst, sk, skb);
426}
427
428
429
430
431
432
433
434
435
436
437
438
439void sctp_icmp_proto_unreachable(struct sock *sk,
440 struct sctp_association *asoc,
441 struct sctp_transport *t)
442{
443 if (sock_owned_by_user(sk)) {
444 if (timer_pending(&t->proto_unreach_timer))
445 return;
446 else {
447 if (!mod_timer(&t->proto_unreach_timer,
448 jiffies + (HZ/20)))
449 sctp_association_hold(asoc);
450 }
451 } else {
452 struct net *net = sock_net(sk);
453
454 pr_debug("%s: unrecognized next header type "
455 "encountered!\n", __func__);
456
457 if (del_timer(&t->proto_unreach_timer))
458 sctp_association_put(asoc);
459
460 sctp_do_sm(net, SCTP_EVENT_T_OTHER,
461 SCTP_ST_OTHER(SCTP_EVENT_ICMP_PROTO_UNREACH),
462 asoc->state, asoc->ep, asoc, t,
463 GFP_ATOMIC);
464 }
465}
466
467
468struct sock *sctp_err_lookup(struct net *net, int family, struct sk_buff *skb,
469 struct sctphdr *sctphdr,
470 struct sctp_association **app,
471 struct sctp_transport **tpp)
472{
473 union sctp_addr saddr;
474 union sctp_addr daddr;
475 struct sctp_af *af;
476 struct sock *sk = NULL;
477 struct sctp_association *asoc;
478 struct sctp_transport *transport = NULL;
479 struct sctp_init_chunk *chunkhdr;
480 __u32 vtag = ntohl(sctphdr->vtag);
481 int len = skb->len - ((void *)sctphdr - (void *)skb->data);
482
483 *app = NULL; *tpp = NULL;
484
485 af = sctp_get_af_specific(family);
486 if (unlikely(!af)) {
487 return NULL;
488 }
489
490
491 af->from_skb(&saddr, skb, 1);
492 af->from_skb(&daddr, skb, 0);
493
494
495
496
497 asoc = __sctp_lookup_association(net, &saddr, &daddr, &transport);
498 if (!asoc)
499 return NULL;
500
501 sk = asoc->base.sk;
502
503
504
505
506
507
508
509
510
511
512
513
514
515 if (vtag == 0) {
516 chunkhdr = (void *)sctphdr + sizeof(struct sctphdr);
517 if (len < sizeof(struct sctphdr) + sizeof(sctp_chunkhdr_t)
518 + sizeof(__be32) ||
519 chunkhdr->chunk_hdr.type != SCTP_CID_INIT ||
520 ntohl(chunkhdr->init_hdr.init_tag) != asoc->c.my_vtag) {
521 goto out;
522 }
523 } else if (vtag != asoc->c.peer_vtag) {
524 goto out;
525 }
526
527 sctp_bh_lock_sock(sk);
528
529
530
531
532 if (sock_owned_by_user(sk))
533 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
534
535 *app = asoc;
536 *tpp = transport;
537 return sk;
538
539out:
540 if (asoc)
541 sctp_association_put(asoc);
542 return NULL;
543}
544
545
546void sctp_err_finish(struct sock *sk, struct sctp_association *asoc)
547{
548 sctp_bh_unlock_sock(sk);
549 if (asoc)
550 sctp_association_put(asoc);
551}
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568void sctp_v4_err(struct sk_buff *skb, __u32 info)
569{
570 const struct iphdr *iph = (const struct iphdr *)skb->data;
571 const int ihlen = iph->ihl * 4;
572 const int type = icmp_hdr(skb)->type;
573 const int code = icmp_hdr(skb)->code;
574 struct sock *sk;
575 struct sctp_association *asoc = NULL;
576 struct sctp_transport *transport;
577 struct inet_sock *inet;
578 __u16 saveip, savesctp;
579 int err;
580 struct net *net = dev_net(skb->dev);
581
582 if (skb->len < ihlen + 8) {
583 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
584 return;
585 }
586
587
588 saveip = skb->network_header;
589 savesctp = skb->transport_header;
590 skb_reset_network_header(skb);
591 skb_set_transport_header(skb, ihlen);
592 sk = sctp_err_lookup(net, AF_INET, skb, sctp_hdr(skb), &asoc, &transport);
593
594 skb->network_header = saveip;
595 skb->transport_header = savesctp;
596 if (!sk) {
597 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
598 return;
599 }
600
601
602
603
604 switch (type) {
605 case ICMP_PARAMETERPROB:
606 err = EPROTO;
607 break;
608 case ICMP_DEST_UNREACH:
609 if (code > NR_ICMP_UNREACH)
610 goto out_unlock;
611
612
613 if (ICMP_FRAG_NEEDED == code) {
614 sctp_icmp_frag_needed(sk, asoc, transport, info);
615 goto out_unlock;
616 }
617 else {
618 if (ICMP_PROT_UNREACH == code) {
619 sctp_icmp_proto_unreachable(sk, asoc,
620 transport);
621 goto out_unlock;
622 }
623 }
624 err = icmp_err_convert[code].errno;
625 break;
626 case ICMP_TIME_EXCEEDED:
627
628
629
630 if (ICMP_EXC_FRAGTIME == code)
631 goto out_unlock;
632
633 err = EHOSTUNREACH;
634 break;
635 case ICMP_REDIRECT:
636 sctp_icmp_redirect(sk, transport, skb);
637
638 default:
639 goto out_unlock;
640 }
641
642 inet = inet_sk(sk);
643 if (!sock_owned_by_user(sk) && inet->recverr) {
644 sk->sk_err = err;
645 sk->sk_error_report(sk);
646 } else {
647 sk->sk_err_soft = err;
648 }
649
650out_unlock:
651 sctp_err_finish(sk, asoc);
652}
653
654
655
656
657
658
659
660
661
662
663
664
665
666static int sctp_rcv_ootb(struct sk_buff *skb)
667{
668 sctp_chunkhdr_t *ch;
669 __u8 *ch_end;
670
671 ch = (sctp_chunkhdr_t *) skb->data;
672
673
674 do {
675
676 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t))
677 break;
678
679 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
680 if (ch_end > skb_tail_pointer(skb))
681 break;
682
683
684
685
686
687 if (SCTP_CID_ABORT == ch->type)
688 goto discard;
689
690
691
692
693
694 if (SCTP_CID_SHUTDOWN_COMPLETE == ch->type)
695 goto discard;
696
697
698
699
700
701
702 if (SCTP_CID_INIT == ch->type && (void *)ch != skb->data)
703 goto discard;
704
705 ch = (sctp_chunkhdr_t *) ch_end;
706 } while (ch_end < skb_tail_pointer(skb));
707
708 return 0;
709
710discard:
711 return 1;
712}
713
714
715static void __sctp_hash_endpoint(struct sctp_endpoint *ep)
716{
717 struct net *net = sock_net(ep->base.sk);
718 struct sctp_ep_common *epb;
719 struct sctp_hashbucket *head;
720
721 epb = &ep->base;
722
723 epb->hashent = sctp_ep_hashfn(net, epb->bind_addr.port);
724 head = &sctp_ep_hashtable[epb->hashent];
725
726 sctp_write_lock(&head->lock);
727 hlist_add_head(&epb->node, &head->chain);
728 sctp_write_unlock(&head->lock);
729}
730
731
732void sctp_hash_endpoint(struct sctp_endpoint *ep)
733{
734 sctp_local_bh_disable();
735 __sctp_hash_endpoint(ep);
736 sctp_local_bh_enable();
737}
738
739
740static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
741{
742 struct net *net = sock_net(ep->base.sk);
743 struct sctp_hashbucket *head;
744 struct sctp_ep_common *epb;
745
746 epb = &ep->base;
747
748 epb->hashent = sctp_ep_hashfn(net, epb->bind_addr.port);
749
750 head = &sctp_ep_hashtable[epb->hashent];
751
752 sctp_write_lock(&head->lock);
753 hlist_del_init(&epb->node);
754 sctp_write_unlock(&head->lock);
755}
756
757
758void sctp_unhash_endpoint(struct sctp_endpoint *ep)
759{
760 sctp_local_bh_disable();
761 __sctp_unhash_endpoint(ep);
762 sctp_local_bh_enable();
763}
764
765
766static struct sctp_endpoint *__sctp_rcv_lookup_endpoint(struct net *net,
767 const union sctp_addr *laddr)
768{
769 struct sctp_hashbucket *head;
770 struct sctp_ep_common *epb;
771 struct sctp_endpoint *ep;
772 int hash;
773
774 hash = sctp_ep_hashfn(net, ntohs(laddr->v4.sin_port));
775 head = &sctp_ep_hashtable[hash];
776 read_lock(&head->lock);
777 sctp_for_each_hentry(epb, &head->chain) {
778 ep = sctp_ep(epb);
779 if (sctp_endpoint_is_match(ep, net, laddr))
780 goto hit;
781 }
782
783 ep = sctp_sk(net->sctp.ctl_sock)->ep;
784
785hit:
786 sctp_endpoint_hold(ep);
787 read_unlock(&head->lock);
788 return ep;
789}
790
791
792static void __sctp_hash_established(struct sctp_association *asoc)
793{
794 struct net *net = sock_net(asoc->base.sk);
795 struct sctp_ep_common *epb;
796 struct sctp_hashbucket *head;
797
798 epb = &asoc->base;
799
800
801 epb->hashent = sctp_assoc_hashfn(net, epb->bind_addr.port,
802 asoc->peer.port);
803
804 head = &sctp_assoc_hashtable[epb->hashent];
805
806 sctp_write_lock(&head->lock);
807 hlist_add_head(&epb->node, &head->chain);
808 sctp_write_unlock(&head->lock);
809}
810
811
812void sctp_hash_established(struct sctp_association *asoc)
813{
814 if (asoc->temp)
815 return;
816
817 sctp_local_bh_disable();
818 __sctp_hash_established(asoc);
819 sctp_local_bh_enable();
820}
821
822
823static void __sctp_unhash_established(struct sctp_association *asoc)
824{
825 struct net *net = sock_net(asoc->base.sk);
826 struct sctp_hashbucket *head;
827 struct sctp_ep_common *epb;
828
829 epb = &asoc->base;
830
831 epb->hashent = sctp_assoc_hashfn(net, epb->bind_addr.port,
832 asoc->peer.port);
833
834 head = &sctp_assoc_hashtable[epb->hashent];
835
836 sctp_write_lock(&head->lock);
837 hlist_del_init(&epb->node);
838 sctp_write_unlock(&head->lock);
839}
840
841
842void sctp_unhash_established(struct sctp_association *asoc)
843{
844 if (asoc->temp)
845 return;
846
847 sctp_local_bh_disable();
848 __sctp_unhash_established(asoc);
849 sctp_local_bh_enable();
850}
851
852
853static struct sctp_association *__sctp_lookup_association(
854 struct net *net,
855 const union sctp_addr *local,
856 const union sctp_addr *peer,
857 struct sctp_transport **pt)
858{
859 struct sctp_hashbucket *head;
860 struct sctp_ep_common *epb;
861 struct sctp_association *asoc;
862 struct sctp_transport *transport;
863 int hash;
864
865
866
867
868 hash = sctp_assoc_hashfn(net, ntohs(local->v4.sin_port),
869 ntohs(peer->v4.sin_port));
870 head = &sctp_assoc_hashtable[hash];
871 read_lock(&head->lock);
872 sctp_for_each_hentry(epb, &head->chain) {
873 asoc = sctp_assoc(epb);
874 transport = sctp_assoc_is_match(asoc, net, local, peer);
875 if (transport)
876 goto hit;
877 }
878
879 read_unlock(&head->lock);
880
881 return NULL;
882
883hit:
884 *pt = transport;
885 sctp_association_hold(asoc);
886 read_unlock(&head->lock);
887 return asoc;
888}
889
890
891static
892struct sctp_association *sctp_lookup_association(struct net *net,
893 const union sctp_addr *laddr,
894 const union sctp_addr *paddr,
895 struct sctp_transport **transportp)
896{
897 struct sctp_association *asoc;
898
899 sctp_local_bh_disable();
900 asoc = __sctp_lookup_association(net, laddr, paddr, transportp);
901 sctp_local_bh_enable();
902
903 return asoc;
904}
905
906
907int sctp_has_association(struct net *net,
908 const union sctp_addr *laddr,
909 const union sctp_addr *paddr)
910{
911 struct sctp_association *asoc;
912 struct sctp_transport *transport;
913
914 if ((asoc = sctp_lookup_association(net, laddr, paddr, &transport))) {
915 sctp_association_put(asoc);
916 return 1;
917 }
918
919 return 0;
920}
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940static struct sctp_association *__sctp_rcv_init_lookup(struct net *net,
941 struct sk_buff *skb,
942 const union sctp_addr *laddr, struct sctp_transport **transportp)
943{
944 struct sctp_association *asoc;
945 union sctp_addr addr;
946 union sctp_addr *paddr = &addr;
947 struct sctphdr *sh = sctp_hdr(skb);
948 union sctp_params params;
949 sctp_init_chunk_t *init;
950 struct sctp_transport *transport;
951 struct sctp_af *af;
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969 init = (sctp_init_chunk_t *)skb->data;
970
971
972 sctp_walk_params(params, init, init_hdr.params) {
973
974
975 af = sctp_get_af_specific(param_type2af(params.p->type));
976 if (!af)
977 continue;
978
979 af->from_addr_param(paddr, params.addr, sh->source, 0);
980
981 asoc = __sctp_lookup_association(net, laddr, paddr, &transport);
982 if (asoc)
983 return asoc;
984 }
985
986 return NULL;
987}
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003static struct sctp_association *__sctp_rcv_asconf_lookup(
1004 struct net *net,
1005 sctp_chunkhdr_t *ch,
1006 const union sctp_addr *laddr,
1007 __be16 peer_port,
1008 struct sctp_transport **transportp)
1009{
1010 sctp_addip_chunk_t *asconf = (struct sctp_addip_chunk *)ch;
1011 struct sctp_af *af;
1012 union sctp_addr_param *param;
1013 union sctp_addr paddr;
1014
1015
1016 param = (union sctp_addr_param *)(asconf + 1);
1017
1018 af = sctp_get_af_specific(param_type2af(param->p.type));
1019 if (unlikely(!af))
1020 return NULL;
1021
1022 af->from_addr_param(&paddr, param, peer_port, 0);
1023
1024 return __sctp_lookup_association(net, laddr, &paddr, transportp);
1025}
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037static struct sctp_association *__sctp_rcv_walk_lookup(struct net *net,
1038 struct sk_buff *skb,
1039 const union sctp_addr *laddr,
1040 struct sctp_transport **transportp)
1041{
1042 struct sctp_association *asoc = NULL;
1043 sctp_chunkhdr_t *ch;
1044 int have_auth = 0;
1045 unsigned int chunk_num = 1;
1046 __u8 *ch_end;
1047
1048
1049
1050
1051 ch = (sctp_chunkhdr_t *) skb->data;
1052 do {
1053
1054 if (ntohs(ch->length) < sizeof(sctp_chunkhdr_t))
1055 break;
1056
1057 ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
1058 if (ch_end > skb_tail_pointer(skb))
1059 break;
1060
1061 switch(ch->type) {
1062 case SCTP_CID_AUTH:
1063 have_auth = chunk_num;
1064 break;
1065
1066 case SCTP_CID_COOKIE_ECHO:
1067
1068
1069
1070
1071
1072
1073
1074 if (have_auth == 1 && chunk_num == 2)
1075 return NULL;
1076 break;
1077
1078 case SCTP_CID_ASCONF:
1079 if (have_auth || net->sctp.addip_noauth)
1080 asoc = __sctp_rcv_asconf_lookup(
1081 net, ch, laddr,
1082 sctp_hdr(skb)->source,
1083 transportp);
1084 default:
1085 break;
1086 }
1087
1088 if (asoc)
1089 break;
1090
1091 ch = (sctp_chunkhdr_t *) ch_end;
1092 chunk_num++;
1093 } while (ch_end < skb_tail_pointer(skb));
1094
1095 return asoc;
1096}
1097
1098
1099
1100
1101
1102
1103
1104static struct sctp_association *__sctp_rcv_lookup_harder(struct net *net,
1105 struct sk_buff *skb,
1106 const union sctp_addr *laddr,
1107 struct sctp_transport **transportp)
1108{
1109 sctp_chunkhdr_t *ch;
1110
1111 ch = (sctp_chunkhdr_t *) skb->data;
1112
1113
1114
1115
1116
1117
1118 if (WORD_ROUND(ntohs(ch->length)) > skb->len)
1119 return NULL;
1120
1121
1122 switch (ch->type) {
1123 case SCTP_CID_INIT:
1124 case SCTP_CID_INIT_ACK:
1125 return __sctp_rcv_init_lookup(net, skb, laddr, transportp);
1126 break;
1127
1128 default:
1129 return __sctp_rcv_walk_lookup(net, skb, laddr, transportp);
1130 break;
1131 }
1132
1133
1134 return NULL;
1135}
1136
1137
1138static struct sctp_association *__sctp_rcv_lookup(struct net *net,
1139 struct sk_buff *skb,
1140 const union sctp_addr *paddr,
1141 const union sctp_addr *laddr,
1142 struct sctp_transport **transportp)
1143{
1144 struct sctp_association *asoc;
1145
1146 asoc = __sctp_lookup_association(net, laddr, paddr, transportp);
1147
1148
1149
1150
1151
1152 if (!asoc)
1153 asoc = __sctp_rcv_lookup_harder(net, skb, laddr, transportp);
1154
1155 return asoc;
1156}
1157